On 9/8/23 9:30 AM, gjoyce@xxxxxxxxxxxxxxxxxx wrote: > From: Greg Joyce <gjoyce@xxxxxxxxxxxxxxxxxx> > > This patchset extends the capabilites incorporated into for-6.6/block > (https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into > the keyring from a secure permanent keystore. > > It has gone through numerous rounds of review and all comments/suggetions > have been addressed. The reviews have covered all relevant areas including > reviews by block and keyring developers as well as the SED Opal > maintainer. The last patchset submission has not solicited any responses > in the six weeks since it was last distributed. The changes are > generally useful and ready for inclusion. > > TCG SED Opal is a specification from The Trusted Computing Group > that allows self encrypting storage devices (SED) to be locked at > power on and require an authentication key to unlock the drive. > > Generic functions have been defined for accessing SED Opal keys. > The generic functions are defined as weak so that they may be superseded > by keystore specific versions. > > PowerPC/pseries versions of these functions provide read/write access > to SED Opal keys in the PLPKS keystore. > > The SED block driver has been modified to read the SED Opal > keystore to populate a key in the SED Opal keyring. Changes to the > SED Opal key will be written to the SED Opal keystore. Applied for 6.7, thanks. -- Jens Axboe
