2 * Copyright © 2016 Intel Corporation
5 * Scott Bauer <scott.bauer@intel.com>
6 * Rafael Antognolli <rafael.antognolli@intel.com>
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms and conditions of the GNU General Public License,
10 * version 2, as published by the Free Software Foundation.
12 * This program is distributed in the hope it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
18 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
20 #include <linux/delay.h>
21 #include <linux/device.h>
22 #include <linux/kernel.h>
23 #include <linux/list.h>
24 #include <linux/genhd.h>
25 #include <linux/slab.h>
26 #include <linux/uaccess.h>
27 #include <uapi/linux/sed-opal.h>
28 #include <linux/sed-opal.h>
29 #include <linux/string.h>
30 #include <linux/kdev_t.h>
32 #include "opal_proto.h"
34 #define IO_BUFFER_LENGTH 2048
37 typedef int (*opal_step)(struct opal_dev *dev);
39 enum opal_atom_width {
48 * On the parsed response, we don't store again the toks that are already
49 * stored in the response buffer. Instead, for each token, we just store a
50 * pointer to the position in the buffer where the token starts, and the size
51 * of the token in bytes.
53 struct opal_resp_tok {
56 enum opal_response_token type;
57 enum opal_atom_width width;
65 * From the response header it's not possible to know how many tokens there are
66 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
67 * if we start dealing with messages that have more than that, we can increase
68 * this number. This is done to avoid having to make two passes through the
69 * response, the first one counting how many tokens we have and the second one
70 * actually storing the positions.
74 struct opal_resp_tok toks[MAX_TOKS];
81 sec_send_recv *send_recv;
83 const opal_step *funcs;
86 struct mutex dev_lock;
94 u8 cmd[IO_BUFFER_LENGTH];
95 u8 resp[IO_BUFFER_LENGTH];
97 struct parsed_resp parsed;
101 struct list_head unlk_lst;
105 static const u8 opaluid[][OPAL_UID_LENGTH] = {
108 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
110 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
112 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
113 [OPAL_LOCKINGSP_UID] =
114 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
115 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
116 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
118 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
120 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
129 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
130 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
131 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
132 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
136 [OPAL_LOCKINGRANGE_GLOBAL] =
137 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
138 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
139 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
140 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
141 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
143 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
145 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
146 [OPAL_AUTHORITY_TABLE] =
147 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
149 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
150 [OPAL_LOCKING_INFO_TABLE] =
151 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
152 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
153 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
155 /* C_PIN_TABLE object ID's */
158 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
160 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
161 [OPAL_C_PIN_ADMIN1] =
162 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
164 /* half UID's (only first 4 bytes used) */
166 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
167 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
168 [OPAL_HALF_UID_BOOLEAN_ACE] =
169 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
171 /* special value for omitted optional parameter */
173 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
177 * TCG Storage SSC Methods.
178 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
179 * Section: 6.3 Assigned UIDs
181 static const u8 opalmethod[][OPAL_UID_LENGTH] = {
183 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
184 [OPAL_STARTSESSION] =
185 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
187 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
189 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
191 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
193 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
195 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
196 [OPAL_EAUTHENTICATE] =
197 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
199 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
201 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
203 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
205 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
207 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
208 [OPAL_AUTHENTICATE] =
209 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
211 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
213 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
216 typedef int (cont_fn)(struct opal_dev *dev);
218 static int end_opal_session_error(struct opal_dev *dev);
220 struct opal_suspend_data {
221 struct opal_lock_unlock unlk;
223 struct list_head node;
228 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
229 * Section: 5.1.5 Method Status Codes
231 static const char * const opal_errors[] = {
239 "No Sessions Available",
240 "Uniqueness Conflict",
241 "Insufficient Space",
248 "Transaction Failure",
250 "Authority Locked Out",
253 static const char *opal_error_to_human(int error)
258 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
259 return "Unknown Error";
261 return opal_errors[error];
264 static void print_buffer(const u8 *ptr, u32 length)
267 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
272 static bool check_tper(const void *data)
274 const struct d0_tper_features *tper = data;
275 u8 flags = tper->supported_features;
277 if (!(flags & TPER_SYNC_SUPPORTED)) {
278 pr_err("TPer sync not supported. flags = %d\n",
279 tper->supported_features);
286 static bool check_sum(const void *data)
288 const struct d0_single_user_mode *sum = data;
289 u32 nlo = be32_to_cpu(sum->num_locking_objects);
292 pr_err("Need at least one locking object.\n");
296 pr_debug("Number of locking objects: %d\n", nlo);
301 static u16 get_comid_v100(const void *data)
303 const struct d0_opal_v100 *v100 = data;
305 return be16_to_cpu(v100->baseComID);
308 static u16 get_comid_v200(const void *data)
310 const struct d0_opal_v200 *v200 = data;
312 return be16_to_cpu(v200->baseComID);
315 static int opal_send_cmd(struct opal_dev *dev)
317 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
318 dev->cmd, IO_BUFFER_LENGTH,
322 static int opal_recv_cmd(struct opal_dev *dev)
324 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
325 dev->resp, IO_BUFFER_LENGTH,
329 static int opal_recv_check(struct opal_dev *dev)
331 size_t buflen = IO_BUFFER_LENGTH;
332 void *buffer = dev->resp;
333 struct opal_header *hdr = buffer;
337 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
338 hdr->cp.outstandingData,
339 hdr->cp.minTransfer);
341 if (hdr->cp.outstandingData == 0 ||
342 hdr->cp.minTransfer != 0)
345 memset(buffer, 0, buflen);
346 ret = opal_recv_cmd(dev);
352 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
356 ret = opal_send_cmd(dev);
359 ret = opal_recv_cmd(dev);
362 ret = opal_recv_check(dev);
368 static void check_geometry(struct opal_dev *dev, const void *data)
370 const struct d0_geometry_features *geo = data;
372 dev->align = geo->alignment_granularity;
373 dev->lowest_lba = geo->lowest_aligned_lba;
376 static int next(struct opal_dev *dev)
382 func = dev->funcs[dev->state];
388 pr_err("Error on step function: %d with error %d: %s\n",
390 opal_error_to_human(error));
392 /* For each OPAL command we do a discovery0 then we
393 * start some sort of session.
394 * If we haven't passed state 1 then there was an error
395 * on discovery0 or during the attempt to start a
396 * session. Therefore we shouldn't attempt to terminate
397 * a session, as one has not yet been created.
400 return end_opal_session_error(dev);
408 static int opal_discovery0_end(struct opal_dev *dev)
410 bool found_com_id = false, supported = true, single_user = false;
411 const struct d0_header *hdr = (struct d0_header *)dev->resp;
412 const u8 *epos = dev->resp, *cpos = dev->resp;
414 u32 hlen = be32_to_cpu(hdr->length);
416 print_buffer(dev->resp, hlen);
418 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
419 pr_warn("Discovery length overflows buffer (%zu+%u)/%u\n",
420 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
424 epos += hlen; /* end of buffer */
425 cpos += sizeof(*hdr); /* current position on buffer */
427 while (cpos < epos && supported) {
428 const struct d0_features *body =
429 (const struct d0_features *)cpos;
431 switch (be16_to_cpu(body->code)) {
433 supported = check_tper(body->features);
436 single_user = check_sum(body->features);
439 check_geometry(dev, body);
444 /* some ignored properties */
445 pr_debug("Found OPAL feature description: %d\n",
446 be16_to_cpu(body->code));
449 comid = get_comid_v100(body->features);
453 comid = get_comid_v200(body->features);
456 case 0xbfff ... 0xffff:
457 /* vendor specific, just ignore */
460 pr_debug("OPAL Unknown feature: %d\n",
461 be16_to_cpu(body->code));
464 cpos += body->length + 4;
468 pr_debug("This device is not Opal enabled. Not Supported!\n");
473 pr_debug("Device doesn't support single user mode\n");
477 pr_debug("Could not find OPAL comid for device. Returning early\n");
486 static int opal_discovery0(struct opal_dev *dev)
490 memset(dev->resp, 0, IO_BUFFER_LENGTH);
491 dev->comid = OPAL_DISCOVERY_COMID;
492 ret = opal_recv_cmd(dev);
495 return opal_discovery0_end(dev);
498 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
502 if (cmd->pos >= IO_BUFFER_LENGTH - 1) {
503 pr_err("Error adding u8: end of buffer.\n");
507 cmd->cmd[cmd->pos++] = tok;
510 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
511 bool has_sign, int len)
516 atom = SHORT_ATOM_ID;
517 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
518 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
519 atom |= len & SHORT_ATOM_LEN_MASK;
521 add_token_u8(&err, cmd, atom);
524 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
525 bool has_sign, int len)
529 header0 = MEDIUM_ATOM_ID;
530 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
531 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
532 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
533 cmd->cmd[cmd->pos++] = header0;
534 cmd->cmd[cmd->pos++] = len;
537 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
544 if (!(number & ~TINY_ATOM_DATA_MASK)) {
545 add_token_u8(err, cmd, number);
550 len = DIV_ROUND_UP(msb, 4);
552 if (cmd->pos >= IO_BUFFER_LENGTH - len - 1) {
553 pr_err("Error adding u64: end of buffer.\n");
557 add_short_atom_header(cmd, false, false, len);
559 n = number >> (len * 8);
560 add_token_u8(err, cmd, n);
564 static void add_token_bytestring(int *err, struct opal_dev *cmd,
565 const u8 *bytestring, size_t len)
567 size_t header_len = 1;
568 bool is_short_atom = true;
573 if (len & ~SHORT_ATOM_LEN_MASK) {
575 is_short_atom = false;
578 if (len >= IO_BUFFER_LENGTH - cmd->pos - header_len) {
579 pr_err("Error adding bytestring: end of buffer.\n");
585 add_short_atom_header(cmd, true, false, len);
587 add_medium_atom_header(cmd, true, false, len);
589 memcpy(&cmd->cmd[cmd->pos], bytestring, len);
594 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
596 if (length > OPAL_UID_LENGTH) {
597 pr_err("Can't build locking range. Length OOB\n");
601 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
605 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
611 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
613 if (length > OPAL_UID_LENGTH) {
614 pr_err("Can't build locking range user, Length OOB\n");
618 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
625 static void set_comid(struct opal_dev *cmd, u16 comid)
627 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
629 hdr->cp.extendedComID[0] = comid >> 8;
630 hdr->cp.extendedComID[1] = comid;
631 hdr->cp.extendedComID[2] = 0;
632 hdr->cp.extendedComID[3] = 0;
635 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
637 struct opal_header *hdr;
640 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
641 add_token_u8(&err, cmd, OPAL_STARTLIST);
642 add_token_u8(&err, cmd, 0);
643 add_token_u8(&err, cmd, 0);
644 add_token_u8(&err, cmd, 0);
645 add_token_u8(&err, cmd, OPAL_ENDLIST);
648 pr_err("Error finalizing command.\n");
652 hdr = (struct opal_header *) cmd->cmd;
654 hdr->pkt.tsn = cpu_to_be32(tsn);
655 hdr->pkt.hsn = cpu_to_be32(hsn);
657 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
658 while (cmd->pos % 4) {
659 if (cmd->pos >= IO_BUFFER_LENGTH) {
660 pr_err("Error: Buffer overrun\n");
663 cmd->cmd[cmd->pos++] = 0;
665 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
667 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
672 static const struct opal_resp_tok *response_get_token(
673 const struct parsed_resp *resp,
676 const struct opal_resp_tok *tok;
678 if (n >= resp->num) {
679 pr_err("Token number doesn't exist: %d, resp: %d\n",
681 return ERR_PTR(-EINVAL);
684 tok = &resp->toks[n];
686 pr_err("Token length must be non-zero\n");
687 return ERR_PTR(-EINVAL);
693 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
698 tok->width = OPAL_WIDTH_TINY;
700 if (pos[0] & TINY_ATOM_SIGNED) {
701 tok->type = OPAL_DTA_TOKENID_SINT;
703 tok->type = OPAL_DTA_TOKENID_UINT;
704 tok->stored.u = pos[0] & 0x3f;
710 static ssize_t response_parse_short(struct opal_resp_tok *tok,
714 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
715 tok->width = OPAL_WIDTH_SHORT;
717 if (pos[0] & SHORT_ATOM_BYTESTRING) {
718 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
719 } else if (pos[0] & SHORT_ATOM_SIGNED) {
720 tok->type = OPAL_DTA_TOKENID_SINT;
725 tok->type = OPAL_DTA_TOKENID_UINT;
727 pr_warn("uint64 with more than 8 bytes\n");
730 for (i = tok->len - 1; i > 0; i--) {
731 u_integer |= ((u64)pos[i] << (8 * b));
734 tok->stored.u = u_integer;
740 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
744 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
745 tok->width = OPAL_WIDTH_MEDIUM;
747 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
748 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
749 else if (pos[0] & MEDIUM_ATOM_SIGNED)
750 tok->type = OPAL_DTA_TOKENID_SINT;
752 tok->type = OPAL_DTA_TOKENID_UINT;
757 static ssize_t response_parse_long(struct opal_resp_tok *tok,
761 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
762 tok->width = OPAL_WIDTH_LONG;
764 if (pos[0] & LONG_ATOM_BYTESTRING)
765 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
766 else if (pos[0] & LONG_ATOM_SIGNED)
767 tok->type = OPAL_DTA_TOKENID_SINT;
769 tok->type = OPAL_DTA_TOKENID_UINT;
774 static ssize_t response_parse_token(struct opal_resp_tok *tok,
779 tok->type = OPAL_DTA_TOKENID_TOKEN;
780 tok->width = OPAL_WIDTH_TOKEN;
785 static int response_parse(const u8 *buf, size_t length,
786 struct parsed_resp *resp)
788 const struct opal_header *hdr;
789 struct opal_resp_tok *iter;
792 ssize_t token_length;
794 u32 clen, plen, slen;
802 hdr = (struct opal_header *)buf;
806 clen = be32_to_cpu(hdr->cp.length);
807 plen = be32_to_cpu(hdr->pkt.length);
808 slen = be32_to_cpu(hdr->subpkt.length);
809 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
812 if (clen == 0 || plen == 0 || slen == 0 ||
813 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
814 pr_err("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
816 print_buffer(pos, sizeof(*hdr));
820 if (pos > buf + length)
825 print_buffer(pos, total);
827 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
828 token_length = response_parse_tiny(iter, pos);
829 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
830 token_length = response_parse_short(iter, pos);
831 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
832 token_length = response_parse_medium(iter, pos);
833 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
834 token_length = response_parse_long(iter, pos);
836 token_length = response_parse_token(iter, pos);
838 if (token_length < 0)
842 total -= token_length;
847 if (num_entries == 0) {
848 pr_err("Couldn't parse response.\n");
851 resp->num = num_entries;
856 static size_t response_get_string(const struct parsed_resp *resp, int n,
861 pr_err("Response is NULL\n");
866 pr_err("Response has %d tokens. Can't access %d\n",
871 if (resp->toks[n].type != OPAL_DTA_TOKENID_BYTESTRING) {
872 pr_err("Token is not a byte string!\n");
876 *store = resp->toks[n].pos + 1;
877 return resp->toks[n].len - 1;
880 static u64 response_get_u64(const struct parsed_resp *resp, int n)
883 pr_err("Response is NULL\n");
888 pr_err("Response has %d tokens. Can't access %d\n",
893 if (resp->toks[n].type != OPAL_DTA_TOKENID_UINT) {
894 pr_err("Token is not unsigned it: %d\n",
899 if (!(resp->toks[n].width == OPAL_WIDTH_TINY ||
900 resp->toks[n].width == OPAL_WIDTH_SHORT)) {
901 pr_err("Atom is not short or tiny: %d\n",
902 resp->toks[n].width);
906 return resp->toks[n].stored.u;
909 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
912 token->type != OPAL_DTA_TOKENID_TOKEN ||
913 token->pos[0] != match)
918 static u8 response_status(const struct parsed_resp *resp)
920 const struct opal_resp_tok *tok;
922 tok = response_get_token(resp, 0);
923 if (response_token_matches(tok, OPAL_ENDOFSESSION))
927 return DTAERROR_NO_METHOD_STATUS;
929 tok = response_get_token(resp, resp->num - 5);
930 if (!response_token_matches(tok, OPAL_STARTLIST))
931 return DTAERROR_NO_METHOD_STATUS;
933 tok = response_get_token(resp, resp->num - 1);
934 if (!response_token_matches(tok, OPAL_ENDLIST))
935 return DTAERROR_NO_METHOD_STATUS;
937 return response_get_u64(resp, resp->num - 4);
940 /* Parses and checks for errors */
941 static int parse_and_check_status(struct opal_dev *dev)
945 print_buffer(dev->cmd, dev->pos);
947 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
949 pr_err("Couldn't parse response.\n");
953 return response_status(&dev->parsed);
956 static void clear_opal_cmd(struct opal_dev *dev)
958 dev->pos = sizeof(struct opal_header);
959 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
962 static int start_opal_session_cont(struct opal_dev *dev)
967 error = parse_and_check_status(dev);
971 hsn = response_get_u64(&dev->parsed, 4);
972 tsn = response_get_u64(&dev->parsed, 5);
974 if (hsn == 0 && tsn == 0) {
975 pr_err("Couldn't authenticate session\n");
984 static void add_suspend_info(struct opal_dev *dev,
985 struct opal_suspend_data *sus)
987 struct opal_suspend_data *iter;
989 list_for_each_entry(iter, &dev->unlk_lst, node) {
990 if (iter->lr == sus->lr) {
991 list_del(&iter->node);
996 list_add_tail(&sus->node, &dev->unlk_lst);
999 static int end_session_cont(struct opal_dev *dev)
1003 return parse_and_check_status(dev);
1006 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1010 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1012 pr_err("Error finalizing command buffer: %d\n", ret);
1016 print_buffer(dev->cmd, dev->pos);
1018 return opal_send_recv(dev, cont);
1021 static int gen_key(struct opal_dev *dev)
1024 u8 uid[OPAL_UID_LENGTH];
1027 clear_opal_cmd(dev);
1028 set_comid(dev, dev->comid);
1030 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1031 method = opalmethod[OPAL_GENKEY];
1032 kfree(dev->prev_data);
1033 dev->prev_data = NULL;
1035 add_token_u8(&err, dev, OPAL_CALL);
1036 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1037 add_token_bytestring(&err, dev, opalmethod[OPAL_GENKEY],
1039 add_token_u8(&err, dev, OPAL_STARTLIST);
1040 add_token_u8(&err, dev, OPAL_ENDLIST);
1043 pr_err("Error building gen key command\n");
1047 return finalize_and_send(dev, parse_and_check_status);
1050 static int get_active_key_cont(struct opal_dev *dev)
1052 const char *activekey;
1056 error = parse_and_check_status(dev);
1059 keylen = response_get_string(&dev->parsed, 4, &activekey);
1061 pr_err("%s: Couldn't extract the Activekey from the response\n",
1063 return OPAL_INVAL_PARAM;
1065 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1067 if (!dev->prev_data)
1070 dev->prev_d_len = keylen;
1075 static int get_active_key(struct opal_dev *dev)
1077 u8 uid[OPAL_UID_LENGTH];
1081 clear_opal_cmd(dev);
1082 set_comid(dev, dev->comid);
1083 lr = dev->func_data[dev->state];
1085 err = build_locking_range(uid, sizeof(uid), *lr);
1090 add_token_u8(&err, dev, OPAL_CALL);
1091 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1092 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1093 add_token_u8(&err, dev, OPAL_STARTLIST);
1094 add_token_u8(&err, dev, OPAL_STARTLIST);
1095 add_token_u8(&err, dev, OPAL_STARTNAME);
1096 add_token_u8(&err, dev, 3); /* startCloumn */
1097 add_token_u8(&err, dev, 10); /* ActiveKey */
1098 add_token_u8(&err, dev, OPAL_ENDNAME);
1099 add_token_u8(&err, dev, OPAL_STARTNAME);
1100 add_token_u8(&err, dev, 4); /* endColumn */
1101 add_token_u8(&err, dev, 10); /* ActiveKey */
1102 add_token_u8(&err, dev, OPAL_ENDNAME);
1103 add_token_u8(&err, dev, OPAL_ENDLIST);
1104 add_token_u8(&err, dev, OPAL_ENDLIST);
1106 pr_err("Error building get active key command\n");
1110 return finalize_and_send(dev, get_active_key_cont);
1113 static int generic_lr_enable_disable(struct opal_dev *dev,
1114 u8 *uid, bool rle, bool wle,
1119 add_token_u8(&err, dev, OPAL_CALL);
1120 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1121 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1123 add_token_u8(&err, dev, OPAL_STARTLIST);
1124 add_token_u8(&err, dev, OPAL_STARTNAME);
1125 add_token_u8(&err, dev, OPAL_VALUES);
1126 add_token_u8(&err, dev, OPAL_STARTLIST);
1128 add_token_u8(&err, dev, OPAL_STARTNAME);
1129 add_token_u8(&err, dev, 5); /* ReadLockEnabled */
1130 add_token_u8(&err, dev, rle);
1131 add_token_u8(&err, dev, OPAL_ENDNAME);
1133 add_token_u8(&err, dev, OPAL_STARTNAME);
1134 add_token_u8(&err, dev, 6); /* WriteLockEnabled */
1135 add_token_u8(&err, dev, wle);
1136 add_token_u8(&err, dev, OPAL_ENDNAME);
1138 add_token_u8(&err, dev, OPAL_STARTNAME);
1139 add_token_u8(&err, dev, OPAL_READLOCKED);
1140 add_token_u8(&err, dev, rl);
1141 add_token_u8(&err, dev, OPAL_ENDNAME);
1143 add_token_u8(&err, dev, OPAL_STARTNAME);
1144 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1145 add_token_u8(&err, dev, wl);
1146 add_token_u8(&err, dev, OPAL_ENDNAME);
1148 add_token_u8(&err, dev, OPAL_ENDLIST);
1149 add_token_u8(&err, dev, OPAL_ENDNAME);
1150 add_token_u8(&err, dev, OPAL_ENDLIST);
1154 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1155 struct opal_user_lr_setup *setup)
1159 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1162 pr_err("Failed to create enable global lr command\n");
1166 static int setup_locking_range(struct opal_dev *dev)
1168 u8 uid[OPAL_UID_LENGTH];
1169 struct opal_user_lr_setup *setup;
1173 clear_opal_cmd(dev);
1174 set_comid(dev, dev->comid);
1176 setup = dev->func_data[dev->state];
1177 lr = setup->session.opal_key.lr;
1178 err = build_locking_range(uid, sizeof(uid), lr);
1183 err = enable_global_lr(dev, uid, setup);
1185 add_token_u8(&err, dev, OPAL_CALL);
1186 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1187 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1190 add_token_u8(&err, dev, OPAL_STARTLIST);
1191 add_token_u8(&err, dev, OPAL_STARTNAME);
1192 add_token_u8(&err, dev, OPAL_VALUES);
1193 add_token_u8(&err, dev, OPAL_STARTLIST);
1195 add_token_u8(&err, dev, OPAL_STARTNAME);
1196 add_token_u8(&err, dev, 3); /* Ranges Start */
1197 add_token_u64(&err, dev, setup->range_start);
1198 add_token_u8(&err, dev, OPAL_ENDNAME);
1200 add_token_u8(&err, dev, OPAL_STARTNAME);
1201 add_token_u8(&err, dev, 4); /* Ranges length */
1202 add_token_u64(&err, dev, setup->range_length);
1203 add_token_u8(&err, dev, OPAL_ENDNAME);
1205 add_token_u8(&err, dev, OPAL_STARTNAME);
1206 add_token_u8(&err, dev, 5); /*ReadLockEnabled */
1207 add_token_u64(&err, dev, !!setup->RLE);
1208 add_token_u8(&err, dev, OPAL_ENDNAME);
1210 add_token_u8(&err, dev, OPAL_STARTNAME);
1211 add_token_u8(&err, dev, 6); /*WriteLockEnabled*/
1212 add_token_u64(&err, dev, !!setup->WLE);
1213 add_token_u8(&err, dev, OPAL_ENDNAME);
1215 add_token_u8(&err, dev, OPAL_ENDLIST);
1216 add_token_u8(&err, dev, OPAL_ENDNAME);
1217 add_token_u8(&err, dev, OPAL_ENDLIST);
1221 pr_err("Error building Setup Locking range command.\n");
1226 return finalize_and_send(dev, parse_and_check_status);
1229 static int start_generic_opal_session(struct opal_dev *dev,
1231 enum opal_uid sp_type,
1238 if (key == NULL && auth != OPAL_ANYBODY_UID) {
1239 pr_err("%s: Attempted to open ADMIN_SP Session without a Host" \
1240 "Challenge, and not as the Anybody UID\n", __func__);
1241 return OPAL_INVAL_PARAM;
1244 clear_opal_cmd(dev);
1246 set_comid(dev, dev->comid);
1247 hsn = GENERIC_HOST_SESSION_NUM;
1249 add_token_u8(&err, dev, OPAL_CALL);
1250 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1252 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1254 add_token_u8(&err, dev, OPAL_STARTLIST);
1255 add_token_u64(&err, dev, hsn);
1256 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1257 add_token_u8(&err, dev, 1);
1260 case OPAL_ANYBODY_UID:
1261 add_token_u8(&err, dev, OPAL_ENDLIST);
1263 case OPAL_ADMIN1_UID:
1265 add_token_u8(&err, dev, OPAL_STARTNAME);
1266 add_token_u8(&err, dev, 0); /* HostChallenge */
1267 add_token_bytestring(&err, dev, key, key_len);
1268 add_token_u8(&err, dev, OPAL_ENDNAME);
1269 add_token_u8(&err, dev, OPAL_STARTNAME);
1270 add_token_u8(&err, dev, 3); /* HostSignAuth */
1271 add_token_bytestring(&err, dev, opaluid[auth],
1273 add_token_u8(&err, dev, OPAL_ENDNAME);
1274 add_token_u8(&err, dev, OPAL_ENDLIST);
1277 pr_err("Cannot start Admin SP session with auth %d\n", auth);
1278 return OPAL_INVAL_PARAM;
1282 pr_err("Error building start adminsp session command.\n");
1286 return finalize_and_send(dev, start_opal_session_cont);
1289 static int start_anybodyASP_opal_session(struct opal_dev *dev)
1291 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1292 OPAL_ADMINSP_UID, NULL, 0);
1295 static int start_SIDASP_opal_session(struct opal_dev *dev)
1298 const u8 *key = dev->prev_data;
1299 struct opal_key *okey;
1302 okey = dev->func_data[dev->state];
1303 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1308 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1310 key, dev->prev_d_len);
1312 dev->prev_data = NULL;
1317 static inline int start_admin1LSP_opal_session(struct opal_dev *dev)
1319 struct opal_key *key = dev->func_data[dev->state];
1321 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1323 key->key, key->key_len);
1326 static int start_auth_opal_session(struct opal_dev *dev)
1328 u8 lk_ul_user[OPAL_UID_LENGTH];
1331 struct opal_session_info *session = dev->func_data[dev->state];
1332 size_t keylen = session->opal_key.key_len;
1333 u8 *key = session->opal_key.key;
1334 u32 hsn = GENERIC_HOST_SESSION_NUM;
1336 clear_opal_cmd(dev);
1337 set_comid(dev, dev->comid);
1340 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1341 session->opal_key.lr);
1345 } else if (session->who != OPAL_ADMIN1 && !session->sum) {
1346 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1351 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1353 add_token_u8(&err, dev, OPAL_CALL);
1354 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1356 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1359 add_token_u8(&err, dev, OPAL_STARTLIST);
1360 add_token_u64(&err, dev, hsn);
1361 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1363 add_token_u8(&err, dev, 1);
1364 add_token_u8(&err, dev, OPAL_STARTNAME);
1365 add_token_u8(&err, dev, 0);
1366 add_token_bytestring(&err, dev, key, keylen);
1367 add_token_u8(&err, dev, OPAL_ENDNAME);
1368 add_token_u8(&err, dev, OPAL_STARTNAME);
1369 add_token_u8(&err, dev, 3);
1370 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1371 add_token_u8(&err, dev, OPAL_ENDNAME);
1372 add_token_u8(&err, dev, OPAL_ENDLIST);
1375 pr_err("Error building STARTSESSION command.\n");
1379 return finalize_and_send(dev, start_opal_session_cont);
1382 static int revert_tper(struct opal_dev *dev)
1386 clear_opal_cmd(dev);
1387 set_comid(dev, dev->comid);
1389 add_token_u8(&err, dev, OPAL_CALL);
1390 add_token_bytestring(&err, dev, opaluid[OPAL_ADMINSP_UID],
1392 add_token_bytestring(&err, dev, opalmethod[OPAL_REVERT],
1394 add_token_u8(&err, dev, OPAL_STARTLIST);
1395 add_token_u8(&err, dev, OPAL_ENDLIST);
1397 pr_err("Error building REVERT TPER command.\n");
1401 return finalize_and_send(dev, parse_and_check_status);
1404 static int internal_activate_user(struct opal_dev *dev)
1406 struct opal_session_info *session = dev->func_data[dev->state];
1407 u8 uid[OPAL_UID_LENGTH];
1410 clear_opal_cmd(dev);
1411 set_comid(dev, dev->comid);
1413 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1414 uid[7] = session->who;
1416 add_token_u8(&err, dev, OPAL_CALL);
1417 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1418 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1419 add_token_u8(&err, dev, OPAL_STARTLIST);
1420 add_token_u8(&err, dev, OPAL_STARTNAME);
1421 add_token_u8(&err, dev, OPAL_VALUES);
1422 add_token_u8(&err, dev, OPAL_STARTLIST);
1423 add_token_u8(&err, dev, OPAL_STARTNAME);
1424 add_token_u8(&err, dev, 5); /* Enabled */
1425 add_token_u8(&err, dev, OPAL_TRUE);
1426 add_token_u8(&err, dev, OPAL_ENDNAME);
1427 add_token_u8(&err, dev, OPAL_ENDLIST);
1428 add_token_u8(&err, dev, OPAL_ENDNAME);
1429 add_token_u8(&err, dev, OPAL_ENDLIST);
1432 pr_err("Error building Activate UserN command.\n");
1436 return finalize_and_send(dev, parse_and_check_status);
1439 static int erase_locking_range(struct opal_dev *dev)
1441 struct opal_session_info *session;
1442 u8 uid[OPAL_UID_LENGTH];
1445 clear_opal_cmd(dev);
1446 set_comid(dev, dev->comid);
1447 session = dev->func_data[dev->state];
1449 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1452 add_token_u8(&err, dev, OPAL_CALL);
1453 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1454 add_token_bytestring(&err, dev, opalmethod[OPAL_ERASE],
1456 add_token_u8(&err, dev, OPAL_STARTLIST);
1457 add_token_u8(&err, dev, OPAL_ENDLIST);
1460 pr_err("Error building Erase Locking Range Command.\n");
1463 return finalize_and_send(dev, parse_and_check_status);
1466 static int set_mbr_done(struct opal_dev *dev)
1468 u8 mbr_done_tf = *(u8 *)dev->func_data[dev->state];
1471 clear_opal_cmd(dev);
1472 set_comid(dev, dev->comid);
1474 add_token_u8(&err, dev, OPAL_CALL);
1475 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1477 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1478 add_token_u8(&err, dev, OPAL_STARTLIST);
1479 add_token_u8(&err, dev, OPAL_STARTNAME);
1480 add_token_u8(&err, dev, OPAL_VALUES);
1481 add_token_u8(&err, dev, OPAL_STARTLIST);
1482 add_token_u8(&err, dev, OPAL_STARTNAME);
1483 add_token_u8(&err, dev, 2); /* Done */
1484 add_token_u8(&err, dev, mbr_done_tf); /* Done T or F */
1485 add_token_u8(&err, dev, OPAL_ENDNAME);
1486 add_token_u8(&err, dev, OPAL_ENDLIST);
1487 add_token_u8(&err, dev, OPAL_ENDNAME);
1488 add_token_u8(&err, dev, OPAL_ENDLIST);
1491 pr_err("Error Building set MBR Done command\n");
1495 return finalize_and_send(dev, parse_and_check_status);
1498 static int set_mbr_enable_disable(struct opal_dev *dev)
1500 u8 mbr_en_dis = *(u8 *)dev->func_data[dev->state];
1503 clear_opal_cmd(dev);
1504 set_comid(dev, dev->comid);
1506 add_token_u8(&err, dev, OPAL_CALL);
1507 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1509 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1510 add_token_u8(&err, dev, OPAL_STARTLIST);
1511 add_token_u8(&err, dev, OPAL_STARTNAME);
1512 add_token_u8(&err, dev, OPAL_VALUES);
1513 add_token_u8(&err, dev, OPAL_STARTLIST);
1514 add_token_u8(&err, dev, OPAL_STARTNAME);
1515 add_token_u8(&err, dev, 1);
1516 add_token_u8(&err, dev, mbr_en_dis);
1517 add_token_u8(&err, dev, OPAL_ENDNAME);
1518 add_token_u8(&err, dev, OPAL_ENDLIST);
1519 add_token_u8(&err, dev, OPAL_ENDNAME);
1520 add_token_u8(&err, dev, OPAL_ENDLIST);
1523 pr_err("Error Building set MBR done command\n");
1527 return finalize_and_send(dev, parse_and_check_status);
1530 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1531 struct opal_dev *dev)
1535 clear_opal_cmd(dev);
1536 set_comid(dev, dev->comid);
1538 add_token_u8(&err, dev, OPAL_CALL);
1539 add_token_bytestring(&err, dev, cpin_uid, OPAL_UID_LENGTH);
1540 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1542 add_token_u8(&err, dev, OPAL_STARTLIST);
1543 add_token_u8(&err, dev, OPAL_STARTNAME);
1544 add_token_u8(&err, dev, OPAL_VALUES);
1545 add_token_u8(&err, dev, OPAL_STARTLIST);
1546 add_token_u8(&err, dev, OPAL_STARTNAME);
1547 add_token_u8(&err, dev, 3); /* PIN */
1548 add_token_bytestring(&err, dev, key, key_len);
1549 add_token_u8(&err, dev, OPAL_ENDNAME);
1550 add_token_u8(&err, dev, OPAL_ENDLIST);
1551 add_token_u8(&err, dev, OPAL_ENDNAME);
1552 add_token_u8(&err, dev, OPAL_ENDLIST);
1557 static int set_new_pw(struct opal_dev *dev)
1559 u8 cpin_uid[OPAL_UID_LENGTH];
1560 struct opal_session_info *usr = dev->func_data[dev->state];
1563 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1565 if (usr->who != OPAL_ADMIN1) {
1568 cpin_uid[7] = usr->opal_key.lr + 1;
1570 cpin_uid[7] = usr->who;
1573 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1575 pr_err("Error building set password command.\n");
1579 return finalize_and_send(dev, parse_and_check_status);
1582 static int set_sid_cpin_pin(struct opal_dev *dev)
1584 u8 cpin_uid[OPAL_UID_LENGTH];
1585 struct opal_key *key = dev->func_data[dev->state];
1587 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1589 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1590 pr_err("Error building Set SID cpin\n");
1593 return finalize_and_send(dev, parse_and_check_status);
1596 static int add_user_to_lr(struct opal_dev *dev)
1598 u8 lr_buffer[OPAL_UID_LENGTH];
1599 u8 user_uid[OPAL_UID_LENGTH];
1600 struct opal_lock_unlock *lkul;
1603 clear_opal_cmd(dev);
1604 set_comid(dev, dev->comid);
1606 lkul = dev->func_data[dev->state];
1608 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1611 if (lkul->l_state == OPAL_RW)
1612 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1615 lr_buffer[7] = lkul->session.opal_key.lr;
1617 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1619 user_uid[7] = lkul->session.who;
1621 add_token_u8(&err, dev, OPAL_CALL);
1622 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1623 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1626 add_token_u8(&err, dev, OPAL_STARTLIST);
1627 add_token_u8(&err, dev, OPAL_STARTNAME);
1628 add_token_u8(&err, dev, OPAL_VALUES);
1630 add_token_u8(&err, dev, OPAL_STARTLIST);
1631 add_token_u8(&err, dev, OPAL_STARTNAME);
1632 add_token_u8(&err, dev, 3);
1634 add_token_u8(&err, dev, OPAL_STARTLIST);
1637 add_token_u8(&err, dev, OPAL_STARTNAME);
1638 add_token_bytestring(&err, dev,
1639 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1641 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1642 add_token_u8(&err, dev, OPAL_ENDNAME);
1645 add_token_u8(&err, dev, OPAL_STARTNAME);
1646 add_token_bytestring(&err, dev,
1647 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1649 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1650 add_token_u8(&err, dev, OPAL_ENDNAME);
1653 add_token_u8(&err, dev, OPAL_STARTNAME);
1654 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1656 add_token_u8(&err, dev, 1);
1657 add_token_u8(&err, dev, OPAL_ENDNAME);
1660 add_token_u8(&err, dev, OPAL_ENDLIST);
1661 add_token_u8(&err, dev, OPAL_ENDNAME);
1662 add_token_u8(&err, dev, OPAL_ENDLIST);
1663 add_token_u8(&err, dev, OPAL_ENDNAME);
1664 add_token_u8(&err, dev, OPAL_ENDLIST);
1667 pr_err("Error building add user to locking range command.\n");
1671 return finalize_and_send(dev, parse_and_check_status);
1674 static int lock_unlock_locking_range(struct opal_dev *dev)
1676 u8 lr_buffer[OPAL_UID_LENGTH];
1678 struct opal_lock_unlock *lkul;
1679 u8 read_locked = 1, write_locked = 1;
1682 clear_opal_cmd(dev);
1683 set_comid(dev, dev->comid);
1685 method = opalmethod[OPAL_SET];
1686 lkul = dev->func_data[dev->state];
1687 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1688 lkul->session.opal_key.lr) < 0)
1691 switch (lkul->l_state) {
1701 /* vars are initalized to locked */
1704 pr_err("Tried to set an invalid locking state... returning to uland\n");
1705 return OPAL_INVAL_PARAM;
1708 add_token_u8(&err, dev, OPAL_CALL);
1709 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1710 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1711 add_token_u8(&err, dev, OPAL_STARTLIST);
1712 add_token_u8(&err, dev, OPAL_STARTNAME);
1713 add_token_u8(&err, dev, OPAL_VALUES);
1714 add_token_u8(&err, dev, OPAL_STARTLIST);
1716 add_token_u8(&err, dev, OPAL_STARTNAME);
1717 add_token_u8(&err, dev, OPAL_READLOCKED);
1718 add_token_u8(&err, dev, read_locked);
1719 add_token_u8(&err, dev, OPAL_ENDNAME);
1721 add_token_u8(&err, dev, OPAL_STARTNAME);
1722 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1723 add_token_u8(&err, dev, write_locked);
1724 add_token_u8(&err, dev, OPAL_ENDNAME);
1726 add_token_u8(&err, dev, OPAL_ENDLIST);
1727 add_token_u8(&err, dev, OPAL_ENDNAME);
1728 add_token_u8(&err, dev, OPAL_ENDLIST);
1731 pr_err("Error building SET command.\n");
1734 return finalize_and_send(dev, parse_and_check_status);
1738 static int lock_unlock_locking_range_sum(struct opal_dev *dev)
1740 u8 lr_buffer[OPAL_UID_LENGTH];
1741 u8 read_locked = 1, write_locked = 1;
1743 struct opal_lock_unlock *lkul;
1746 clear_opal_cmd(dev);
1747 set_comid(dev, dev->comid);
1749 method = opalmethod[OPAL_SET];
1750 lkul = dev->func_data[dev->state];
1751 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1752 lkul->session.opal_key.lr) < 0)
1755 switch (lkul->l_state) {
1765 /* vars are initalized to locked */
1768 pr_err("Tried to set an invalid locking state.\n");
1769 return OPAL_INVAL_PARAM;
1771 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1772 read_locked, write_locked);
1775 pr_err("Error building SET command.\n");
1778 return finalize_and_send(dev, parse_and_check_status);
1781 static int activate_lsp(struct opal_dev *dev)
1783 struct opal_lr_act *opal_act;
1784 u8 user_lr[OPAL_UID_LENGTH];
1788 clear_opal_cmd(dev);
1789 set_comid(dev, dev->comid);
1791 opal_act = dev->func_data[dev->state];
1793 add_token_u8(&err, dev, OPAL_CALL);
1794 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1796 add_token_bytestring(&err, dev, opalmethod[OPAL_ACTIVATE],
1800 if (opal_act->sum) {
1801 err = build_locking_range(user_lr, sizeof(user_lr),
1806 add_token_u8(&err, dev, OPAL_STARTLIST);
1807 add_token_u8(&err, dev, OPAL_STARTNAME);
1808 add_token_u8(&err, dev, uint_3);
1809 add_token_u8(&err, dev, 6);
1810 add_token_u8(&err, dev, 0);
1811 add_token_u8(&err, dev, 0);
1813 add_token_u8(&err, dev, OPAL_STARTLIST);
1814 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1815 for (i = 1; i < opal_act->num_lrs; i++) {
1816 user_lr[7] = opal_act->lr[i];
1817 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1819 add_token_u8(&err, dev, OPAL_ENDLIST);
1820 add_token_u8(&err, dev, OPAL_ENDNAME);
1821 add_token_u8(&err, dev, OPAL_ENDLIST);
1824 add_token_u8(&err, dev, OPAL_STARTLIST);
1825 add_token_u8(&err, dev, OPAL_ENDLIST);
1829 pr_err("Error building Activate LockingSP command.\n");
1833 return finalize_and_send(dev, parse_and_check_status);
1836 static int get_lsp_lifecycle_cont(struct opal_dev *dev)
1841 error = parse_and_check_status(dev);
1845 lc_status = response_get_u64(&dev->parsed, 4);
1846 /* 0x08 is Manufacured Inactive */
1847 /* 0x09 is Manufactured */
1848 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1849 pr_err("Couldn't determine the status of the Lifcycle state\n");
1856 /* Determine if we're in the Manufactured Inactive or Active state */
1857 static int get_lsp_lifecycle(struct opal_dev *dev)
1861 clear_opal_cmd(dev);
1862 set_comid(dev, dev->comid);
1864 add_token_u8(&err, dev, OPAL_CALL);
1865 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1867 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1869 add_token_u8(&err, dev, OPAL_STARTLIST);
1870 add_token_u8(&err, dev, OPAL_STARTLIST);
1872 add_token_u8(&err, dev, OPAL_STARTNAME);
1873 add_token_u8(&err, dev, 3); /* Start Column */
1874 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1875 add_token_u8(&err, dev, OPAL_ENDNAME);
1877 add_token_u8(&err, dev, OPAL_STARTNAME);
1878 add_token_u8(&err, dev, 4); /* End Column */
1879 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1880 add_token_u8(&err, dev, OPAL_ENDNAME);
1882 add_token_u8(&err, dev, OPAL_ENDLIST);
1883 add_token_u8(&err, dev, OPAL_ENDLIST);
1886 pr_err("Error Building GET Lifecycle Status command\n");
1890 return finalize_and_send(dev, get_lsp_lifecycle_cont);
1893 static int get_msid_cpin_pin_cont(struct opal_dev *dev)
1895 const char *msid_pin;
1899 error = parse_and_check_status(dev);
1903 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1905 pr_err("%s: Couldn't extract PIN from response\n", __func__);
1906 return OPAL_INVAL_PARAM;
1909 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1910 if (!dev->prev_data)
1913 dev->prev_d_len = strlen;
1918 static int get_msid_cpin_pin(struct opal_dev *dev)
1922 clear_opal_cmd(dev);
1923 set_comid(dev, dev->comid);
1926 add_token_u8(&err, dev, OPAL_CALL);
1927 add_token_bytestring(&err, dev, opaluid[OPAL_C_PIN_MSID],
1929 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1931 add_token_u8(&err, dev, OPAL_STARTLIST);
1932 add_token_u8(&err, dev, OPAL_STARTLIST);
1934 add_token_u8(&err, dev, OPAL_STARTNAME);
1935 add_token_u8(&err, dev, 3); /* Start Column */
1936 add_token_u8(&err, dev, 3); /* PIN */
1937 add_token_u8(&err, dev, OPAL_ENDNAME);
1939 add_token_u8(&err, dev, OPAL_STARTNAME);
1940 add_token_u8(&err, dev, 4); /* End Column */
1941 add_token_u8(&err, dev, 3); /* Lifecycle Column */
1942 add_token_u8(&err, dev, OPAL_ENDNAME);
1944 add_token_u8(&err, dev, OPAL_ENDLIST);
1945 add_token_u8(&err, dev, OPAL_ENDLIST);
1948 pr_err("Error building Get MSID CPIN PIN command.\n");
1952 return finalize_and_send(dev, get_msid_cpin_pin_cont);
1955 static int build_end_opal_session(struct opal_dev *dev)
1959 clear_opal_cmd(dev);
1961 set_comid(dev, dev->comid);
1962 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1966 static int end_opal_session(struct opal_dev *dev)
1968 int ret = build_end_opal_session(dev);
1972 return finalize_and_send(dev, end_session_cont);
1975 static int end_opal_session_error(struct opal_dev *dev)
1977 const opal_step error_end_session[] = {
1981 dev->funcs = error_end_session;
1986 static inline void setup_opal_dev(struct opal_dev *dev,
1987 const opal_step *funcs)
1993 dev->func_data = NULL;
1994 dev->prev_data = NULL;
1997 static int check_opal_support(struct opal_dev *dev)
1999 static const opal_step funcs[] = {
2005 mutex_lock(&dev->dev_lock);
2006 setup_opal_dev(dev, funcs);
2008 dev->supported = !ret;
2009 mutex_unlock(&dev->dev_lock);
2013 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2015 struct opal_dev *dev;
2017 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2021 INIT_LIST_HEAD(&dev->unlk_lst);
2022 mutex_init(&dev->dev_lock);
2024 dev->send_recv = send_recv;
2025 if (check_opal_support(dev) != 0) {
2026 pr_debug("Opal is not supported on this device\n");
2032 EXPORT_SYMBOL(init_opal_dev);
2034 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2035 struct opal_session_info *opal_session)
2037 void *data[3] = { NULL };
2038 static const opal_step erase_funcs[] = {
2040 start_auth_opal_session,
2048 mutex_lock(&dev->dev_lock);
2049 setup_opal_dev(dev, erase_funcs);
2051 dev->func_data = data;
2052 dev->func_data[1] = opal_session;
2053 dev->func_data[2] = &opal_session->opal_key.lr;
2056 mutex_unlock(&dev->dev_lock);
2060 static int opal_erase_locking_range(struct opal_dev *dev,
2061 struct opal_session_info *opal_session)
2063 void *data[3] = { NULL };
2064 static const opal_step erase_funcs[] = {
2066 start_auth_opal_session,
2067 erase_locking_range,
2073 mutex_lock(&dev->dev_lock);
2074 setup_opal_dev(dev, erase_funcs);
2076 dev->func_data = data;
2077 dev->func_data[1] = opal_session;
2078 dev->func_data[2] = opal_session;
2081 mutex_unlock(&dev->dev_lock);
2085 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2086 struct opal_mbr_data *opal_mbr)
2088 void *func_data[6] = { NULL };
2089 static const opal_step mbr_funcs[] = {
2091 start_admin1LSP_opal_session,
2094 start_admin1LSP_opal_session,
2095 set_mbr_enable_disable,
2101 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2102 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2105 mutex_lock(&dev->dev_lock);
2106 setup_opal_dev(dev, mbr_funcs);
2107 dev->func_data = func_data;
2108 dev->func_data[1] = &opal_mbr->key;
2109 dev->func_data[2] = &opal_mbr->enable_disable;
2110 dev->func_data[4] = &opal_mbr->key;
2111 dev->func_data[5] = &opal_mbr->enable_disable;
2113 mutex_unlock(&dev->dev_lock);
2117 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2119 struct opal_suspend_data *suspend;
2121 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2125 suspend->unlk = *lk_unlk;
2126 suspend->lr = lk_unlk->session.opal_key.lr;
2128 mutex_lock(&dev->dev_lock);
2129 setup_opal_dev(dev, NULL);
2130 add_suspend_info(dev, suspend);
2131 mutex_unlock(&dev->dev_lock);
2135 static int opal_add_user_to_lr(struct opal_dev *dev,
2136 struct opal_lock_unlock *lk_unlk)
2138 void *func_data[3] = { NULL };
2139 static const opal_step funcs[] = {
2141 start_admin1LSP_opal_session,
2148 if (lk_unlk->l_state != OPAL_RO &&
2149 lk_unlk->l_state != OPAL_RW) {
2150 pr_err("Locking state was not RO or RW\n");
2153 if (lk_unlk->session.who < OPAL_USER1 &&
2154 lk_unlk->session.who > OPAL_USER9) {
2155 pr_err("Authority was not within the range of users: %d\n",
2156 lk_unlk->session.who);
2159 if (lk_unlk->session.sum) {
2160 pr_err("%s not supported in sum. Use setup locking range\n",
2165 mutex_lock(&dev->dev_lock);
2166 setup_opal_dev(dev, funcs);
2167 dev->func_data = func_data;
2168 dev->func_data[1] = &lk_unlk->session.opal_key;
2169 dev->func_data[2] = lk_unlk;
2171 mutex_unlock(&dev->dev_lock);
2175 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2177 void *data[2] = { NULL };
2178 static const opal_step revert_funcs[] = {
2180 start_SIDASP_opal_session,
2181 revert_tper, /* controller will terminate session */
2186 mutex_lock(&dev->dev_lock);
2187 setup_opal_dev(dev, revert_funcs);
2188 dev->func_data = data;
2189 dev->func_data[1] = opal;
2191 mutex_unlock(&dev->dev_lock);
2195 static int __opal_lock_unlock_sum(struct opal_dev *dev)
2197 static const opal_step ulk_funcs_sum[] = {
2199 start_auth_opal_session,
2200 lock_unlock_locking_range_sum,
2205 dev->funcs = ulk_funcs_sum;
2209 static int __opal_lock_unlock(struct opal_dev *dev)
2211 static const opal_step _unlock_funcs[] = {
2213 start_auth_opal_session,
2214 lock_unlock_locking_range,
2219 dev->funcs = _unlock_funcs;
2223 static int opal_lock_unlock(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2225 void *func_data[3] = { NULL };
2228 if (lk_unlk->session.who < OPAL_ADMIN1 ||
2229 lk_unlk->session.who > OPAL_USER9)
2232 mutex_lock(&dev->dev_lock);
2233 setup_opal_dev(dev, NULL);
2234 dev->func_data = func_data;
2235 dev->func_data[1] = &lk_unlk->session;
2236 dev->func_data[2] = lk_unlk;
2238 if (lk_unlk->session.sum)
2239 ret = __opal_lock_unlock_sum(dev);
2241 ret = __opal_lock_unlock(dev);
2243 mutex_unlock(&dev->dev_lock);
2247 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2249 static const opal_step owner_funcs[] = {
2251 start_anybodyASP_opal_session,
2254 start_SIDASP_opal_session,
2259 void *data[6] = { NULL };
2265 mutex_lock(&dev->dev_lock);
2266 setup_opal_dev(dev, owner_funcs);
2267 dev->func_data = data;
2268 dev->func_data[4] = opal;
2269 dev->func_data[5] = opal;
2271 mutex_unlock(&dev->dev_lock);
2275 static int opal_activate_lsp(struct opal_dev *dev, struct opal_lr_act *opal_lr_act)
2277 void *data[4] = { NULL };
2278 static const opal_step active_funcs[] = {
2280 start_SIDASP_opal_session, /* Open session as SID auth */
2288 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2291 mutex_lock(&dev->dev_lock);
2292 setup_opal_dev(dev, active_funcs);
2293 dev->func_data = data;
2294 dev->func_data[1] = &opal_lr_act->key;
2295 dev->func_data[3] = opal_lr_act;
2297 mutex_unlock(&dev->dev_lock);
2301 static int opal_setup_locking_range(struct opal_dev *dev,
2302 struct opal_user_lr_setup *opal_lrs)
2304 void *data[3] = { NULL };
2305 static const opal_step lr_funcs[] = {
2307 start_auth_opal_session,
2308 setup_locking_range,
2314 mutex_lock(&dev->dev_lock);
2315 setup_opal_dev(dev, lr_funcs);
2316 dev->func_data = data;
2317 dev->func_data[1] = &opal_lrs->session;
2318 dev->func_data[2] = opal_lrs;
2320 mutex_unlock(&dev->dev_lock);
2324 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2326 static const opal_step pw_funcs[] = {
2328 start_auth_opal_session,
2333 void *data[3] = { NULL };
2336 if (opal_pw->session.who < OPAL_ADMIN1 ||
2337 opal_pw->session.who > OPAL_USER9 ||
2338 opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2339 opal_pw->new_user_pw.who > OPAL_USER9)
2342 mutex_lock(&dev->dev_lock);
2343 setup_opal_dev(dev, pw_funcs);
2344 dev->func_data = data;
2345 dev->func_data[1] = (void *) &opal_pw->session;
2346 dev->func_data[2] = (void *) &opal_pw->new_user_pw;
2349 mutex_unlock(&dev->dev_lock);
2353 static int opal_activate_user(struct opal_dev *dev,
2354 struct opal_session_info *opal_session)
2356 static const opal_step act_funcs[] = {
2358 start_admin1LSP_opal_session,
2359 internal_activate_user,
2363 void *data[3] = { NULL };
2366 /* We can't activate Admin1 it's active as manufactured */
2367 if (opal_session->who < OPAL_USER1 &&
2368 opal_session->who > OPAL_USER9) {
2369 pr_err("Who was not a valid user: %d\n", opal_session->who);
2373 mutex_lock(&dev->dev_lock);
2374 setup_opal_dev(dev, act_funcs);
2375 dev->func_data = data;
2376 dev->func_data[1] = &opal_session->opal_key;
2377 dev->func_data[2] = opal_session;
2379 mutex_unlock(&dev->dev_lock);
2383 bool opal_unlock_from_suspend(struct opal_dev *dev)
2385 struct opal_suspend_data *suspend;
2386 void *func_data[3] = { NULL };
2387 bool was_failure = false;
2392 if (!dev->supported)
2395 mutex_lock(&dev->dev_lock);
2396 setup_opal_dev(dev, NULL);
2397 dev->func_data = func_data;
2399 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2401 dev->func_data[1] = &suspend->unlk.session;
2402 dev->func_data[2] = &suspend->unlk;
2406 if (suspend->unlk.session.sum)
2407 ret = __opal_lock_unlock_sum(dev);
2409 ret = __opal_lock_unlock(dev);
2411 pr_warn("Failed to unlock LR %hhu with sum %d\n",
2412 suspend->unlk.session.opal_key.lr,
2413 suspend->unlk.session.sum);
2417 mutex_unlock(&dev->dev_lock);
2420 EXPORT_SYMBOL(opal_unlock_from_suspend);
2422 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2427 if (!capable(CAP_SYS_ADMIN))
2431 if (!dev->supported) {
2432 pr_err("Not supported\n");
2436 p = memdup_user(arg, _IOC_SIZE(cmd));
2442 ret = opal_save(dev, p);
2444 case IOC_OPAL_LOCK_UNLOCK:
2445 ret = opal_lock_unlock(dev, p);
2447 case IOC_OPAL_TAKE_OWNERSHIP:
2448 ret = opal_take_ownership(dev, p);
2450 case IOC_OPAL_ACTIVATE_LSP:
2451 ret = opal_activate_lsp(dev, p);
2453 case IOC_OPAL_SET_PW:
2454 ret = opal_set_new_pw(dev, p);
2456 case IOC_OPAL_ACTIVATE_USR:
2457 ret = opal_activate_user(dev, p);
2459 case IOC_OPAL_REVERT_TPR:
2460 ret = opal_reverttper(dev, p);
2462 case IOC_OPAL_LR_SETUP:
2463 ret = opal_setup_locking_range(dev, p);
2465 case IOC_OPAL_ADD_USR_TO_LR:
2466 ret = opal_add_user_to_lr(dev, p);
2468 case IOC_OPAL_ENABLE_DISABLE_MBR:
2469 ret = opal_enable_disable_shadow_mbr(dev, p);
2471 case IOC_OPAL_ERASE_LR:
2472 ret = opal_erase_locking_range(dev, p);
2474 case IOC_OPAL_SECURE_ERASE_LR:
2475 ret = opal_secure_erase_locking_range(dev, p);
2478 pr_warn("No such Opal Ioctl %u\n", cmd);
2484 EXPORT_SYMBOL_GPL(sed_ioctl);