| Message ID | 20230908153056.3503975-1-gjoyce@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | generic and PowerPC SED Opal keystore | expand |
On 9/8/23 9:30 AM, gjoyce@linux.vnet.ibm.com wrote: > From: Greg Joyce <gjoyce@linux.vnet.ibm.com> > > This patchset extends the capabilites incorporated into for-6.6/block > (https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into > the keyring from a secure permanent keystore. > > It has gone through numerous rounds of review and all comments/suggetions > have been addressed. The reviews have covered all relevant areas including > reviews by block and keyring developers as well as the SED Opal > maintainer. The last patchset submission has not solicited any responses > in the six weeks since it was last distributed. The changes are > generally useful and ready for inclusion. Best time to resend is generally once the merge window is closed again, as I won't start applying patches for the next release before that happens. I'll try to remember to pick this one up for 6.7.
On 9/8/23 9:30 AM, gjoyce@linux.vnet.ibm.com wrote: > From: Greg Joyce <gjoyce@linux.vnet.ibm.com> > > This patchset extends the capabilites incorporated into for-6.6/block > (https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into > the keyring from a secure permanent keystore. > > It has gone through numerous rounds of review and all comments/suggetions > have been addressed. The reviews have covered all relevant areas including > reviews by block and keyring developers as well as the SED Opal > maintainer. The last patchset submission has not solicited any responses > in the six weeks since it was last distributed. The changes are > generally useful and ready for inclusion. > > TCG SED Opal is a specification from The Trusted Computing Group > that allows self encrypting storage devices (SED) to be locked at > power on and require an authentication key to unlock the drive. > > Generic functions have been defined for accessing SED Opal keys. > The generic functions are defined as weak so that they may be superseded > by keystore specific versions. > > PowerPC/pseries versions of these functions provide read/write access > to SED Opal keys in the PLPKS keystore. > > The SED block driver has been modified to read the SED Opal > keystore to populate a key in the SED Opal keyring. Changes to the > SED Opal key will be written to the SED Opal keystore. Applied for 6.7, thanks.
From: Greg Joyce <gjoyce@linux.vnet.ibm.com> This patchset extends the capabilites incorporated into for-6.6/block (https://git.kernel.dk/cgit/linux/commit/?h=for-6.6/block&id=3bfeb61256643281ac4be5b8a57e9d9da3db4335) by allowing the SED Opal key to be seeded into the keyring from a secure permanent keystore. It has gone through numerous rounds of review and all comments/suggetions have been addressed. The reviews have covered all relevant areas including reviews by block and keyring developers as well as the SED Opal maintainer. The last patchset submission has not solicited any responses in the six weeks since it was last distributed. The changes are generally useful and ready for inclusion. TCG SED Opal is a specification from The Trusted Computing Group that allows self encrypting storage devices (SED) to be locked at power on and require an authentication key to unlock the drive. Generic functions have been defined for accessing SED Opal keys. The generic functions are defined as weak so that they may be superseded by keystore specific versions. PowerPC/pseries versions of these functions provide read/write access to SED Opal keys in the PLPKS keystore. The SED block driver has been modified to read the SED Opal keystore to populate a key in the SED Opal keyring. Changes to the SED Opal key will be written to the SED Opal keystore. Changelog v7: - rebased to for-6.5/block v6: - squashed two commits (suggested by Andrew Donnellan) v5: - updated to reflect changes in PLPKS API v4: - scope reduced to cover just SED Opal keys - base SED Opal keystore is now in SED block driver - removed use of enum to indicate type - refactored common code into common function that read and write use - removed cast to void - added use of SED Opal keystore functions to SED block driver v3: - No code changes, but per reviewer requests, adding additional mailing lists(keyring, EFI) for wider review. v2: - Include feedback from Gregory Joyce, Eric Richter and Murilo Opsfelder Araujo. - Include suggestions from Michael Ellerman. - Moved a dependency from generic SED code to this patchset. This patchset now builds of its own. Greg Joyce (3): block:sed-opal: SED Opal keystore block: sed-opal: keystore access for SED Opal keys powerpc/pseries: PLPKS SED Opal keystore support arch/powerpc/platforms/pseries/Kconfig | 6 + arch/powerpc/platforms/pseries/Makefile | 1 + .../powerpc/platforms/pseries/plpks_sed_ops.c | 114 ++++++++++++++++++ block/Kconfig | 1 + block/Makefile | 2 +- block/sed-opal-key.c | 24 ++++ block/sed-opal.c | 18 ++- include/linux/sed-opal-key.h | 15 +++ 8 files changed, 178 insertions(+), 3 deletions(-) create mode 100644 arch/powerpc/platforms/pseries/plpks_sed_ops.c create mode 100644 block/sed-opal-key.c create mode 100644 include/linux/sed-opal-key.h base-commit: 1341c7d2ccf42ed91aea80b8579d35bc1ea381e2