libsed, sedcli: enable blockSID functionality per TCG BlockSID spec

This patch enables the support of BlockSID to block SID authority.
The feature supports using Clear Event flag that can determine the
blocking can be reset by SSD firmware during hardware reset.

Signed-off-by: Winson Yung <[email protected]>

Author: WinsonYung

doc/sedcli.8

@@ -91,6 +91,9 @@ MBR Done update to TRUE will only take effect when MBR Shadow is enabled.
 Write data into MBR shadow region(MBR table).
 MBR shadow should be enabled for the PBA to take effect.
 
+.IP "\fB\-B -d <device> -r {1|0}\fR or \fB\-\-block_sid --device <device> --hwreset {1|0}\fR"
+Issue BlockSID authentication command with Clear Event flag via --hwreset option.
+
 .IP "\fB\-V\fR or \fB\-\-version\fR"
 Prints version of sedcli.
 

src/lib/include/libsed.h

@@ -353,6 +353,12 @@ int sed_mbrdone(struct sed_device *dev, const struct sed_key *key, bool mbr);
 int sed_write_shadow_mbr(struct sed_device *dev, const struct sed_key *key,
 			  const uint8_t *from, uint32_t size, uint32_t offset);
 
+
+/**
+ *
+ */
+int sed_issue_blocksid_cmd(struct sed_device *dev, bool hw_reset);
+
 /**
  *
  */

src/lib/nvme_access.c

@@ -44,11 +44,11 @@ static int send_recv_nvme_pt_ioctl(int fd, int send, uint8_t proto_id,
 	return status;
 }
 
-static int opal_send(int fd, uint16_t com_id, uint8_t *buf, int buf_len)
+int opal_send(int fd, uint8_t proto_id, uint16_t com_id, uint8_t *buf, int buf_len)
 {
 	int ret;
 
-	ret = send_recv_nvme_pt_ioctl(fd, SEND, TCG_SECP_01, com_id, buf,
+	ret = send_recv_nvme_pt_ioctl(fd, SEND, proto_id, com_id, buf,
 			buf_len);
 
 	return ret;
@@ -89,7 +89,7 @@ int opal_send_recv(int fd, uint16_t com_id, uint8_t *req_buf,
 {
 	int ret;
 
-	ret = opal_send(fd, com_id, req_buf, req_buf_len);
+	ret = opal_send(fd, TCG_SECP_01, com_id, req_buf, req_buf_len);
 	if (ret)
 		return ret;
 

src/lib/nvme_access.h

@@ -12,6 +12,7 @@
 int opal_send_recv(int fd, uint16_t com_id, uint8_t *req_buf,
 		int req_buf_len, uint8_t *resp_buf, int resp_buf_len);
 
+int opal_send(int fd, uint8_t proto_id, uint16_t com_id, uint8_t *buf, int buf_len);
 int opal_recv(int fd, uint16_t com_id, uint8_t *buf, int buf_len);
 
 #endif /* _NVME_ACCESS_H_ */

src/lib/nvme_pt_ioctl.c

@@ -44,6 +44,9 @@
 
 #define MIN_IO_BUFFER_LEN 2048
 
+#define OPAL_BLOCKSID_COMID  5
+#define BLOCKSID_PAYLOAD_SZ  512
+
 /* #define TPer property name strings here */
 #define MCPS "MaxComPacketSize"
 
@@ -2558,3 +2561,25 @@ int opal_write_shadow_mbr_pt(struct sed_device *dev, const struct sed_key *key,
 	return ret;
 }
 
+int opal_block_sid_pt(struct sed_device *dev, bool hw_reset)
+{
+	struct opal_device *device = dev->priv;
+	int ret;
+
+	/* Send Block SID authentication command, no
+	 * IF_RECV response is expected. Set Hardware
+	 * Reset in LSB of the first byte in BlockSID
+	 * payload based on Clear Event flag user
+	 * supplied through hwreset argument */
+
+	*(device->req_buf) = hw_reset ? 1 : 0;
+
+	ret = opal_send(dev->fd, TCG_SECP_02, OPAL_BLOCKSID_COMID,
+							device->req_buf, BLOCKSID_PAYLOAD_SZ);
+	if (ret) {
+		SEDCLI_DEBUG_MSG("Error in NVMe passthrough ops\n");
+	}
+
+	return ret;
+}
+

src/lib/nvme_pt_ioctl.h

@@ -75,6 +75,7 @@
 enum {
 	TCG_SECP_00 = 0,
 	TCG_SECP_01,
+	TCG_SECP_02,
 };
 
 enum opaluid {
@@ -477,6 +478,8 @@ int opal_ds_add_anybody_get(struct sed_device *dev, const struct sed_key *key);
 int opal_list_lr_pt(struct sed_device *dev, const struct sed_key *key,
 		    struct sed_opal_lockingranges *lrs);
 
+int opal_block_sid_pt(struct sed_device *dev, bool hw_reset);
+
 void opal_deinit_pt(struct sed_device *dev);
 
 #endif /* _NVME_PT_IOCTL_H */

src/lib/sed.c

@@ -47,6 +47,7 @@ typedef int (*ds_read)(struct sed_device *, enum SED_AUTHORITY, const struct sed
 typedef int (*ds_write)(struct sed_device *, enum SED_AUTHORITY, const struct sed_key *, const uint8_t *, uint32_t, uint32_t);
 typedef int (*list_lr)(struct sed_device *, const struct sed_key *,
 		       struct sed_opal_lockingranges *);
+typedef int (*blocksid)(struct sed_device *, bool);
 typedef void (*deinit)(struct sed_device *);
 
 struct opal_interface {
@@ -71,6 +72,7 @@ struct opal_interface {
 	ds_read ds_read_fn;
 	ds_write ds_write_fn;
 	list_lr list_lr_fn;
+	blocksid blocksid_fn;
 	deinit deinit_fn;
 };
 
@@ -97,6 +99,7 @@ static struct opal_interface opal_if = {
 	.ds_read_fn = NULL,
 	.ds_write_fn = NULL,
 	.list_lr_fn = NULL,
+	.blocksid_fn = NULL,
 	.deinit_fn = sedopal_deinit
 };
 #endif
@@ -123,6 +126,7 @@ static struct opal_interface nvmept_if = {
 	.ds_read_fn = opal_ds_read,
 	.ds_write_fn = opal_ds_write,
 	.list_lr_fn	= opal_list_lr_pt,
+	.blocksid_fn	= opal_block_sid_pt,
 	.deinit_fn	= opal_deinit_pt
 };
 
@@ -369,6 +373,14 @@ int sed_list_lr(struct sed_device *dev, const struct sed_key *key,
 	return curr_if->list_lr_fn(dev, key, lrs);
 }
 
+int sed_issue_blocksid_cmd(struct sed_device *dev, bool hw_reset)
+{
+	if (curr_if->blocksid_fn == NULL)
+		return -EOPNOTSUPP;
+
+	return curr_if->blocksid_fn(dev, hw_reset);
+}
+
 const char *sed_error_text(int sed_status)
 {
 	if ((sed_status > SED_AUTHORITY_LOCKED_OUT && sed_status != SED_FAIL) || sed_status < 0) {

src/sedcli_main.c

@@ -39,6 +39,7 @@ static int setup_global_range_handle_opts(char *opt, char **arg);
 static int setpw_handle_opts(char *opt, char **arg);
 static int mbr_control_handle_opts(char *opt, char **arg);
 static int write_mbr_handle_opts(char *opt, char **arg);
+static int blocksid_handle_opts(char *opt, char **arg);
 
 static int handle_sed_discv(void);
 static int handle_ownership(void);
@@ -51,6 +52,7 @@ static int handle_setup_global_range(void);
 static int handle_setpw(void);
 static int handle_mbr_control(void);
 static int handle_write_mbr(void);
+static int handle_blocksid(void);
 
 static cli_option sed_discv_opts[] = {
 	{'d', "device", "Device node e.g. /dev/nvme0n1", 1, "DEVICE", CLI_OPTION_REQUIRED},
@@ -105,6 +107,12 @@ static cli_option write_mbr_opts[] = {
 	{0}
 };
 
+static cli_option blocksid_opts[] = {
+	{'d', "device", "Device node e.g. /dev/nvme0n1", 1, "DEVICE", CLI_OPTION_REQUIRED},
+	{'r', "hwreset", "Clear events by setting Hardware Reset flag. Allowed values: 1/0", 1, "FMT", CLI_OPTION_REQUIRED},
+	{0}
+};
+
 static cli_command sedcli_commands[] = {
 	{
 		.name = "discovery",
@@ -206,6 +214,17 @@ static cli_command sedcli_commands[] = {
 		.flags = 0,
 		.help = NULL
 	},
+	{
+		.name = "block_sid",
+		.short_name = 'B',
+		.desc = "Issue BlockSID authentication command",
+		.long_desc = "Issue BlockSID authentication command",
+		.options = blocksid_opts,
+		.command_handle_opts = blocksid_handle_opts,
+		.handle = handle_blocksid,
+		.flags = 0,
+		.help = NULL
+	},
 	{
 		.name = "version",
 		.short_name = 'V',
@@ -257,6 +276,7 @@ struct sedcli_options {
 	int enable;
 	int done;
 	int offset;
+	bool hardware_reset;
 	int non_destructive;
 };
 
@@ -422,6 +442,24 @@ int write_mbr_handle_opts(char *opt, char **arg)
 	return 0;
 }
 
+int blocksid_handle_opts(char *opt, char **arg)
+{
+	/* No reset BlockSID upon power events */
+	int hwreset_flag = 0;
+
+	if (!strcmp(opt, "device")) {
+		strncpy(opts->dev_path, arg[0], PATH_MAX - 1);
+	} else if (!strcmp(opt, "hwreset") && strlen(arg[0]) == 1) {
+		if ((arg[0][0] != '0') && (arg[0][0] != '1')) {
+			return -EINVAL;
+		}
+		hwreset_flag = atoi(arg[0]);
+		opts->hardware_reset = (hwreset_flag == 1) ? true : false;
+	}
+
+	return 0;
+}
+
 static void print_sed_status(int status)
 {
 	const char *sed_status = NULL;
@@ -1095,6 +1133,25 @@ static int handle_write_mbr(void)
 	return ret;
 }
 
+static int handle_blocksid(void)
+{
+	struct sed_device *dev = NULL;
+	int ret = sed_init(&dev, opts->dev_path);
+
+	if (ret) {
+		sedcli_printf(LOG_ERR, "Error in initializing the dev: %s\n",
+				opts->dev_path);
+		return ret;
+	}
+
+	ret = sed_issue_blocksid_cmd(dev, opts->hardware_reset);
+
+	print_sed_status(ret);
+	sed_deinit(dev);
+
+	return ret;
+}
+
 static int handle_version(void)
 {
 	sedcli_printf(LOG_INFO, "sedcli %s\n", SEDCLI_VERSION);