On Tue, Dec 06, 2022 at 12:03:46AM +0000, luca.boccassi@xxxxxxxxx wrote: > From: Luca Boccassi <bluca@xxxxxxxxxx> > > Usually when closing a crypto device (eg: dm-crypt with LUKS) the > volume key is not required, as it requires root privileges anyway, and > root can deny access to a disk in many ways regardless. Requiring the > volume key to lock the device is a peculiarity of the OPAL > specification. > > Given we might already have saved the key if the user requested it via > the 'IOC_OPAL_SAVE' ioctl, we can use that key to lock the device if no > key was provided here and the locking range matches, and the user sets > the appropriate flag with 'IOC_OPAL_SAVE'. This allows integrating OPAL > with tools and libraries that are used to the common behaviour and do > not ask for the volume key when closing a device. > > Callers can always pass a non-zero key and it will be used regardless, > as before. > > Suggested-by: Štěpán Horáček <stepan.horacek@xxxxxxxxx> > Signed-off-by: Luca Boccassi <bluca@xxxxxxxxxx> > --- Looks good to me, Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
