lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 25 Dec 2016 15:15:53 +0100
From:   Jethro Beekman <kernel@...ekman.nl>
To:     Scott Bauer <scott.bauer@...el.com>, linux-nvme@...ts.infradead.org
Cc:     Rafael.Antognolli@...el.com, axboe@...com, keith.busch@...el.com,
        jonathan.derrick@...el.com, viro@...iv.linux.org.uk,
        hch@...radead.org, linux-kernel@...r.kernel.org, sagi@...mberg.me
Subject: Re: [PATCH v3 1/5] include: Add definitions for sed

On 19-12-16 20:35, Scott Bauer wrote:
> diff --git a/include/linux/sed.h b/include/linux/sed.h
>
> +/*
> + * These constant values come from:
> + * TCG Storage Architecture Core Spec v2.01 r1
> + * Section: 3.3 Interface Communications
> + */
> +enum {
> +	TCG_SECP_00 = 0,

Protocol 0 is not defined by TCG. Perhaps you should reference SPC-4 section
6.30 SECURITY PROTOCOL IN command / table 265.

> diff --git a/include/uapi/linux/sed.h b/include/uapi/linux/sed.h
>
> +enum sed_key_type {
> +	OPAL,
> +	OPAL_PW,
> +	OPAL_ACT_USR,
> +	OPAL_LR_SETUP,
> +	OPAL_LOCK_UNLOCK,
> +	OPAL_MBR_DATA,
> +};
> +
> +struct sed_key {
> +	__u32 sed_type;
> +	union {
> +		struct opal_key            opal;
> +		struct opal_new_pw         opal_pw;
> +		struct opal_session_info   opal_session;
> +		struct opal_user_lr_setup  opal_lrs;
> +		struct opal_lock_unlock    opal_lk_unlk;
> +		struct opal_mbr_data       opal_mbr;
> +		/* additional command set key types */
> +	};
> +};
> +
> +#define IOC_SED_SAVE		   _IOW('p', 220, struct sed_key)
> +#define IOC_SED_LOCK_UNLOCK	   _IOW('p', 221, struct sed_key)
> +#define IOC_SED_TAKE_OWNERSHIP	   _IOW('p', 222, struct sed_key)
> +#define IOC_SED_ACTIVATE_LSP       _IOW('p', 223, struct sed_key)
> +#define IOC_SED_SET_PW             _IOW('p', 224, struct sed_key)
> +#define IOC_SED_ACTIVATE_USR       _IOW('p', 225, struct sed_key)
> +#define IOC_SED_REVERT_TPR         _IOW('p', 226, struct sed_key)
> +#define IOC_SED_LR_SETUP           _IOW('p', 227, struct sed_key)
> +#define IOC_SED_ADD_USR_TO_LR      _IOW('p', 228, struct sed_key)
> +#define IOC_SED_ENABLE_DISABLE_MBR _IOW('p', 229, struct sed_key)
> +#define IOC_SED_ERASE_LR           _IOW('p', 230, struct sed_key)
> +#define IOC_SED_SECURE_ERASE_LR    _IOW('p', 231, struct sed_key)

I'm slightly confused by the split between SED-generic and OPAL-specific files
here. Maybe I'm misunderstanding the intent of these ioctls. I think SED means
"possible any drive supporting the security command set". Therefore these
definitions (quoted) should have OPAL names and live in an OPAL header.

Jethro

Powered by blists - more mailing lists