[PATCH v7 1/3 RESEND] block:sed-opal: SED Opal keystore

Sat Aug 19 01:12:57 AEST 2023

On Thu, 2023-08-17 at 07:42 +0200, Hannes Reinecke wrote:
> On 7/21/23 23:19, gjoyce at linux.vnet.ibm.com wrote:
> > From: Greg Joyce <gjoyce at linux.vnet.ibm.com>
> > 
> > Add read and write functions that allow SED Opal keys to stored
> > in a permanent keystore.
> > 
> Probably state that these are dummy functions only.
> 
> > Signed-off-by: Greg Joyce <gjoyce at linux.vnet.ibm.com>
> > Reviewed-by: Jonathan Derrick <jonathan.derrick at linux.dev>
> > ---
> >   block/Makefile               |  2 +-
> >   block/sed-opal-key.c         | 24 ++++++++++++++++++++++++
> >   include/linux/sed-opal-key.h | 15 +++++++++++++++
> >   3 files changed, 40 insertions(+), 1 deletion(-)
> >   create mode 100644 block/sed-opal-key.c
> >   create mode 100644 include/linux/sed-opal-key.h
> > 
> > diff --git a/block/Makefile b/block/Makefile
> > index 46ada9dc8bbf..ea07d80402a6 100644
> > --- a/block/Makefile
> > +++ b/block/Makefile
> > @@ -34,7 +34,7 @@ obj-$(CONFIG_BLK_DEV_ZONED)	+= blk-zoned.o
> >   obj-$(CONFIG_BLK_WBT)		+= blk-wbt.o
> >   obj-$(CONFIG_BLK_DEBUG_FS)	+= blk-mq-debugfs.o
> >   obj-$(CONFIG_BLK_DEBUG_FS_ZONED)+= blk-mq-debugfs-zoned.o
> > -obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o
> > +obj-$(CONFIG_BLK_SED_OPAL)	+= sed-opal.o sed-opal-key.o
> >   obj-$(CONFIG_BLK_PM)		+= blk-pm.o
> >   obj-$(CONFIG_BLK_INLINE_ENCRYPTION)	+= blk-crypto.o blk-
> > crypto-profile.o \
> >   					   blk-crypto-sysfs.o
> > diff --git a/block/sed-opal-key.c b/block/sed-opal-key.c
> > new file mode 100644
> > index 000000000000..16f380164c44
> > --- /dev/null
> > +++ b/block/sed-opal-key.c
> > @@ -0,0 +1,24 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +/*
> > + * SED key operations.
> > + *
> > + * Copyright (C) 2022 IBM Corporation
> > + *
> > + * These are the accessor functions (read/write) for SED Opal
> > + * keys. Specific keystores can provide overrides.
> > + *
> > + */
> > +
> > +#include <linux/kernel.h>
> > +#include <linux/errno.h>
> > +#include <linux/sed-opal-key.h>
> > +
> > +int __weak sed_read_key(char *keyname, char *key, u_int *keylen)
> > +{
> > +	return -EOPNOTSUPP;
> > +}
> > +
> > +int __weak sed_write_key(char *keyname, char *key, u_int keylen)
> > +{
> > +	return -EOPNOTSUPP;
> > +}
> 
> Hmm. We do have security/keys, which is using a 'struct key' for
> their operations.
> Why don't you leverage that structure?
> 
> Cheers,
> 
> Hannes

Thanks for the review Hannes. Are you referring to struct key in
linux/key.h? If so, that may a bit heavy for just specifying key data
and key length.

-Greg