Re: [PATCH 0/6] Extend Single User Mode (SUM) support in sed-opal.

[Milan Broz <gmazyland@gmail.com>]

On 1/30/26 5:25 PM, Ondrej Kozina wrote:
> This patch series extends support for TCG Storage Opal SSC Single User
> Mode (SUM) in the sed-opal kernel interface. SUM addresses few
> shortcomins described in the chapter 2 of the OPAL2 sepecification
> extension (see below). It better isolates Admin authority from User
> stored data by taking the Lock/Unlock/Enable/Disable privileges from
> Admin when managing Locking Ranges configured for SUM.
> 
> This permission split necessitates separate ioctl calls for operations
> that previously could be performed atomically under a single authority.
> The series refactors existing code and introduces new ioctls to support
> this model:
> 
> - IOC_OPAL_REACTIVATE_LSP: Switch an active OPAL2 device to/from SUM
> - IOC_OPAL_LR_SET_START_LEN: Set locking range boundaries only
> - IOC_OPAL_ENABLE_DISABLE_LR: Set lock enable states only
> - IOC_OPAL_GET_SUM_STATUS: Query SUM configuration status
> 
> References:
> - TCG Storage Opal SSC Feature Set: Single User Mode specification
> - cryptsetup code using the extended sed-opal interface:
>    https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/832

I have tested this + cryptsetup userspace on my collection of SED devices
(some SATA, but mostly NVMe).

There are several broken Opal2 implementations, as vendors
usually refuses to fix it as it is out of support, we need detect
"supportable" SUM.

Anyway, kernel ioctls should remain simple here, in general, LGTM.

Please check comments on for separate patches.
Once fixed, I'll add my review/tested signature.

Thanks!
Milan