2 * Copyright © 2016 Intel Corporation
5 * Scott Bauer <scott.bauer@intel.com>
6 * Rafael Antognolli <rafael.antognolli@intel.com>
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms and conditions of the GNU General Public License,
10 * version 2, as published by the Free Software Foundation.
12 * This program is distributed in the hope it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
18 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
20 #include <linux/delay.h>
21 #include <linux/device.h>
22 #include <linux/kernel.h>
23 #include <linux/list.h>
24 #include <linux/genhd.h>
25 #include <linux/slab.h>
26 #include <linux/uaccess.h>
27 #include <uapi/linux/sed-opal.h>
28 #include <linux/sed-opal.h>
29 #include <linux/string.h>
30 #include <linux/kdev_t.h>
32 #include "opal_proto.h"
34 static const u8 opaluid[][OPAL_UID_LENGTH] = {
37 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
39 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
41 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
42 [OPAL_LOCKINGSP_UID] =
43 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
44 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
45 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
47 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
49 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
51 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
53 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
55 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
57 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
58 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
59 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
60 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
61 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
65 [OPAL_LOCKINGRANGE_GLOBAL] =
66 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
67 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
68 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
69 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
70 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
72 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
74 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
75 [OPAL_AUTHORITY_TABLE] =
76 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
78 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
79 [OPAL_LOCKING_INFO_TABLE] =
80 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
81 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
82 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
84 /* C_PIN_TABLE object ID's */
87 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
89 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
91 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
93 /* half UID's (only first 4 bytes used) */
95 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
96 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
97 [OPAL_HALF_UID_BOOLEAN_ACE] =
98 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
100 /* special value for omitted optional parameter */
102 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
106 * TCG Storage SSC Methods.
107 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
108 * Section: 6.3 Assigned UIDs
110 static const u8 opalmethod[][OPAL_UID_LENGTH] = {
112 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
113 [OPAL_STARTSESSION] =
114 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
116 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
118 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
120 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
122 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
124 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
125 [OPAL_EAUTHENTICATE] =
126 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
128 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
130 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
132 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
134 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
136 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
137 [OPAL_AUTHENTICATE] =
138 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
140 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
142 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
145 typedef int (cont_fn)(struct opal_dev *dev);
147 static int end_opal_session_error(struct opal_dev *dev);
149 struct opal_suspend_data {
150 struct opal_lock_unlock unlk;
152 struct list_head node;
157 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
158 * Section: 5.1.5 Method Status Codes
160 static const char * const opal_errors[] = {
168 "No Sessions Available",
169 "Uniqueness Conflict",
170 "Insufficient Space",
177 "Transaction Failure",
179 "Authority Locked Out",
182 static const char *opal_error_to_human(int error)
187 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
188 return "Unknown Error";
190 return opal_errors[error];
193 static void print_buffer(const u8 *ptr, u32 length)
196 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
201 static bool check_tper(const void *data)
203 const struct d0_tper_features *tper = data;
204 u8 flags = tper->supported_features;
206 if (!(flags & TPER_SYNC_SUPPORTED)) {
207 pr_err("TPer sync not supported. flags = %d\n",
208 tper->supported_features);
215 static bool check_sum(const void *data)
217 const struct d0_single_user_mode *sum = data;
218 u32 nlo = be32_to_cpu(sum->num_locking_objects);
221 pr_err("Need at least one locking object.\n");
225 pr_debug("Number of locking objects: %d\n", nlo);
230 static u16 get_comid_v100(const void *data)
232 const struct d0_opal_v100 *v100 = data;
234 return be16_to_cpu(v100->baseComID);
237 static u16 get_comid_v200(const void *data)
239 const struct d0_opal_v200 *v200 = data;
241 return be16_to_cpu(v200->baseComID);
244 static int opal_send_cmd(struct opal_dev *dev)
246 return dev->send_recv(dev, dev->comid, TCG_SECP_01,
247 dev->cmd, IO_BUFFER_LENGTH,
251 static int opal_recv_cmd(struct opal_dev *dev)
253 return dev->send_recv(dev, dev->comid, TCG_SECP_01,
254 dev->resp, IO_BUFFER_LENGTH,
258 static int opal_recv_check(struct opal_dev *dev)
260 size_t buflen = IO_BUFFER_LENGTH;
261 void *buffer = dev->resp;
262 struct opal_header *hdr = buffer;
266 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
267 hdr->cp.outstandingData,
268 hdr->cp.minTransfer);
270 if (hdr->cp.outstandingData == 0 ||
271 hdr->cp.minTransfer != 0)
274 memset(buffer, 0, buflen);
275 ret = opal_recv_cmd(dev);
281 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
285 ret = opal_send_cmd(dev);
288 ret = opal_recv_cmd(dev);
291 ret = opal_recv_check(dev);
297 static void check_geometry(struct opal_dev *dev, const void *data)
299 const struct d0_geometry_features *geo = data;
301 dev->align = geo->alignment_granularity;
302 dev->lowest_lba = geo->lowest_aligned_lba;
305 static int next(struct opal_dev *dev)
311 func = dev->funcs[dev->state];
317 pr_err("Error on step function: %d with error %d: %s\n",
319 opal_error_to_human(error));
321 /* For each OPAL command we do a discovery0 then we
322 * start some sort of session.
323 * If we haven't passed state 1 then there was an error
324 * on discovery0 or during the attempt to start a
325 * session. Therefore we shouldn't attempt to terminate
326 * a session, as one has not yet been created.
329 return end_opal_session_error(dev);
337 static int opal_discovery0_end(struct opal_dev *dev)
339 bool found_com_id = false, supported = true, single_user = false;
340 const struct d0_header *hdr = (struct d0_header *)dev->resp;
341 const u8 *epos = dev->resp, *cpos = dev->resp;
344 print_buffer(dev->resp, be32_to_cpu(hdr->length));
346 epos += be32_to_cpu(hdr->length); /* end of buffer */
347 cpos += sizeof(*hdr); /* current position on buffer */
349 while (cpos < epos && supported) {
350 const struct d0_features *body =
351 (const struct d0_features *)cpos;
353 switch (be16_to_cpu(body->code)) {
355 supported = check_tper(body->features);
358 single_user = check_sum(body->features);
361 check_geometry(dev, body);
366 /* some ignored properties */
367 pr_debug("Found OPAL feature description: %d\n",
368 be16_to_cpu(body->code));
371 comid = get_comid_v100(body->features);
375 comid = get_comid_v200(body->features);
378 case 0xbfff ... 0xffff:
379 /* vendor specific, just ignore */
382 pr_debug("OPAL Unknown feature: %d\n",
383 be16_to_cpu(body->code));
386 cpos += body->length + 4;
390 pr_err("This device is not Opal enabled. Not Supported!\n");
395 pr_warn("Device doesn't support single user mode\n");
399 pr_warn("Could not find OPAL comid for device. Returning early\n");
408 static int opal_discovery0(struct opal_dev *dev)
412 memset(dev->resp, 0, IO_BUFFER_LENGTH);
413 dev->comid = OPAL_DISCOVERY_COMID;
414 ret = opal_recv_cmd(dev);
417 return opal_discovery0_end(dev);
420 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
424 if (cmd->pos >= IO_BUFFER_LENGTH - 1) {
425 pr_err("Error adding u8: end of buffer.\n");
429 cmd->cmd[cmd->pos++] = tok;
432 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
433 bool has_sign, int len)
438 atom = SHORT_ATOM_ID;
439 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
440 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
441 atom |= len & SHORT_ATOM_LEN_MASK;
443 add_token_u8(&err, cmd, atom);
446 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
447 bool has_sign, int len)
451 header0 = MEDIUM_ATOM_ID;
452 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
453 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
454 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
455 cmd->cmd[cmd->pos++] = header0;
456 cmd->cmd[cmd->pos++] = len;
459 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
466 if (!(number & ~TINY_ATOM_DATA_MASK)) {
467 add_token_u8(err, cmd, number);
472 len = DIV_ROUND_UP(msb, 4);
474 if (cmd->pos >= IO_BUFFER_LENGTH - len - 1) {
475 pr_err("Error adding u64: end of buffer.\n");
479 add_short_atom_header(cmd, false, false, len);
481 n = number >> (len * 8);
482 add_token_u8(err, cmd, n);
486 static void add_token_bytestring(int *err, struct opal_dev *cmd,
487 const u8 *bytestring, size_t len)
489 size_t header_len = 1;
490 bool is_short_atom = true;
495 if (len & ~SHORT_ATOM_LEN_MASK) {
497 is_short_atom = false;
500 if (len >= IO_BUFFER_LENGTH - cmd->pos - header_len) {
501 pr_err("Error adding bytestring: end of buffer.\n");
507 add_short_atom_header(cmd, true, false, len);
509 add_medium_atom_header(cmd, true, false, len);
511 memcpy(&cmd->cmd[cmd->pos], bytestring, len);
516 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
518 if (length > OPAL_UID_LENGTH) {
519 pr_err("Can't build locking range. Length OOB\n");
523 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
527 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
533 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
535 if (length > OPAL_UID_LENGTH) {
536 pr_err("Can't build locking range user, Length OOB\n");
540 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
547 static void set_comid(struct opal_dev *cmd, u16 comid)
549 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
551 hdr->cp.extendedComID[0] = comid >> 8;
552 hdr->cp.extendedComID[1] = comid;
553 hdr->cp.extendedComID[2] = 0;
554 hdr->cp.extendedComID[3] = 0;
557 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
559 struct opal_header *hdr;
562 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
563 add_token_u8(&err, cmd, OPAL_STARTLIST);
564 add_token_u8(&err, cmd, 0);
565 add_token_u8(&err, cmd, 0);
566 add_token_u8(&err, cmd, 0);
567 add_token_u8(&err, cmd, OPAL_ENDLIST);
570 pr_err("Error finalizing command.\n");
574 hdr = (struct opal_header *) cmd->cmd;
576 hdr->pkt.tsn = cpu_to_be32(tsn);
577 hdr->pkt.hsn = cpu_to_be32(hsn);
579 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
580 while (cmd->pos % 4) {
581 if (cmd->pos >= IO_BUFFER_LENGTH) {
582 pr_err("Error: Buffer overrun\n");
585 cmd->cmd[cmd->pos++] = 0;
587 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
589 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
594 static enum opal_response_token token_type(const struct parsed_resp *resp,
597 const struct opal_resp_tok *tok;
599 if (n >= resp->num) {
600 pr_err("Token number doesn't exist: %d, resp: %d\n",
602 return OPAL_DTA_TOKENID_INVALID;
605 tok = &resp->toks[n];
607 pr_err("Token length must be non-zero\n");
608 return OPAL_DTA_TOKENID_INVALID;
615 * This function returns 0 in case of invalid token. One should call
616 * token_type() first to find out if the token is valid or not.
618 static enum opal_token response_get_token(const struct parsed_resp *resp,
621 const struct opal_resp_tok *tok;
623 if (n >= resp->num) {
624 pr_err("Token number doesn't exist: %d, resp: %d\n",
629 tok = &resp->toks[n];
631 pr_err("Token length must be non-zero\n");
638 static size_t response_parse_tiny(struct opal_resp_tok *tok,
643 tok->width = OPAL_WIDTH_TINY;
645 if (pos[0] & TINY_ATOM_SIGNED) {
646 tok->type = OPAL_DTA_TOKENID_SINT;
648 tok->type = OPAL_DTA_TOKENID_UINT;
649 tok->stored.u = pos[0] & 0x3f;
655 static size_t response_parse_short(struct opal_resp_tok *tok,
659 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
660 tok->width = OPAL_WIDTH_SHORT;
662 if (pos[0] & SHORT_ATOM_BYTESTRING) {
663 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
664 } else if (pos[0] & SHORT_ATOM_SIGNED) {
665 tok->type = OPAL_DTA_TOKENID_SINT;
670 tok->type = OPAL_DTA_TOKENID_UINT;
672 pr_warn("uint64 with more than 8 bytes\n");
675 for (i = tok->len - 1; i > 0; i--) {
676 u_integer |= ((u64)pos[i] << (8 * b));
679 tok->stored.u = u_integer;
685 static size_t response_parse_medium(struct opal_resp_tok *tok,
689 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
690 tok->width = OPAL_WIDTH_MEDIUM;
692 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
693 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
694 else if (pos[0] & MEDIUM_ATOM_SIGNED)
695 tok->type = OPAL_DTA_TOKENID_SINT;
697 tok->type = OPAL_DTA_TOKENID_UINT;
702 static size_t response_parse_long(struct opal_resp_tok *tok,
706 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
707 tok->width = OPAL_WIDTH_LONG;
709 if (pos[0] & LONG_ATOM_BYTESTRING)
710 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
711 else if (pos[0] & LONG_ATOM_SIGNED)
712 tok->type = OPAL_DTA_TOKENID_SINT;
714 tok->type = OPAL_DTA_TOKENID_UINT;
719 static size_t response_parse_token(struct opal_resp_tok *tok,
724 tok->type = OPAL_DTA_TOKENID_TOKEN;
725 tok->width = OPAL_WIDTH_TOKEN;
730 static int response_parse(const u8 *buf, size_t length,
731 struct parsed_resp *resp)
733 const struct opal_header *hdr;
734 struct opal_resp_tok *iter;
746 hdr = (struct opal_header *)buf;
750 pr_debug("Response size: cp: %d, pkt: %d, subpkt: %d\n",
751 be32_to_cpu(hdr->cp.length),
752 be32_to_cpu(hdr->pkt.length),
753 be32_to_cpu(hdr->subpkt.length));
755 if (hdr->cp.length == 0 || hdr->pkt.length == 0 ||
756 hdr->subpkt.length == 0) {
757 pr_err("Bad header length. cp: %d, pkt: %d, subpkt: %d\n",
758 be32_to_cpu(hdr->cp.length),
759 be32_to_cpu(hdr->pkt.length),
760 be32_to_cpu(hdr->subpkt.length));
761 print_buffer(pos, sizeof(*hdr));
765 if (pos > buf + length)
769 total = be32_to_cpu(hdr->subpkt.length);
770 print_buffer(pos, total);
772 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
773 token_length = response_parse_tiny(iter, pos);
774 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
775 token_length = response_parse_short(iter, pos);
776 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
777 token_length = response_parse_medium(iter, pos);
778 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
779 token_length = response_parse_long(iter, pos);
781 token_length = response_parse_token(iter, pos);
783 if (token_length == -EINVAL)
787 total -= token_length;
792 if (num_entries == 0) {
793 pr_err("Couldn't parse response.\n");
796 resp->num = num_entries;
801 static size_t response_get_string(const struct parsed_resp *resp, int n,
806 pr_err("Response is NULL\n");
811 pr_err("Response has %d tokens. Can't access %d\n",
816 if (resp->toks[n].type != OPAL_DTA_TOKENID_BYTESTRING) {
817 pr_err("Token is not a byte string!\n");
821 *store = resp->toks[n].pos + 1;
822 return resp->toks[n].len - 1;
825 static u64 response_get_u64(const struct parsed_resp *resp, int n)
828 pr_err("Response is NULL\n");
833 pr_err("Response has %d tokens. Can't access %d\n",
838 if (resp->toks[n].type != OPAL_DTA_TOKENID_UINT) {
839 pr_err("Token is not unsigned it: %d\n",
844 if (!(resp->toks[n].width == OPAL_WIDTH_TINY ||
845 resp->toks[n].width == OPAL_WIDTH_SHORT)) {
846 pr_err("Atom is not short or tiny: %d\n",
847 resp->toks[n].width);
851 return resp->toks[n].stored.u;
854 static u8 response_status(const struct parsed_resp *resp)
856 if (token_type(resp, 0) == OPAL_DTA_TOKENID_TOKEN &&
857 response_get_token(resp, 0) == OPAL_ENDOFSESSION) {
862 return DTAERROR_NO_METHOD_STATUS;
864 if (token_type(resp, resp->num - 1) != OPAL_DTA_TOKENID_TOKEN ||
865 token_type(resp, resp->num - 5) != OPAL_DTA_TOKENID_TOKEN ||
866 response_get_token(resp, resp->num - 1) != OPAL_ENDLIST ||
867 response_get_token(resp, resp->num - 5) != OPAL_STARTLIST)
868 return DTAERROR_NO_METHOD_STATUS;
870 return response_get_u64(resp, resp->num - 4);
873 /* Parses and checks for errors */
874 static int parse_and_check_status(struct opal_dev *dev)
878 print_buffer(dev->cmd, dev->pos);
880 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
882 pr_err("Couldn't parse response.\n");
886 return response_status(&dev->parsed);
889 static void clear_opal_cmd(struct opal_dev *dev)
891 dev->pos = sizeof(struct opal_header);
892 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
895 static int start_opal_session_cont(struct opal_dev *dev)
900 error = parse_and_check_status(dev);
904 hsn = response_get_u64(&dev->parsed, 4);
905 tsn = response_get_u64(&dev->parsed, 5);
907 if (hsn == 0 && tsn == 0) {
908 pr_err("Couldn't authenticate session\n");
917 static void add_suspend_info(struct opal_dev *dev,
918 struct opal_suspend_data *sus)
920 struct opal_suspend_data *iter;
922 list_for_each_entry(iter, &dev->unlk_lst, node) {
923 if (iter->lr == sus->lr) {
924 list_del(&iter->node);
929 list_add_tail(&sus->node, &dev->unlk_lst);
932 static int end_session_cont(struct opal_dev *dev)
936 return parse_and_check_status(dev);
939 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
943 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
945 pr_err("Error finalizing command buffer: %d\n", ret);
949 print_buffer(dev->cmd, dev->pos);
951 return opal_send_recv(dev, cont);
954 static int gen_key(struct opal_dev *dev)
957 u8 uid[OPAL_UID_LENGTH];
961 set_comid(dev, dev->comid);
963 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
964 method = opalmethod[OPAL_GENKEY];
965 kfree(dev->prev_data);
966 dev->prev_data = NULL;
968 add_token_u8(&err, dev, OPAL_CALL);
969 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
970 add_token_bytestring(&err, dev, opalmethod[OPAL_GENKEY],
972 add_token_u8(&err, dev, OPAL_STARTLIST);
973 add_token_u8(&err, dev, OPAL_ENDLIST);
976 pr_err("Error building gen key command\n");
980 return finalize_and_send(dev, parse_and_check_status);
983 static int get_active_key_cont(struct opal_dev *dev)
985 const char *activekey;
989 error = parse_and_check_status(dev);
992 keylen = response_get_string(&dev->parsed, 4, &activekey);
994 pr_err("%s: Couldn't extract the Activekey from the response\n",
996 return OPAL_INVAL_PARAM;
998 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1000 if (!dev->prev_data)
1003 dev->prev_d_len = keylen;
1008 static int get_active_key(struct opal_dev *dev)
1010 u8 uid[OPAL_UID_LENGTH];
1014 clear_opal_cmd(dev);
1015 set_comid(dev, dev->comid);
1016 lr = dev->func_data[dev->state];
1018 err = build_locking_range(uid, sizeof(uid), *lr);
1023 add_token_u8(&err, dev, OPAL_CALL);
1024 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1025 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1026 add_token_u8(&err, dev, OPAL_STARTLIST);
1027 add_token_u8(&err, dev, OPAL_STARTLIST);
1028 add_token_u8(&err, dev, OPAL_STARTNAME);
1029 add_token_u8(&err, dev, 3); /* startCloumn */
1030 add_token_u8(&err, dev, 10); /* ActiveKey */
1031 add_token_u8(&err, dev, OPAL_ENDNAME);
1032 add_token_u8(&err, dev, OPAL_STARTNAME);
1033 add_token_u8(&err, dev, 4); /* endColumn */
1034 add_token_u8(&err, dev, 10); /* ActiveKey */
1035 add_token_u8(&err, dev, OPAL_ENDNAME);
1036 add_token_u8(&err, dev, OPAL_ENDLIST);
1037 add_token_u8(&err, dev, OPAL_ENDLIST);
1039 pr_err("Error building get active key command\n");
1043 return finalize_and_send(dev, get_active_key_cont);
1046 static int generic_lr_enable_disable(struct opal_dev *dev,
1047 u8 *uid, bool rle, bool wle,
1052 add_token_u8(&err, dev, OPAL_CALL);
1053 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1054 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1056 add_token_u8(&err, dev, OPAL_STARTLIST);
1057 add_token_u8(&err, dev, OPAL_STARTNAME);
1058 add_token_u8(&err, dev, OPAL_VALUES);
1059 add_token_u8(&err, dev, OPAL_STARTLIST);
1061 add_token_u8(&err, dev, OPAL_STARTNAME);
1062 add_token_u8(&err, dev, 5); /* ReadLockEnabled */
1063 add_token_u8(&err, dev, rle);
1064 add_token_u8(&err, dev, OPAL_ENDNAME);
1066 add_token_u8(&err, dev, OPAL_STARTNAME);
1067 add_token_u8(&err, dev, 6); /* WriteLockEnabled */
1068 add_token_u8(&err, dev, wle);
1069 add_token_u8(&err, dev, OPAL_ENDNAME);
1071 add_token_u8(&err, dev, OPAL_STARTNAME);
1072 add_token_u8(&err, dev, OPAL_READLOCKED);
1073 add_token_u8(&err, dev, rl);
1074 add_token_u8(&err, dev, OPAL_ENDNAME);
1076 add_token_u8(&err, dev, OPAL_STARTNAME);
1077 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1078 add_token_u8(&err, dev, wl);
1079 add_token_u8(&err, dev, OPAL_ENDNAME);
1081 add_token_u8(&err, dev, OPAL_ENDLIST);
1082 add_token_u8(&err, dev, OPAL_ENDNAME);
1083 add_token_u8(&err, dev, OPAL_ENDLIST);
1087 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1088 struct opal_user_lr_setup *setup)
1092 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1095 pr_err("Failed to create enable global lr command\n");
1099 static int setup_locking_range(struct opal_dev *dev)
1101 u8 uid[OPAL_UID_LENGTH];
1102 struct opal_user_lr_setup *setup;
1106 clear_opal_cmd(dev);
1107 set_comid(dev, dev->comid);
1109 setup = dev->func_data[dev->state];
1110 lr = setup->session.opal_key.lr;
1111 err = build_locking_range(uid, sizeof(uid), lr);
1116 err = enable_global_lr(dev, uid, setup);
1118 add_token_u8(&err, dev, OPAL_CALL);
1119 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1120 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1123 add_token_u8(&err, dev, OPAL_STARTLIST);
1124 add_token_u8(&err, dev, OPAL_STARTNAME);
1125 add_token_u8(&err, dev, OPAL_VALUES);
1126 add_token_u8(&err, dev, OPAL_STARTLIST);
1128 add_token_u8(&err, dev, OPAL_STARTNAME);
1129 add_token_u8(&err, dev, 3); /* Ranges Start */
1130 add_token_u64(&err, dev, setup->range_start);
1131 add_token_u8(&err, dev, OPAL_ENDNAME);
1133 add_token_u8(&err, dev, OPAL_STARTNAME);
1134 add_token_u8(&err, dev, 4); /* Ranges length */
1135 add_token_u64(&err, dev, setup->range_length);
1136 add_token_u8(&err, dev, OPAL_ENDNAME);
1138 add_token_u8(&err, dev, OPAL_STARTNAME);
1139 add_token_u8(&err, dev, 5); /*ReadLockEnabled */
1140 add_token_u64(&err, dev, !!setup->RLE);
1141 add_token_u8(&err, dev, OPAL_ENDNAME);
1143 add_token_u8(&err, dev, OPAL_STARTNAME);
1144 add_token_u8(&err, dev, 6); /*WriteLockEnabled*/
1145 add_token_u64(&err, dev, !!setup->WLE);
1146 add_token_u8(&err, dev, OPAL_ENDNAME);
1148 add_token_u8(&err, dev, OPAL_ENDLIST);
1149 add_token_u8(&err, dev, OPAL_ENDNAME);
1150 add_token_u8(&err, dev, OPAL_ENDLIST);
1154 pr_err("Error building Setup Locking range command.\n");
1159 return finalize_and_send(dev, parse_and_check_status);
1162 static int start_generic_opal_session(struct opal_dev *dev,
1164 enum opal_uid sp_type,
1171 if (key == NULL && auth != OPAL_ANYBODY_UID) {
1172 pr_err("%s: Attempted to open ADMIN_SP Session without a Host" \
1173 "Challenge, and not as the Anybody UID\n", __func__);
1174 return OPAL_INVAL_PARAM;
1177 clear_opal_cmd(dev);
1179 set_comid(dev, dev->comid);
1180 hsn = GENERIC_HOST_SESSION_NUM;
1182 add_token_u8(&err, dev, OPAL_CALL);
1183 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1185 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1187 add_token_u8(&err, dev, OPAL_STARTLIST);
1188 add_token_u64(&err, dev, hsn);
1189 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1190 add_token_u8(&err, dev, 1);
1193 case OPAL_ANYBODY_UID:
1194 add_token_u8(&err, dev, OPAL_ENDLIST);
1196 case OPAL_ADMIN1_UID:
1198 add_token_u8(&err, dev, OPAL_STARTNAME);
1199 add_token_u8(&err, dev, 0); /* HostChallenge */
1200 add_token_bytestring(&err, dev, key, key_len);
1201 add_token_u8(&err, dev, OPAL_ENDNAME);
1202 add_token_u8(&err, dev, OPAL_STARTNAME);
1203 add_token_u8(&err, dev, 3); /* HostSignAuth */
1204 add_token_bytestring(&err, dev, opaluid[auth],
1206 add_token_u8(&err, dev, OPAL_ENDNAME);
1207 add_token_u8(&err, dev, OPAL_ENDLIST);
1210 pr_err("Cannot start Admin SP session with auth %d\n", auth);
1211 return OPAL_INVAL_PARAM;
1215 pr_err("Error building start adminsp session command.\n");
1219 return finalize_and_send(dev, start_opal_session_cont);
1222 static int start_anybodyASP_opal_session(struct opal_dev *dev)
1224 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1225 OPAL_ADMINSP_UID, NULL, 0);
1228 static int start_SIDASP_opal_session(struct opal_dev *dev)
1231 const u8 *key = dev->prev_data;
1232 struct opal_key *okey;
1235 okey = dev->func_data[dev->state];
1236 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1241 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1243 key, dev->prev_d_len);
1245 dev->prev_data = NULL;
1250 static inline int start_admin1LSP_opal_session(struct opal_dev *dev)
1252 struct opal_key *key = dev->func_data[dev->state];
1254 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1256 key->key, key->key_len);
1259 static int start_auth_opal_session(struct opal_dev *dev)
1261 u8 lk_ul_user[OPAL_UID_LENGTH];
1264 struct opal_session_info *session = dev->func_data[dev->state];
1265 size_t keylen = session->opal_key.key_len;
1266 u8 *key = session->opal_key.key;
1267 u32 hsn = GENERIC_HOST_SESSION_NUM;
1269 clear_opal_cmd(dev);
1270 set_comid(dev, dev->comid);
1273 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1274 session->opal_key.lr);
1278 } else if (session->who != OPAL_ADMIN1 && !session->sum) {
1279 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1284 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1286 add_token_u8(&err, dev, OPAL_CALL);
1287 add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1289 add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1292 add_token_u8(&err, dev, OPAL_STARTLIST);
1293 add_token_u64(&err, dev, hsn);
1294 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1296 add_token_u8(&err, dev, 1);
1297 add_token_u8(&err, dev, OPAL_STARTNAME);
1298 add_token_u8(&err, dev, 0);
1299 add_token_bytestring(&err, dev, key, keylen);
1300 add_token_u8(&err, dev, OPAL_ENDNAME);
1301 add_token_u8(&err, dev, OPAL_STARTNAME);
1302 add_token_u8(&err, dev, 3);
1303 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1304 add_token_u8(&err, dev, OPAL_ENDNAME);
1305 add_token_u8(&err, dev, OPAL_ENDLIST);
1308 pr_err("Error building STARTSESSION command.\n");
1312 return finalize_and_send(dev, start_opal_session_cont);
1315 static int revert_tper(struct opal_dev *dev)
1319 clear_opal_cmd(dev);
1320 set_comid(dev, dev->comid);
1322 add_token_u8(&err, dev, OPAL_CALL);
1323 add_token_bytestring(&err, dev, opaluid[OPAL_ADMINSP_UID],
1325 add_token_bytestring(&err, dev, opalmethod[OPAL_REVERT],
1327 add_token_u8(&err, dev, OPAL_STARTLIST);
1328 add_token_u8(&err, dev, OPAL_ENDLIST);
1330 pr_err("Error building REVERT TPER command.\n");
1334 return finalize_and_send(dev, parse_and_check_status);
1337 static int internal_activate_user(struct opal_dev *dev)
1339 struct opal_session_info *session = dev->func_data[dev->state];
1340 u8 uid[OPAL_UID_LENGTH];
1343 clear_opal_cmd(dev);
1344 set_comid(dev, dev->comid);
1346 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1347 uid[7] = session->who;
1349 add_token_u8(&err, dev, OPAL_CALL);
1350 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1351 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1352 add_token_u8(&err, dev, OPAL_STARTLIST);
1353 add_token_u8(&err, dev, OPAL_STARTNAME);
1354 add_token_u8(&err, dev, OPAL_VALUES);
1355 add_token_u8(&err, dev, OPAL_STARTLIST);
1356 add_token_u8(&err, dev, OPAL_STARTNAME);
1357 add_token_u8(&err, dev, 5); /* Enabled */
1358 add_token_u8(&err, dev, OPAL_TRUE);
1359 add_token_u8(&err, dev, OPAL_ENDNAME);
1360 add_token_u8(&err, dev, OPAL_ENDLIST);
1361 add_token_u8(&err, dev, OPAL_ENDNAME);
1362 add_token_u8(&err, dev, OPAL_ENDLIST);
1365 pr_err("Error building Activate UserN command.\n");
1369 return finalize_and_send(dev, parse_and_check_status);
1372 static int erase_locking_range(struct opal_dev *dev)
1374 struct opal_session_info *session;
1375 u8 uid[OPAL_UID_LENGTH];
1378 clear_opal_cmd(dev);
1379 set_comid(dev, dev->comid);
1380 session = dev->func_data[dev->state];
1382 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1385 add_token_u8(&err, dev, OPAL_CALL);
1386 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1387 add_token_bytestring(&err, dev, opalmethod[OPAL_ERASE],
1389 add_token_u8(&err, dev, OPAL_STARTLIST);
1390 add_token_u8(&err, dev, OPAL_ENDLIST);
1393 pr_err("Error building Erase Locking Range Command.\n");
1396 return finalize_and_send(dev, parse_and_check_status);
1399 static int set_mbr_done(struct opal_dev *dev)
1401 u8 mbr_done_tf = *(u8 *)dev->func_data[dev->state];
1404 clear_opal_cmd(dev);
1405 set_comid(dev, dev->comid);
1407 add_token_u8(&err, dev, OPAL_CALL);
1408 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1410 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1411 add_token_u8(&err, dev, OPAL_STARTLIST);
1412 add_token_u8(&err, dev, OPAL_STARTNAME);
1413 add_token_u8(&err, dev, OPAL_VALUES);
1414 add_token_u8(&err, dev, OPAL_STARTLIST);
1415 add_token_u8(&err, dev, OPAL_STARTNAME);
1416 add_token_u8(&err, dev, 2); /* Done */
1417 add_token_u8(&err, dev, mbr_done_tf); /* Done T or F */
1418 add_token_u8(&err, dev, OPAL_ENDNAME);
1419 add_token_u8(&err, dev, OPAL_ENDLIST);
1420 add_token_u8(&err, dev, OPAL_ENDNAME);
1421 add_token_u8(&err, dev, OPAL_ENDLIST);
1424 pr_err("Error Building set MBR Done command\n");
1428 return finalize_and_send(dev, parse_and_check_status);
1431 static int set_mbr_enable_disable(struct opal_dev *dev)
1433 u8 mbr_en_dis = *(u8 *)dev->func_data[dev->state];
1436 clear_opal_cmd(dev);
1437 set_comid(dev, dev->comid);
1439 add_token_u8(&err, dev, OPAL_CALL);
1440 add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1442 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1443 add_token_u8(&err, dev, OPAL_STARTLIST);
1444 add_token_u8(&err, dev, OPAL_STARTNAME);
1445 add_token_u8(&err, dev, OPAL_VALUES);
1446 add_token_u8(&err, dev, OPAL_STARTLIST);
1447 add_token_u8(&err, dev, OPAL_STARTNAME);
1448 add_token_u8(&err, dev, 1);
1449 add_token_u8(&err, dev, mbr_en_dis);
1450 add_token_u8(&err, dev, OPAL_ENDNAME);
1451 add_token_u8(&err, dev, OPAL_ENDLIST);
1452 add_token_u8(&err, dev, OPAL_ENDNAME);
1453 add_token_u8(&err, dev, OPAL_ENDLIST);
1456 pr_err("Error Building set MBR done command\n");
1460 return finalize_and_send(dev, parse_and_check_status);
1463 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1464 struct opal_dev *dev)
1468 clear_opal_cmd(dev);
1469 set_comid(dev, dev->comid);
1471 add_token_u8(&err, dev, OPAL_CALL);
1472 add_token_bytestring(&err, dev, cpin_uid, OPAL_UID_LENGTH);
1473 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1475 add_token_u8(&err, dev, OPAL_STARTLIST);
1476 add_token_u8(&err, dev, OPAL_STARTNAME);
1477 add_token_u8(&err, dev, OPAL_VALUES);
1478 add_token_u8(&err, dev, OPAL_STARTLIST);
1479 add_token_u8(&err, dev, OPAL_STARTNAME);
1480 add_token_u8(&err, dev, 3); /* PIN */
1481 add_token_bytestring(&err, dev, key, key_len);
1482 add_token_u8(&err, dev, OPAL_ENDNAME);
1483 add_token_u8(&err, dev, OPAL_ENDLIST);
1484 add_token_u8(&err, dev, OPAL_ENDNAME);
1485 add_token_u8(&err, dev, OPAL_ENDLIST);
1490 static int set_new_pw(struct opal_dev *dev)
1492 u8 cpin_uid[OPAL_UID_LENGTH];
1493 struct opal_session_info *usr = dev->func_data[dev->state];
1496 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1498 if (usr->who != OPAL_ADMIN1) {
1501 cpin_uid[7] = usr->opal_key.lr + 1;
1503 cpin_uid[7] = usr->who;
1506 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1508 pr_err("Error building set password command.\n");
1512 return finalize_and_send(dev, parse_and_check_status);
1515 static int set_sid_cpin_pin(struct opal_dev *dev)
1517 u8 cpin_uid[OPAL_UID_LENGTH];
1518 struct opal_key *key = dev->func_data[dev->state];
1520 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1522 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1523 pr_err("Error building Set SID cpin\n");
1526 return finalize_and_send(dev, parse_and_check_status);
1529 static int add_user_to_lr(struct opal_dev *dev)
1531 u8 lr_buffer[OPAL_UID_LENGTH];
1532 u8 user_uid[OPAL_UID_LENGTH];
1533 struct opal_lock_unlock *lkul;
1536 clear_opal_cmd(dev);
1537 set_comid(dev, dev->comid);
1539 lkul = dev->func_data[dev->state];
1541 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1544 if (lkul->l_state == OPAL_RW)
1545 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1548 lr_buffer[7] = lkul->session.opal_key.lr;
1550 memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1552 user_uid[7] = lkul->session.who;
1554 add_token_u8(&err, dev, OPAL_CALL);
1555 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1556 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1559 add_token_u8(&err, dev, OPAL_STARTLIST);
1560 add_token_u8(&err, dev, OPAL_STARTNAME);
1561 add_token_u8(&err, dev, OPAL_VALUES);
1563 add_token_u8(&err, dev, OPAL_STARTLIST);
1564 add_token_u8(&err, dev, OPAL_STARTNAME);
1565 add_token_u8(&err, dev, 3);
1567 add_token_u8(&err, dev, OPAL_STARTLIST);
1570 add_token_u8(&err, dev, OPAL_STARTNAME);
1571 add_token_bytestring(&err, dev,
1572 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1574 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1575 add_token_u8(&err, dev, OPAL_ENDNAME);
1578 add_token_u8(&err, dev, OPAL_STARTNAME);
1579 add_token_bytestring(&err, dev,
1580 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1582 add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1583 add_token_u8(&err, dev, OPAL_ENDNAME);
1586 add_token_u8(&err, dev, OPAL_STARTNAME);
1587 add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1589 add_token_u8(&err, dev, 1);
1590 add_token_u8(&err, dev, OPAL_ENDNAME);
1593 add_token_u8(&err, dev, OPAL_ENDLIST);
1594 add_token_u8(&err, dev, OPAL_ENDNAME);
1595 add_token_u8(&err, dev, OPAL_ENDLIST);
1596 add_token_u8(&err, dev, OPAL_ENDNAME);
1597 add_token_u8(&err, dev, OPAL_ENDLIST);
1600 pr_err("Error building add user to locking range command.\n");
1604 return finalize_and_send(dev, parse_and_check_status);
1607 static int lock_unlock_locking_range(struct opal_dev *dev)
1609 u8 lr_buffer[OPAL_UID_LENGTH];
1611 struct opal_lock_unlock *lkul;
1612 u8 read_locked = 1, write_locked = 1;
1615 clear_opal_cmd(dev);
1616 set_comid(dev, dev->comid);
1618 method = opalmethod[OPAL_SET];
1619 lkul = dev->func_data[dev->state];
1620 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1621 lkul->session.opal_key.lr) < 0)
1624 switch (lkul->l_state) {
1634 /* vars are initalized to locked */
1637 pr_err("Tried to set an invalid locking state... returning to uland\n");
1638 return OPAL_INVAL_PARAM;
1641 add_token_u8(&err, dev, OPAL_CALL);
1642 add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1643 add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1644 add_token_u8(&err, dev, OPAL_STARTLIST);
1645 add_token_u8(&err, dev, OPAL_STARTNAME);
1646 add_token_u8(&err, dev, OPAL_VALUES);
1647 add_token_u8(&err, dev, OPAL_STARTLIST);
1649 add_token_u8(&err, dev, OPAL_STARTNAME);
1650 add_token_u8(&err, dev, OPAL_READLOCKED);
1651 add_token_u8(&err, dev, read_locked);
1652 add_token_u8(&err, dev, OPAL_ENDNAME);
1654 add_token_u8(&err, dev, OPAL_STARTNAME);
1655 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1656 add_token_u8(&err, dev, write_locked);
1657 add_token_u8(&err, dev, OPAL_ENDNAME);
1659 add_token_u8(&err, dev, OPAL_ENDLIST);
1660 add_token_u8(&err, dev, OPAL_ENDNAME);
1661 add_token_u8(&err, dev, OPAL_ENDLIST);
1664 pr_err("Error building SET command.\n");
1667 return finalize_and_send(dev, parse_and_check_status);
1671 static int lock_unlock_locking_range_sum(struct opal_dev *dev)
1673 u8 lr_buffer[OPAL_UID_LENGTH];
1674 u8 read_locked = 1, write_locked = 1;
1676 struct opal_lock_unlock *lkul;
1679 clear_opal_cmd(dev);
1680 set_comid(dev, dev->comid);
1682 method = opalmethod[OPAL_SET];
1683 lkul = dev->func_data[dev->state];
1684 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1685 lkul->session.opal_key.lr) < 0)
1688 switch (lkul->l_state) {
1698 /* vars are initalized to locked */
1701 pr_err("Tried to set an invalid locking state.\n");
1702 return OPAL_INVAL_PARAM;
1704 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1705 read_locked, write_locked);
1708 pr_err("Error building SET command.\n");
1711 return finalize_and_send(dev, parse_and_check_status);
1714 static int activate_lsp(struct opal_dev *dev)
1716 struct opal_lr_act *opal_act;
1717 u8 user_lr[OPAL_UID_LENGTH];
1721 clear_opal_cmd(dev);
1722 set_comid(dev, dev->comid);
1724 opal_act = dev->func_data[dev->state];
1726 add_token_u8(&err, dev, OPAL_CALL);
1727 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1729 add_token_bytestring(&err, dev, opalmethod[OPAL_ACTIVATE],
1733 if (opal_act->sum) {
1734 err = build_locking_range(user_lr, sizeof(user_lr),
1739 add_token_u8(&err, dev, OPAL_STARTLIST);
1740 add_token_u8(&err, dev, OPAL_STARTNAME);
1741 add_token_u8(&err, dev, uint_3);
1742 add_token_u8(&err, dev, 6);
1743 add_token_u8(&err, dev, 0);
1744 add_token_u8(&err, dev, 0);
1746 add_token_u8(&err, dev, OPAL_STARTLIST);
1747 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1748 for (i = 1; i < opal_act->num_lrs; i++) {
1749 user_lr[7] = opal_act->lr[i];
1750 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1752 add_token_u8(&err, dev, OPAL_ENDLIST);
1753 add_token_u8(&err, dev, OPAL_ENDNAME);
1754 add_token_u8(&err, dev, OPAL_ENDLIST);
1757 add_token_u8(&err, dev, OPAL_STARTLIST);
1758 add_token_u8(&err, dev, OPAL_ENDLIST);
1762 pr_err("Error building Activate LockingSP command.\n");
1766 return finalize_and_send(dev, parse_and_check_status);
1769 static int get_lsp_lifecycle_cont(struct opal_dev *dev)
1774 error = parse_and_check_status(dev);
1778 lc_status = response_get_u64(&dev->parsed, 4);
1779 /* 0x08 is Manufacured Inactive */
1780 /* 0x09 is Manufactured */
1781 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1782 pr_err("Couldn't determine the status of the Lifcycle state\n");
1789 /* Determine if we're in the Manufactured Inactive or Active state */
1790 static int get_lsp_lifecycle(struct opal_dev *dev)
1794 clear_opal_cmd(dev);
1795 set_comid(dev, dev->comid);
1797 add_token_u8(&err, dev, OPAL_CALL);
1798 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1800 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1802 add_token_u8(&err, dev, OPAL_STARTLIST);
1803 add_token_u8(&err, dev, OPAL_STARTLIST);
1805 add_token_u8(&err, dev, OPAL_STARTNAME);
1806 add_token_u8(&err, dev, 3); /* Start Column */
1807 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1808 add_token_u8(&err, dev, OPAL_ENDNAME);
1810 add_token_u8(&err, dev, OPAL_STARTNAME);
1811 add_token_u8(&err, dev, 4); /* End Column */
1812 add_token_u8(&err, dev, 6); /* Lifecycle Column */
1813 add_token_u8(&err, dev, OPAL_ENDNAME);
1815 add_token_u8(&err, dev, OPAL_ENDLIST);
1816 add_token_u8(&err, dev, OPAL_ENDLIST);
1819 pr_err("Error Building GET Lifecycle Status command\n");
1823 return finalize_and_send(dev, get_lsp_lifecycle_cont);
1826 static int get_msid_cpin_pin_cont(struct opal_dev *dev)
1828 const char *msid_pin;
1832 error = parse_and_check_status(dev);
1836 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1838 pr_err("%s: Couldn't extract PIN from response\n", __func__);
1839 return OPAL_INVAL_PARAM;
1842 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1843 if (!dev->prev_data)
1846 dev->prev_d_len = strlen;
1851 static int get_msid_cpin_pin(struct opal_dev *dev)
1855 clear_opal_cmd(dev);
1856 set_comid(dev, dev->comid);
1859 add_token_u8(&err, dev, OPAL_CALL);
1860 add_token_bytestring(&err, dev, opaluid[OPAL_C_PIN_MSID],
1862 add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1864 add_token_u8(&err, dev, OPAL_STARTLIST);
1865 add_token_u8(&err, dev, OPAL_STARTLIST);
1867 add_token_u8(&err, dev, OPAL_STARTNAME);
1868 add_token_u8(&err, dev, 3); /* Start Column */
1869 add_token_u8(&err, dev, 3); /* PIN */
1870 add_token_u8(&err, dev, OPAL_ENDNAME);
1872 add_token_u8(&err, dev, OPAL_STARTNAME);
1873 add_token_u8(&err, dev, 4); /* End Column */
1874 add_token_u8(&err, dev, 3); /* Lifecycle Column */
1875 add_token_u8(&err, dev, OPAL_ENDNAME);
1877 add_token_u8(&err, dev, OPAL_ENDLIST);
1878 add_token_u8(&err, dev, OPAL_ENDLIST);
1881 pr_err("Error building Get MSID CPIN PIN command.\n");
1885 return finalize_and_send(dev, get_msid_cpin_pin_cont);
1888 static int build_end_opal_session(struct opal_dev *dev)
1892 clear_opal_cmd(dev);
1894 set_comid(dev, dev->comid);
1895 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1899 static int end_opal_session(struct opal_dev *dev)
1901 int ret = build_end_opal_session(dev);
1905 return finalize_and_send(dev, end_session_cont);
1908 static int end_opal_session_error(struct opal_dev *dev)
1910 const opal_step error_end_session[] = {
1914 dev->funcs = error_end_session;
1919 static inline void setup_opal_dev(struct opal_dev *dev,
1920 const opal_step *funcs)
1926 dev->func_data = NULL;
1927 dev->prev_data = NULL;
1930 static int check_opal_support(struct opal_dev *dev)
1932 static const opal_step funcs[] = {
1938 mutex_lock(&dev->dev_lock);
1939 setup_opal_dev(dev, funcs);
1941 dev->supported = !ret;
1942 mutex_unlock(&dev->dev_lock);
1946 void init_opal_dev(struct opal_dev *opal_dev, sec_send_recv *send_recv)
1948 if (opal_dev->initialized)
1950 INIT_LIST_HEAD(&opal_dev->unlk_lst);
1951 mutex_init(&opal_dev->dev_lock);
1952 opal_dev->send_recv = send_recv;
1953 if (check_opal_support(opal_dev) < 0)
1954 pr_warn("Opal is not supported on this device\n");
1955 opal_dev->initialized = true;
1957 EXPORT_SYMBOL(init_opal_dev);
1959 static int opal_secure_erase_locking_range(struct opal_dev *dev,
1960 struct opal_session_info *opal_session)
1962 void *data[3] = { NULL };
1963 static const opal_step erase_funcs[] = {
1965 start_auth_opal_session,
1973 mutex_lock(&dev->dev_lock);
1974 setup_opal_dev(dev, erase_funcs);
1976 dev->func_data = data;
1977 dev->func_data[1] = opal_session;
1978 dev->func_data[2] = &opal_session->opal_key.lr;
1981 mutex_unlock(&dev->dev_lock);
1985 static int opal_erase_locking_range(struct opal_dev *dev,
1986 struct opal_session_info *opal_session)
1988 void *data[3] = { NULL };
1989 static const opal_step erase_funcs[] = {
1991 start_auth_opal_session,
1992 erase_locking_range,
1998 mutex_lock(&dev->dev_lock);
1999 setup_opal_dev(dev, erase_funcs);
2001 dev->func_data = data;
2002 dev->func_data[1] = opal_session;
2003 dev->func_data[2] = opal_session;
2006 mutex_unlock(&dev->dev_lock);
2010 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2011 struct opal_mbr_data *opal_mbr)
2013 void *func_data[6] = { NULL };
2014 static const opal_step mbr_funcs[] = {
2016 start_admin1LSP_opal_session,
2019 start_admin1LSP_opal_session,
2020 set_mbr_enable_disable,
2026 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2027 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2030 mutex_lock(&dev->dev_lock);
2031 setup_opal_dev(dev, mbr_funcs);
2032 dev->func_data = func_data;
2033 dev->func_data[1] = &opal_mbr->key;
2034 dev->func_data[2] = &opal_mbr->enable_disable;
2035 dev->func_data[4] = &opal_mbr->key;
2036 dev->func_data[5] = &opal_mbr->enable_disable;
2038 mutex_unlock(&dev->dev_lock);
2042 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2044 struct opal_suspend_data *suspend;
2046 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2050 suspend->unlk = *lk_unlk;
2051 suspend->lr = lk_unlk->session.opal_key.lr;
2053 mutex_lock(&dev->dev_lock);
2054 setup_opal_dev(dev, NULL);
2055 add_suspend_info(dev, suspend);
2056 mutex_unlock(&dev->dev_lock);
2060 static int opal_add_user_to_lr(struct opal_dev *dev,
2061 struct opal_lock_unlock *lk_unlk)
2063 void *func_data[3] = { NULL };
2064 static const opal_step funcs[] = {
2066 start_admin1LSP_opal_session,
2073 if (lk_unlk->l_state != OPAL_RO &&
2074 lk_unlk->l_state != OPAL_RW) {
2075 pr_err("Locking state was not RO or RW\n");
2078 if (lk_unlk->session.who < OPAL_USER1 &&
2079 lk_unlk->session.who > OPAL_USER9) {
2080 pr_err("Authority was not within the range of users: %d\n",
2081 lk_unlk->session.who);
2084 if (lk_unlk->session.sum) {
2085 pr_err("%s not supported in sum. Use setup locking range\n",
2090 mutex_lock(&dev->dev_lock);
2091 setup_opal_dev(dev, funcs);
2092 dev->func_data = func_data;
2093 dev->func_data[1] = &lk_unlk->session.opal_key;
2094 dev->func_data[2] = lk_unlk;
2096 mutex_unlock(&dev->dev_lock);
2100 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2102 void *data[2] = { NULL };
2103 static const opal_step revert_funcs[] = {
2105 start_SIDASP_opal_session,
2106 revert_tper, /* controller will terminate session */
2111 mutex_lock(&dev->dev_lock);
2112 setup_opal_dev(dev, revert_funcs);
2113 dev->func_data = data;
2114 dev->func_data[1] = opal;
2116 mutex_unlock(&dev->dev_lock);
2120 static int __opal_lock_unlock_sum(struct opal_dev *dev)
2122 static const opal_step ulk_funcs_sum[] = {
2124 start_auth_opal_session,
2125 lock_unlock_locking_range_sum,
2130 dev->funcs = ulk_funcs_sum;
2134 static int __opal_lock_unlock(struct opal_dev *dev)
2136 static const opal_step _unlock_funcs[] = {
2138 start_auth_opal_session,
2139 lock_unlock_locking_range,
2144 dev->funcs = _unlock_funcs;
2148 static int opal_lock_unlock(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2150 void *func_data[3] = { NULL };
2153 if (lk_unlk->session.who < OPAL_ADMIN1 ||
2154 lk_unlk->session.who > OPAL_USER9)
2157 mutex_lock(&dev->dev_lock);
2158 setup_opal_dev(dev, NULL);
2159 dev->func_data = func_data;
2160 dev->func_data[1] = &lk_unlk->session;
2161 dev->func_data[2] = lk_unlk;
2163 if (lk_unlk->session.sum)
2164 ret = __opal_lock_unlock_sum(dev);
2166 ret = __opal_lock_unlock(dev);
2168 mutex_unlock(&dev->dev_lock);
2172 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2174 static const opal_step owner_funcs[] = {
2176 start_anybodyASP_opal_session,
2179 start_SIDASP_opal_session,
2184 void *data[6] = { NULL };
2190 mutex_lock(&dev->dev_lock);
2191 setup_opal_dev(dev, owner_funcs);
2192 dev->func_data = data;
2193 dev->func_data[4] = opal;
2194 dev->func_data[5] = opal;
2196 mutex_unlock(&dev->dev_lock);
2200 static int opal_activate_lsp(struct opal_dev *dev, struct opal_lr_act *opal_lr_act)
2202 void *data[4] = { NULL };
2203 static const opal_step active_funcs[] = {
2205 start_SIDASP_opal_session, /* Open session as SID auth */
2213 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2216 mutex_lock(&dev->dev_lock);
2217 setup_opal_dev(dev, active_funcs);
2218 dev->func_data = data;
2219 dev->func_data[1] = &opal_lr_act->key;
2220 dev->func_data[3] = opal_lr_act;
2222 mutex_unlock(&dev->dev_lock);
2226 static int opal_setup_locking_range(struct opal_dev *dev,
2227 struct opal_user_lr_setup *opal_lrs)
2229 void *data[3] = { NULL };
2230 static const opal_step lr_funcs[] = {
2232 start_auth_opal_session,
2233 setup_locking_range,
2239 mutex_lock(&dev->dev_lock);
2240 setup_opal_dev(dev, lr_funcs);
2241 dev->func_data = data;
2242 dev->func_data[1] = &opal_lrs->session;
2243 dev->func_data[2] = opal_lrs;
2245 mutex_unlock(&dev->dev_lock);
2249 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2251 static const opal_step pw_funcs[] = {
2253 start_auth_opal_session,
2258 void *data[3] = { NULL };
2261 if (opal_pw->session.who < OPAL_ADMIN1 ||
2262 opal_pw->session.who > OPAL_USER9 ||
2263 opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2264 opal_pw->new_user_pw.who > OPAL_USER9)
2267 mutex_lock(&dev->dev_lock);
2268 setup_opal_dev(dev, pw_funcs);
2269 dev->func_data = data;
2270 dev->func_data[1] = (void *) &opal_pw->session;
2271 dev->func_data[2] = (void *) &opal_pw->new_user_pw;
2274 mutex_unlock(&dev->dev_lock);
2278 static int opal_activate_user(struct opal_dev *dev,
2279 struct opal_session_info *opal_session)
2281 static const opal_step act_funcs[] = {
2283 start_admin1LSP_opal_session,
2284 internal_activate_user,
2288 void *data[3] = { NULL };
2291 /* We can't activate Admin1 it's active as manufactured */
2292 if (opal_session->who < OPAL_USER1 &&
2293 opal_session->who > OPAL_USER9) {
2294 pr_err("Who was not a valid user: %d\n", opal_session->who);
2298 mutex_lock(&dev->dev_lock);
2299 setup_opal_dev(dev, act_funcs);
2300 dev->func_data = data;
2301 dev->func_data[1] = &opal_session->opal_key;
2302 dev->func_data[2] = opal_session;
2304 mutex_unlock(&dev->dev_lock);
2308 bool opal_unlock_from_suspend(struct opal_dev *dev)
2310 struct opal_suspend_data *suspend;
2311 void *func_data[3] = { NULL };
2312 bool was_failure = false;
2317 if (!dev->supported)
2320 mutex_lock(&dev->dev_lock);
2321 setup_opal_dev(dev, NULL);
2322 dev->func_data = func_data;
2324 list_for_each_entry(suspend, &dev->unlk_lst, node) {
2326 dev->func_data[1] = &suspend->unlk.session;
2327 dev->func_data[2] = &suspend->unlk;
2331 if (suspend->unlk.session.sum)
2332 ret = __opal_lock_unlock_sum(dev);
2334 ret = __opal_lock_unlock(dev);
2336 pr_warn("Failed to unlock LR %hhu with sum %d\n",
2337 suspend->unlk.session.opal_key.lr,
2338 suspend->unlk.session.sum);
2342 mutex_unlock(&dev->dev_lock);
2345 EXPORT_SYMBOL(opal_unlock_from_suspend);
2347 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, unsigned long ptr)
2349 void __user *arg = (void __user *)ptr;
2351 if (!capable(CAP_SYS_ADMIN))
2353 if (!dev->supported) {
2354 pr_err("Not supported\n");
2359 case IOC_OPAL_SAVE: {
2360 struct opal_lock_unlock lk_unlk;
2362 if (copy_from_user(&lk_unlk, arg, sizeof(lk_unlk)))
2364 return opal_save(dev, &lk_unlk);
2366 case IOC_OPAL_LOCK_UNLOCK: {
2367 struct opal_lock_unlock lk_unlk;
2369 if (copy_from_user(&lk_unlk, arg, sizeof(lk_unlk)))
2371 return opal_lock_unlock(dev, &lk_unlk);
2373 case IOC_OPAL_TAKE_OWNERSHIP: {
2374 struct opal_key opal_key;
2376 if (copy_from_user(&opal_key, arg, sizeof(opal_key)))
2378 return opal_take_ownership(dev, &opal_key);
2380 case IOC_OPAL_ACTIVATE_LSP: {
2381 struct opal_lr_act opal_lr_act;
2383 if (copy_from_user(&opal_lr_act, arg, sizeof(opal_lr_act)))
2385 return opal_activate_lsp(dev, &opal_lr_act);
2387 case IOC_OPAL_SET_PW: {
2388 struct opal_new_pw opal_pw;
2390 if (copy_from_user(&opal_pw, arg, sizeof(opal_pw)))
2392 return opal_set_new_pw(dev, &opal_pw);
2394 case IOC_OPAL_ACTIVATE_USR: {
2395 struct opal_session_info session;
2397 if (copy_from_user(&session, arg, sizeof(session)))
2399 return opal_activate_user(dev, &session);
2401 case IOC_OPAL_REVERT_TPR: {
2402 struct opal_key opal_key;
2404 if (copy_from_user(&opal_key, arg, sizeof(opal_key)))
2406 return opal_reverttper(dev, &opal_key);
2408 case IOC_OPAL_LR_SETUP: {
2409 struct opal_user_lr_setup lrs;
2411 if (copy_from_user(&lrs, arg, sizeof(lrs)))
2413 return opal_setup_locking_range(dev, &lrs);
2415 case IOC_OPAL_ADD_USR_TO_LR: {
2416 struct opal_lock_unlock lk_unlk;
2418 if (copy_from_user(&lk_unlk, arg, sizeof(lk_unlk)))
2420 return opal_add_user_to_lr(dev, &lk_unlk);
2422 case IOC_OPAL_ENABLE_DISABLE_MBR: {
2423 struct opal_mbr_data mbr;
2425 if (copy_from_user(&mbr, arg, sizeof(mbr)))
2427 return opal_enable_disable_shadow_mbr(dev, &mbr);
2429 case IOC_OPAL_ERASE_LR: {
2430 struct opal_session_info session;
2432 if (copy_from_user(&session, arg, sizeof(session)))
2434 return opal_erase_locking_range(dev, &session);
2436 case IOC_OPAL_SECURE_ERASE_LR: {
2437 struct opal_session_info session;
2439 if (copy_from_user(&session, arg, sizeof(session)))
2441 return opal_secure_erase_locking_range(dev, &session);
2444 pr_warn("No such Opal Ioctl %u\n", cmd);
2448 EXPORT_SYMBOL_GPL(sed_ioctl);