diff options
| author | Revanth Rajashekar <revanth.rajashekar@intel.com> | 2019-06-27 18:30:02 -0400 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2019-06-29 11:40:30 -0400 |
| commit | 5e4c7cf60ec3cad59703c203de1dfb31ea608e6e (patch) | |
| tree | 09f96d4002afe2a879e881dbbdca54362f2d4b63 | |
| parent | fbbe7c86b483878da4a2ec7b899e0814195942af (diff) | |
block: sed-opal: PSID reverttper capability
PSID is a 32 character password printed on the drive label,
to prove its physical access. This PSID reverttper function
is very useful to regain the control over the drive when it
is locked and the user can no longer access it because of some
failures. However, *all the data on the drive is completely
erased*. This method is advisable only when the user is exhausted
of all other recovery methods.
PSID capabilities are described in:
https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage-Opal_Feature_Set_PSID_v1.00_r1.00.pdf
Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
| -rw-r--r-- | block/sed-opal.c | 33 | ||||
| -rw-r--r-- | include/linux/sed-opal.h | 1 | ||||
| -rw-r--r-- | include/uapi/linux/sed-opal.h | 1 |
3 files changed, 31 insertions, 4 deletions
diff --git a/block/sed-opal.c b/block/sed-opal.c index a46e8d13e16d..bb8ef7963d11 100644 --- a/block/sed-opal.c +++ b/block/sed-opal.c | |||
| @@ -1307,6 +1307,7 @@ static int start_generic_opal_session(struct opal_dev *dev, | |||
| 1307 | break; | 1307 | break; |
| 1308 | case OPAL_ADMIN1_UID: | 1308 | case OPAL_ADMIN1_UID: |
| 1309 | case OPAL_SID_UID: | 1309 | case OPAL_SID_UID: |
| 1310 | case OPAL_PSID_UID: | ||
| 1310 | add_token_u8(&err, dev, OPAL_STARTNAME); | 1311 | add_token_u8(&err, dev, OPAL_STARTNAME); |
| 1311 | add_token_u8(&err, dev, 0); /* HostChallenge */ | 1312 | add_token_u8(&err, dev, 0); /* HostChallenge */ |
| 1312 | add_token_bytestring(&err, dev, key, key_len); | 1313 | add_token_bytestring(&err, dev, key, key_len); |
| @@ -1367,6 +1368,16 @@ static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data) | |||
| 1367 | key->key, key->key_len); | 1368 | key->key, key->key_len); |
| 1368 | } | 1369 | } |
| 1369 | 1370 | ||
| 1371 | static int start_PSID_opal_session(struct opal_dev *dev, void *data) | ||
| 1372 | { | ||
| 1373 | const struct opal_key *okey = data; | ||
| 1374 | |||
| 1375 | return start_generic_opal_session(dev, OPAL_PSID_UID, | ||
| 1376 | OPAL_ADMINSP_UID, | ||
| 1377 | okey->key, | ||
| 1378 | okey->key_len); | ||
| 1379 | } | ||
| 1380 | |||
| 1370 | static int start_auth_opal_session(struct opal_dev *dev, void *data) | 1381 | static int start_auth_opal_session(struct opal_dev *dev, void *data) |
| 1371 | { | 1382 | { |
| 1372 | struct opal_session_info *session = data; | 1383 | struct opal_session_info *session = data; |
| @@ -2030,17 +2041,28 @@ static int opal_add_user_to_lr(struct opal_dev *dev, | |||
| 2030 | return ret; | 2041 | return ret; |
| 2031 | } | 2042 | } |
| 2032 | 2043 | ||
| 2033 | static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal) | 2044 | static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid) |
| 2034 | { | 2045 | { |
| 2046 | /* controller will terminate session */ | ||
| 2035 | const struct opal_step revert_steps[] = { | 2047 | const struct opal_step revert_steps[] = { |
| 2036 | { start_SIDASP_opal_session, opal }, | 2048 | { start_SIDASP_opal_session, opal }, |
| 2037 | { revert_tper, } /* controller will terminate session */ | 2049 | { revert_tper, } |
| 2038 | }; | 2050 | }; |
| 2051 | const struct opal_step psid_revert_steps[] = { | ||
| 2052 | { start_PSID_opal_session, opal }, | ||
| 2053 | { revert_tper, } | ||
| 2054 | }; | ||
| 2055 | |||
| 2039 | int ret; | 2056 | int ret; |
| 2040 | 2057 | ||
| 2041 | mutex_lock(&dev->dev_lock); | 2058 | mutex_lock(&dev->dev_lock); |
| 2042 | setup_opal_dev(dev); | 2059 | setup_opal_dev(dev); |
| 2043 | ret = execute_steps(dev, revert_steps, ARRAY_SIZE(revert_steps)); | 2060 | if (psid) |
| 2061 | ret = execute_steps(dev, psid_revert_steps, | ||
| 2062 | ARRAY_SIZE(psid_revert_steps)); | ||
| 2063 | else | ||
| 2064 | ret = execute_steps(dev, revert_steps, | ||
| 2065 | ARRAY_SIZE(revert_steps)); | ||
| 2044 | mutex_unlock(&dev->dev_lock); | 2066 | mutex_unlock(&dev->dev_lock); |
| 2045 | 2067 | ||
| 2046 | /* | 2068 | /* |
| @@ -2280,7 +2302,7 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) | |||
| 2280 | ret = opal_activate_user(dev, p); | 2302 | ret = opal_activate_user(dev, p); |
| 2281 | break; | 2303 | break; |
| 2282 | case IOC_OPAL_REVERT_TPR: | 2304 | case IOC_OPAL_REVERT_TPR: |
| 2283 | ret = opal_reverttper(dev, p); | 2305 | ret = opal_reverttper(dev, p, false); |
| 2284 | break; | 2306 | break; |
| 2285 | case IOC_OPAL_LR_SETUP: | 2307 | case IOC_OPAL_LR_SETUP: |
| 2286 | ret = opal_setup_locking_range(dev, p); | 2308 | ret = opal_setup_locking_range(dev, p); |
| @@ -2297,6 +2319,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) | |||
| 2297 | case IOC_OPAL_SECURE_ERASE_LR: | 2319 | case IOC_OPAL_SECURE_ERASE_LR: |
| 2298 | ret = opal_secure_erase_locking_range(dev, p); | 2320 | ret = opal_secure_erase_locking_range(dev, p); |
| 2299 | break; | 2321 | break; |
| 2322 | case IOC_OPAL_PSID_REVERT_TPR: | ||
| 2323 | ret = opal_reverttper(dev, p, true); | ||
| 2324 | break; | ||
| 2300 | default: | 2325 | default: |
| 2301 | break; | 2326 | break; |
| 2302 | } | 2327 | } |
diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h index 3e76b6d7d97f..f03bbffd3281 100644 --- a/include/linux/sed-opal.h +++ b/include/linux/sed-opal.h | |||
| @@ -39,6 +39,7 @@ static inline bool is_sed_ioctl(unsigned int cmd) | |||
| 39 | case IOC_OPAL_ENABLE_DISABLE_MBR: | 39 | case IOC_OPAL_ENABLE_DISABLE_MBR: |
| 40 | case IOC_OPAL_ERASE_LR: | 40 | case IOC_OPAL_ERASE_LR: |
| 41 | case IOC_OPAL_SECURE_ERASE_LR: | 41 | case IOC_OPAL_SECURE_ERASE_LR: |
| 42 | case IOC_OPAL_PSID_REVERT_TPR: | ||
| 42 | return true; | 43 | return true; |
| 43 | } | 44 | } |
| 44 | return false; | 45 | return false; |
diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h index 33e53b80cd1f..7a03e5b4df6e 100644 --- a/include/uapi/linux/sed-opal.h +++ b/include/uapi/linux/sed-opal.h | |||
| @@ -107,5 +107,6 @@ struct opal_mbr_data { | |||
| 107 | #define IOC_OPAL_ENABLE_DISABLE_MBR _IOW('p', 229, struct opal_mbr_data) | 107 | #define IOC_OPAL_ENABLE_DISABLE_MBR _IOW('p', 229, struct opal_mbr_data) |
| 108 | #define IOC_OPAL_ERASE_LR _IOW('p', 230, struct opal_session_info) | 108 | #define IOC_OPAL_ERASE_LR _IOW('p', 230, struct opal_session_info) |
| 109 | #define IOC_OPAL_SECURE_ERASE_LR _IOW('p', 231, struct opal_session_info) | 109 | #define IOC_OPAL_SECURE_ERASE_LR _IOW('p', 231, struct opal_session_info) |
| 110 | #define IOC_OPAL_PSID_REVERT_TPR _IOW('p', 232, struct opal_key) | ||
| 110 | 111 | ||
| 111 | #endif /* _UAPI_SED_OPAL_H */ | 112 | #endif /* _UAPI_SED_OPAL_H */ |