| Message ID | 20200228224225.61368-1-revanth.rajashekar@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | block: sed-opal: Change the check condition for regular session validity | expand |
Hi Revanth On Fri, 2020-02-28 at 15:42 -0700, Revanth Rajashekar wrote: > This patch changes the check condition for the validity/authentication > of the session. > > 1. The Host Session Number(HSN) in the response should match the HSN for > the session. > 2. The TPER Session Number(TSN) can never be less than 4096 for a regular > session. > > Reference: > Section 3.2.2.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf > Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf > > Co-developed-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com> > Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com> > Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com> > --- > block/opal_proto.h | 1 + > block/sed-opal.c | 2 +- > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/block/opal_proto.h b/block/opal_proto.h > index 325cbba2465f..27740baad61d 100644 > --- a/block/opal_proto.h > +++ b/block/opal_proto.h > @@ -36,6 +36,7 @@ enum opal_response_token { > > #define DTAERROR_NO_METHOD_STATUS 0x89 > #define GENERIC_HOST_SESSION_NUM 0x41 > +#define RSVD_TPER_SESSION_NUM 4096 This seems confusing as it looks like 4096 the Reserved session rather than 0-4095. Can you name it appropriately? > > #define TPER_SYNC_SUPPORTED 0x01 > #define MBR_ENABLED_MASK 0x10 > diff --git a/block/sed-opal.c b/block/sed-opal.c > index 880cc57a5f6b..f2b61a868901 100644 > --- a/block/sed-opal.c > +++ b/block/sed-opal.c > @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev) > hsn = response_get_u64(&dev->parsed, 4); > tsn = response_get_u64(&dev->parsed, 5); > > - if (hsn == 0 && tsn == 0) { > + if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) { > pr_debug("Couldn't authenticate session\n"); > return -EPERM; > } > -- > 2.17.1 >
Hi Jon, On 2/28/2020 3:57 PM, Derrick, Jonathan wrote: > Hi Revanth > > On Fri, 2020-02-28 at 15:42 -0700, Revanth Rajashekar wrote: >> This patch changes the check condition for the validity/authentication >> of the session. >> >> 1. The Host Session Number(HSN) in the response should match the HSN for >> the session. >> 2. The TPER Session Number(TSN) can never be less than 4096 for a regular >> session. >> >> Reference: >> Section 3.2.2.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf >> Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf >> >> Co-developed-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com> >> Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com> >> Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com> >> --- >> block/opal_proto.h | 1 + >> block/sed-opal.c | 2 +- >> 2 files changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/block/opal_proto.h b/block/opal_proto.h >> index 325cbba2465f..27740baad61d 100644 >> --- a/block/opal_proto.h >> +++ b/block/opal_proto.h >> @@ -36,6 +36,7 @@ enum opal_response_token { >> >> #define DTAERROR_NO_METHOD_STATUS 0x89 >> #define GENERIC_HOST_SESSION_NUM 0x41 >> +#define RSVD_TPER_SESSION_NUM 4096 > This seems confusing as it looks like 4096 the Reserved session rather > than 0-4095. > Can you name it appropriately? Sure, do you think INIT_TPER_SESSION_NUM would be appropriate..? > >> #define TPER_SYNC_SUPPORTED 0x01 >> #define MBR_ENABLED_MASK 0x10 >> diff --git a/block/sed-opal.c b/block/sed-opal.c >> index 880cc57a5f6b..f2b61a868901 100644 >> --- a/block/sed-opal.c >> +++ b/block/sed-opal.c >> @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev) >> hsn = response_get_u64(&dev->parsed, 4); >> tsn = response_get_u64(&dev->parsed, 5); >> >> - if (hsn == 0 && tsn == 0) { >> + if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) { >> pr_debug("Couldn't authenticate session\n"); >> return -EPERM; >> } >> -- >> 2.17.1 >>
On Fri, 2020-02-28 at 16:01 -0700, Rajashekar, Revanth wrote: > Hi Jon, > > On 2/28/2020 3:57 PM, Derrick, Jonathan wrote: > > Hi Revanth > > > > On Fri, 2020-02-28 at 15:42 -0700, Revanth Rajashekar wrote: > > > This patch changes the check condition for the validity/authentication > > > of the session. > > > > > > 1. The Host Session Number(HSN) in the response should match the HSN for > > > the session. > > > 2. The TPER Session Number(TSN) can never be less than 4096 for a regular > > > session. > > > > > > Reference: > > > Section 3.2.2.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf > > > Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf > > > > > > Co-developed-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com> > > > Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com> > > > Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com> > > > --- > > > block/opal_proto.h | 1 + > > > block/sed-opal.c | 2 +- > > > 2 files changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/block/opal_proto.h b/block/opal_proto.h > > > index 325cbba2465f..27740baad61d 100644 > > > --- a/block/opal_proto.h > > > +++ b/block/opal_proto.h > > > @@ -36,6 +36,7 @@ enum opal_response_token { > > > > > > #define DTAERROR_NO_METHOD_STATUS 0x89 > > > #define GENERIC_HOST_SESSION_NUM 0x41 > > > +#define RSVD_TPER_SESSION_NUM 4096 > > This seems confusing as it looks like 4096 the Reserved session rather > > than 0-4095. > > Can you name it appropriately? > Sure, do you think INIT_TPER_SESSION_NUM would be appropriate..? Init could be confused with Initialize Maybe MIN_TPER_SESSION_NUM or FIRST_... ? Thanks for thinking about this. > > > #define TPER_SYNC_SUPPORTED 0x01 > > > #define MBR_ENABLED_MASK 0x10 > > > diff --git a/block/sed-opal.c b/block/sed-opal.c > > > index 880cc57a5f6b..f2b61a868901 100644 > > > --- a/block/sed-opal.c > > > +++ b/block/sed-opal.c > > > @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev) > > > hsn = response_get_u64(&dev->parsed, 4); > > > tsn = response_get_u64(&dev->parsed, 5); > > > > > > - if (hsn == 0 && tsn == 0) { > > > + if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) { > > > pr_debug("Couldn't authenticate session\n"); > > > return -EPERM; > > > } > > > -- > > > 2.17.1 > > >
On 2/28/2020 4:07 PM, Derrick, Jonathan wrote: > On Fri, 2020-02-28 at 16:01 -0700, Rajashekar, Revanth wrote: >> Hi Jon, >> >> On 2/28/2020 3:57 PM, Derrick, Jonathan wrote: >>> Hi Revanth >>> >>> On Fri, 2020-02-28 at 15:42 -0700, Revanth Rajashekar wrote: >>>> This patch changes the check condition for the validity/authentication >>>> of the session. >>>> >>>> 1. The Host Session Number(HSN) in the response should match the HSN for >>>> the session. >>>> 2. The TPER Session Number(TSN) can never be less than 4096 for a regular >>>> session. >>>> >>>> Reference: >>>> Section 3.2.2.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf >>>> Section 3.3.7.1.1 of https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf >>>> >>>> Co-developed-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com> >>>> Signed-off-by: Andrzej Jakowski <andrzej.jakowski@linux.intel.com> >>>> Signed-off-by: Revanth Rajashekar <revanth.rajashekar@intel.com> >>>> --- >>>> block/opal_proto.h | 1 + >>>> block/sed-opal.c | 2 +- >>>> 2 files changed, 2 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/block/opal_proto.h b/block/opal_proto.h >>>> index 325cbba2465f..27740baad61d 100644 >>>> --- a/block/opal_proto.h >>>> +++ b/block/opal_proto.h >>>> @@ -36,6 +36,7 @@ enum opal_response_token { >>>> >>>> #define DTAERROR_NO_METHOD_STATUS 0x89 >>>> #define GENERIC_HOST_SESSION_NUM 0x41 >>>> +#define RSVD_TPER_SESSION_NUM 4096 >>> This seems confusing as it looks like 4096 the Reserved session rather >>> than 0-4095. >>> Can you name it appropriately? >> Sure, do you think INIT_TPER_SESSION_NUM would be appropriate..? > Init could be confused with Initialize > Maybe MIN_TPER_SESSION_NUM or FIRST_... ? FIRST_TPER_SESSION_NUM sounds good for me :) > > Thanks for thinking about this. Sure... > >>>> #define TPER_SYNC_SUPPORTED 0x01 >>>> #define MBR_ENABLED_MASK 0x10 >>>> diff --git a/block/sed-opal.c b/block/sed-opal.c >>>> index 880cc57a5f6b..f2b61a868901 100644 >>>> --- a/block/sed-opal.c >>>> +++ b/block/sed-opal.c >>>> @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev) >>>> hsn = response_get_u64(&dev->parsed, 4); >>>> tsn = response_get_u64(&dev->parsed, 5); >>>> >>>> - if (hsn == 0 && tsn == 0) { >>>> + if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) { >>>> pr_debug("Couldn't authenticate session\n"); >>>> return -EPERM; >>>> } >>>> -- >>>> 2.17.1 >>>>
diff --git a/block/opal_proto.h b/block/opal_proto.h index 325cbba2465f..27740baad61d 100644 --- a/block/opal_proto.h +++ b/block/opal_proto.h @@ -36,6 +36,7 @@ enum opal_response_token { #define DTAERROR_NO_METHOD_STATUS 0x89 #define GENERIC_HOST_SESSION_NUM 0x41 +#define RSVD_TPER_SESSION_NUM 4096 #define TPER_SYNC_SUPPORTED 0x01 #define MBR_ENABLED_MASK 0x10 diff --git a/block/sed-opal.c b/block/sed-opal.c index 880cc57a5f6b..f2b61a868901 100644 --- a/block/sed-opal.c +++ b/block/sed-opal.c @@ -1056,7 +1056,7 @@ static int start_opal_session_cont(struct opal_dev *dev) hsn = response_get_u64(&dev->parsed, 4); tsn = response_get_u64(&dev->parsed, 5); - if (hsn == 0 && tsn == 0) { + if (hsn != GENERIC_HOST_SESSION_NUM || tsn < RSVD_TPER_SESSION_NUM) { pr_debug("Couldn't authenticate session\n"); return -EPERM; }