| Message ID | 20240816153557.11734-2-gjoyce@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | add ioctl IOC_OPAL_SET_SID_PW | expand |
Hello, is there a corresponding change to an userspace tool to make use of this? Thanks Michal On Fri, Aug 16, 2024 at 10:35:57AM -0500, gjoyce@linux.ibm.com wrote: > From: Greg Joyce <gjoyce@linux.ibm.com> > > After a SED drive is provisioned, there is no way to change the SID > password via the ioctl() interface. A new ioctl IOC_OPAL_SET_SID_PW > will allow the password to be changed. The valid current password is > required. > > Signed-off-by: Greg Joyce <gjoyce@linux.ibm.com> > --- > block/sed-opal.c | 26 ++++++++++++++++++++++++++ > include/linux/sed-opal.h | 1 + > include/uapi/linux/sed-opal.h | 1 + > 3 files changed, 28 insertions(+) > > diff --git a/block/sed-opal.c b/block/sed-opal.c > index 598fd3e7fcc8..5a28f23f7f22 100644 > --- a/block/sed-opal.c > +++ b/block/sed-opal.c > @@ -3037,6 +3037,29 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw) > return ret; > } > > +static int opal_set_new_sid_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw) > +{ > + int ret; > + struct opal_key *newkey = &opal_pw->new_user_pw.opal_key; > + struct opal_key *oldkey = &opal_pw->session.opal_key; > + > + const struct opal_step pw_steps[] = { > + { start_SIDASP_opal_session, oldkey }, > + { set_sid_cpin_pin, newkey }, > + { end_opal_session, } > + }; > + > + if (!dev) > + return -ENODEV; > + > + mutex_lock(&dev->dev_lock); > + setup_opal_dev(dev); > + ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps)); > + mutex_unlock(&dev->dev_lock); > + > + return ret; > +} > + > static int opal_activate_user(struct opal_dev *dev, > struct opal_session_info *opal_session) > { > @@ -3286,6 +3309,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) > case IOC_OPAL_DISCOVERY: > ret = opal_get_discv(dev, p); > break; > + case IOC_OPAL_SET_SID_PW: > + ret = opal_set_new_sid_pw(dev, p); > + break; > > default: > break; > diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h > index 2ac50822554e..80f33a93f944 100644 > --- a/include/linux/sed-opal.h > +++ b/include/linux/sed-opal.h > @@ -52,6 +52,7 @@ static inline bool is_sed_ioctl(unsigned int cmd) > case IOC_OPAL_GET_GEOMETRY: > case IOC_OPAL_DISCOVERY: > case IOC_OPAL_REVERT_LSP: > + case IOC_OPAL_SET_SID_PW: > return true; > } > return false; > diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h > index d3994b7716bc..9025dd5a4f0f 100644 > --- a/include/uapi/linux/sed-opal.h > +++ b/include/uapi/linux/sed-opal.h > @@ -215,5 +215,6 @@ struct opal_revert_lsp { > #define IOC_OPAL_GET_GEOMETRY _IOR('p', 238, struct opal_geometry) > #define IOC_OPAL_DISCOVERY _IOW('p', 239, struct opal_discovery) > #define IOC_OPAL_REVERT_LSP _IOW('p', 240, struct opal_revert_lsp) > +#define IOC_OPAL_SET_SID_PW _IOW('p', 241, struct opal_new_pw) > > #endif /* _UAPI_SED_OPAL_H */ > -- > gjoyce@linux.ibm.com >
Yes, I'll have a pull request for nvme-cli later today or Monday at the latest. The changes will be dependent on IOC_OPAL_SET_SID_PW being defined so that the cli isn't dependent on kernel version. Greg On Fri, 2024-08-16 at 17:40 +0200, Michal Suchánek wrote: > Hello, > > is there a corresponding change to an userspace tool to make use of > this? > > Thanks > > Michal > > On Fri, Aug 16, 2024 at 10:35:57AM -0500, gjoyce@linux.ibm.com wrote: > > From: Greg Joyce <gjoyce@linux.ibm.com> > > > > After a SED drive is provisioned, there is no way to change the SID > > password via the ioctl() interface. A new ioctl IOC_OPAL_SET_SID_PW > > will allow the password to be changed. The valid current password > > is > > required. > > > > Signed-off-by: Greg Joyce <gjoyce@linux.ibm.com> > > --- > > block/sed-opal.c | 26 ++++++++++++++++++++++++++ > > include/linux/sed-opal.h | 1 + > > include/uapi/linux/sed-opal.h | 1 + > > 3 files changed, 28 insertions(+) > > > > diff --git a/block/sed-opal.c b/block/sed-opal.c > > index 598fd3e7fcc8..5a28f23f7f22 100644 > > --- a/block/sed-opal.c > > +++ b/block/sed-opal.c > > @@ -3037,6 +3037,29 @@ static int opal_set_new_pw(struct opal_dev > > *dev, struct opal_new_pw *opal_pw) > > return ret; > > } > > > > +static int opal_set_new_sid_pw(struct opal_dev *dev, struct > > opal_new_pw *opal_pw) > > +{ > > + int ret; > > + struct opal_key *newkey = &opal_pw->new_user_pw.opal_key; > > + struct opal_key *oldkey = &opal_pw->session.opal_key; > > + > > + const struct opal_step pw_steps[] = { > > + { start_SIDASP_opal_session, oldkey }, > > + { set_sid_cpin_pin, newkey }, > > + { end_opal_session, } > > + }; > > + > > + if (!dev) > > + return -ENODEV; > > + > > + mutex_lock(&dev->dev_lock); > > + setup_opal_dev(dev); > > + ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps)); > > + mutex_unlock(&dev->dev_lock); > > + > > + return ret; > > +} > > + > > static int opal_activate_user(struct opal_dev *dev, > > struct opal_session_info > > *opal_session) > > { > > @@ -3286,6 +3309,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned > > int cmd, void __user *arg) > > case IOC_OPAL_DISCOVERY: > > ret = opal_get_discv(dev, p); > > break; > > + case IOC_OPAL_SET_SID_PW: > > + ret = opal_set_new_sid_pw(dev, p); > > + break; > > > > default: > > break; > > diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h > > index 2ac50822554e..80f33a93f944 100644 > > --- a/include/linux/sed-opal.h > > +++ b/include/linux/sed-opal.h > > @@ -52,6 +52,7 @@ static inline bool is_sed_ioctl(unsigned int cmd) > > case IOC_OPAL_GET_GEOMETRY: > > case IOC_OPAL_DISCOVERY: > > case IOC_OPAL_REVERT_LSP: > > + case IOC_OPAL_SET_SID_PW: > > return true; > > } > > return false; > > diff --git a/include/uapi/linux/sed-opal.h > > b/include/uapi/linux/sed-opal.h > > index d3994b7716bc..9025dd5a4f0f 100644 > > --- a/include/uapi/linux/sed-opal.h > > +++ b/include/uapi/linux/sed-opal.h > > @@ -215,5 +215,6 @@ struct opal_revert_lsp { > > #define IOC_OPAL_GET_GEOMETRY _IOR('p', 238, struct > > opal_geometry) > > #define IOC_OPAL_DISCOVERY _IOW('p', 239, struct > > opal_discovery) > > #define IOC_OPAL_REVERT_LSP _IOW('p', 240, struct > > opal_revert_lsp) > > +#define IOC_OPAL_SET_SID_PW _IOW('p', 241, struct > > opal_new_pw) > > > > #endif /* _UAPI_SED_OPAL_H */ > > -- > > gjoyce@linux.ibm.com > >
diff --git a/block/sed-opal.c b/block/sed-opal.c index 598fd3e7fcc8..5a28f23f7f22 100644 --- a/block/sed-opal.c +++ b/block/sed-opal.c @@ -3037,6 +3037,29 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw) return ret; } +static int opal_set_new_sid_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw) +{ + int ret; + struct opal_key *newkey = &opal_pw->new_user_pw.opal_key; + struct opal_key *oldkey = &opal_pw->session.opal_key; + + const struct opal_step pw_steps[] = { + { start_SIDASP_opal_session, oldkey }, + { set_sid_cpin_pin, newkey }, + { end_opal_session, } + }; + + if (!dev) + return -ENODEV; + + mutex_lock(&dev->dev_lock); + setup_opal_dev(dev); + ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps)); + mutex_unlock(&dev->dev_lock); + + return ret; +} + static int opal_activate_user(struct opal_dev *dev, struct opal_session_info *opal_session) { @@ -3286,6 +3309,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) case IOC_OPAL_DISCOVERY: ret = opal_get_discv(dev, p); break; + case IOC_OPAL_SET_SID_PW: + ret = opal_set_new_sid_pw(dev, p); + break; default: break; diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h index 2ac50822554e..80f33a93f944 100644 --- a/include/linux/sed-opal.h +++ b/include/linux/sed-opal.h @@ -52,6 +52,7 @@ static inline bool is_sed_ioctl(unsigned int cmd) case IOC_OPAL_GET_GEOMETRY: case IOC_OPAL_DISCOVERY: case IOC_OPAL_REVERT_LSP: + case IOC_OPAL_SET_SID_PW: return true; } return false; diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h index d3994b7716bc..9025dd5a4f0f 100644 --- a/include/uapi/linux/sed-opal.h +++ b/include/uapi/linux/sed-opal.h @@ -215,5 +215,6 @@ struct opal_revert_lsp { #define IOC_OPAL_GET_GEOMETRY _IOR('p', 238, struct opal_geometry) #define IOC_OPAL_DISCOVERY _IOW('p', 239, struct opal_discovery) #define IOC_OPAL_REVERT_LSP _IOW('p', 240, struct opal_revert_lsp) +#define IOC_OPAL_SET_SID_PW _IOW('p', 241, struct opal_new_pw) #endif /* _UAPI_SED_OPAL_H */