Re: [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jarkko Sakkinen <jarkko@kernel.org>
To: gjoyce@linux.vnet.ibm.com
Cc: linux-block@vger.kernel.org, keyrings@vger.kernel.org,
	dhowells@redhat.com, jonathan.derrick@linux.dev,
	brking@linux.vnet.ibm.com, greg@gilhooley.com, gjoyce@ibm.com
Subject: Re: [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store
Date: Thu, 28 Jul 2022 10:43:00 +0300	[thread overview]
Message-ID: <YuI+BKAlSfMTR8lB@kernel.org> (raw)
In-Reply-To: <20220718210156.1535955-1-gjoyce@linux.vnet.ibm.com>

On Mon, Jul 18, 2022 at 04:01:52PM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> The current TCG SED Opal implementation in the block
> driver requires that authentication keys be provided
> in an ioctl so that they can be presented to the
> underlying SED Opal capable drive. Currently, the key
> is typically entered by a user with an application
> like sedutil or sedcli. While this process works, it
> does not lend itself to automation like unlock by a udev
> rule.


Please explain also what SED Opal is.

> 
> Extend the SED block driver so it can alternatively
> obtain a key from a sed-opal kernel keyring. The SED
> ioctls will indicate the source of the key, either
> directly in the ioctl data or from the keyring.
> 
> Two new SED ioctls have also been added. These are:
>   1) IOC_OPAL_REVERT_LSP to revert LSP state
>   2) IOC_OPAL_DISCOVERY to discover drive capabilities/state
> 
> Also, for platforms that have a permanent key store, the
> platform may provide unique platform dependent functions
> to read/write variables. The SED block driver has been
> modified to attempt to read a key from the platform key
> store. If successful, the key value is saved in the kernel
> sed-opal keyring. If the platform does not support a
> permanent key store, the read will fail and a key will
> not be added to the keyring. This patchset does not include
> any providers of the variable read/write functions.
> 
> Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> Reported-by: kernel test robot <lkp@intel.com>
> base-commit: ff6992735ade75aae3e35d16b17da1008d753d28
> 
> Greg Joyce (4):
>   block: sed-opal: Implement IOC_OPAL_DISCOVERY
>   block: sed-opal: Implement IOC_OPAL_REVERT_LSP
>   block: sed-opal: keyring support for SED Opal keys
>   arch_vars: create arch specific permanent store
> 
>  block/Kconfig                 |   1 +
>  block/opal_proto.h            |   4 +
>  block/sed-opal.c              | 274 +++++++++++++++++++++++++++++++++-
>  include/linux/arch_vars.h     |  23 +++
>  include/linux/sed-opal.h      |   5 +
>  include/uapi/linux/sed-opal.h |  24 ++-
>  lib/Makefile                  |   2 +-
>  lib/arch_vars.c               |  25 ++++
>  8 files changed, 351 insertions(+), 7 deletions(-)
>  create mode 100644 include/linux/arch_vars.h
>  create mode 100644 lib/arch_vars.c
> 
> 
> -- 
> 2.27.0
> 

BR, Jarkko

next prev parent reply	other threads:[~2022-07-28  7:43 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-18 21:01 [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store gjoyce
2022-07-18 21:01 ` [PATCH 1/4] block: sed-opal: Implement IOC_OPAL_DISCOVERY gjoyce
2022-07-20  7:42   ` Christoph Hellwig
2022-07-18 21:01 ` [PATCH 2/4] block: sed-opal: Implement IOC_OPAL_REVERT_LSP gjoyce
2022-07-20  7:44   ` Christoph Hellwig
2022-07-18 21:01 ` [PATCH 3/4] block: sed-opal: keyring support for SED Opal keys gjoyce
2022-07-19  6:49   ` Hannes Reinecke
2022-07-20  7:49   ` Christoph Hellwig
2022-07-18 21:01 ` [PATCH 4/4] arch_vars: create arch specific permanent store gjoyce
2022-07-20  7:50   ` Christoph Hellwig
2022-07-26 18:53     ` Greg Joyce
2022-07-28  7:43 ` Jarkko Sakkinen [this message]
  -- strict thread matches above, loose matches on Subject: below --
2022-07-06  2:39 [PATCH 0/4] sed-opal: keyrings, discovery, revert and key store gjoyce

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YuI+BKAlSfMTR8lB@kernel.org \
    --to=jarkko@kernel.org \
    --cc=brking@linux.vnet.ibm.com \
    --cc=dhowells@redhat.com \
    --cc=gjoyce@ibm.com \
    --cc=gjoyce@linux.vnet.ibm.com \
    --cc=greg@gilhooley.com \
    --cc=jonathan.derrick@linux.dev \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-block@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.