block: sed-opal: keystore access for SED Opal keys

Allow for permanent SED authentication keys by
reading/writing to the SED Opal non-volatile keystore.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev>
Link: https://lore.kernel.org/r/20231004201957.1451669-3-gjoyce@linux.vnet.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/block/sed-opal.c b/block/sed-opal.c
index 6d7f25d1711ba7be464f8cf444426f9337181d52..fa23a6a604852f9fd54c494cc94cabacaec2bd3c 100644 (file)
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -18,6 +18,7 @@
 #include <linux/uaccess.h>
 #include <uapi/linux/sed-opal.h>
 #include <linux/sed-opal.h>
+#include <linux/sed-opal-key.h>
 #include <linux/string.h>
 #include <linux/kdev_t.h>
 #include <linux/key.h>
@@ -3019,7 +3020,13 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
        if (ret)
                return ret;
 
-       /* update keyring with new password */
+       /* update keyring and key store with new password */
+       ret = sed_write_key(OPAL_AUTH_KEY,
+                           opal_pw->new_user_pw.opal_key.key,
+                           opal_pw->new_user_pw.opal_key.key_len);
+       if (ret != -EOPNOTSUPP)
+               pr_warn("error updating SED key: %d\n", ret);
+
        ret = update_sed_opal_key(OPAL_AUTH_KEY,
                                  opal_pw->new_user_pw.opal_key.key,
                                  opal_pw->new_user_pw.opal_key.key_len);
@@ -3292,6 +3299,8 @@ EXPORT_SYMBOL_GPL(sed_ioctl);
 static int __init sed_opal_init(void)
 {
        struct key *kr;
+       char init_sed_key[OPAL_KEY_MAX];
+       int keylen = OPAL_KEY_MAX - 1;
 
        kr = keyring_alloc(".sed_opal",
                           GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
@@ -3304,6 +3313,11 @@ static int __init sed_opal_init(void)
 
        sed_opal_keyring = kr;
 
-       return 0;
+       if (sed_read_key(OPAL_AUTH_KEY, init_sed_key, &keylen) < 0) {
+               memset(init_sed_key, '\0', sizeof(init_sed_key));
+               keylen = OPAL_KEY_MAX - 1;
+       }
+
+       return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
 }
 late_initcall(sed_opal_init);