From: Greg Joyce <gjoyce@xxxxxxxxxxxxxxxxxx> TCG SED Opal is a specification from The Trusted Computing Group that allows self encrypting storage devices (SED) to be locked at power on and require an authentication key to unlock the drive. The current SED Opal implementation in the block driver requires that authentication keys be provided in an ioctl so that they can be presented to the underlying SED capable drive. Currently, the key is typically entered by a user with an application like sedutil or sedcli. While this process works, it does not lend itself to automation like unlock by a udev rule. The SED block driver has been extended so it can alternatively obtain a key from a sed-opal kernel keyring. The SED ioctls will indicate the source of the key, either directly in the ioctl data or from the keyring. Two new SED ioctls have also been added. These are: 1) IOC_OPAL_REVERT_LSP to revert LSP state 2) IOC_OPAL_DISCOVERY to discover drive capabilities/state change log: - rebase to 6.x - added latest reviews - removed platform functions for persistent key storage - replaced key update logic with key_create_or_update() - minor bracing and padding changes - add error returns - opal_key structure is application provided but kernel verified - added brief description of TCG SED Opal Greg Joyce (3): block: sed-opal: Implement IOC_OPAL_DISCOVERY block: sed-opal: Implement IOC_OPAL_REVERT_LSP block: sed-opal: keyring support for SED keys block/Kconfig | 1 + block/opal_proto.h | 4 + block/sed-opal.c | 252 +++++++++++++++++++++++++++++++++- include/linux/sed-opal.h | 5 + include/uapi/linux/sed-opal.h | 25 +++- 5 files changed, 281 insertions(+), 6 deletions(-) Signed-off-by: Greg Joyce <gjoyce@xxxxxxxxxxxxxxxxxx> base-commit: 59d0d52c30d4991ac4b329f049cc37118e00f5b0 -- gjoyce@xxxxxxxxxxxxxxxxxx