Re: [PATCH] implemented CMD42 locking unlocking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Let me elaborate on that.

First I wanted to have the (un)locking function implemented in mmc-utils so there is a way to use it. Locking works fine with the hardware I tested: rtsx_pci_sdmmc, rtsx_usb_sdmmc and meson-gx-mmc (in Allwinner s905w SoC). After locking and reinserting, the card is not detected but I have a kernel patch for that (does attachment work in mailing list?) which skips setup commands which are not allowed during locked state. This allows the device /dev/mmcblkX to be created and ioctl calls run against it. When the card is locked, all read/write calls are naturally timing out and it is indicated in dmesg. Unlocking using mmc-utils works fine with meson-gx-mmc. After unlocking, direct reads (dd if=/dev/mmcblkX) work fine but reloading partition table is necessary as the first attempts have failed. Unlocking doesn't work on both rtsx* drivers (PCIe and USB MMC card readers common in laptops) - I suspect this is a bug in the device driver.

IMO it is not more dangerous than other functions already implemented in mmc-utils, e.g. erase.

D.

On 2024-05-18 22:42, Christian Loehle wrote:
On 5/18/24 17:26, linux-mmc@xxxxxxxxx wrote:
------ Tessian Warning ------

Be careful, the email's sending domain "@danman[.]eu" has never been seen on your company's network before today

This warning message will be removed if you reply to or forward this email to a recipient outside of your organization.

---- Tessian Warning End ----

From: Daniel Kucera <daniel.kucera@xxxxxxxxx>

Locking is pretty bad, at least for SD it's highly problematic with
current mmcblk, as locked cards won't
initialize AFAIR (SD status query is illegal, but initialization
requires it if I remember correctly).
Did you try that?


---
 mmc.c      |  11 +++++
 mmc.h      |  11 +++++
mmc_cmds.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 mmc_cmds.h |   2 +
 4 files changed, 147 insertions(+)

diff --git a/mmc.c b/mmc.c
index bc8f74e..3ff7308 100644
--- a/mmc.c
+++ b/mmc.c
@@ -250,6 +250,17 @@ static struct Command commands[] = {
 		"be 1.",
 	NULL
 	},
+	{ do_lock_unlock, -3,
+	"cmd42", "<password> " "<parameter> " "<device>\n"
+		"Usage: mmc cmd42 <password> <s|c|l|u|e> <device>\n"
+		"s\tset password\n"
+		"c\tclear password\n"
+		"l\tlock\n"
+		"sl\tset password and lock\n"
+		"u\tunlock\n"
+		"e\tforce erase\n",
+	NULL
+	},
 	{ do_softreset, -1,
 	  "softreset", "<device>\n"
"Issues a CMD0 softreset, e.g. for testing if hardware reset for UHS works",
diff --git a/mmc.h b/mmc.h
index 6f1bf3e..f8bac22 100644
--- a/mmc.h
+++ b/mmc.h
@@ -30,6 +30,7 @@
 #define MMC_SEND_STATUS		13	/* ac   [31:16] RCA        R1  */
 #define R1_SWITCH_ERROR   (1 << 7)  /* sx, c */
 #define MMC_SWITCH_MODE_WRITE_BYTE	0x03	/* Set target to value */
+#define MMC_SET_BLOCKLEN	16  /* ac [31:0] block len R1 */
#define MMC_READ_MULTIPLE_BLOCK 18 /* adtc [31:0] data addr R1 */ #define MMC_SET_BLOCK_COUNT 23 /* adtc [31:0] data addr R1 */
 #define MMC_WRITE_BLOCK		24	/* adtc [31:0] data addr	R1  */
@@ -46,6 +47,7 @@
 					      [1] Discard Enable
 					      [0] Identify Write Blocks for
 					      Erase (or TRIM Enable)  R1b */
+#define MMC_LOCK_UNLOCK		42  /* adtc R1b */
 #define MMC_GEN_CMD		56   /* adtc  [31:1] stuff bits.
 					      [0]: RD/WR1 R1 */

@@ -70,6 +72,15 @@
 #define R1_EXCEPTION_EVENT      (1 << 6)        /* sr, a */
 #define R1_APP_CMD              (1 << 5)        /* sr, c */

+#define MMC_CMD42_UNLOCK	0x0 /* UNLOCK */
+#define MMC_CMD42_SET_PWD	0x1 /* SET_PWD */
+#define MMC_CMD42_CLR_PWD	0x2 /* CLR_PWD */
+#define MMC_CMD42_LOCK		0x4 /* LOCK */
+#define MMC_CMD42_SET_LOCK	0x5 /* SET_PWD & LOCK */
+#define MMC_CMD42_ERASE		0x8 /* ERASE */
+#define MAX_PWD_LENGTH		32 /* max PWDS_LEN: old+new */
+#define MMC_BLOCK_SIZE		512 /* data blk size for cmd42 */
+
 /*
  * EXT_CSD fields
  */
diff --git a/mmc_cmds.c b/mmc_cmds.c
index 936e0c5..03fe04f 100644
--- a/mmc_cmds.c
+++ b/mmc_cmds.c
@@ -129,6 +129,129 @@ int send_status(int fd, __u32 *response)
 	return ret;
 }

+//lock/unlock feature implementation
+int do_lock_unlock(int nargs, char **argv)
+{
+	int fd, ret = 0;
+	char *device;
+	__u8 data_block[MMC_BLOCK_SIZE]={0};
+	__u8 data_block_onebyte[1]={0};
+	int block_size = 0;
+	struct mmc_ioc_cmd idata;
+	int cmd42_para;			//parameter of cmd42
+	char pwd[MAX_PWD_LENGTH+1];	//password
+	int pwd_len;			//password length
+	__u32 r1_response;		//R1 response token
+
+	if (nargs != 4){
+ fprintf(stderr, "Usage: mmc cmd42 <password> <s|c|l|u|e> <device>\n");
+		exit(1);
+	}
+
+	strcpy(pwd, argv[1]);
+	pwd_len = strlen(pwd);
+
+	if (!strcmp("s", argv[2])) {
+		cmd42_para = MMC_CMD42_SET_PWD;
+		printf("Set password: password=%s ...\n", pwd);
+	}
+	else if (!strcmp("c", argv[2])) {
+		cmd42_para = MMC_CMD42_CLR_PWD;
+		printf("Clear password: password=%s ...\n", pwd);
+	}
+	else if (!strcmp("l", argv[2])) {
+		cmd42_para = MMC_CMD42_LOCK;
+		printf("Lock the card: password=%s ...\n", pwd);
+	}
+	else if (!strcmp("sl", argv[2])) {
+		cmd42_para = MMC_CMD42_SET_LOCK;
+		printf("Set password and lock the card: password - %s ...\n", pwd);
+	}
+	else if (!strcmp("u", argv[2])) {
+		cmd42_para = MMC_CMD42_UNLOCK;
+		printf("Unlock the card: password=%s ...\n", pwd);
+	}
+	else if (!strcmp("e", argv[2])) {
+		cmd42_para = MMC_CMD42_ERASE;
+ printf("Force erase ... (Warning: all card data will be erased together with PWD!)\n");
+	}
+	else {
+ printf("Invalid parameter:\n" "s\tset password\n" "c\tclear password\n" "l\tlock\n"
+			"sl\tset password and lock\n" "u\tunlock\n" "e\tforce erase\n");
+		exit(1);
+	}
+
+	device = argv[nargs-1];
+
+	fd = open(device, O_RDWR);
+	if (fd < 0) {
+		perror("open");
+		exit(1);
+	}
+
+	if (cmd42_para==MMC_CMD42_ERASE)
+ block_size = 2; //set blk size to 2-byte for Force Erase @DDR50 compability
+	else
+		block_size = MMC_BLOCK_SIZE;
+
+ ret = set_block_len(fd, block_size); //set data block size prior to cmd42
+	printf("Set to data block length = %d byte(s).\n", block_size);
+
+	if (cmd42_para==MMC_CMD42_ERASE) {
+		data_block_onebyte[0] = cmd42_para;
+	} else {
+		data_block[0] = cmd42_para;
+		data_block[1] = pwd_len;
+		memcpy((char *)(data_block+2), pwd, pwd_len);
+	}
+
+	memset(&idata, 0, sizeof(idata));
+	idata.write_flag = 1;
+	idata.opcode = MMC_LOCK_UNLOCK;
+	idata.arg = 0;		//set all 0 for cmd42 arg
+	idata.flags = MMC_RSP_R1 | MMC_CMD_AC | MMC_CMD_ADTC;
+	idata.blksz = block_size;
+	idata.blocks = 1;
+
+	if (cmd42_para==MMC_CMD42_ERASE)
+		mmc_ioc_cmd_set_data(idata, data_block_onebyte);
+	else
+		mmc_ioc_cmd_set_data(idata, data_block);
+
+	ret = ioctl(fd, MMC_IOC_CMD, &idata);		//Issue CMD42
+
+	r1_response = idata.response[0];
+	printf("cmd42 response: 0x%08x\n", r1_response);
+	if (r1_response & R1_ERROR) {		//check CMD42 error
+ printf("cmd42 error! Error code: 0x%08x\n", r1_response & R1_ERROR);
+		ret=-1;
+	}
+	if (r1_response & R1_LOCK_UNLOCK_FAILED) {	//check lock/unlock error
+		printf("Card lock/unlock fail! Error code: 0x%08x\n",
+		r1_response & R1_LOCK_UNLOCK_FAILED);
+		ret=-1;
+	}
+
+	close(fd);
+	return ret;
+}
+
+//change data block length
+int set_block_len(int fd, int blk_len)
+{
+	int ret = 0;
+	struct mmc_ioc_cmd idata;
+
+	memset(&idata, 0, sizeof(idata));
+	idata.opcode = MMC_SET_BLOCKLEN;
+	idata.arg = blk_len;
+	idata.flags = MMC_RSP_R1 | MMC_CMD_AC;
+
+	ret = ioctl(fd, MMC_IOC_CMD, &idata);
+
+	return ret;
+}
+
 static __u32 get_size_in_blks(int fd)
 {
 	int res;
diff --git a/mmc_cmds.h b/mmc_cmds.h
index 5f2bef1..9ee78a2 100644
--- a/mmc_cmds.h
+++ b/mmc_cmds.h
@@ -50,3 +50,5 @@ int do_general_cmd_read(int nargs, char **argv);
 int do_softreset(int nargs, char **argv);
 int do_preidle(int nargs, char **argv);
 int do_alt_boot_op(int nargs, char **argv);
+int do_lock_unlock(int nargs, char **argv);
+int set_block_len(int fd, int blk_len);
From 9c3e9f8ec84137235a45dea31ef7bfe6002c02bf Mon Sep 17 00:00:00 2001
From: Daniel Kucera <daniel.kucera@xxxxxxxxx>
Date: Tue, 14 May 2024 17:36:00 +0200
Subject: [PATCH] detect locked card

---
 drivers/mmc/core/sd.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c
index 246ce027a..3ca7a0dd4 100644
--- a/drivers/mmc/core/sd.c
+++ b/drivers/mmc/core/sd.c
@@ -1474,6 +1474,24 @@ static int mmc_sd_init_card(struct mmc_host *host, u32 ocr,
 		if (err)
 			goto free_card;
 	}
+	
+        u32 card_status;
+
+        err = mmc_send_status(card, &card_status);
+        if (err){
+                pr_warn("unable to get card status\n");
+                goto free_card;
+        }
+
+        if (card_status & R1_CARD_IS_LOCKED){
+                pr_warn("card is locked\n");
+
+                //card->locked = 1;
+                //err = -EINVAL;
+                //goto free_card;       
+                //mmc_set_bus_width(host, MMC_BUS_WIDTH_1);
+                goto cont;
+        }
 
 	err = mmc_sd_setup_card(host, card, oldcard != NULL);
 	if (err)

[Index of Archives]     [Linux Memonry Technology]     [Linux USB Devel]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux