2 * Copyright © 2016 Intel Corporation
5 * Scott Bauer <scott.bauer@intel.com>
6 * Rafael Antognolli <rafael.antognolli@intel.com>
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms and conditions of the GNU General Public License,
10 * version 2, as published by the Free Software Foundation.
12 * This program is distributed in the hope it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
18 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
20 #include <linux/delay.h>
21 #include <linux/device.h>
22 #include <linux/kernel.h>
23 #include <linux/list.h>
24 #include <linux/genhd.h>
25 #include <linux/slab.h>
26 #include <linux/uaccess.h>
27 #include <uapi/linux/sed-opal.h>
28 #include <linux/sed-opal.h>
29 #include <linux/string.h>
30 #include <linux/kdev_t.h>
32 #include "opal_proto.h"
34 #define IO_BUFFER_LENGTH 2048
37 typedef int (*opal_step)(struct opal_dev *dev);
39 enum opal_atom_width {
48 * On the parsed response, we don't store again the toks that are already
49 * stored in the response buffer. Instead, for each token, we just store a
50 * pointer to the position in the buffer where the token starts, and the size
51 * of the token in bytes.
53 struct opal_resp_tok {
56 enum opal_response_token type;
57 enum opal_atom_width width;
65 * From the response header it's not possible to know how many tokens there are
66 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
67 * if we start dealing with messages that have more than that, we can increase
68 * this number. This is done to avoid having to make two passes through the
69 * response, the first one counting how many tokens we have and the second one
70 * actually storing the positions.
74 struct opal_resp_tok toks[MAX_TOKS];
81 sec_send_recv *send_recv;
83 const opal_step *funcs;
86 struct mutex dev_lock;
94 u8 cmd[IO_BUFFER_LENGTH];
95 u8 resp[IO_BUFFER_LENGTH];
97 struct parsed_resp parsed;
101 struct list_head unlk_lst;
105 static const u8 opaluid[][OPAL_UID_LENGTH] = {
108 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
110 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
112 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
113 [OPAL_LOCKINGSP_UID] =
114 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
115 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
116 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
118 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
120 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
129 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
130 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
131 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
132 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
136 [OPAL_LOCKINGRANGE_GLOBAL] =
137 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
138 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
139 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
140 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
141 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
143 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
145 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
146 [OPAL_AUTHORITY_TABLE] =
147 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
149 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
150 [OPAL_LOCKING_INFO_TABLE] =
151 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
152 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
153 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
155 /* C_PIN_TABLE object ID's */
158 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
160 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
161 [OPAL_C_PIN_ADMIN1] =
162 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
164 /* half UID's (only first 4 bytes used) */
166 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
167 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
168 [OPAL_HALF_UID_BOOLEAN_ACE] =
169 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
171 /* special value for omitted optional parameter */
173 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
177 * TCG Storage SSC Methods.
178 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
179 * Section: 6.3 Assigned UIDs
181 static const u8 opalmethod[][OPAL_UID_LENGTH] = {
183 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
184 [OPAL_STARTSESSION] =
185 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
187 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
189 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
191 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
193 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
195 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
196 [OPAL_EAUTHENTICATE] =
197 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
199 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
201 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
203 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
205 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
207 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
208 [OPAL_AUTHENTICATE] =
209 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
211 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
213 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
216 typedef int (cont_fn)(struct opal_dev *dev);
218 static int end_opal_session_error(struct opal_dev *dev);
220 struct opal_suspend_data {
221 struct opal_lock_unlock unlk;
223 struct list_head node;
228 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
229 * Section: 5.1.5 Method Status Codes
231 static const char * const opal_errors[] = {
239 "No Sessions Available",
240 "Uniqueness Conflict",
241 "Insufficient Space",
248 "Transaction Failure",
250 "Authority Locked Out",
253 static const char *opal_error_to_human(int error)
258 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
259 return "Unknown Error";
261 return opal_errors[error];
264 static void print_buffer(const u8 *ptr, u32 length)
267 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
272 static bool check_tper(const void *data)
274 const struct d0_tper_features *tper = data;
275 u8 flags = tper->supported_features;
277 if (!(flags & TPER_SYNC_SUPPORTED)) {
278 pr_err("TPer sync not supported. flags = %d\n",
279 tper->supported_features);
286 static bool check_sum(const void *data)
288 const struct d0_single_user_mode *sum = data;
289 u32 nlo = be32_to_cpu(sum->num_locking_objects);
292 pr_err("Need at least one locking object.\n");
296 pr_debug("Number of locking objects: %d\n", nlo);
301 static u16 get_comid_v100(const void *data)
303 const struct d0_opal_v100 *v100 = data;
305 return be16_to_cpu(v100->baseComID);
308 static u16 get_comid_v200(const void *data)
310 const struct d0_opal_v200 *v200 = data;
312 return be16_to_cpu(v200->baseComID);
315 static int opal_send_cmd(struct opal_dev *dev)
317 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
318 dev->cmd, IO_BUFFER_LENGTH,
322 static int opal_recv_cmd(struct opal_dev *dev)
324 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
325 dev->resp, IO_BUFFER_LENGTH,
329 static int opal_recv_check(struct opal_dev *dev)
331 size_t buflen = IO_BUFFER_LENGTH;
332 void *buffer = dev->resp;
333 struct opal_header *hdr = buffer;
337 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
338 hdr->cp.outstandingData,
339 hdr->cp.minTransfer);
341 if (hdr->cp.outstandingData == 0 ||
342 hdr->cp.minTransfer != 0)
345 memset(buffer, 0, buflen);
346 ret = opal_recv_cmd(dev);
352 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
356 ret = opal_send_cmd(dev);
359 ret = opal_recv_cmd(dev);
362 ret = opal_recv_check(dev);
368 static void check_geometry(struct opal_dev *dev, const void *data)
370 const struct d0_geometry_features *geo = data;
372 dev->align = geo->alignment_granularity;
373 dev->lowest_lba = geo->lowest_aligned_lba;
376 static int next(struct opal_dev *dev)
382 func = dev->funcs[dev->state];
388 pr_err("Error on step function: %d with error %d: %s\n",
390 opal_error_to_human(error));
392 /* For each OPAL command we do a discovery0 then we
393 * start some sort of session.
394 * If we haven't passed state 1 then there was an error
395 * on discovery0 or during the attempt to start a
396 * session. Therefore we shouldn't attempt to terminate
397 * a session, as one has not yet been created.
400 return end_opal_session_error(dev);
408 static int opal_discovery0_end(struct opal_dev *dev)
410 bool found_com_id = false, supported = true, single_user = false;
411 const struct d0_header *hdr = (struct d0_header *)dev->resp;
412 const u8 *epos = dev->resp, *cpos = dev->resp;
415 print_buffer(dev->resp, be32_to_cpu(hdr->length));
417 epos += be32_to_cpu(hdr->length); /* end of buffer */
418 cpos += sizeof(*hdr); /* current position on buffer */
420 while (cpos < epos && supported) {
421 const struct d0_features *body =
422 (const struct d0_features *)cpos;
424 switch (be16_to_cpu(body->code)) {
426 supported = check_tper(body->features);
429 single_user = check_sum(body->features);
432 check_geometry(dev, body);
437 /* some ignored properties */
438 pr_debug("Found OPAL feature description: %d\n",
439 be16_to_cpu(body->code));
442 comid = get_comid_v100(body->features);
446 comid = get_comid_v200(body->features);
449 case 0xbfff ... 0xffff:
450 /* vendor specific, just ignore */
453 pr_debug("OPAL Unknown feature: %d\n",
454 be16_to_cpu(body->code));
457 cpos += body->length + 4;
461 pr_debug("This device is not Opal enabled. Not Supported!\n");
466 pr_debug("Device doesn't support single user mode\n");
470 pr_debug("Could not find OPAL comid for device. Returning early\n");
479 static int opal_discovery0(struct opal_dev *dev)
483 memset(dev->resp, 0, IO_BUFFER_LENGTH);
484 dev->comid = OPAL_DISCOVERY_COMID;
485 ret = opal_recv_cmd(dev);
488 return opal_discovery0_end(dev);
491 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
495 if (cmd->pos >= IO_BUFFER_LENGTH - 1) {
496 pr_err("Error adding u8: end of buffer.\n");
500 cmd->cmd[cmd->pos++] = tok;
503 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
504 bool has_sign, int len)
509 atom = SHORT_ATOM_ID;
510 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
511 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
512 atom |= len & SHORT_ATOM_LEN_MASK;
514 add_token_u8(&err, cmd, atom);
517 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
518 bool has_sign, int len)
522 header0 = MEDIUM_ATOM_ID;
523 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
524 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
525 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
526 cmd->cmd[cmd->pos++] = header0;
527 cmd->cmd[cmd->pos++] = len;
530 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
537 if (!(number & ~TINY_ATOM_DATA_MASK)) {
538 add_token_u8(err, cmd, number);
543 len = DIV_ROUND_UP(msb, 4);
545 if (cmd->pos >= IO_BUFFER_LENGTH - len - 1) {
546 pr_err("Error adding u64: end of buffer.\n");
550 add_short_atom_header(cmd, false, false, len);
552 n = number >> (len * 8);
553 add_token_u8(err, cmd, n);
557 static void add_token_bytestring(int *err, struct opal_dev *cmd,
558 const u8 *bytestring, size_t len)
560 size_t header_len = 1;
561 bool is_short_atom = true;
566 if (len & ~SHORT_ATOM_LEN_MASK) {
568 is_short_atom = false;
571 if (len >= IO_BUFFER_LENGTH - cmd->pos - header_len) {
572 pr_err("Error adding bytestring: end of buffer.\n");
578 add_short_atom_header(cmd, true, false, len);
580 add_medium_atom_header(cmd, true, false, len);
582 memcpy(&cmd->cmd[cmd->pos], bytestring, len);
587 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
589 if (length > OPAL_UID_LENGTH) {
590 pr_err("Can't build locking range. Length OOB\n");
594 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
598 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
604 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
606 if (length > OPAL_UID_LENGTH) {
607 pr_err("Can't build locking range user, Length OOB\n");
611 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
618 static void set_comid(struct opal_dev *cmd, u16 comid)
620 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
622 hdr->cp.extendedComID[0] = comid >> 8;
623 hdr->cp.extendedComID[1] = comid;
624 hdr->cp.extendedComID[2] = 0;
625 hdr->cp.extendedComID[3] = 0;
628 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
630 struct opal_header *hdr;
633 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
634 add_token_u8(&err, cmd, OPAL_STARTLIST);
635 add_token_u8(&err, cmd, 0);
636 add_token_u8(&err, cmd, 0);
637 add_token_u8(&err, cmd, 0);
638 add_token_u8(&err, cmd, OPAL_ENDLIST);
641 pr_err("Error finalizing command.\n");
645 hdr = (struct opal_header *) cmd->cmd;
647 hdr->pkt.tsn = cpu_to_be32(tsn);
648 hdr->pkt.hsn = cpu_to_be32(hsn);
650 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
651 while (cmd->pos % 4) {
652 if (cmd->pos >= IO_BUFFER_LENGTH) {
653 pr_err("Error: Buffer overrun\n");
656 cmd->cmd[cmd->pos++] = 0;
658 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
660 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
665 static enum opal_response_token token_type(const struct parsed_resp *resp,
668 const struct opal_resp_tok *tok;
670 if (n >= resp->num) {
671 pr_err("Token number doesn't exist: %d, resp: %d\n",
673 return OPAL_DTA_TOKENID_INVALID;
676 tok = &resp->toks[n];
678 pr_err("Token length must be non-zero\n");
679 return OPAL_DTA_TOKENID_INVALID;
686 * This function returns 0 in case of invalid token. One should call
687 * token_type() first to find out if the token is valid or not.
689 static enum opal_token response_get_token(const struct parsed_resp *resp,
692 const struct opal_resp_tok *tok;
694 if (n >= resp->num) {
695 pr_err("Token number doesn't exist: %d, resp: %d\n",
700 tok = &resp->toks[n];
702 pr_err("Token length must be non-zero\n");
709 static size_t response_parse_tiny(struct opal_resp_tok *tok,
714 tok->width = OPAL_WIDTH_TINY;
716 if (pos[0] & TINY_ATOM_SIGNED) {
717 tok->type = OPAL_DTA_TOKENID_SINT;
719 tok->type = OPAL_DTA_TOKENID_UINT;
720 tok->stored.u = pos[0] & 0x3f;
726 static size_t response_parse_short(struct opal_resp_tok *tok,
730 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
731 tok->width = OPAL_WIDTH_SHORT;
733 if (pos[0] & SHORT_ATOM_BYTESTRING) {
734 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
735 } else if (pos[0] & SHORT_ATOM_SIGNED) {
736 tok->type = OPAL_DTA_TOKENID_SINT;
741 tok->type = OPAL_DTA_TOKENID_UINT;
743 pr_warn("uint64 with more than 8 bytes\n");
746 for (i = tok->len - 1; i > 0; i--) {
747 u_integer |= ((u64)pos[i] << (8 * b));
750 tok->stored.u = u_integer;
756 static size_t response_parse_medium(struct opal_resp_tok *tok,
760 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
761 tok->width = OPAL_WIDTH_MEDIUM;
763 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
764 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
765 else if (pos[0] & MEDIUM_ATOM_SIGNED)
766 tok->type = OPAL_DTA_TOKENID_SINT;
768 tok->type = OPAL_DTA_TOKENID_UINT;
773 static size_t response_parse_long(struct opal_resp_tok *tok,
777 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
778 tok->width = OPAL_WIDTH_LONG;
780 if (pos[0] & LONG_ATOM_BYTESTRING)
781 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
782 else if (pos[0] & LONG_ATOM_SIGNED)
783 tok->type = OPAL_DTA_TOKENID_SINT;
785 tok->type = OPAL_DTA_TOKENID_UINT;
790 static size_t response_parse_token(struct opal_resp_tok *tok,
795 tok->type = OPAL_DTA_TOKENID_TOKEN;
796 tok->width = OPAL_WIDTH_TOKEN;
801 static int response_parse(const u8 *buf, size_t length,
802 struct parsed_resp *resp)
804 const struct opal_header *hdr;
805 struct opal_resp_tok *iter;
817 hdr = (struct opal_header *)buf;
821 pr_debug("Response size: cp: %d, pkt: %d, subpkt: %d\n",
822 be32_to_cpu(hdr->cp.length),
823 be32_to_cpu(hdr->pkt.length),
824 be32_to_cpu(hdr->subpkt.length));
826 if (hdr->cp.length == 0 || hdr->pkt.length == 0 ||
827 hdr->subpkt.length == 0) {
828 pr_err("Bad header length. cp: %d, pkt: %d, subpkt: %d\n",
829 be32_to_cpu(hdr->cp.length),
830 be32_to_cpu(hdr->pkt.length),
831 be32_to_cpu(hdr->subpkt.length));
832 print_buffer(pos, sizeof(*hdr));
836 if (pos > buf + length)
840 total = be32_to_cpu(hdr->subpkt.length);
841 print_buffer(pos, total);
843 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
844 token_length = response_parse_tiny(iter, pos);
845 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
846 token_length = response_parse_short(iter, pos);
847 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
848 token_length = response_parse_medium(iter, pos);
849 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
850 token_length = response_parse_long(iter, pos);
852 token_length = response_parse_token(iter, pos);
854 if (token_length == -EINVAL)
858 total -= token_length;
863 if (num_entries == 0) {
864 pr_err("Couldn't parse response.\n");
867 resp->num = num_entries;
872 static size_t response_get_string(const struct parsed_resp *resp, int n,
877 pr_err("Response is NULL\n");
882 pr_err("Response has %d tokens. Can't access %d\n",
887 if (resp->toks[n].type != OPAL_DTA_TOKENID_BYTESTRING) {
888 pr_err("Token is not a byte string!\n");
892 *store = resp->toks[n].pos + 1;
893 return resp->toks[n].len - 1;
896 static u64 response_get_u64(const struct parsed_resp *resp, int n)
899 pr_err("Response is NULL\n");
904 pr_err("Response has %d tokens. Can't access %d\n",
909 if (resp->toks[n].type != OPAL_DTA_TOKENID_UINT) {
910 pr_err("Token is not unsigned it: %d\n",
915 if (!(resp->toks[n].width == OPAL_WIDTH_TINY ||
916 resp->toks[n].width == OPAL_WIDTH_SHORT)) {
917 pr_err("Atom is not short or tiny: %d\n",
918 resp->toks[n].width);
922 return resp->toks[n].stored.u;
925 static u8 response_status(const struct parsed_resp *resp)
927 if (token_type(resp, 0) == OPAL_DTA_TOKENID_TOKEN &&
928 response_get_token(resp, 0) == OPAL_ENDOFSESSION) {
933 return DTAERROR_NO_METHOD_STATUS;
935 if (token_type(resp, resp->num - 1) != OPAL_DTA_TOKENID_TOKEN ||
936 token_type(resp, resp->num - 5) != OPAL_DTA_TOKENID_TOKEN ||
937 response_get_token(resp, resp->num - 1) != OPAL_ENDLIST ||
938 response_get_token(resp, resp->num - 5) != OPAL_STARTLIST)
939 return DTAERROR_NO_METHOD_STATUS;
941 return response_get_u64(resp, resp->num - 4);
944 /* Parses and checks for errors */
945 static int parse_and_check_status(struct opal_dev *dev)
949 print_buffer(dev->cmd, dev->pos);
951 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
953 pr_err("Couldn't parse response.\n");
957 return response_status(&dev->parsed);
960 static void clear_opal_cmd(struct opal_dev *dev)
962 dev->pos = sizeof(struct opal_header);
963 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
966 static int start_opal_session_cont(struct opal_dev *dev)
971 error = parse_and_check_status(dev);
975 hsn = response_get_u64(&dev->parsed, 4);
976 tsn = response_get_u64(&dev->parsed, 5);
978 if (hsn == 0 && tsn == 0) {
979 pr_err("Couldn't authenticate session\n");
988 static void add_suspend_info(struct opal_dev *dev,
989 struct opal_suspend_data *sus)
991 struct opal_suspend_data *iter;
993 list_for_each_entry(iter, &dev->unlk_lst, node) {
994 if (iter->lr == sus->lr) {
995 list_del(&iter->node);
1000 list_add_tail(&sus->node, &dev->unlk_lst);
1003 static int end_session_cont(struct opal_dev *dev)
1007 return parse_and_check_status(dev);
1010 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1014 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1016 pr_err("Error finalizing command buffer: %d\n", ret);
1020 print_buffer(dev->cmd, dev->pos);
1022 return opal_send_recv(dev, cont);
1025 static int gen_key(struct opal_dev *dev)
1028 u8 uid[OPAL_UID_LENGTH];
1031 clear_opal_cmd(dev);
1032 set_comid(dev, dev->comid);
1034 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1035 method = opalmethod[OPAL_GENKEY];
1036 kfree(dev->prev_data);
1037 dev->prev_data = NULL;
1039 add_token_u8(&err, dev, OPAL_CALL);
1040 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1041 add_token_bytestring(&err, dev, opalmethod[OPAL_GENKEY],
1043 add_token_u8(&err, dev, OPAL_STARTLIST);
1044 add_token_u8(&err, dev, OPAL_ENDLIST);
1047 pr_err("Error building gen key command\n");
1051 return finalize_and_send(dev, parse_and_check_status);
1054 static int get_active_key_cont(struct opal_dev *dev)
1056 const char *activekey;
1060 error = parse_and_check_status(dev);
1063 keylen = response_get_string(&dev->parsed, 4, &activekey);
1065 pr_err("%s: Couldn't extract the Activekey from the response\n",
1067 return OPAL_INVAL_PARAM;
1069 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1071 if (!dev->prev_data)
1074 dev->prev_d_len = keylen;
1079 static int get_active_key(struct opal_dev *dev)
1081 u8 uid[OPAL_UID_LENGTH];
1085 clear_opal_cmd(dev);
1086 set_comid(dev, dev->comid);
1087 lr = dev->func_data[dev->state];
1089 err = build_locking_range(uid, sizeof(uid), *lr);
1094 add_token_u8(&err, dev, OPAL_CALL);
1095 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1096 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1097 add_token_u8(&err, dev, OPAL_STARTLIST);
1098 add_token_u8(&err, dev, OPAL_STARTLIST);
1099 add_token_u8(&err, dev, OPAL_STARTNAME);
1100 add_token_u8(&err, dev, 3); /* startCloumn */
1101 add_token_u8(&err, dev, 10); /* ActiveKey */
1102 add_token_u8(&err, dev, OPAL_ENDNAME);
1103 add_token_u8(&err, dev, OPAL_STARTNAME);
1104 add_token_u8(&err, dev, 4); /* endColumn */
1105 add_token_u8(&err, dev, 10); /* ActiveKey */
1106 add_token_u8(&err, dev, OPAL_ENDNAME);
1107 add_token_u8(&err, dev, OPAL_ENDLIST);
1108 add_token_u8(&err, dev, OPAL_ENDLIST);
1110 pr_err("Error building get active key command\n");
1114 return finalize_and_send(dev, get_active_key_cont);
1117 static int generic_lr_enable_disable(struct opal_dev *dev,
1118 u8 *uid, bool rle, bool wle,
1123 add_token_u8(&err, dev, OPAL_CALL);
1124 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1125 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1127 add_token_u8(&err, dev, OPAL_STARTLIST);
1128 add_token_u8(&err, dev, OPAL_STARTNAME);
1129 add_token_u8(&err, dev, OPAL_VALUES);
1130 add_token_u8(&err, dev, OPAL_STARTLIST);
1132 add_token_u8(&err, dev, OPAL_STARTNAME);
1133 add_token_u8(&err, dev, 5); /* ReadLockEnabled */
1134 add_token_u8(&err, dev, rle);
1135 add_token_u8(&err, dev, OPAL_ENDNAME);
1137 add_token_u8(&err, dev, OPAL_STARTNAME);
1138 add_token_u8(&err, dev, 6); /* WriteLockEnabled */
1139 add_token_u8(&err, dev, wle);
1140 add_token_u8(&err, dev, OPAL_ENDNAME);
1142 add_token_u8(&err, dev, OPAL_STARTNAME);
1143 add_token_u8(&err, dev, OPAL_READLOCKED);
1144 add_token_u8(&err, dev, rl);
1145 add_token_u8(&err, dev, OPAL_ENDNAME);
1147 add_token_u8(&err, dev, OPAL_STARTNAME);
1148 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1149 add_token_u8(&err, dev, wl);
1150 add_token_u8(&err, dev, OPAL_ENDNAME);
1152 add_token_u8(&err, dev, OPAL_ENDLIST);
1153 add_token_u8(&err, dev, OPAL_ENDNAME);
1154 add_token_u8(&err, dev, OPAL_ENDLIST);
1158 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1159 struct opal_user_lr_setup *setup)
1163 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1166 pr_err("Failed to create enable global lr command\n");
1170 static int setup_locking_range(struct opal_dev *dev)
1172 u8 uid[OPAL_UID_LENGTH];
1173 struct opal_user_lr_setup *setup;
1177 clear_opal_cmd(dev);
1178 set_comid(dev, dev->comid);
1180 setup = dev->func_data[dev->state];
1181 lr = setup->session.opal_key.lr;
1182 err = build_locking_range(uid, sizeof(uid), lr);
1187 err = enable_global_lr(dev, uid, setup);
1189 add_token_u8(&err, dev, OPAL_CALL);
1190 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1191 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1194 add_token_u8(&err, dev, OPAL_STARTLIST);
1195 add_token_u8(&err, dev, OPAL_STARTNAME);
1196 add_token_u8(&err, dev, OPAL_VALUES);
1197 add_token_u8(&err, dev, OPAL_STARTLIST);
1199 add_token_u8(&err, dev, OPAL_STARTNAME);
1200 add_token_u8(&err, dev, 3); /* Ranges Start */
1201 add_token_u64(&err, dev, setup->range_start);
1202 add_token_u8(&err, dev, OPAL_ENDNAME);
1204 add_token_u8(&err, dev, OPAL_STARTNAME);
1205 add_token_u8(&err, dev, 4); /* Ranges length */
1206 add_token_u64(&err, dev, setup->range_length);
1207 add_token_u8(&err, dev, OPAL_ENDNAME);
1209 add_token_u8(&err, dev, OPAL_STARTNAME);
1210 add_token_u8(&err, dev, 5); /*ReadLockEnabled */
1211 add_token_u64(&err, dev, !!setup->RLE);
1212 add_token_u8(&err, dev, OPAL_ENDNAME);
1214 add_token_u8(&err, dev, OPAL_STARTNAME);
1215 add_token_u8(&err, dev, 6); /*WriteLockEnabled*/
1216 add_token_u64(&err, dev, !!setup->WLE);
1217 add_token_u8(&err, dev, OPAL_ENDNAME);
1219 add_token_u8(&err, dev, OPAL_ENDLIST);
1220 add_token_u8(&err, dev, OPAL_ENDNAME);
1221 add_token_u8(&err, dev, OPAL_ENDLIST);
1225 pr_err("Error building Setup Locking range command.\n");
1230 return finalize_and_send(dev, parse_and_check_status);
1233 static int start_generic_opal_session(struct opal_dev *dev,
1235 enum opal_uid sp_type,
1242 if (key == NULL && auth != OPAL_ANYBODY_UID) {
1243 pr_err("%s: Attempted to open ADMIN_SP Session without a Host" \
1244 "Challenge, and not as the Anybody UID\n", __func__);
1245 return OPAL_INVAL_PARAM;
1248 clear_opal_cmd(dev);
1250 set_comid(dev, dev->comid);
1251 hsn = GENERIC_HOST_SESSION_NUM;
1253 add_token_u8(&err, dev, OPAL_CALL);
1254 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1256 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1258 add_token_u8(&err, dev, OPAL_STARTLIST);
1259 add_token_u64(&err, dev, hsn);
1260 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1261 add_token_u8(&err, dev, 1);
1264 case OPAL_ANYBODY_UID:
1265 add_token_u8(&err, dev, OPAL_ENDLIST);
1267 case OPAL_ADMIN1_UID:
1269 add_token_u8(&err, dev, OPAL_STARTNAME);
1270 add_token_u8(&err, dev, 0); /* HostChallenge */
1271 add_token_bytestring(&err, dev, key, key_len);
1272 add_token_u8(&err, dev, OPAL_ENDNAME);
1273 add_token_u8(&err, dev, OPAL_STARTNAME);
1274 add_token_u8(&err, dev, 3); /* HostSignAuth */
1275 add_token_bytestring(&err, dev, opaluid[auth],
1277 add_token_u8(&err, dev, OPAL_ENDNAME);
1278 add_token_u8(&err, dev, OPAL_ENDLIST);
1281 pr_err("Cannot start Admin SP session with auth %d\n", auth);
1282 return OPAL_INVAL_PARAM;
1286 pr_err("Error building start adminsp session command.\n");
1290 return finalize_and_send(dev, start_opal_session_cont);
1293 static int start_anybodyASP_opal_session(struct opal_dev *dev)
1295 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1296 OPAL_ADMINSP_UID, NULL, 0);
1299 static int start_SIDASP_opal_session(struct opal_dev *dev)
1302 const u8 *key = dev->prev_data;
1303 struct opal_key *okey;
1306 okey = dev->func_data[dev->state];
1307 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1312 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1314 key, dev->prev_d_len);
1316 dev->prev_data = NULL;
1321 static inline int start_admin1LSP_opal_session(struct opal_dev *dev)
1323 struct opal_key *key = dev->func_data[dev->state];
1325 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1327 key->key, key->key_len);
1330 static int start_auth_opal_session(struct opal_dev *dev)
1332 u8 lk_ul_user[OPAL_UID_LENGTH];
1335 struct opal_session_info *session = dev->func_data[dev->state];
1336 size_t keylen = session->opal_key.key_len;
1337 u8 *key = session->opal_key.key;
1338 u32 hsn = GENERIC_HOST_SESSION_NUM;
1340 clear_opal_cmd(dev);
1341 set_comid(dev, dev->comid);
1344 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1345 session->opal_key.lr);
1349 } else if (session->who != OPAL_ADMIN1 && !session->sum) {
1350 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1355 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1357 add_token_u8(&err, dev, OPAL_CALL);
1358 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1360 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1363 add_token_u8(&err, dev, OPAL_STARTLIST);
1364 add_token_u64(&err, dev, hsn);
1365 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1367 add_token_u8(&err, dev, 1);
1368 add_token_u8(&err, dev, OPAL_STARTNAME);
1369 add_token_u8(&err, dev, 0);
1370 add_token_bytestring(&err, dev, key, keylen);
1371 add_token_u8(&err, dev, OPAL_ENDNAME);
1372 add_token_u8(&err, dev, OPAL_STARTNAME);
1373 add_token_u8(&err, dev, 3);
1374 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1375 add_token_u8(&err, dev, OPAL_ENDNAME);
1376 add_token_u8(&err, dev, OPAL_ENDLIST);
1379 pr_err("Error building STARTSESSION command.\n");
1383 return finalize_and_send(dev, start_opal_session_cont);
1386 static int revert_tper(struct opal_dev *dev)
1390 clear_opal_cmd(dev);
1391 set_comid(dev, dev->comid);
1393 add_token_u8(&err, dev, OPAL_CALL);
1394 add_token_bytestring(&err, dev, opaluid[OPAL_ADMINSP_UID],
1396 add_token_bytestring(&err, dev, opalmethod[OPAL_REVERT],
1398 add_token_u8(&err, dev, OPAL_STARTLIST);
1399 add_token_u8(&err, dev, OPAL_ENDLIST);
1401 pr_err("Error building REVERT TPER command.\n");
1405 return finalize_and_send(dev, parse_and_check_status);
1408 static int internal_activate_user(struct opal_dev *dev)
1410 struct opal_session_info *session = dev->func_data[dev->state];
1411 u8 uid[OPAL_UID_LENGTH];
1414 clear_opal_cmd(dev);
1415 set_comid(dev, dev->comid);
1417 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1418 uid[7] = session->who;
1420 add_token_u8(&err, dev, OPAL_CALL);
1421 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1422 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1423 add_token_u8(&err, dev, OPAL_STARTLIST);
1424 add_token_u8(&err, dev, OPAL_STARTNAME);
1425 add_token_u8(&err, dev, OPAL_VALUES);
1426 add_token_u8(&err, dev, OPAL_STARTLIST);
1427 add_token_u8(&err, dev, OPAL_STARTNAME);
1428 add_token_u8(&err, dev, 5); /* Enabled */
1429 add_token_u8(&err, dev, OPAL_TRUE);
1430 add_token_u8(&err, dev, OPAL_ENDNAME);
1431 add_token_u8(&err, dev, OPAL_ENDLIST);
1432 add_token_u8(&err, dev, OPAL_ENDNAME);
1433 add_token_u8(&err, dev, OPAL_ENDLIST);
1436 pr_err("Error building Activate UserN command.\n");
1440 return finalize_and_send(dev, parse_and_check_status);
1443 static int erase_locking_range(struct opal_dev *dev)
1445 struct opal_session_info *session;
1446 u8 uid[OPAL_UID_LENGTH];
1449 clear_opal_cmd(dev);
1450 set_comid(dev, dev->comid);
1451 session = dev->func_data[dev->state];
1453 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1456 add_token_u8(&err, dev, OPAL_CALL);
1457 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1458 add_token_bytestring(&err, dev, opalmethod[OPAL_ERASE],
1460 add_token_u8(&err, dev, OPAL_STARTLIST);
1461 add_token_u8(&err, dev, OPAL_ENDLIST);
1464 pr_err("Error building Erase Locking Range Command.\n");
1467 return finalize_and_send(dev, parse_and_check_status);
1470 static int set_mbr_done(struct opal_dev *dev)
1472 u8 mbr_done_tf = *(u8 *)dev->func_data[dev->state];
1475 clear_opal_cmd(dev);
1476 set_comid(dev, dev->comid);
1478 add_token_u8(&err, dev, OPAL_CALL);
1479 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1481 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1482 add_token_u8(&err, dev, OPAL_STARTLIST);
1483 add_token_u8(&err, dev, OPAL_STARTNAME);
1484 add_token_u8(&err, dev, OPAL_VALUES);
1485 add_token_u8(&err, dev, OPAL_STARTLIST);
1486 add_token_u8(&err, dev, OPAL_STARTNAME);
1487 add_token_u8(&err, dev, 2); /* Done */
1488 add_token_u8(&err, dev, mbr_done_tf); /* Done T or F */
1489 add_token_u8(&err, dev, OPAL_ENDNAME);
1490 add_token_u8(&err, dev, OPAL_ENDLIST);
1491 add_token_u8(&err, dev, OPAL_ENDNAME);
1492 add_token_u8(&err, dev, OPAL_ENDLIST);
1495 pr_err("Error Building set MBR Done command\n");
1499 return finalize_and_send(dev, parse_and_check_status);
1502 static int set_mbr_enable_disable(struct opal_dev *dev)
1504 u8 mbr_en_dis = *(u8 *)dev->func_data[dev->state];
1507 clear_opal_cmd(dev);
1508 set_comid(dev, dev->comid);
1510 add_token_u8(&err, dev, OPAL_CALL);
1511 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1513 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1514 add_token_u8(&err, dev, OPAL_STARTLIST);
1515 add_token_u8(&err, dev, OPAL_STARTNAME);
1516 add_token_u8(&err, dev, OPAL_VALUES);
1517 add_token_u8(&err, dev, OPAL_STARTLIST);
1518 add_token_u8(&err, dev, OPAL_STARTNAME);
1519 add_token_u8(&err, dev, 1);
1520 add_token_u8(&err, dev, mbr_en_dis);
1521 add_token_u8(&err, dev, OPAL_ENDNAME);
1522 add_token_u8(&err, dev, OPAL_ENDLIST);
1523 add_token_u8(&err, dev, OPAL_ENDNAME);
1524 add_token_u8(&err, dev, OPAL_ENDLIST);
1527 pr_err("Error Building set MBR done command\n");
1531 return finalize_and_send(dev, parse_and_check_status);
1534 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1535 struct opal_dev *dev)
1539 clear_opal_cmd(dev);
1540 set_comid(dev, dev->comid);
1542 add_token_u8(&err, dev, OPAL_CALL);
1543 add_token_bytestring(&err, dev, cpin_uid, OPAL_UID_LENGTH);
1544 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1546 add_token_u8(&err, dev, OPAL_STARTLIST);
1547 add_token_u8(&err, dev, OPAL_STARTNAME);
1548 add_token_u8(&err, dev, OPAL_VALUES);
1549 add_token_u8(&err, dev, OPAL_STARTLIST);
1550 add_token_u8(&err, dev, OPAL_STARTNAME);
1551 add_token_u8(&err, dev, 3); /* PIN */
1552 add_token_bytestring(&err, dev, key, key_len);
1553 add_token_u8(&err, dev, OPAL_ENDNAME);
1554 add_token_u8(&err, dev, OPAL_ENDLIST);
1555 add_token_u8(&err, dev, OPAL_ENDNAME);
1556 add_token_u8(&err, dev, OPAL_ENDLIST);
1561 static int set_new_pw(struct opal_dev *dev)
1563 u8 cpin_uid[OPAL_UID_LENGTH];
1564 struct opal_session_info *usr = dev->func_data[dev->state];
1567 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1569 if (usr->who != OPAL_ADMIN1) {
1572 cpin_uid[7] = usr->opal_key.lr + 1;
1574 cpin_uid[7] = usr->who;
1577 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1579 pr_err("Error building set password command.\n");
1583 return finalize_and_send(dev, parse_and_check_status);
1586 static int set_sid_cpin_pin(struct opal_dev *dev)
1588 u8 cpin_uid[OPAL_UID_LENGTH];
1589 struct opal_key *key = dev->func_data[dev->state];
1591 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1593 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1594 pr_err("Error building Set SID cpin\n");
1597 return finalize_and_send(dev, parse_and_check_status);
1600 static int add_user_to_lr(struct opal_dev *dev)
1602 u8 lr_buffer[OPAL_UID_LENGTH];
1603 u8 user_uid[OPAL_UID_LENGTH];
1604 struct opal_lock_unlock *lkul;
1607 clear_opal_cmd(dev);
1608 set_comid(dev, dev->comid);
1610 lkul = dev->func_data[dev->state];
1612 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1615 if (lkul->l_state == OPAL_RW)
1616 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1619 lr_buffer[7] = lkul->session.opal_key.lr;
1621 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1623 user_uid[7] = lkul->session.who;
1625 add_token_u8(&err, dev, OPAL_CALL);
1626 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1627 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1630 add_token_u8(&err, dev, OPAL_STARTLIST);
1631 add_token_u8(&err, dev, OPAL_STARTNAME);
1632 add_token_u8(&err, dev, OPAL_VALUES);
1634 add_token_u8(&err, dev, OPAL_STARTLIST);
1635 add_token_u8(&err, dev, OPAL_STARTNAME);
1636 add_token_u8(&err, dev, 3);
1638 add_token_u8(&err, dev, OPAL_STARTLIST);
1641 add_token_u8(&err, dev, OPAL_STARTNAME);
1642 add_token_bytestring(&err, dev,
1643 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1645 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1646 add_token_u8(&err, dev, OPAL_ENDNAME);
1649 add_token_u8(&err, dev, OPAL_STARTNAME);
1650 add_token_bytestring(&err, dev,
1651 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1653 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1654 add_token_u8(&err, dev, OPAL_ENDNAME);
1657 add_token_u8(&err, dev, OPAL_STARTNAME);
1658 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1660 add_token_u8(&err, dev, 1);
1661 add_token_u8(&err, dev, OPAL_ENDNAME);
1664 add_token_u8(&err, dev, OPAL_ENDLIST);
1665 add_token_u8(&err, dev, OPAL_ENDNAME);
1666 add_token_u8(&err, dev, OPAL_ENDLIST);
1667 add_token_u8(&err, dev, OPAL_ENDNAME);
1668 add_token_u8(&err, dev, OPAL_ENDLIST);
1671 pr_err("Error building add user to locking range command.\n");
1675 return finalize_and_send(dev, parse_and_check_status);
1678 static int lock_unlock_locking_range(struct opal_dev *dev)
1680 u8 lr_buffer[OPAL_UID_LENGTH];
1682 struct opal_lock_unlock *lkul;
1683 u8 read_locked = 1, write_locked = 1;
1686 clear_opal_cmd(dev);
1687 set_comid(dev, dev->comid);
1689 method = opalmethod[OPAL_SET];
1690 lkul = dev->func_data[dev->state];
1691 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1692 lkul->session.opal_key.lr) < 0)
1695 switch (lkul->l_state) {
1705 /* vars are initalized to locked */
1708 pr_err("Tried to set an invalid locking state... returning to uland\n");
1709 return OPAL_INVAL_PARAM;
1712 add_token_u8(&err, dev, OPAL_CALL);
1713 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1714 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1715 add_token_u8(&err, dev, OPAL_STARTLIST);
1716 add_token_u8(&err, dev, OPAL_STARTNAME);
1717 add_token_u8(&err, dev, OPAL_VALUES);
1718 add_token_u8(&err, dev, OPAL_STARTLIST);
1720 add_token_u8(&err, dev, OPAL_STARTNAME);
1721 add_token_u8(&err, dev, OPAL_READLOCKED);
1722 add_token_u8(&err, dev, read_locked);
1723 add_token_u8(&err, dev, OPAL_ENDNAME);
1725 add_token_u8(&err, dev, OPAL_STARTNAME);
1726 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1727 add_token_u8(&err, dev, write_locked);
1728 add_token_u8(&err, dev, OPAL_ENDNAME);
1730 add_token_u8(&err, dev, OPAL_ENDLIST);
1731 add_token_u8(&err, dev, OPAL_ENDNAME);
1732 add_token_u8(&err, dev, OPAL_ENDLIST);
1735 pr_err("Error building SET command.\n");
1738 return finalize_and_send(dev, parse_and_check_status);
1742 static int lock_unlock_locking_range_sum(struct opal_dev *dev)
1744 u8 lr_buffer[OPAL_UID_LENGTH];
1745 u8 read_locked = 1, write_locked = 1;
1747 struct opal_lock_unlock *lkul;
1750 clear_opal_cmd(dev);
1751 set_comid(dev, dev->comid);
1753 method = opalmethod[OPAL_SET];
1754 lkul = dev->func_data[dev->state];
1755 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1756 lkul->session.opal_key.lr) < 0)
1759 switch (lkul->l_state) {
1769 /* vars are initalized to locked */
1772 pr_err("Tried to set an invalid locking state.\n");
1773 return OPAL_INVAL_PARAM;
1775 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1776 read_locked, write_locked);
1779 pr_err("Error building SET command.\n");
1782 return finalize_and_send(dev, parse_and_check_status);
1785 static int activate_lsp(struct opal_dev *dev)
1787 struct opal_lr_act *opal_act;
1788 u8 user_lr[OPAL_UID_LENGTH];
1792 clear_opal_cmd(dev);
1793 set_comid(dev, dev->comid);
1795 opal_act = dev->func_data[dev->state];
1797 add_token_u8(&err, dev, OPAL_CALL);
1798 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1800 add_token_bytestring(&err, dev, opalmethod[OPAL_ACTIVATE],
1804 if (opal_act->sum) {
1805 err = build_locking_range(user_lr, sizeof(user_lr),
1810 add_token_u8(&err, dev, OPAL_STARTLIST);
1811 add_token_u8(&err, dev, OPAL_STARTNAME);
1812 add_token_u8(&err, dev, uint_3);
1813 add_token_u8(&err, dev, 6);
1814 add_token_u8(&err, dev, 0);
1815 add_token_u8(&err, dev, 0);
1817 add_token_u8(&err, dev, OPAL_STARTLIST);
1818 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1819 for (i = 1; i < opal_act->num_lrs; i++) {
1820 user_lr[7] = opal_act->lr[i];
1821 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1823 add_token_u8(&err, dev, OPAL_ENDLIST);
1824 add_token_u8(&err, dev, OPAL_ENDNAME);
1825 add_token_u8(&err, dev, OPAL_ENDLIST);
1828 add_token_u8(&err, dev, OPAL_STARTLIST);
1829 add_token_u8(&err, dev, OPAL_ENDLIST);
1833 pr_err("Error building Activate LockingSP command.\n");
1837 return finalize_and_send(dev, parse_and_check_status);
1840 static int get_lsp_lifecycle_cont(struct opal_dev *dev)
1845 error = parse_and_check_status(dev);
1849 lc_status = response_get_u64(&dev->parsed, 4);
1850 /* 0x08 is Manufacured Inactive */
1851 /* 0x09 is Manufactured */
1852 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1853 pr_err("Couldn't determine the status of the Lifcycle state\n");
1860 /* Determine if we're in the Manufactured Inactive or Active state */
1861 static int get_lsp_lifecycle(struct opal_dev *dev)
1865 clear_opal_cmd(dev);
1866 set_comid(dev, dev->comid);
1868 add_token_u8(&err, dev, OPAL_CALL);
1869 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1871 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1873 add_token_u8(&err, dev, OPAL_STARTLIST);
1874 add_token_u8(&err, dev, OPAL_STARTLIST);
1876 add_token_u8(&err, dev, OPAL_STARTNAME);
1877 add_token_u8(&err, dev, 3); /* Start Column */
1878 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1879 add_token_u8(&err, dev, OPAL_ENDNAME);
1881 add_token_u8(&err, dev, OPAL_STARTNAME);
1882 add_token_u8(&err, dev, 4); /* End Column */
1883 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1884 add_token_u8(&err, dev, OPAL_ENDNAME);
1886 add_token_u8(&err, dev, OPAL_ENDLIST);
1887 add_token_u8(&err, dev, OPAL_ENDLIST);
1890 pr_err("Error Building GET Lifecycle Status command\n");
1894 return finalize_and_send(dev, get_lsp_lifecycle_cont);
1897 static int get_msid_cpin_pin_cont(struct opal_dev *dev)
1899 const char *msid_pin;
1903 error = parse_and_check_status(dev);
1907 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1909 pr_err("%s: Couldn't extract PIN from response\n", __func__);
1910 return OPAL_INVAL_PARAM;
1913 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1914 if (!dev->prev_data)
1917 dev->prev_d_len = strlen;
1922 static int get_msid_cpin_pin(struct opal_dev *dev)
1926 clear_opal_cmd(dev);
1927 set_comid(dev, dev->comid);
1930 add_token_u8(&err, dev, OPAL_CALL);
1931 add_token_bytestring(&err, dev, opaluid[OPAL_C_PIN_MSID],
1933 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1935 add_token_u8(&err, dev, OPAL_STARTLIST);
1936 add_token_u8(&err, dev, OPAL_STARTLIST);
1938 add_token_u8(&err, dev, OPAL_STARTNAME);
1939 add_token_u8(&err, dev, 3); /* Start Column */
1940 add_token_u8(&err, dev, 3); /* PIN */
1941 add_token_u8(&err, dev, OPAL_ENDNAME);
1943 add_token_u8(&err, dev, OPAL_STARTNAME);
1944 add_token_u8(&err, dev, 4); /* End Column */
1945 add_token_u8(&err, dev, 3); /* Lifecycle Column */
1946 add_token_u8(&err, dev, OPAL_ENDNAME);
1948 add_token_u8(&err, dev, OPAL_ENDLIST);
1949 add_token_u8(&err, dev, OPAL_ENDLIST);
1952 pr_err("Error building Get MSID CPIN PIN command.\n");
1956 return finalize_and_send(dev, get_msid_cpin_pin_cont);
1959 static int build_end_opal_session(struct opal_dev *dev)
1963 clear_opal_cmd(dev);
1965 set_comid(dev, dev->comid);
1966 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1970 static int end_opal_session(struct opal_dev *dev)
1972 int ret = build_end_opal_session(dev);
1976 return finalize_and_send(dev, end_session_cont);
1979 static int end_opal_session_error(struct opal_dev *dev)
1981 const opal_step error_end_session[] = {
1985 dev->funcs = error_end_session;
1990 static inline void setup_opal_dev(struct opal_dev *dev,
1991 const opal_step *funcs)
1997 dev->func_data = NULL;
1998 dev->prev_data = NULL;
2001 static int check_opal_support(struct opal_dev *dev)
2003 static const opal_step funcs[] = {
2009 mutex_lock(&dev->dev_lock);
2010 setup_opal_dev(dev, funcs);
2012 dev->supported = !ret;
2013 mutex_unlock(&dev->dev_lock);
2017 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2019 struct opal_dev *dev;
2021 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2025 INIT_LIST_HEAD(&dev->unlk_lst);
2026 mutex_init(&dev->dev_lock);
2028 dev->send_recv = send_recv;
2029 if (check_opal_support(dev) != 0) {
2030 pr_debug("Opal is not supported on this device\n");
2036 EXPORT_SYMBOL(init_opal_dev);
2038 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2039 struct opal_session_info *opal_session)
2041 void *data[3] = { NULL };
2042 static const opal_step erase_funcs[] = {
2044 start_auth_opal_session,
2052 mutex_lock(&dev->dev_lock);
2053 setup_opal_dev(dev, erase_funcs);
2055 dev->func_data = data;
2056 dev->func_data[1] = opal_session;
2057 dev->func_data[2] = &opal_session->opal_key.lr;
2060 mutex_unlock(&dev->dev_lock);
2064 static int opal_erase_locking_range(struct opal_dev *dev,
2065 struct opal_session_info *opal_session)
2067 void *data[3] = { NULL };
2068 static const opal_step erase_funcs[] = {
2070 start_auth_opal_session,
2071 erase_locking_range,
2077 mutex_lock(&dev->dev_lock);
2078 setup_opal_dev(dev, erase_funcs);
2080 dev->func_data = data;
2081 dev->func_data[1] = opal_session;
2082 dev->func_data[2] = opal_session;
2085 mutex_unlock(&dev->dev_lock);
2089 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2090 struct opal_mbr_data *opal_mbr)
2092 void *func_data[6] = { NULL };
2093 static const opal_step mbr_funcs[] = {
2095 start_admin1LSP_opal_session,
2098 start_admin1LSP_opal_session,
2099 set_mbr_enable_disable,
2105 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2106 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2109 mutex_lock(&dev->dev_lock);
2110 setup_opal_dev(dev, mbr_funcs);
2111 dev->func_data = func_data;
2112 dev->func_data[1] = &opal_mbr->key;
2113 dev->func_data[2] = &opal_mbr->enable_disable;
2114 dev->func_data[4] = &opal_mbr->key;
2115 dev->func_data[5] = &opal_mbr->enable_disable;
2117 mutex_unlock(&dev->dev_lock);
2121 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2123 struct opal_suspend_data *suspend;
2125 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2129 suspend->unlk = *lk_unlk;
2130 suspend->lr = lk_unlk->session.opal_key.lr;
2132 mutex_lock(&dev->dev_lock);
2133 setup_opal_dev(dev, NULL);
2134 add_suspend_info(dev, suspend);
2135 mutex_unlock(&dev->dev_lock);
2139 static int opal_add_user_to_lr(struct opal_dev *dev,
2140 struct opal_lock_unlock *lk_unlk)
2142 void *func_data[3] = { NULL };
2143 static const opal_step funcs[] = {
2145 start_admin1LSP_opal_session,
2152 if (lk_unlk->l_state != OPAL_RO &&
2153 lk_unlk->l_state != OPAL_RW) {
2154 pr_err("Locking state was not RO or RW\n");
2157 if (lk_unlk->session.who < OPAL_USER1 &&
2158 lk_unlk->session.who > OPAL_USER9) {
2159 pr_err("Authority was not within the range of users: %d\n",
2160 lk_unlk->session.who);
2163 if (lk_unlk->session.sum) {
2164 pr_err("%s not supported in sum. Use setup locking range\n",
2169 mutex_lock(&dev->dev_lock);
2170 setup_opal_dev(dev, funcs);
2171 dev->func_data = func_data;
2172 dev->func_data[1] = &lk_unlk->session.opal_key;
2173 dev->func_data[2] = lk_unlk;
2175 mutex_unlock(&dev->dev_lock);
2179 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2181 void *data[2] = { NULL };
2182 static const opal_step revert_funcs[] = {
2184 start_SIDASP_opal_session,
2185 revert_tper, /* controller will terminate session */
2190 mutex_lock(&dev->dev_lock);
2191 setup_opal_dev(dev, revert_funcs);
2192 dev->func_data = data;
2193 dev->func_data[1] = opal;
2195 mutex_unlock(&dev->dev_lock);
2199 static int __opal_lock_unlock_sum(struct opal_dev *dev)
2201 static const opal_step ulk_funcs_sum[] = {
2203 start_auth_opal_session,
2204 lock_unlock_locking_range_sum,
2209 dev->funcs = ulk_funcs_sum;
2213 static int __opal_lock_unlock(struct opal_dev *dev)
2215 static const opal_step _unlock_funcs[] = {
2217 start_auth_opal_session,
2218 lock_unlock_locking_range,
2223 dev->funcs = _unlock_funcs;
2227 static int opal_lock_unlock(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2229 void *func_data[3] = { NULL };
2232 if (lk_unlk->session.who < OPAL_ADMIN1 ||
2233 lk_unlk->session.who > OPAL_USER9)
2236 mutex_lock(&dev->dev_lock);
2237 setup_opal_dev(dev, NULL);
2238 dev->func_data = func_data;
2239 dev->func_data[1] = &lk_unlk->session;
2240 dev->func_data[2] = lk_unlk;
2242 if (lk_unlk->session.sum)
2243 ret = __opal_lock_unlock_sum(dev);
2245 ret = __opal_lock_unlock(dev);
2247 mutex_unlock(&dev->dev_lock);
2251 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2253 static const opal_step owner_funcs[] = {
2255 start_anybodyASP_opal_session,
2258 start_SIDASP_opal_session,
2263 void *data[6] = { NULL };
2269 mutex_lock(&dev->dev_lock);
2270 setup_opal_dev(dev, owner_funcs);
2271 dev->func_data = data;
2272 dev->func_data[4] = opal;
2273 dev->func_data[5] = opal;
2275 mutex_unlock(&dev->dev_lock);
2279 static int opal_activate_lsp(struct opal_dev *dev, struct opal_lr_act *opal_lr_act)
2281 void *data[4] = { NULL };
2282 static const opal_step active_funcs[] = {
2284 start_SIDASP_opal_session, /* Open session as SID auth */
2292 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2295 mutex_lock(&dev->dev_lock);
2296 setup_opal_dev(dev, active_funcs);
2297 dev->func_data = data;
2298 dev->func_data[1] = &opal_lr_act->key;
2299 dev->func_data[3] = opal_lr_act;
2301 mutex_unlock(&dev->dev_lock);
2305 static int opal_setup_locking_range(struct opal_dev *dev,
2306 struct opal_user_lr_setup *opal_lrs)
2308 void *data[3] = { NULL };
2309 static const opal_step lr_funcs[] = {
2311 start_auth_opal_session,
2312 setup_locking_range,
2318 mutex_lock(&dev->dev_lock);
2319 setup_opal_dev(dev, lr_funcs);
2320 dev->func_data = data;
2321 dev->func_data[1] = &opal_lrs->session;
2322 dev->func_data[2] = opal_lrs;
2324 mutex_unlock(&dev->dev_lock);
2328 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2330 static const opal_step pw_funcs[] = {
2332 start_auth_opal_session,
2337 void *data[3] = { NULL };
2340 if (opal_pw->session.who < OPAL_ADMIN1 ||
2341 opal_pw->session.who > OPAL_USER9 ||
2342 opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2343 opal_pw->new_user_pw.who > OPAL_USER9)
2346 mutex_lock(&dev->dev_lock);
2347 setup_opal_dev(dev, pw_funcs);
2348 dev->func_data = data;
2349 dev->func_data[1] = (void *) &opal_pw->session;
2350 dev->func_data[2] = (void *) &opal_pw->new_user_pw;
2353 mutex_unlock(&dev->dev_lock);
2357 static int opal_activate_user(struct opal_dev *dev,
2358 struct opal_session_info *opal_session)
2360 static const opal_step act_funcs[] = {
2362 start_admin1LSP_opal_session,
2363 internal_activate_user,
2367 void *data[3] = { NULL };
2370 /* We can't activate Admin1 it's active as manufactured */
2371 if (opal_session->who < OPAL_USER1 &&
2372 opal_session->who > OPAL_USER9) {
2373 pr_err("Who was not a valid user: %d\n", opal_session->who);
2377 mutex_lock(&dev->dev_lock);
2378 setup_opal_dev(dev, act_funcs);
2379 dev->func_data = data;
2380 dev->func_data[1] = &opal_session->opal_key;
2381 dev->func_data[2] = opal_session;
2383 mutex_unlock(&dev->dev_lock);
2387 bool opal_unlock_from_suspend(struct opal_dev *dev)
2389 struct opal_suspend_data *suspend;
2390 void *func_data[3] = { NULL };
2391 bool was_failure = false;
2396 if (!dev->supported)
2399 mutex_lock(&dev->dev_lock);
2400 setup_opal_dev(dev, NULL);
2401 dev->func_data = func_data;
2403 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2405 dev->func_data[1] = &suspend->unlk.session;
2406 dev->func_data[2] = &suspend->unlk;
2410 if (suspend->unlk.session.sum)
2411 ret = __opal_lock_unlock_sum(dev);
2413 ret = __opal_lock_unlock(dev);
2415 pr_warn("Failed to unlock LR %hhu with sum %d\n",
2416 suspend->unlk.session.opal_key.lr,
2417 suspend->unlk.session.sum);
2421 mutex_unlock(&dev->dev_lock);
2424 EXPORT_SYMBOL(opal_unlock_from_suspend);
2426 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2431 if (!capable(CAP_SYS_ADMIN))
2435 if (!dev->supported) {
2436 pr_err("Not supported\n");
2440 p = memdup_user(arg, _IOC_SIZE(cmd));
2446 ret = opal_save(dev, p);
2448 case IOC_OPAL_LOCK_UNLOCK:
2449 ret = opal_lock_unlock(dev, p);
2451 case IOC_OPAL_TAKE_OWNERSHIP:
2452 ret = opal_take_ownership(dev, p);
2454 case IOC_OPAL_ACTIVATE_LSP:
2455 ret = opal_activate_lsp(dev, p);
2457 case IOC_OPAL_SET_PW:
2458 ret = opal_set_new_pw(dev, p);
2460 case IOC_OPAL_ACTIVATE_USR:
2461 ret = opal_activate_user(dev, p);
2463 case IOC_OPAL_REVERT_TPR:
2464 ret = opal_reverttper(dev, p);
2466 case IOC_OPAL_LR_SETUP:
2467 ret = opal_setup_locking_range(dev, p);
2469 case IOC_OPAL_ADD_USR_TO_LR:
2470 ret = opal_add_user_to_lr(dev, p);
2472 case IOC_OPAL_ENABLE_DISABLE_MBR:
2473 ret = opal_enable_disable_shadow_mbr(dev, p);
2475 case IOC_OPAL_ERASE_LR:
2476 ret = opal_erase_locking_range(dev, p);
2478 case IOC_OPAL_SECURE_ERASE_LR:
2479 ret = opal_secure_erase_locking_range(dev, p);
2482 pr_warn("No such Opal Ioctl %u\n", cmd);
2488 EXPORT_SYMBOL_GPL(sed_ioctl);
git.samba.org / sfrench / cifs-2.6.git / blob