Re: [PATCH v5 0/3 RESEND] sed-opal: keyrings, discovery, revert, key store

[Greg Joyce <gjoyce@linux.vnet.ibm.com>]

It's been almost 4 weeks since the last resend and there haven't been
any comments. Is there anything that needs to be changed for
acceptance?

Thanks for your input.

Greg

On Fri, 2023-07-21 at 16:15 -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> This patchset has gone through numerous rounds of review and
> all comments/suggetions have been addressed. The reviews have
> covered all relevant areas including reviews by block and keyring
> developers as well as the SED Opal maintainer. The last
> patchset submission has not solicited any responses in the
> six weeks since it was last distributed. The changes are
> generally useful and ready for inclusion.
> 
> TCG SED Opal is a specification from The Trusted Computing Group
> that allows self encrypting storage devices (SED) to be locked at
> power on and require an authentication key to unlock the drive.
> 
> The current SED Opal implementation in the block driver
> requires that authentication keys be provided in an ioctl
> so that they can be presented to the underlying SED
> capable drive. Currently, the key is typically entered by
> a user with an application like sedutil or sedcli. While
> this process works, it does not lend itself to automation
> like unlock by a udev rule.
> 
> The SED block driver has been extended so it can alternatively
> obtain a key from a sed-opal kernel keyring. The SED ioctls
> will indicate the source of the key, either directly in the
> ioctl data or from the keyring.
> 
> Two new SED ioctls have also been added. These are:
>   1) IOC_OPAL_REVERT_LSP to revert LSP state
>   2) IOC_OPAL_DISCOVERY to discover drive capabilities/state
> 
> change log v5:
>         - rebase to for-6.5/block
> 
> change log v4:
>         - rebase to 6.3-rc7
>         - replaced "255" magic number with U8_MAX
> 
> change log:
>         - rebase to 6.x
>         - added latest reviews
>         - removed platform functions for persistent key storage
>         - replaced key update logic with key_create_or_update()
>         - minor bracing and padding changes
>         - add error returns
>         - opal_key structure is application provided but kernel
>           verified
>         - added brief description of TCG SED Opal
> 
> 
> Greg Joyce (3):
>   block: sed-opal: Implement IOC_OPAL_DISCOVERY
>   block: sed-opal: Implement IOC_OPAL_REVERT_LSP
>   block: sed-opal: keyring support for SED keys
> 
>  block/Kconfig                 |   2 +
>  block/opal_proto.h            |   4 +
>  block/sed-opal.c              | 252
> +++++++++++++++++++++++++++++++++-
>  include/linux/sed-opal.h      |   5 +
>  include/uapi/linux/sed-opal.h |  25 +++-
>  5 files changed, 282 insertions(+), 6 deletions(-)
> 
> 
> base-commit: 1341c7d2ccf42ed91aea80b8579d35bc1ea381e2