mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-18 08:35:08 +08:00
block: sed-opal: keystore access for SED Opal keys
Allow for permanent SED authentication keys by reading/writing to the SED Opal non-volatile keystore. Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev> Link: https://lore.kernel.org/r/20231004201957.1451669-3-gjoyce@linux.vnet.ibm.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
This commit is contained in:
parent
96ff37ceb2
commit
5dd339722f
@ -18,6 +18,7 @@
|
||||
#include <linux/uaccess.h>
|
||||
#include <uapi/linux/sed-opal.h>
|
||||
#include <linux/sed-opal.h>
|
||||
#include <linux/sed-opal-key.h>
|
||||
#include <linux/string.h>
|
||||
#include <linux/kdev_t.h>
|
||||
#include <linux/key.h>
|
||||
@ -3019,7 +3020,13 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
/* update keyring with new password */
|
||||
/* update keyring and key store with new password */
|
||||
ret = sed_write_key(OPAL_AUTH_KEY,
|
||||
opal_pw->new_user_pw.opal_key.key,
|
||||
opal_pw->new_user_pw.opal_key.key_len);
|
||||
if (ret != -EOPNOTSUPP)
|
||||
pr_warn("error updating SED key: %d\n", ret);
|
||||
|
||||
ret = update_sed_opal_key(OPAL_AUTH_KEY,
|
||||
opal_pw->new_user_pw.opal_key.key,
|
||||
opal_pw->new_user_pw.opal_key.key_len);
|
||||
@ -3292,6 +3299,8 @@ EXPORT_SYMBOL_GPL(sed_ioctl);
|
||||
static int __init sed_opal_init(void)
|
||||
{
|
||||
struct key *kr;
|
||||
char init_sed_key[OPAL_KEY_MAX];
|
||||
int keylen = OPAL_KEY_MAX - 1;
|
||||
|
||||
kr = keyring_alloc(".sed_opal",
|
||||
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
|
||||
@ -3304,6 +3313,11 @@ static int __init sed_opal_init(void)
|
||||
|
||||
sed_opal_keyring = kr;
|
||||
|
||||
return 0;
|
||||
if (sed_read_key(OPAL_AUTH_KEY, init_sed_key, &keylen) < 0) {
|
||||
memset(init_sed_key, '\0', sizeof(init_sed_key));
|
||||
keylen = OPAL_KEY_MAX - 1;
|
||||
}
|
||||
|
||||
return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
|
||||
}
|
||||
late_initcall(sed_opal_init);
|
||||
|
Loading…
Reference in New Issue
Block a user