Changed for V3: The previously submitted patches are apparently being used and uncovered an issue where hotplug scripts are trying to read the block device of a locked card and getting read/write errors. This has been solved by preventing the block layer from coming up until the card is unlocked. Also added more detail to this cover letter on the use of the KEYS subsystem. Changed for V2: The V2 changes were not functional and were just general cleanup. - Use stub functions to reduce the number of CONFIG ifdefs. - Add static to a few functions that were local. - Use pr_warn instead of pr_warning. - Improve a few variable names and messages. This set of patches adds support for password protected locking and unlocking of MMC and SD devices. It uses the LOCK/UNLOCK command (CMD42) available in both the MMC and SD command sets. Some of this code was based on a patch set submitted in 2006 by Anderson Briglia "Add MMC Password Protection (lock/unlock)". This patch set never made it into mainline. By default, a card with no password assigned is always in "unlocked" state. After password assignment, in the next power cycle the card switches to a "locked" state where only the "basic" and "lock card" command classes are accepted by the card. Only after unlocking it with the correct password can the card be used for normal operations like block I/O. Password management and caching is done through the "Kernel Key Retention Service" mechanism and the sysfs filesystem. The KEY name for a specific SD/MMC device is the devices "cid" because it will be unique for every card. The use of the kernel KEYS subsystem requires support from user space and needs to have the keyutils package included in the rootfs. A user space script or helper app will need to be added that will lookup the password based on cid and use the "keyctl" utility to instantiate the key. Two new sysfs attributes were added. The "lock" attribute is used to lock, unlock, assign a password, clear a password and force erase a card. The "unlock_retry" attribute is used to retry an unlock that failed during boot because the rootfs was not yet available to setup the keys password. The "unlock_retry" attribute is a NOP for unlocked cards, so user space init processing can write a 1 to all instances found in the sysfs once the rootfs with keyutils functionality is available. Al Cooper (7): mmc: lock: Use the kernel "KEYS" subsystem to get a card's password mmc: lock: Add low level LOCK_UNLOCK command mmc: lock: Add function to unlock a password locked card mmc: lock: Add card lock/unlock maintenance commands mmc: lock: Change SD init functionality to handle locked SD cards mmc: lock: Prevent block device from coming up for locked cards. mmc: lock: Change MMC init to handle locked cards. drivers/mmc/card/block.c | 10 ++++ drivers/mmc/core/Kconfig | 8 +++ drivers/mmc/core/core.c | 131 ++++++++++++++++++++++++++++++++++++++++++ drivers/mmc/core/core.h | 15 ++++- drivers/mmc/core/mmc.c | 123 ++++++++++++++++++++++++++++++++++++++++ drivers/mmc/core/mmc_ops.c | 109 +++++++++++++++++++++++++++++++++++ drivers/mmc/core/mmc_ops.h | 13 +++++ drivers/mmc/core/sd.c | 138 +++++++++++++++++++++++++++++++++------------ include/linux/mmc/card.h | 6 ++ 9 files changed, 515 insertions(+), 38 deletions(-) -- 1.8.1.3 -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
