Re: [PATCH] block: sed-opal: Change the check condition for regular session validity

"Rajashekar, Revanth" <revanth.rajashekar@xxxxxxxxx> · Fri, 28 Feb 2020 16:01:59 -0700

Hi Jon,

On 2/28/2020 3:57 PM, Derrick, Jonathan wrote:
> Hi Revanth
>
> On Fri, 2020-02-28 at 15:42 -0700, Revanth Rajashekar wrote:
>> This patch changes the check condition for the validity/authentication
>> of the session.
>>
>> 1. The Host Session Number(HSN) in the response should match the HSN for
>>    the session.
>> 2. The TPER Session Number(TSN) can never be less than 4096 for a regular
>>    session.
>>
>> Reference:
>> Section 3.2.2.1   of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf
>> Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf
>>
>> Co-developed-by: Andrzej Jakowski <andrzej.jakowski@xxxxxxxxxxxxxxx>
>> Signed-off-by: Andrzej Jakowski <andrzej.jakowski@xxxxxxxxxxxxxxx>
>> Signed-off-by: Revanth Rajashekar <revanth.rajashekar@xxxxxxxxx>
>> ---
>>  block/opal_proto.h | 1 +
>>  block/sed-opal.c   | 2 +-
>>  2 files changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/block/opal_proto.h b/block/opal_proto.h
>> index 325cbba2465f..27740baad61d 100644
>> --- a/block/opal_proto.h
>> +++ b/block/opal_proto.h
>> @@ -36,6 +36,7 @@ enum opal_response_token {
>>
>>  #define DTAERROR_NO_METHOD_STATUS 0x89
>>  #define GENERIC_HOST_SESSION_NUM 0x41
>> +#define RSVD_TPER_SESSION_NUM	4096
> This seems confusing as it looks like 4096 the Reserved session rather
> than 0-4095.
> Can you name it appropriately?
Sure, do you think INIT_TPER_SESSION_NUM would be appropriate..?
>
>>  #define TPER_SYNC_SUPPORTED 0x01
>>  #define MBR_ENABLED_MASK 0x10
>> diff --git a/block/sed-opal.c b/block/sed-opal.c
>> index 880cc57a5f6b..f2b61a868901 100644
>> --- a/block/sed-opal.c
>> +++ b/block/sed-opal.c
>> @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev)
>>  	hsn = response_get_u64(&dev->parsed, 4);
>>  	tsn = response_get_u64(&dev->parsed, 5);
>>
>> -	if (hsn == 0 && tsn == 0) {
>> +	if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) {
>>  		pr_debug("Couldn't authenticate session\n");
>>  		return -EPERM;
>>  	}
>> --
>> 2.17.1
>>