On Mon, Jul 18, 2022 at 04:01:52PM -0500, gjoyce@xxxxxxxxxxxxxxxxxx wrote: > From: Greg Joyce <gjoyce@xxxxxxxxxxxxxxxxxx> > > The current TCG SED Opal implementation in the block > driver requires that authentication keys be provided > in an ioctl so that they can be presented to the > underlying SED Opal capable drive. Currently, the key > is typically entered by a user with an application > like sedutil or sedcli. While this process works, it > does not lend itself to automation like unlock by a udev > rule. Please explain also what SED Opal is. > > Extend the SED block driver so it can alternatively > obtain a key from a sed-opal kernel keyring. The SED > ioctls will indicate the source of the key, either > directly in the ioctl data or from the keyring. > > Two new SED ioctls have also been added. These are: > 1) IOC_OPAL_REVERT_LSP to revert LSP state > 2) IOC_OPAL_DISCOVERY to discover drive capabilities/state > > Also, for platforms that have a permanent key store, the > platform may provide unique platform dependent functions > to read/write variables. The SED block driver has been > modified to attempt to read a key from the platform key > store. If successful, the key value is saved in the kernel > sed-opal keyring. If the platform does not support a > permanent key store, the read will fail and a key will > not be added to the keyring. This patchset does not include > any providers of the variable read/write functions. > > Signed-off-by: Greg Joyce <gjoyce@xxxxxxxxxxxxxxxxxx> > Reported-by: kernel test robot <lkp@xxxxxxxxx> > base-commit: ff6992735ade75aae3e35d16b17da1008d753d28 > > Greg Joyce (4): > block: sed-opal: Implement IOC_OPAL_DISCOVERY > block: sed-opal: Implement IOC_OPAL_REVERT_LSP > block: sed-opal: keyring support for SED Opal keys > arch_vars: create arch specific permanent store > > block/Kconfig | 1 + > block/opal_proto.h | 4 + > block/sed-opal.c | 274 +++++++++++++++++++++++++++++++++- > include/linux/arch_vars.h | 23 +++ > include/linux/sed-opal.h | 5 + > include/uapi/linux/sed-opal.h | 24 ++- > lib/Makefile | 2 +- > lib/arch_vars.c | 25 ++++ > 8 files changed, 351 insertions(+), 7 deletions(-) > create mode 100644 include/linux/arch_vars.h > create mode 100644 lib/arch_vars.c > > > -- > 2.27.0 > BR, Jarkko
