LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: David Kozub <zub@linux.fjfi.cvut.cz>
To: Christoph Hellwig <hch@infradead.org>,
	Scott Bauer <sbauer@plzdonthack.me>
Cc: Jens Axboe <axboe@kernel.dk>,
	Jonathan Derrick <jonathan.derrick@intel.com>,
	linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
	Jonas Rabenstein <jonas.rabenstein@studium.uni-erlangen.de>
Subject: Re: [PATCH 0/3] block: sed-opal: add support for shadow MBR done flag and write
Date: Fri, 3 May 2019 22:32:19 +0200 (CEST)	[thread overview]
Message-ID: <alpine.LRH.2.21.1905032058110.30331@linux.fjfi.cvut.cz> (raw)
In-Reply-To: <20190501134917.GC24132@infradead.org>

On Wed, 1 May 2019, Christoph Hellwig wrote:

>> I successfully tested toggling the MBR done flag and writing the shadow MBR
>> using some tools I hacked together[4] with a Samsung SSD 850 EVO drive.
>
> Can you submit the tool to util-linux so that we get it into distros?

There is already Scott's sed-opal-temp[1] and a fork by Jonas that adds 
support for older version of these new IOCTLs[2]. There was already some 
discussion of getting that to util-linux.[3]

While I like my hack, sed-opal-temp can do much more (my tool supports 
just the few things I actually use). But there are two things which 
sed-opal-temp currently lacks which my hack has:

* It can use a PBKDF2 hash (salted by disk serial number) of the password
   rather than the password directly. This makes it compatible with sedutil
   and I think it's also better practice (as firmware can contain many
   surprises).

* It contains a 'PBA' (pre-boot authorization) tool. A tool intended to be
   run from shadow mbr that asks for a password and uses it to unlock all
   disks and set shadow mbr done flag, so after restart the computer boots
   into the real OS.

@Scott: What are your plans with sed-opal-temp? If you want I can update 
Jonas' patches to the adapted IOCTLs. What are your thoughts on PW hashing 
and a PBA tool?

Best regards,
David

[1] https://github.com/ScottyBauer/sed-opal-temp
[2] https://github.com/ghostav/sed-opal-temp
[3] https://lkml.org/lkml/2019/2/4/736

  reply	other threads:[~2019-05-03 20:32 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-30 23:20 David Kozub
2019-04-30 23:20 ` [PATCH 1/3] block: sed-opal: add ioctl for done-mark of shadow mbr David Kozub
2019-05-01 10:36   ` David Kozub
2019-05-01 13:46   ` Christoph Hellwig
2019-05-05 14:16   ` Scott Bauer
2019-05-06 20:02   ` Derrick, Jonathan
2019-04-30 23:20 ` [PATCH 2/3] block: sed-opal: ioctl for writing to " David Kozub
2019-05-01 13:48   ` Christoph Hellwig
2019-05-05 14:22   ` Scott Bauer
2019-04-30 23:20 ` [PATCH 3/3] block: sed-opal: check size of " David Kozub
2019-05-05 14:27   ` Scott Bauer
2019-05-06 20:15   ` Derrick, Jonathan
2019-05-01 13:49 ` [PATCH 0/3] block: sed-opal: add support for shadow MBR done flag and write Christoph Hellwig
2019-05-03 20:32   ` David Kozub [this message]
2019-05-05 14:43     ` Scott Bauer
2019-05-09 19:31       ` Derrick, Jonathan
2019-05-13 22:12       ` David Kozub
2019-05-02 12:30 ` Scott Bauer
2019-05-02 16:03   ` David Kozub

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LRH.2.21.1905032058110.30331@linux.fjfi.cvut.cz \
    --to=zub@linux.fjfi.cvut.cz \
    --cc=axboe@kernel.dk \
    --cc=hch@infradead.org \
    --cc=jonas.rabenstein@studium.uni-erlangen.de \
    --cc=jonathan.derrick@intel.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sbauer@plzdonthack.me \
    --subject='Re: [PATCH 0/3] block: sed-opal: add support for shadow MBR done flag and write' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).