ahribeng
diff --git a/‎.gitignore
+16 b/‎.gitignore
+16
diff --git a/‎LICENSE
+10 b/‎LICENSE
+10
diff --git a/‎LICENSE.GPL-2.0-or-later
+28 b/‎LICENSE.GPL-2.0-or-later
+28
diff --git a/‎LICENSE.LGPL-2.1-or-later
+27 b/‎LICENSE.LGPL-2.1-or-later
+27
diff --git a/‎README.md
+43 b/‎README.md
+43
diff --git a/‎doc/sedcli.8
+83 b/‎doc/sedcli.8
+83
diff --git a/‎src/Makefile
+113 b/‎src/Makefile
+113
@@ -0,0 +1,16 @@
+*.o
+*.d
+*.a
+VERSION
+sedcli
+sedcli-kmip
+sedcli-static
+sedcli-dynamic
+libsed.a
+libsed.so*
+.cproject
+.project
+config.log
+config.mk
+config.h
+tags
@@ -0,0 +1,10 @@
+sedcli is made available under the terms of GPL-2.0-or-later license.
+
+libsed is made available under the terms of LGPL-2.1-or-later licens.
+
+Contributions into sedcli are accepted on GPL-2.0-or-later license,
+while contributions into libsed are accepted on LGPL-2.1-or-later
+license.
+All patches must be signedoff by the developer, which indicates that
+submitter agress to the Developer Certificate of Origin
+<https://developercertificate.org/>.
@@ -0,0 +1,28 @@
+sedcli - utility for management of Self-Encrypting Drives
+
+Copyright (C) 2018-2019 Intel Corporation
+
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License, as published
+by the Free Software Foundation; either version 2 of the License,
+or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+In addition, as a special exception, the copyright holders of sedcli
+give you permission to combine sedcli with free software programs or
+libraries that are released under the GNU LGPL and with code included
+in the standard release of OpenSSL under the OpenSSL license (or modified
+versions of such code, with unchanged license). You may copy and distribute
+such a system following the terms of the GNU GPL for sedcli and the
+licenses of the other code concerned, provided that you include the source
+code of that other code when and as the GNU GPL requires distribution of
+source code.
+
+SPDX-License-Identifier: GPL-2.0-or-later
@@ -0,0 +1,27 @@
+libsed - library allowing programmatic management of Self-Encrypting Drives
+
+Copyright (C) 2018-2019 Intel Corporation
+
+This library is free software; you can redistribute it and/or modify it
+under the terms of the GNU Lesser General Public License as published
+by the Free Software Foundation; either version 2.1 of the License,
+or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with this library; if not, see <http://www.gnu.org/licenses/>.
+
+In addition, as a special exception, the copyright holders of libsed give
+you permission to combine libsed simultaneously with free software programs
+or libraries that are released under the GNU GPL (with or without an
+exception for OpenSSL's license) and with code included in the standard
+release of OpenSSL under the OpenSSL license (or modified versions of such
+code, with unchanged license). You may copy and distribute such a system
+following the terms of the GNU GPL for libsed and the licenses of the other
+code concerned.
+
+SPDX-License-Identifier: LGPL-2.1-or-later
@@ -0,0 +1,43 @@
+# sedcli and libsed
+
+TCG Opal is an industry standard allowing Self-Encrypting Drives management,
+i.e. enable locking, configuring users, locking ranges etc.
+
+Sedcli is an utility for managing NVMe SEDs that are TCG Opal complaint.
+
+Libsed is a library allowing to programatically manage NVMe SEDs that are TCG
+Opal complaint.
+
+## Getting started
+
+In order to get started use following steps (<sedcli> denotes top level
+directory for sedcli):
+
+```
+# download sedcli sources
+git clone https://github.com/sedcli/sedcli.git
+
+# navigate to source directory
+cd <sedcli>/src
+
+# perform build environment configuration and run compilation
+./configure
+make
+make install
+
+# invoke sedcli help to available commands and its syntax
+sedcli -H
+
+# alterntively read sedcli man page
+man sedcli
+
+```
+
+## Contributing
+
+We encourage contributions! Patches are accepted via pull request:
+* Contributions into sedcli are accepted on GPL-2.0-or-later license
+* Contributions into libsed are accepted on LGPL-2.1.-or-later license
+* Patches must be signedoff by the developer. This indicates that submitter
+agrees to the **Developer Certificate of Origin**
+([DCO]https://developercertificate.org)
@@ -0,0 +1,83 @@
+.TH sedcli 8
+.SH NAME
+sedcli \- manage Opal Self-Encrypting Drives (SEDs) NVMe SSDs
+
+.SH SYNOPSIS
+
+\fBsedcli\fR <command> [options...]
+
+.SH DESCRIPTION
+Sedcli enables a system Administrator/Operator to manage NVMe SEDs that are TCG
+Opal compliant. In Opal terminology SED is called a Trusted Peripheral (TPer)
+and provides an Admin Security Provider (Admin SP) and Locking Security Provider
+(Locking SP).
+
+.PP
+Management of the TCG Opal features require several operations that are performed
+as an Administrator within the TCG Opal command set to either the AdminSP or
+LockingSP. The AdminSP provides commands that enable the user to perform
+administrative operations such as taking ownership of the device, activation of
+the LockingSP, and revert the TPer, whereas the LockingSP provides commands that
+enable the user to configure and enable locking enforcement on user data either
+globally or on a locking range basis after the LockingSP has been activated by
+the AdminSP.
+
+.PP
+To start Opal management, an Administrator typically needs to perform the
+following process at a minimum:
+.IP
+1. Take ownership of the device (setting a non-MSID credential for the SID
+Authority in the AdminSP)
+.IP
+2. Activate the LockingSP (this will move the Opal feature to the Manufactured
+state and copy the SID authority password to the LockingSP Admin1 password)
+.IP
+3. Enable Read Lock Enabled and Write Lock Enabled on all desired ranges
+(e.g. Global Range)
+.PP
+After these steps are accomplished, the TPer will be Read or Write locked after
+power cycle or when explicitly locked using sedcli command.
+
+.PP
+In addition to these basic flows, one can perform crypto erase of the TPer
+using the SID authority or the PSID authority as part of revert TPer operation.
+In case of using the PSID authority the operator needs to provide the credential
+that is printed on the disk label. The Revert TPer operation reverts device
+back to the Manufactured-Inactive state, which then requires re-configuration
+of the Opal management system using the process previously identified (i.e.
+take ownership, activate LSP, enable global range). It is also possible to
+update Admin1 password for Locking SP.
+
+.SH OPTIONS
+.IP "\fB\-O -d <device>\fR or \fB\-\-ownership --device <device>\fR"
+Takes ownership of the device.
+
+.IP "\fB\-A -d <device>\fR or \fB\-\-activate-lsp --device <device>\fR"
+Activates Locking SP.
+
+.IP "\fB\-R -d <device> [-i]\fR or \fB\-\-revert --device <device> [--psid]\fR"
+Reverts TPer to Manufactured-Inactivate state using either SID or PSID authority.
+
+.IP "\fB\-L -d <device> -t <locktype>\fR or \fB\-\-lock-unlock --device <device> --locktype {RW|RO|WO|UNLOCK}\fR"
+Changes the lock state for the device. There is a possibility to setup Read lock,
+Write lock and Read-Write lock and unlock the device.
+
+.IP "\fB\-P -d <device>\fR or \fB\-\-set-password --device <device>\fR"
+Updates password for Admin1 authority in Locking SP.
+
+.IP "\fB\-V\fR or \fB\-\-version\fR"
+Prints version of sedcli.
+
+.IP "\fB\-H\fR or \fB\-\-help\fR"
+Prints help on usage.
+
+
+.SH COPYRIGHT
+Copyright(c) 2018-2019 by the Intel Corporation.
+
+.SH AUTHOR
+This manual page was created by Andrzej Jakowski <[email protected]>
+
+.SH SEE ALSO
+.TP
+sedcli(8)
@@ -0,0 +1,113 @@
+#
+# Copyright (C) 2018-2019 Intel Corporation
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+#
+# Includes dir
+#
+INCLUDES = ./include ./lib/include
+
+#
+# Flags for compilation
+#
+CFLAGS = $(patsubst %,-I%,$(INCLUDES))
+CFLAGS += $(patsubst %,-D%,$(DEFINES))
+
+ifeq (, $(filter $(MAKECMDGOALS), clean distclean))
+ifeq ("$(wildcard config.mk config.h)", "")
+$(error Run ./configure before invoking make)
+endif
+include config.mk
+endif
+
+OBJDIR = .obj/
+LIBOBJDIR = .libobj/
+TARGET = sedcli
+LIB = libsed
+#
+# Files to be compiled
+
+LIBOBJS = sed.o
+LIBOBJS += sed_util.o
+ifndef CONFIG_OPAL_DRIVER
+LIBOBJS += nvme_access.o
+LIBOBJS += nvme_pt_ioctl.o
+LIBOBJS += opal_parser.o
+else
+LIBOBJS += sed_ioctl.o
+endif
+
+OBJS = argp.o
+OBJS += sedcli_main.o
+
+ALL_TARGETS = $(TARGET)-static $(TARGET)-dynamic
+
+all: $(ALL_TARGETS)
+	@ln -sf $(TARGET)-static $(TARGET)
+
+$(TARGET)-static: $(TARGET).a $(LIB).a
+	@echo "  LD " $@
+	@$(CC) $(TARGET).a $(LDFLAGS) -Wl,-Bstatic -lsed -Wl,-Bdynamic -o $@
+
+$(TARGET)-dynamic: $(TARGET).a $(LIB).so
+	@echo "  LD " $@
+	@$(CC) $(TARGET).a $(LDFLAGS) -lsed -o $@
+
+$(TARGET).a: $(patsubst %,$(OBJDIR)%,$(OBJS))
+	@echo "  AR " $@
+	@ar rcs $@ $^
+
+#
+# Static library
+#
+$(LIB).a: $(patsubst %,$(LIBOBJDIR)%,$(LIBOBJS))
+	@echo "  AR " $@
+	@ar rcs $@ $^
+
+#
+# Shared library
+#
+$(LIB).so: $(LIB).a
+	@echo "  LD " $@
+	@$(CC) -shared -Wl,-soname,$@.1 -Wl,--whole-archive $(LIB).a -Wl,--no-whole-archive -o $@.1.0.1
+	@ln -sf $@.1.0.1 $@.1
+	@ln -sf $@.1.0.1 $@
+
+#
+# Main targets for compilation
+#
+$(OBJDIR)%.o: %.c
+	@echo "  CC " $<
+	@mkdir -p $(dir $@)
+	@$(CC) -c $(CFLAGS) -MMD -MP -MF"$(@:%.o=%.d)" -MT"$(@:%.o=%.d)" -o "$@" "$<"
+
+$(LIBOBJDIR)%.o: lib/%.c
+	@echo "  CC " $<
+	@mkdir -p $(dir $@)
+	@$(CC) -c $(CFLAGS) -shared -fPIC -MMD -MP -MF"$(@:%.o=%.d)" -MT"$(@:%.o=%.d)" -o "$@" "$<"
+
+clean:
+	@echo "  CLEAN "
+	@rm -f *.a $(TARGET)-static $(TARGET)-dynamic $(TARGET) *.so*
+	@rm -fr $(OBJDIR) $(LIBOBJDIR)
+	@rm -f $(shell find -name \*.d) $(shell find -name \*.o)
+
+distclean: clean
+	@rm -f config.log config.mk config.h
+
+install:
+	@echo " Installing $(TARGET)"
+	install -m 755 $(TARGET)-dynamic /usr/sbin/$(TARGET)
+	install -m 755 $(LIB).so.1.0.1 /usr/lib64/
+	ln -sf /usr/lib64/$(LIB).so.1.0.1 /usr/lib64/$(LIB).so.1
+	install -m 644 ../doc/$(TARGET).8 /usr/share/man/man8/$(TARGET).8
+
+uninstall:
+	@echo "  Removing $(TARGET)"
+	-rm /usr/sbin/$(TARGET)
+	-rm /usr/lib64/$(LIB).so*
+	-rm /usr/share/man/man8/$(TARGET).8
+
+.PHONY: clean all distclean install uninstall