2 * Copyright © 2016 Intel Corporation
5 * Scott Bauer <scott.bauer@intel.com>
6 * Rafael Antognolli <rafael.antognolli@intel.com>
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms and conditions of the GNU General Public License,
10 * version 2, as published by the Free Software Foundation.
12 * This program is distributed in the hope it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
18 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
20 #include <linux/delay.h>
21 #include <linux/device.h>
22 #include <linux/kernel.h>
23 #include <linux/list.h>
24 #include <linux/genhd.h>
25 #include <linux/slab.h>
26 #include <linux/uaccess.h>
27 #include <uapi/linux/sed-opal.h>
28 #include <linux/sed-opal.h>
29 #include <linux/string.h>
30 #include <linux/kdev_t.h>
32 #include "opal_proto.h"
34 #define IO_BUFFER_LENGTH 2048
38 int (*fn)(struct opal_dev *dev, void *data);
41 typedef int (cont_fn)(struct opal_dev *dev);
43 enum opal_atom_width {
52 * On the parsed response, we don't store again the toks that are already
53 * stored in the response buffer. Instead, for each token, we just store a
54 * pointer to the position in the buffer where the token starts, and the size
55 * of the token in bytes.
57 struct opal_resp_tok {
60 enum opal_response_token type;
61 enum opal_atom_width width;
69 * From the response header it's not possible to know how many tokens there are
70 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
71 * if we start dealing with messages that have more than that, we can increase
72 * this number. This is done to avoid having to make two passes through the
73 * response, the first one counting how many tokens we have and the second one
74 * actually storing the positions.
78 struct opal_resp_tok toks[MAX_TOKS];
85 sec_send_recv *send_recv;
87 const struct opal_step *steps;
88 struct mutex dev_lock;
96 u8 cmd[IO_BUFFER_LENGTH];
97 u8 resp[IO_BUFFER_LENGTH];
99 struct parsed_resp parsed;
103 struct list_head unlk_lst;
107 static const u8 opaluid[][OPAL_UID_LENGTH] = {
110 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
112 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
114 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
115 [OPAL_LOCKINGSP_UID] =
116 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
117 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
118 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
120 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
130 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
131 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
132 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
133 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
134 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
138 [OPAL_LOCKINGRANGE_GLOBAL] =
139 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
140 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
141 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
142 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
143 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
145 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
147 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
148 [OPAL_AUTHORITY_TABLE] =
149 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
151 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
152 [OPAL_LOCKING_INFO_TABLE] =
153 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
154 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
155 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
157 /* C_PIN_TABLE object ID's */
160 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
162 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
163 [OPAL_C_PIN_ADMIN1] =
164 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
166 /* half UID's (only first 4 bytes used) */
168 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
169 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
170 [OPAL_HALF_UID_BOOLEAN_ACE] =
171 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
173 /* special value for omitted optional parameter */
175 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
179 * TCG Storage SSC Methods.
180 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
181 * Section: 6.3 Assigned UIDs
183 static const u8 opalmethod[][OPAL_UID_LENGTH] = {
185 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
186 [OPAL_STARTSESSION] =
187 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
189 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
191 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
193 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
195 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
197 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
198 [OPAL_EAUTHENTICATE] =
199 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
201 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
203 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
205 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
207 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
209 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
210 [OPAL_AUTHENTICATE] =
211 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
213 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
215 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
218 static int end_opal_session_error(struct opal_dev *dev);
220 struct opal_suspend_data {
221 struct opal_lock_unlock unlk;
223 struct list_head node;
228 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
229 * Section: 5.1.5 Method Status Codes
231 static const char * const opal_errors[] = {
239 "No Sessions Available",
240 "Uniqueness Conflict",
241 "Insufficient Space",
248 "Transaction Failure",
250 "Authority Locked Out",
253 static const char *opal_error_to_human(int error)
258 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
259 return "Unknown Error";
261 return opal_errors[error];
264 static void print_buffer(const u8 *ptr, u32 length)
267 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
272 static bool check_tper(const void *data)
274 const struct d0_tper_features *tper = data;
275 u8 flags = tper->supported_features;
277 if (!(flags & TPER_SYNC_SUPPORTED)) {
278 pr_err("TPer sync not supported. flags = %d\n",
279 tper->supported_features);
286 static bool check_sum(const void *data)
288 const struct d0_single_user_mode *sum = data;
289 u32 nlo = be32_to_cpu(sum->num_locking_objects);
292 pr_err("Need at least one locking object.\n");
296 pr_debug("Number of locking objects: %d\n", nlo);
301 static u16 get_comid_v100(const void *data)
303 const struct d0_opal_v100 *v100 = data;
305 return be16_to_cpu(v100->baseComID);
308 static u16 get_comid_v200(const void *data)
310 const struct d0_opal_v200 *v200 = data;
312 return be16_to_cpu(v200->baseComID);
315 static int opal_send_cmd(struct opal_dev *dev)
317 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
318 dev->cmd, IO_BUFFER_LENGTH,
322 static int opal_recv_cmd(struct opal_dev *dev)
324 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
325 dev->resp, IO_BUFFER_LENGTH,
329 static int opal_recv_check(struct opal_dev *dev)
331 size_t buflen = IO_BUFFER_LENGTH;
332 void *buffer = dev->resp;
333 struct opal_header *hdr = buffer;
337 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
338 hdr->cp.outstandingData,
339 hdr->cp.minTransfer);
341 if (hdr->cp.outstandingData == 0 ||
342 hdr->cp.minTransfer != 0)
345 memset(buffer, 0, buflen);
346 ret = opal_recv_cmd(dev);
352 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
356 ret = opal_send_cmd(dev);
359 ret = opal_recv_cmd(dev);
362 ret = opal_recv_check(dev);
368 static void check_geometry(struct opal_dev *dev, const void *data)
370 const struct d0_geometry_features *geo = data;
372 dev->align = geo->alignment_granularity;
373 dev->lowest_lba = geo->lowest_aligned_lba;
376 static int next(struct opal_dev *dev)
378 const struct opal_step *step;
379 int state = 0, error = 0;
382 step = &dev->steps[state];
386 error = step->fn(dev, step->data);
388 pr_err("Error on step function: %d with error %d: %s\n",
390 opal_error_to_human(error));
392 /* For each OPAL command we do a discovery0 then we
393 * start some sort of session.
394 * If we haven't passed state 1 then there was an error
395 * on discovery0 or during the attempt to start a
396 * session. Therefore we shouldn't attempt to terminate
397 * a session, as one has not yet been created.
400 end_opal_session_error(dev);
411 static int opal_discovery0_end(struct opal_dev *dev)
413 bool found_com_id = false, supported = true, single_user = false;
414 const struct d0_header *hdr = (struct d0_header *)dev->resp;
415 const u8 *epos = dev->resp, *cpos = dev->resp;
417 u32 hlen = be32_to_cpu(hdr->length);
419 print_buffer(dev->resp, hlen);
421 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
422 pr_warn("Discovery length overflows buffer (%zu+%u)/%u\n",
423 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
427 epos += hlen; /* end of buffer */
428 cpos += sizeof(*hdr); /* current position on buffer */
430 while (cpos < epos && supported) {
431 const struct d0_features *body =
432 (const struct d0_features *)cpos;
434 switch (be16_to_cpu(body->code)) {
436 supported = check_tper(body->features);
439 single_user = check_sum(body->features);
442 check_geometry(dev, body);
447 /* some ignored properties */
448 pr_debug("Found OPAL feature description: %d\n",
449 be16_to_cpu(body->code));
452 comid = get_comid_v100(body->features);
456 comid = get_comid_v200(body->features);
459 case 0xbfff ... 0xffff:
460 /* vendor specific, just ignore */
463 pr_debug("OPAL Unknown feature: %d\n",
464 be16_to_cpu(body->code));
467 cpos += body->length + 4;
471 pr_debug("This device is not Opal enabled. Not Supported!\n");
476 pr_debug("Device doesn't support single user mode\n");
480 pr_debug("Could not find OPAL comid for device. Returning early\n");
489 static int opal_discovery0(struct opal_dev *dev, void *data)
493 memset(dev->resp, 0, IO_BUFFER_LENGTH);
494 dev->comid = OPAL_DISCOVERY_COMID;
495 ret = opal_recv_cmd(dev);
498 return opal_discovery0_end(dev);
501 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
505 if (cmd->pos >= IO_BUFFER_LENGTH - 1) {
506 pr_err("Error adding u8: end of buffer.\n");
510 cmd->cmd[cmd->pos++] = tok;
513 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
514 bool has_sign, int len)
519 atom = SHORT_ATOM_ID;
520 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
521 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
522 atom |= len & SHORT_ATOM_LEN_MASK;
524 add_token_u8(&err, cmd, atom);
527 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
528 bool has_sign, int len)
532 header0 = MEDIUM_ATOM_ID;
533 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
534 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
535 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
536 cmd->cmd[cmd->pos++] = header0;
537 cmd->cmd[cmd->pos++] = len;
540 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
547 if (!(number & ~TINY_ATOM_DATA_MASK)) {
548 add_token_u8(err, cmd, number);
553 len = DIV_ROUND_UP(msb, 4);
555 if (cmd->pos >= IO_BUFFER_LENGTH - len - 1) {
556 pr_err("Error adding u64: end of buffer.\n");
560 add_short_atom_header(cmd, false, false, len);
562 n = number >> (len * 8);
563 add_token_u8(err, cmd, n);
567 static void add_token_bytestring(int *err, struct opal_dev *cmd,
568 const u8 *bytestring, size_t len)
570 size_t header_len = 1;
571 bool is_short_atom = true;
576 if (len & ~SHORT_ATOM_LEN_MASK) {
578 is_short_atom = false;
581 if (len >= IO_BUFFER_LENGTH - cmd->pos - header_len) {
582 pr_err("Error adding bytestring: end of buffer.\n");
588 add_short_atom_header(cmd, true, false, len);
590 add_medium_atom_header(cmd, true, false, len);
592 memcpy(&cmd->cmd[cmd->pos], bytestring, len);
597 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
599 if (length > OPAL_UID_LENGTH) {
600 pr_err("Can't build locking range. Length OOB\n");
604 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
608 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
614 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
616 if (length > OPAL_UID_LENGTH) {
617 pr_err("Can't build locking range user, Length OOB\n");
621 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
628 static void set_comid(struct opal_dev *cmd, u16 comid)
630 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
632 hdr->cp.extendedComID[0] = comid >> 8;
633 hdr->cp.extendedComID[1] = comid;
634 hdr->cp.extendedComID[2] = 0;
635 hdr->cp.extendedComID[3] = 0;
638 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
640 struct opal_header *hdr;
643 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
644 add_token_u8(&err, cmd, OPAL_STARTLIST);
645 add_token_u8(&err, cmd, 0);
646 add_token_u8(&err, cmd, 0);
647 add_token_u8(&err, cmd, 0);
648 add_token_u8(&err, cmd, OPAL_ENDLIST);
651 pr_err("Error finalizing command.\n");
655 hdr = (struct opal_header *) cmd->cmd;
657 hdr->pkt.tsn = cpu_to_be32(tsn);
658 hdr->pkt.hsn = cpu_to_be32(hsn);
660 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
661 while (cmd->pos % 4) {
662 if (cmd->pos >= IO_BUFFER_LENGTH) {
663 pr_err("Error: Buffer overrun\n");
666 cmd->cmd[cmd->pos++] = 0;
668 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
670 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
675 static const struct opal_resp_tok *response_get_token(
676 const struct parsed_resp *resp,
679 const struct opal_resp_tok *tok;
681 if (n >= resp->num) {
682 pr_err("Token number doesn't exist: %d, resp: %d\n",
684 return ERR_PTR(-EINVAL);
687 tok = &resp->toks[n];
689 pr_err("Token length must be non-zero\n");
690 return ERR_PTR(-EINVAL);
696 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
701 tok->width = OPAL_WIDTH_TINY;
703 if (pos[0] & TINY_ATOM_SIGNED) {
704 tok->type = OPAL_DTA_TOKENID_SINT;
706 tok->type = OPAL_DTA_TOKENID_UINT;
707 tok->stored.u = pos[0] & 0x3f;
713 static ssize_t response_parse_short(struct opal_resp_tok *tok,
717 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
718 tok->width = OPAL_WIDTH_SHORT;
720 if (pos[0] & SHORT_ATOM_BYTESTRING) {
721 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
722 } else if (pos[0] & SHORT_ATOM_SIGNED) {
723 tok->type = OPAL_DTA_TOKENID_SINT;
728 tok->type = OPAL_DTA_TOKENID_UINT;
730 pr_warn("uint64 with more than 8 bytes\n");
733 for (i = tok->len - 1; i > 0; i--) {
734 u_integer |= ((u64)pos[i] << (8 * b));
737 tok->stored.u = u_integer;
743 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
747 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
748 tok->width = OPAL_WIDTH_MEDIUM;
750 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
751 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
752 else if (pos[0] & MEDIUM_ATOM_SIGNED)
753 tok->type = OPAL_DTA_TOKENID_SINT;
755 tok->type = OPAL_DTA_TOKENID_UINT;
760 static ssize_t response_parse_long(struct opal_resp_tok *tok,
764 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
765 tok->width = OPAL_WIDTH_LONG;
767 if (pos[0] & LONG_ATOM_BYTESTRING)
768 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
769 else if (pos[0] & LONG_ATOM_SIGNED)
770 tok->type = OPAL_DTA_TOKENID_SINT;
772 tok->type = OPAL_DTA_TOKENID_UINT;
777 static ssize_t response_parse_token(struct opal_resp_tok *tok,
782 tok->type = OPAL_DTA_TOKENID_TOKEN;
783 tok->width = OPAL_WIDTH_TOKEN;
788 static int response_parse(const u8 *buf, size_t length,
789 struct parsed_resp *resp)
791 const struct opal_header *hdr;
792 struct opal_resp_tok *iter;
795 ssize_t token_length;
797 u32 clen, plen, slen;
805 hdr = (struct opal_header *)buf;
809 clen = be32_to_cpu(hdr->cp.length);
810 plen = be32_to_cpu(hdr->pkt.length);
811 slen = be32_to_cpu(hdr->subpkt.length);
812 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
815 if (clen == 0 || plen == 0 || slen == 0 ||
816 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
817 pr_err("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
819 print_buffer(pos, sizeof(*hdr));
823 if (pos > buf + length)
828 print_buffer(pos, total);
830 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
831 token_length = response_parse_tiny(iter, pos);
832 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
833 token_length = response_parse_short(iter, pos);
834 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
835 token_length = response_parse_medium(iter, pos);
836 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
837 token_length = response_parse_long(iter, pos);
839 token_length = response_parse_token(iter, pos);
841 if (token_length < 0)
845 total -= token_length;
850 if (num_entries == 0) {
851 pr_err("Couldn't parse response.\n");
854 resp->num = num_entries;
859 static size_t response_get_string(const struct parsed_resp *resp, int n,
864 pr_err("Response is NULL\n");
869 pr_err("Response has %d tokens. Can't access %d\n",
874 if (resp->toks[n].type != OPAL_DTA_TOKENID_BYTESTRING) {
875 pr_err("Token is not a byte string!\n");
879 *store = resp->toks[n].pos + 1;
880 return resp->toks[n].len - 1;
883 static u64 response_get_u64(const struct parsed_resp *resp, int n)
886 pr_err("Response is NULL\n");
891 pr_err("Response has %d tokens. Can't access %d\n",
896 if (resp->toks[n].type != OPAL_DTA_TOKENID_UINT) {
897 pr_err("Token is not unsigned it: %d\n",
902 if (!(resp->toks[n].width == OPAL_WIDTH_TINY ||
903 resp->toks[n].width == OPAL_WIDTH_SHORT)) {
904 pr_err("Atom is not short or tiny: %d\n",
905 resp->toks[n].width);
909 return resp->toks[n].stored.u;
912 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
915 token->type != OPAL_DTA_TOKENID_TOKEN ||
916 token->pos[0] != match)
921 static u8 response_status(const struct parsed_resp *resp)
923 const struct opal_resp_tok *tok;
925 tok = response_get_token(resp, 0);
926 if (response_token_matches(tok, OPAL_ENDOFSESSION))
930 return DTAERROR_NO_METHOD_STATUS;
932 tok = response_get_token(resp, resp->num - 5);
933 if (!response_token_matches(tok, OPAL_STARTLIST))
934 return DTAERROR_NO_METHOD_STATUS;
936 tok = response_get_token(resp, resp->num - 1);
937 if (!response_token_matches(tok, OPAL_ENDLIST))
938 return DTAERROR_NO_METHOD_STATUS;
940 return response_get_u64(resp, resp->num - 4);
943 /* Parses and checks for errors */
944 static int parse_and_check_status(struct opal_dev *dev)
948 print_buffer(dev->cmd, dev->pos);
950 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
952 pr_err("Couldn't parse response.\n");
956 return response_status(&dev->parsed);
959 static void clear_opal_cmd(struct opal_dev *dev)
961 dev->pos = sizeof(struct opal_header);
962 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
965 static int start_opal_session_cont(struct opal_dev *dev)
970 error = parse_and_check_status(dev);
974 hsn = response_get_u64(&dev->parsed, 4);
975 tsn = response_get_u64(&dev->parsed, 5);
977 if (hsn == 0 && tsn == 0) {
978 pr_err("Couldn't authenticate session\n");
987 static void add_suspend_info(struct opal_dev *dev,
988 struct opal_suspend_data *sus)
990 struct opal_suspend_data *iter;
992 list_for_each_entry(iter, &dev->unlk_lst, node) {
993 if (iter->lr == sus->lr) {
994 list_del(&iter->node);
999 list_add_tail(&sus->node, &dev->unlk_lst);
1002 static int end_session_cont(struct opal_dev *dev)
1006 return parse_and_check_status(dev);
1009 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1013 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1015 pr_err("Error finalizing command buffer: %d\n", ret);
1019 print_buffer(dev->cmd, dev->pos);
1021 return opal_send_recv(dev, cont);
1024 static int gen_key(struct opal_dev *dev, void *data)
1027 u8 uid[OPAL_UID_LENGTH];
1030 clear_opal_cmd(dev);
1031 set_comid(dev, dev->comid);
1033 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1034 method = opalmethod[OPAL_GENKEY];
1035 kfree(dev->prev_data);
1036 dev->prev_data = NULL;
1038 add_token_u8(&err, dev, OPAL_CALL);
1039 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1040 add_token_bytestring(&err, dev, opalmethod[OPAL_GENKEY],
1042 add_token_u8(&err, dev, OPAL_STARTLIST);
1043 add_token_u8(&err, dev, OPAL_ENDLIST);
1046 pr_err("Error building gen key command\n");
1050 return finalize_and_send(dev, parse_and_check_status);
1053 static int get_active_key_cont(struct opal_dev *dev)
1055 const char *activekey;
1059 error = parse_and_check_status(dev);
1062 keylen = response_get_string(&dev->parsed, 4, &activekey);
1064 pr_err("%s: Couldn't extract the Activekey from the response\n",
1066 return OPAL_INVAL_PARAM;
1068 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1070 if (!dev->prev_data)
1073 dev->prev_d_len = keylen;
1078 static int get_active_key(struct opal_dev *dev, void *data)
1080 u8 uid[OPAL_UID_LENGTH];
1084 clear_opal_cmd(dev);
1085 set_comid(dev, dev->comid);
1087 err = build_locking_range(uid, sizeof(uid), *lr);
1092 add_token_u8(&err, dev, OPAL_CALL);
1093 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1094 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1095 add_token_u8(&err, dev, OPAL_STARTLIST);
1096 add_token_u8(&err, dev, OPAL_STARTLIST);
1097 add_token_u8(&err, dev, OPAL_STARTNAME);
1098 add_token_u8(&err, dev, 3); /* startCloumn */
1099 add_token_u8(&err, dev, 10); /* ActiveKey */
1100 add_token_u8(&err, dev, OPAL_ENDNAME);
1101 add_token_u8(&err, dev, OPAL_STARTNAME);
1102 add_token_u8(&err, dev, 4); /* endColumn */
1103 add_token_u8(&err, dev, 10); /* ActiveKey */
1104 add_token_u8(&err, dev, OPAL_ENDNAME);
1105 add_token_u8(&err, dev, OPAL_ENDLIST);
1106 add_token_u8(&err, dev, OPAL_ENDLIST);
1108 pr_err("Error building get active key command\n");
1112 return finalize_and_send(dev, get_active_key_cont);
1115 static int generic_lr_enable_disable(struct opal_dev *dev,
1116 u8 *uid, bool rle, bool wle,
1121 add_token_u8(&err, dev, OPAL_CALL);
1122 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1123 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1125 add_token_u8(&err, dev, OPAL_STARTLIST);
1126 add_token_u8(&err, dev, OPAL_STARTNAME);
1127 add_token_u8(&err, dev, OPAL_VALUES);
1128 add_token_u8(&err, dev, OPAL_STARTLIST);
1130 add_token_u8(&err, dev, OPAL_STARTNAME);
1131 add_token_u8(&err, dev, 5); /* ReadLockEnabled */
1132 add_token_u8(&err, dev, rle);
1133 add_token_u8(&err, dev, OPAL_ENDNAME);
1135 add_token_u8(&err, dev, OPAL_STARTNAME);
1136 add_token_u8(&err, dev, 6); /* WriteLockEnabled */
1137 add_token_u8(&err, dev, wle);
1138 add_token_u8(&err, dev, OPAL_ENDNAME);
1140 add_token_u8(&err, dev, OPAL_STARTNAME);
1141 add_token_u8(&err, dev, OPAL_READLOCKED);
1142 add_token_u8(&err, dev, rl);
1143 add_token_u8(&err, dev, OPAL_ENDNAME);
1145 add_token_u8(&err, dev, OPAL_STARTNAME);
1146 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1147 add_token_u8(&err, dev, wl);
1148 add_token_u8(&err, dev, OPAL_ENDNAME);
1150 add_token_u8(&err, dev, OPAL_ENDLIST);
1151 add_token_u8(&err, dev, OPAL_ENDNAME);
1152 add_token_u8(&err, dev, OPAL_ENDLIST);
1156 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1157 struct opal_user_lr_setup *setup)
1161 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1164 pr_err("Failed to create enable global lr command\n");
1168 static int setup_locking_range(struct opal_dev *dev, void *data)
1170 u8 uid[OPAL_UID_LENGTH];
1171 struct opal_user_lr_setup *setup = data;
1175 clear_opal_cmd(dev);
1176 set_comid(dev, dev->comid);
1178 lr = setup->session.opal_key.lr;
1179 err = build_locking_range(uid, sizeof(uid), lr);
1184 err = enable_global_lr(dev, uid, setup);
1186 add_token_u8(&err, dev, OPAL_CALL);
1187 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1188 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1191 add_token_u8(&err, dev, OPAL_STARTLIST);
1192 add_token_u8(&err, dev, OPAL_STARTNAME);
1193 add_token_u8(&err, dev, OPAL_VALUES);
1194 add_token_u8(&err, dev, OPAL_STARTLIST);
1196 add_token_u8(&err, dev, OPAL_STARTNAME);
1197 add_token_u8(&err, dev, 3); /* Ranges Start */
1198 add_token_u64(&err, dev, setup->range_start);
1199 add_token_u8(&err, dev, OPAL_ENDNAME);
1201 add_token_u8(&err, dev, OPAL_STARTNAME);
1202 add_token_u8(&err, dev, 4); /* Ranges length */
1203 add_token_u64(&err, dev, setup->range_length);
1204 add_token_u8(&err, dev, OPAL_ENDNAME);
1206 add_token_u8(&err, dev, OPAL_STARTNAME);
1207 add_token_u8(&err, dev, 5); /*ReadLockEnabled */
1208 add_token_u64(&err, dev, !!setup->RLE);
1209 add_token_u8(&err, dev, OPAL_ENDNAME);
1211 add_token_u8(&err, dev, OPAL_STARTNAME);
1212 add_token_u8(&err, dev, 6); /*WriteLockEnabled*/
1213 add_token_u64(&err, dev, !!setup->WLE);
1214 add_token_u8(&err, dev, OPAL_ENDNAME);
1216 add_token_u8(&err, dev, OPAL_ENDLIST);
1217 add_token_u8(&err, dev, OPAL_ENDNAME);
1218 add_token_u8(&err, dev, OPAL_ENDLIST);
1222 pr_err("Error building Setup Locking range command.\n");
1227 return finalize_and_send(dev, parse_and_check_status);
1230 static int start_generic_opal_session(struct opal_dev *dev,
1232 enum opal_uid sp_type,
1239 if (key == NULL && auth != OPAL_ANYBODY_UID) {
1240 pr_err("%s: Attempted to open ADMIN_SP Session without a Host" \
1241 "Challenge, and not as the Anybody UID\n", __func__);
1242 return OPAL_INVAL_PARAM;
1245 clear_opal_cmd(dev);
1247 set_comid(dev, dev->comid);
1248 hsn = GENERIC_HOST_SESSION_NUM;
1250 add_token_u8(&err, dev, OPAL_CALL);
1251 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1253 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1255 add_token_u8(&err, dev, OPAL_STARTLIST);
1256 add_token_u64(&err, dev, hsn);
1257 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1258 add_token_u8(&err, dev, 1);
1261 case OPAL_ANYBODY_UID:
1262 add_token_u8(&err, dev, OPAL_ENDLIST);
1264 case OPAL_ADMIN1_UID:
1266 add_token_u8(&err, dev, OPAL_STARTNAME);
1267 add_token_u8(&err, dev, 0); /* HostChallenge */
1268 add_token_bytestring(&err, dev, key, key_len);
1269 add_token_u8(&err, dev, OPAL_ENDNAME);
1270 add_token_u8(&err, dev, OPAL_STARTNAME);
1271 add_token_u8(&err, dev, 3); /* HostSignAuth */
1272 add_token_bytestring(&err, dev, opaluid[auth],
1274 add_token_u8(&err, dev, OPAL_ENDNAME);
1275 add_token_u8(&err, dev, OPAL_ENDLIST);
1278 pr_err("Cannot start Admin SP session with auth %d\n", auth);
1279 return OPAL_INVAL_PARAM;
1283 pr_err("Error building start adminsp session command.\n");
1287 return finalize_and_send(dev, start_opal_session_cont);
1290 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1292 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1293 OPAL_ADMINSP_UID, NULL, 0);
1296 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1299 const u8 *key = dev->prev_data;
1302 const struct opal_key *okey = data;
1303 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1308 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1310 key, dev->prev_d_len);
1312 dev->prev_data = NULL;
1317 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1319 struct opal_key *key = data;
1320 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1322 key->key, key->key_len);
1325 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1327 struct opal_session_info *session = data;
1328 u8 lk_ul_user[OPAL_UID_LENGTH];
1329 size_t keylen = session->opal_key.key_len;
1332 u8 *key = session->opal_key.key;
1333 u32 hsn = GENERIC_HOST_SESSION_NUM;
1335 clear_opal_cmd(dev);
1336 set_comid(dev, dev->comid);
1339 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1340 session->opal_key.lr);
1344 } else if (session->who != OPAL_ADMIN1 && !session->sum) {
1345 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1350 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1352 add_token_u8(&err, dev, OPAL_CALL);
1353 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1355 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1358 add_token_u8(&err, dev, OPAL_STARTLIST);
1359 add_token_u64(&err, dev, hsn);
1360 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1362 add_token_u8(&err, dev, 1);
1363 add_token_u8(&err, dev, OPAL_STARTNAME);
1364 add_token_u8(&err, dev, 0);
1365 add_token_bytestring(&err, dev, key, keylen);
1366 add_token_u8(&err, dev, OPAL_ENDNAME);
1367 add_token_u8(&err, dev, OPAL_STARTNAME);
1368 add_token_u8(&err, dev, 3);
1369 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1370 add_token_u8(&err, dev, OPAL_ENDNAME);
1371 add_token_u8(&err, dev, OPAL_ENDLIST);
1374 pr_err("Error building STARTSESSION command.\n");
1378 return finalize_and_send(dev, start_opal_session_cont);
1381 static int revert_tper(struct opal_dev *dev, void *data)
1385 clear_opal_cmd(dev);
1386 set_comid(dev, dev->comid);
1388 add_token_u8(&err, dev, OPAL_CALL);
1389 add_token_bytestring(&err, dev, opaluid[OPAL_ADMINSP_UID],
1391 add_token_bytestring(&err, dev, opalmethod[OPAL_REVERT],
1393 add_token_u8(&err, dev, OPAL_STARTLIST);
1394 add_token_u8(&err, dev, OPAL_ENDLIST);
1396 pr_err("Error building REVERT TPER command.\n");
1400 return finalize_and_send(dev, parse_and_check_status);
1403 static int internal_activate_user(struct opal_dev *dev, void *data)
1405 struct opal_session_info *session = data;
1406 u8 uid[OPAL_UID_LENGTH];
1409 clear_opal_cmd(dev);
1410 set_comid(dev, dev->comid);
1412 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1413 uid[7] = session->who;
1415 add_token_u8(&err, dev, OPAL_CALL);
1416 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1417 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1418 add_token_u8(&err, dev, OPAL_STARTLIST);
1419 add_token_u8(&err, dev, OPAL_STARTNAME);
1420 add_token_u8(&err, dev, OPAL_VALUES);
1421 add_token_u8(&err, dev, OPAL_STARTLIST);
1422 add_token_u8(&err, dev, OPAL_STARTNAME);
1423 add_token_u8(&err, dev, 5); /* Enabled */
1424 add_token_u8(&err, dev, OPAL_TRUE);
1425 add_token_u8(&err, dev, OPAL_ENDNAME);
1426 add_token_u8(&err, dev, OPAL_ENDLIST);
1427 add_token_u8(&err, dev, OPAL_ENDNAME);
1428 add_token_u8(&err, dev, OPAL_ENDLIST);
1431 pr_err("Error building Activate UserN command.\n");
1435 return finalize_and_send(dev, parse_and_check_status);
1438 static int erase_locking_range(struct opal_dev *dev, void *data)
1440 struct opal_session_info *session = data;
1441 u8 uid[OPAL_UID_LENGTH];
1444 clear_opal_cmd(dev);
1445 set_comid(dev, dev->comid);
1447 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1450 add_token_u8(&err, dev, OPAL_CALL);
1451 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1452 add_token_bytestring(&err, dev, opalmethod[OPAL_ERASE],
1454 add_token_u8(&err, dev, OPAL_STARTLIST);
1455 add_token_u8(&err, dev, OPAL_ENDLIST);
1458 pr_err("Error building Erase Locking Range Command.\n");
1461 return finalize_and_send(dev, parse_and_check_status);
1464 static int set_mbr_done(struct opal_dev *dev, void *data)
1466 u8 *mbr_done_tf = data;
1469 clear_opal_cmd(dev);
1470 set_comid(dev, dev->comid);
1472 add_token_u8(&err, dev, OPAL_CALL);
1473 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1475 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1476 add_token_u8(&err, dev, OPAL_STARTLIST);
1477 add_token_u8(&err, dev, OPAL_STARTNAME);
1478 add_token_u8(&err, dev, OPAL_VALUES);
1479 add_token_u8(&err, dev, OPAL_STARTLIST);
1480 add_token_u8(&err, dev, OPAL_STARTNAME);
1481 add_token_u8(&err, dev, 2); /* Done */
1482 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1483 add_token_u8(&err, dev, OPAL_ENDNAME);
1484 add_token_u8(&err, dev, OPAL_ENDLIST);
1485 add_token_u8(&err, dev, OPAL_ENDNAME);
1486 add_token_u8(&err, dev, OPAL_ENDLIST);
1489 pr_err("Error Building set MBR Done command\n");
1493 return finalize_and_send(dev, parse_and_check_status);
1496 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1498 u8 *mbr_en_dis = data;
1501 clear_opal_cmd(dev);
1502 set_comid(dev, dev->comid);
1504 add_token_u8(&err, dev, OPAL_CALL);
1505 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1507 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1508 add_token_u8(&err, dev, OPAL_STARTLIST);
1509 add_token_u8(&err, dev, OPAL_STARTNAME);
1510 add_token_u8(&err, dev, OPAL_VALUES);
1511 add_token_u8(&err, dev, OPAL_STARTLIST);
1512 add_token_u8(&err, dev, OPAL_STARTNAME);
1513 add_token_u8(&err, dev, 1);
1514 add_token_u8(&err, dev, *mbr_en_dis);
1515 add_token_u8(&err, dev, OPAL_ENDNAME);
1516 add_token_u8(&err, dev, OPAL_ENDLIST);
1517 add_token_u8(&err, dev, OPAL_ENDNAME);
1518 add_token_u8(&err, dev, OPAL_ENDLIST);
1521 pr_err("Error Building set MBR done command\n");
1525 return finalize_and_send(dev, parse_and_check_status);
1528 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1529 struct opal_dev *dev)
1533 clear_opal_cmd(dev);
1534 set_comid(dev, dev->comid);
1536 add_token_u8(&err, dev, OPAL_CALL);
1537 add_token_bytestring(&err, dev, cpin_uid, OPAL_UID_LENGTH);
1538 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1540 add_token_u8(&err, dev, OPAL_STARTLIST);
1541 add_token_u8(&err, dev, OPAL_STARTNAME);
1542 add_token_u8(&err, dev, OPAL_VALUES);
1543 add_token_u8(&err, dev, OPAL_STARTLIST);
1544 add_token_u8(&err, dev, OPAL_STARTNAME);
1545 add_token_u8(&err, dev, 3); /* PIN */
1546 add_token_bytestring(&err, dev, key, key_len);
1547 add_token_u8(&err, dev, OPAL_ENDNAME);
1548 add_token_u8(&err, dev, OPAL_ENDLIST);
1549 add_token_u8(&err, dev, OPAL_ENDNAME);
1550 add_token_u8(&err, dev, OPAL_ENDLIST);
1555 static int set_new_pw(struct opal_dev *dev, void *data)
1557 u8 cpin_uid[OPAL_UID_LENGTH];
1558 struct opal_session_info *usr = data;
1560 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1562 if (usr->who != OPAL_ADMIN1) {
1565 cpin_uid[7] = usr->opal_key.lr + 1;
1567 cpin_uid[7] = usr->who;
1570 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1572 pr_err("Error building set password command.\n");
1576 return finalize_and_send(dev, parse_and_check_status);
1579 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
1581 u8 cpin_uid[OPAL_UID_LENGTH];
1582 struct opal_key *key = data;
1584 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1586 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1587 pr_err("Error building Set SID cpin\n");
1590 return finalize_and_send(dev, parse_and_check_status);
1593 static int add_user_to_lr(struct opal_dev *dev, void *data)
1595 u8 lr_buffer[OPAL_UID_LENGTH];
1596 u8 user_uid[OPAL_UID_LENGTH];
1597 struct opal_lock_unlock *lkul = data;
1600 clear_opal_cmd(dev);
1601 set_comid(dev, dev->comid);
1603 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1606 if (lkul->l_state == OPAL_RW)
1607 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1610 lr_buffer[7] = lkul->session.opal_key.lr;
1612 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1614 user_uid[7] = lkul->session.who;
1616 add_token_u8(&err, dev, OPAL_CALL);
1617 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1618 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1621 add_token_u8(&err, dev, OPAL_STARTLIST);
1622 add_token_u8(&err, dev, OPAL_STARTNAME);
1623 add_token_u8(&err, dev, OPAL_VALUES);
1625 add_token_u8(&err, dev, OPAL_STARTLIST);
1626 add_token_u8(&err, dev, OPAL_STARTNAME);
1627 add_token_u8(&err, dev, 3);
1629 add_token_u8(&err, dev, OPAL_STARTLIST);
1632 add_token_u8(&err, dev, OPAL_STARTNAME);
1633 add_token_bytestring(&err, dev,
1634 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1636 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1637 add_token_u8(&err, dev, OPAL_ENDNAME);
1640 add_token_u8(&err, dev, OPAL_STARTNAME);
1641 add_token_bytestring(&err, dev,
1642 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1644 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1645 add_token_u8(&err, dev, OPAL_ENDNAME);
1648 add_token_u8(&err, dev, OPAL_STARTNAME);
1649 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1651 add_token_u8(&err, dev, 1);
1652 add_token_u8(&err, dev, OPAL_ENDNAME);
1655 add_token_u8(&err, dev, OPAL_ENDLIST);
1656 add_token_u8(&err, dev, OPAL_ENDNAME);
1657 add_token_u8(&err, dev, OPAL_ENDLIST);
1658 add_token_u8(&err, dev, OPAL_ENDNAME);
1659 add_token_u8(&err, dev, OPAL_ENDLIST);
1662 pr_err("Error building add user to locking range command.\n");
1666 return finalize_and_send(dev, parse_and_check_status);
1669 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
1671 u8 lr_buffer[OPAL_UID_LENGTH];
1673 struct opal_lock_unlock *lkul = data;
1674 u8 read_locked = 1, write_locked = 1;
1677 clear_opal_cmd(dev);
1678 set_comid(dev, dev->comid);
1680 method = opalmethod[OPAL_SET];
1681 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1682 lkul->session.opal_key.lr) < 0)
1685 switch (lkul->l_state) {
1695 /* vars are initalized to locked */
1698 pr_err("Tried to set an invalid locking state... returning to uland\n");
1699 return OPAL_INVAL_PARAM;
1702 add_token_u8(&err, dev, OPAL_CALL);
1703 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1704 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1705 add_token_u8(&err, dev, OPAL_STARTLIST);
1706 add_token_u8(&err, dev, OPAL_STARTNAME);
1707 add_token_u8(&err, dev, OPAL_VALUES);
1708 add_token_u8(&err, dev, OPAL_STARTLIST);
1710 add_token_u8(&err, dev, OPAL_STARTNAME);
1711 add_token_u8(&err, dev, OPAL_READLOCKED);
1712 add_token_u8(&err, dev, read_locked);
1713 add_token_u8(&err, dev, OPAL_ENDNAME);
1715 add_token_u8(&err, dev, OPAL_STARTNAME);
1716 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1717 add_token_u8(&err, dev, write_locked);
1718 add_token_u8(&err, dev, OPAL_ENDNAME);
1720 add_token_u8(&err, dev, OPAL_ENDLIST);
1721 add_token_u8(&err, dev, OPAL_ENDNAME);
1722 add_token_u8(&err, dev, OPAL_ENDLIST);
1725 pr_err("Error building SET command.\n");
1728 return finalize_and_send(dev, parse_and_check_status);
1732 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
1734 u8 lr_buffer[OPAL_UID_LENGTH];
1735 u8 read_locked = 1, write_locked = 1;
1737 struct opal_lock_unlock *lkul = data;
1740 clear_opal_cmd(dev);
1741 set_comid(dev, dev->comid);
1743 method = opalmethod[OPAL_SET];
1744 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1745 lkul->session.opal_key.lr) < 0)
1748 switch (lkul->l_state) {
1758 /* vars are initalized to locked */
1761 pr_err("Tried to set an invalid locking state.\n");
1762 return OPAL_INVAL_PARAM;
1764 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1765 read_locked, write_locked);
1768 pr_err("Error building SET command.\n");
1771 return finalize_and_send(dev, parse_and_check_status);
1774 static int activate_lsp(struct opal_dev *dev, void *data)
1776 struct opal_lr_act *opal_act = data;
1777 u8 user_lr[OPAL_UID_LENGTH];
1781 clear_opal_cmd(dev);
1782 set_comid(dev, dev->comid);
1784 add_token_u8(&err, dev, OPAL_CALL);
1785 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1787 add_token_bytestring(&err, dev, opalmethod[OPAL_ACTIVATE],
1791 if (opal_act->sum) {
1792 err = build_locking_range(user_lr, sizeof(user_lr),
1797 add_token_u8(&err, dev, OPAL_STARTLIST);
1798 add_token_u8(&err, dev, OPAL_STARTNAME);
1799 add_token_u8(&err, dev, uint_3);
1800 add_token_u8(&err, dev, 6);
1801 add_token_u8(&err, dev, 0);
1802 add_token_u8(&err, dev, 0);
1804 add_token_u8(&err, dev, OPAL_STARTLIST);
1805 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1806 for (i = 1; i < opal_act->num_lrs; i++) {
1807 user_lr[7] = opal_act->lr[i];
1808 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1810 add_token_u8(&err, dev, OPAL_ENDLIST);
1811 add_token_u8(&err, dev, OPAL_ENDNAME);
1812 add_token_u8(&err, dev, OPAL_ENDLIST);
1815 add_token_u8(&err, dev, OPAL_STARTLIST);
1816 add_token_u8(&err, dev, OPAL_ENDLIST);
1820 pr_err("Error building Activate LockingSP command.\n");
1824 return finalize_and_send(dev, parse_and_check_status);
1827 static int get_lsp_lifecycle_cont(struct opal_dev *dev)
1832 error = parse_and_check_status(dev);
1836 lc_status = response_get_u64(&dev->parsed, 4);
1837 /* 0x08 is Manufacured Inactive */
1838 /* 0x09 is Manufactured */
1839 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1840 pr_err("Couldn't determine the status of the Lifcycle state\n");
1847 /* Determine if we're in the Manufactured Inactive or Active state */
1848 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
1852 clear_opal_cmd(dev);
1853 set_comid(dev, dev->comid);
1855 add_token_u8(&err, dev, OPAL_CALL);
1856 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1858 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1860 add_token_u8(&err, dev, OPAL_STARTLIST);
1861 add_token_u8(&err, dev, OPAL_STARTLIST);
1863 add_token_u8(&err, dev, OPAL_STARTNAME);
1864 add_token_u8(&err, dev, 3); /* Start Column */
1865 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1866 add_token_u8(&err, dev, OPAL_ENDNAME);
1868 add_token_u8(&err, dev, OPAL_STARTNAME);
1869 add_token_u8(&err, dev, 4); /* End Column */
1870 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1871 add_token_u8(&err, dev, OPAL_ENDNAME);
1873 add_token_u8(&err, dev, OPAL_ENDLIST);
1874 add_token_u8(&err, dev, OPAL_ENDLIST);
1877 pr_err("Error Building GET Lifecycle Status command\n");
1881 return finalize_and_send(dev, get_lsp_lifecycle_cont);
1884 static int get_msid_cpin_pin_cont(struct opal_dev *dev)
1886 const char *msid_pin;
1890 error = parse_and_check_status(dev);
1894 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1896 pr_err("%s: Couldn't extract PIN from response\n", __func__);
1897 return OPAL_INVAL_PARAM;
1900 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1901 if (!dev->prev_data)
1904 dev->prev_d_len = strlen;
1909 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
1913 clear_opal_cmd(dev);
1914 set_comid(dev, dev->comid);
1916 add_token_u8(&err, dev, OPAL_CALL);
1917 add_token_bytestring(&err, dev, opaluid[OPAL_C_PIN_MSID],
1919 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1921 add_token_u8(&err, dev, OPAL_STARTLIST);
1922 add_token_u8(&err, dev, OPAL_STARTLIST);
1924 add_token_u8(&err, dev, OPAL_STARTNAME);
1925 add_token_u8(&err, dev, 3); /* Start Column */
1926 add_token_u8(&err, dev, 3); /* PIN */
1927 add_token_u8(&err, dev, OPAL_ENDNAME);
1929 add_token_u8(&err, dev, OPAL_STARTNAME);
1930 add_token_u8(&err, dev, 4); /* End Column */
1931 add_token_u8(&err, dev, 3); /* Lifecycle Column */
1932 add_token_u8(&err, dev, OPAL_ENDNAME);
1934 add_token_u8(&err, dev, OPAL_ENDLIST);
1935 add_token_u8(&err, dev, OPAL_ENDLIST);
1938 pr_err("Error building Get MSID CPIN PIN command.\n");
1942 return finalize_and_send(dev, get_msid_cpin_pin_cont);
1945 static int end_opal_session(struct opal_dev *dev, void *data)
1949 clear_opal_cmd(dev);
1950 set_comid(dev, dev->comid);
1951 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1955 return finalize_and_send(dev, end_session_cont);
1958 static int end_opal_session_error(struct opal_dev *dev)
1960 const struct opal_step error_end_session[] = {
1961 { end_opal_session, },
1964 dev->steps = error_end_session;
1968 static inline void setup_opal_dev(struct opal_dev *dev,
1969 const struct opal_step *steps)
1974 dev->prev_data = NULL;
1977 static int check_opal_support(struct opal_dev *dev)
1979 const struct opal_step steps[] = {
1980 { opal_discovery0, },
1985 mutex_lock(&dev->dev_lock);
1986 setup_opal_dev(dev, steps);
1988 dev->supported = !ret;
1989 mutex_unlock(&dev->dev_lock);
1993 static void clean_opal_dev(struct opal_dev *dev)
1996 struct opal_suspend_data *suspend, *next;
1998 mutex_lock(&dev->dev_lock);
1999 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2000 list_del(&suspend->node);
2003 mutex_unlock(&dev->dev_lock);
2006 void free_opal_dev(struct opal_dev *dev)
2010 clean_opal_dev(dev);
2013 EXPORT_SYMBOL(free_opal_dev);
2015 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2017 struct opal_dev *dev;
2019 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2023 INIT_LIST_HEAD(&dev->unlk_lst);
2024 mutex_init(&dev->dev_lock);
2026 dev->send_recv = send_recv;
2027 if (check_opal_support(dev) != 0) {
2028 pr_debug("Opal is not supported on this device\n");
2034 EXPORT_SYMBOL(init_opal_dev);
2036 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2037 struct opal_session_info *opal_session)
2039 const struct opal_step erase_steps[] = {
2040 { opal_discovery0, },
2041 { start_auth_opal_session, opal_session },
2042 { get_active_key, &opal_session->opal_key.lr },
2044 { end_opal_session, },
2049 mutex_lock(&dev->dev_lock);
2050 setup_opal_dev(dev, erase_steps);
2052 mutex_unlock(&dev->dev_lock);
2056 static int opal_erase_locking_range(struct opal_dev *dev,
2057 struct opal_session_info *opal_session)
2059 const struct opal_step erase_steps[] = {
2060 { opal_discovery0, },
2061 { start_auth_opal_session, opal_session },
2062 { erase_locking_range, opal_session },
2063 { end_opal_session, },
2068 mutex_lock(&dev->dev_lock);
2069 setup_opal_dev(dev, erase_steps);
2071 mutex_unlock(&dev->dev_lock);
2075 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2076 struct opal_mbr_data *opal_mbr)
2078 const struct opal_step mbr_steps[] = {
2079 { opal_discovery0, },
2080 { start_admin1LSP_opal_session, &opal_mbr->key },
2081 { set_mbr_done, &opal_mbr->enable_disable },
2082 { end_opal_session, },
2083 { start_admin1LSP_opal_session, &opal_mbr->key },
2084 { set_mbr_enable_disable, &opal_mbr->enable_disable },
2085 { end_opal_session, },
2090 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2091 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2094 mutex_lock(&dev->dev_lock);
2095 setup_opal_dev(dev, mbr_steps);
2097 mutex_unlock(&dev->dev_lock);
2101 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2103 struct opal_suspend_data *suspend;
2105 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2109 suspend->unlk = *lk_unlk;
2110 suspend->lr = lk_unlk->session.opal_key.lr;
2112 mutex_lock(&dev->dev_lock);
2113 setup_opal_dev(dev, NULL);
2114 add_suspend_info(dev, suspend);
2115 mutex_unlock(&dev->dev_lock);
2119 static int opal_add_user_to_lr(struct opal_dev *dev,
2120 struct opal_lock_unlock *lk_unlk)
2122 const struct opal_step steps[] = {
2123 { opal_discovery0, },
2124 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2125 { add_user_to_lr, lk_unlk },
2126 { end_opal_session, },
2131 if (lk_unlk->l_state != OPAL_RO &&
2132 lk_unlk->l_state != OPAL_RW) {
2133 pr_err("Locking state was not RO or RW\n");
2136 if (lk_unlk->session.who < OPAL_USER1 &&
2137 lk_unlk->session.who > OPAL_USER9) {
2138 pr_err("Authority was not within the range of users: %d\n",
2139 lk_unlk->session.who);
2142 if (lk_unlk->session.sum) {
2143 pr_err("%s not supported in sum. Use setup locking range\n",
2148 mutex_lock(&dev->dev_lock);
2149 setup_opal_dev(dev, steps);
2151 mutex_unlock(&dev->dev_lock);
2155 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2157 const struct opal_step revert_steps[] = {
2158 { opal_discovery0, },
2159 { start_SIDASP_opal_session, opal },
2160 { revert_tper, }, /* controller will terminate session */
2165 mutex_lock(&dev->dev_lock);
2166 setup_opal_dev(dev, revert_steps);
2168 mutex_unlock(&dev->dev_lock);
2171 * If we successfully reverted lets clean
2172 * any saved locking ranges.
2175 clean_opal_dev(dev);
2180 static int __opal_lock_unlock(struct opal_dev *dev,
2181 struct opal_lock_unlock *lk_unlk)
2183 const struct opal_step unlock_steps[] = {
2184 { opal_discovery0, },
2185 { start_auth_opal_session, &lk_unlk->session },
2186 { lock_unlock_locking_range, lk_unlk },
2187 { end_opal_session, },
2190 const struct opal_step unlock_sum_steps[] = {
2191 { opal_discovery0, },
2192 { start_auth_opal_session, &lk_unlk->session },
2193 { lock_unlock_locking_range_sum, lk_unlk },
2194 { end_opal_session, },
2198 dev->steps = lk_unlk->session.sum ? unlock_sum_steps : unlock_steps;
2202 static int opal_lock_unlock(struct opal_dev *dev,
2203 struct opal_lock_unlock *lk_unlk)
2207 if (lk_unlk->session.who < OPAL_ADMIN1 ||
2208 lk_unlk->session.who > OPAL_USER9)
2211 mutex_lock(&dev->dev_lock);
2212 ret = __opal_lock_unlock(dev, lk_unlk);
2213 mutex_unlock(&dev->dev_lock);
2217 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2219 const struct opal_step owner_steps[] = {
2220 { opal_discovery0, },
2221 { start_anybodyASP_opal_session, },
2222 { get_msid_cpin_pin, },
2223 { end_opal_session, },
2224 { start_SIDASP_opal_session, opal },
2225 { set_sid_cpin_pin, opal },
2226 { end_opal_session, },
2234 mutex_lock(&dev->dev_lock);
2235 setup_opal_dev(dev, owner_steps);
2237 mutex_unlock(&dev->dev_lock);
2241 static int opal_activate_lsp(struct opal_dev *dev, struct opal_lr_act *opal_lr_act)
2243 const struct opal_step active_steps[] = {
2244 { opal_discovery0, },
2245 { start_SIDASP_opal_session, &opal_lr_act->key },
2246 { get_lsp_lifecycle, },
2247 { activate_lsp, opal_lr_act },
2248 { end_opal_session, },
2253 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2256 mutex_lock(&dev->dev_lock);
2257 setup_opal_dev(dev, active_steps);
2259 mutex_unlock(&dev->dev_lock);
2263 static int opal_setup_locking_range(struct opal_dev *dev,
2264 struct opal_user_lr_setup *opal_lrs)
2266 const struct opal_step lr_steps[] = {
2267 { opal_discovery0, },
2268 { start_auth_opal_session, &opal_lrs->session },
2269 { setup_locking_range, opal_lrs },
2270 { end_opal_session, },
2275 mutex_lock(&dev->dev_lock);
2276 setup_opal_dev(dev, lr_steps);
2278 mutex_unlock(&dev->dev_lock);
2282 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2284 const struct opal_step pw_steps[] = {
2285 { opal_discovery0, },
2286 { start_auth_opal_session, &opal_pw->session },
2287 { set_new_pw, &opal_pw->new_user_pw },
2288 { end_opal_session, },
2293 if (opal_pw->session.who < OPAL_ADMIN1 ||
2294 opal_pw->session.who > OPAL_USER9 ||
2295 opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2296 opal_pw->new_user_pw.who > OPAL_USER9)
2299 mutex_lock(&dev->dev_lock);
2300 setup_opal_dev(dev, pw_steps);
2302 mutex_unlock(&dev->dev_lock);
2306 static int opal_activate_user(struct opal_dev *dev,
2307 struct opal_session_info *opal_session)
2309 const struct opal_step act_steps[] = {
2310 { opal_discovery0, },
2311 { start_admin1LSP_opal_session, &opal_session->opal_key },
2312 { internal_activate_user, opal_session },
2313 { end_opal_session, },
2318 /* We can't activate Admin1 it's active as manufactured */
2319 if (opal_session->who < OPAL_USER1 &&
2320 opal_session->who > OPAL_USER9) {
2321 pr_err("Who was not a valid user: %d\n", opal_session->who);
2325 mutex_lock(&dev->dev_lock);
2326 setup_opal_dev(dev, act_steps);
2328 mutex_unlock(&dev->dev_lock);
2332 bool opal_unlock_from_suspend(struct opal_dev *dev)
2334 struct opal_suspend_data *suspend;
2335 bool was_failure = false;
2340 if (!dev->supported)
2343 mutex_lock(&dev->dev_lock);
2344 setup_opal_dev(dev, NULL);
2346 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2350 ret = __opal_lock_unlock(dev, &suspend->unlk);
2352 pr_warn("Failed to unlock LR %hhu with sum %d\n",
2353 suspend->unlk.session.opal_key.lr,
2354 suspend->unlk.session.sum);
2358 mutex_unlock(&dev->dev_lock);
2361 EXPORT_SYMBOL(opal_unlock_from_suspend);
2363 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2368 if (!capable(CAP_SYS_ADMIN))
2372 if (!dev->supported) {
2373 pr_err("Not supported\n");
2377 p = memdup_user(arg, _IOC_SIZE(cmd));
2383 ret = opal_save(dev, p);
2385 case IOC_OPAL_LOCK_UNLOCK:
2386 ret = opal_lock_unlock(dev, p);
2388 case IOC_OPAL_TAKE_OWNERSHIP:
2389 ret = opal_take_ownership(dev, p);
2391 case IOC_OPAL_ACTIVATE_LSP:
2392 ret = opal_activate_lsp(dev, p);
2394 case IOC_OPAL_SET_PW:
2395 ret = opal_set_new_pw(dev, p);
2397 case IOC_OPAL_ACTIVATE_USR:
2398 ret = opal_activate_user(dev, p);
2400 case IOC_OPAL_REVERT_TPR:
2401 ret = opal_reverttper(dev, p);
2403 case IOC_OPAL_LR_SETUP:
2404 ret = opal_setup_locking_range(dev, p);
2406 case IOC_OPAL_ADD_USR_TO_LR:
2407 ret = opal_add_user_to_lr(dev, p);
2409 case IOC_OPAL_ENABLE_DISABLE_MBR:
2410 ret = opal_enable_disable_shadow_mbr(dev, p);
2412 case IOC_OPAL_ERASE_LR:
2413 ret = opal_erase_locking_range(dev, p);
2415 case IOC_OPAL_SECURE_ERASE_LR:
2416 ret = opal_secure_erase_locking_range(dev, p);
2419 pr_warn("No such Opal Ioctl %u\n", cmd);
2425 EXPORT_SYMBOL_GPL(sed_ioctl);
git.samba.org / sfrench / cifs-2.6.git / blob