| Message ID | 20230721211949.3437598-2-gjoyce@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | generic and PowerPC SED Opal keystore | expand |
On 7/21/23 23:19, gjoyce@linux.vnet.ibm.com wrote: > From: Greg Joyce <gjoyce@linux.vnet.ibm.com> > > Add read and write functions that allow SED Opal keys to stored > in a permanent keystore. > Probably state that these are dummy functions only. > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com> > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev> > --- > block/Makefile | 2 +- > block/sed-opal-key.c | 24 ++++++++++++++++++++++++ > include/linux/sed-opal-key.h | 15 +++++++++++++++ > 3 files changed, 40 insertions(+), 1 deletion(-) > create mode 100644 block/sed-opal-key.c > create mode 100644 include/linux/sed-opal-key.h > > diff --git a/block/Makefile b/block/Makefile > index 46ada9dc8bbf..ea07d80402a6 100644 > --- a/block/Makefile > +++ b/block/Makefile > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o > obj-$(CONFIG_BLK_WBT) += blk-wbt.o > obj-$(CONFIG_BLK_DEBUG_FS) += blk-mq-debugfs.o > obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o > -obj-$(CONFIG_BLK_SED_OPAL) += sed-opal.o > +obj-$(CONFIG_BLK_SED_OPAL) += sed-opal.o sed-opal-key.o > obj-$(CONFIG_BLK_PM) += blk-pm.o > obj-$(CONFIG_BLK_INLINE_ENCRYPTION) += blk-crypto.o blk-crypto-profile.o \ > blk-crypto-sysfs.o > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c > new file mode 100644 > index 000000000000..16f380164c44 > --- /dev/null > +++ b/block/sed-opal-key.c > @@ -0,0 +1,24 @@ > +// SPDX-License-Identifier: GPL-2.0-only > +/* > + * SED key operations. > + * > + * Copyright (C) 2022 IBM Corporation > + * > + * These are the accessor functions (read/write) for SED Opal > + * keys. Specific keystores can provide overrides. > + * > + */ > + > +#include <linux/kernel.h> > +#include <linux/errno.h> > +#include <linux/sed-opal-key.h> > + > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen) > +{ > + return -EOPNOTSUPP; > +} > + > +int __weak sed_write_key(char *keyname, char *key, u_int keylen) > +{ > + return -EOPNOTSUPP; > +} Hmm. We do have security/keys, which is using a 'struct key' for their operations. Why don't you leverage that structure? Cheers, Hannes
On Thu, 2023-08-17 at 07:42 +0200, Hannes Reinecke wrote: > On 7/21/23 23:19, gjoyce@linux.vnet.ibm.com wrote: > > From: Greg Joyce <gjoyce@linux.vnet.ibm.com> > > > > Add read and write functions that allow SED Opal keys to stored > > in a permanent keystore. > > > Probably state that these are dummy functions only. > > > Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com> > > Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev> > > --- > > block/Makefile | 2 +- > > block/sed-opal-key.c | 24 ++++++++++++++++++++++++ > > include/linux/sed-opal-key.h | 15 +++++++++++++++ > > 3 files changed, 40 insertions(+), 1 deletion(-) > > create mode 100644 block/sed-opal-key.c > > create mode 100644 include/linux/sed-opal-key.h > > > > diff --git a/block/Makefile b/block/Makefile > > index 46ada9dc8bbf..ea07d80402a6 100644 > > --- a/block/Makefile > > +++ b/block/Makefile > > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o > > obj-$(CONFIG_BLK_WBT) += blk-wbt.o > > obj-$(CONFIG_BLK_DEBUG_FS) += blk-mq-debugfs.o > > obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o > > -obj-$(CONFIG_BLK_SED_OPAL) += sed-opal.o > > +obj-$(CONFIG_BLK_SED_OPAL) += sed-opal.o sed-opal-key.o > > obj-$(CONFIG_BLK_PM) += blk-pm.o > > obj-$(CONFIG_BLK_INLINE_ENCRYPTION) += blk-crypto.o blk- > > crypto-profile.o \ > > blk-crypto-sysfs.o > > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c > > new file mode 100644 > > index 000000000000..16f380164c44 > > --- /dev/null > > +++ b/block/sed-opal-key.c > > @@ -0,0 +1,24 @@ > > +// SPDX-License-Identifier: GPL-2.0-only > > +/* > > + * SED key operations. > > + * > > + * Copyright (C) 2022 IBM Corporation > > + * > > + * These are the accessor functions (read/write) for SED Opal > > + * keys. Specific keystores can provide overrides. > > + * > > + */ > > + > > +#include <linux/kernel.h> > > +#include <linux/errno.h> > > +#include <linux/sed-opal-key.h> > > + > > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen) > > +{ > > + return -EOPNOTSUPP; > > +} > > + > > +int __weak sed_write_key(char *keyname, char *key, u_int keylen) > > +{ > > + return -EOPNOTSUPP; > > +} > > Hmm. We do have security/keys, which is using a 'struct key' for > their operations. > Why don't you leverage that structure? > > Cheers, > > Hannes Thanks for the review Hannes. Are you referring to struct key in linux/key.h? If so, that may a bit heavy for just specifying key data and key length. -Greg
diff --git a/block/Makefile b/block/Makefile index 46ada9dc8bbf..ea07d80402a6 100644 --- a/block/Makefile +++ b/block/Makefile @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED) += blk-zoned.o obj-$(CONFIG_BLK_WBT) += blk-wbt.o obj-$(CONFIG_BLK_DEBUG_FS) += blk-mq-debugfs.o obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o -obj-$(CONFIG_BLK_SED_OPAL) += sed-opal.o +obj-$(CONFIG_BLK_SED_OPAL) += sed-opal.o sed-opal-key.o obj-$(CONFIG_BLK_PM) += blk-pm.o obj-$(CONFIG_BLK_INLINE_ENCRYPTION) += blk-crypto.o blk-crypto-profile.o \ blk-crypto-sysfs.o diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c new file mode 100644 index 000000000000..16f380164c44 --- /dev/null +++ b/block/sed-opal-key.c @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * SED key operations. + * + * Copyright (C) 2022 IBM Corporation + * + * These are the accessor functions (read/write) for SED Opal + * keys. Specific keystores can provide overrides. + * + */ + +#include <linux/kernel.h> +#include <linux/errno.h> +#include <linux/sed-opal-key.h> + +int __weak sed_read_key(char *keyname, char *key, u_int *keylen) +{ + return -EOPNOTSUPP; +} + +int __weak sed_write_key(char *keyname, char *key, u_int keylen) +{ + return -EOPNOTSUPP; +} diff --git a/include/linux/sed-opal-key.h b/include/linux/sed-opal-key.h new file mode 100644 index 000000000000..c9b1447986d8 --- /dev/null +++ b/include/linux/sed-opal-key.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * SED key operations. + * + * Copyright (C) 2022 IBM Corporation + * + * These are the accessor functions (read/write) for SED Opal + * keys. Specific keystores can provide overrides. + * + */ + +#include <linux/kernel.h> + +int sed_read_key(char *keyname, char *key, u_int *keylen); +int sed_write_key(char *keyname, char *key, u_int keylen);