diff options
| author | Blazej Kucman <blazej.kucman@intel.com> | 2024-03-22 12:51:16 +0100 |
|---|---|---|
| committer | Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> | 2024-04-02 08:27:47 +0200 |
| commit | cc48406887b3bc439e3462e8e4d20f992e81b87e (patch) | |
| tree | f84b32c8d92d9f395bb1e5281c0e6534fd04d1ec /drive_encryption.h | |
| parent | mdadm: Move pr_vrb define to mdadm.h (diff) | |
| download | mdadm-cc48406887b3bc439e3462e8e4d20f992e81b87e.tar.xz mdadm-cc48406887b3bc439e3462e8e4d20f992e81b87e.zip | |
Add reading Opal NVMe encryption information
For NVMe devices with Opal support, encryption information, status and
ability are determined based on Opal Level 0 discovery response. Technical
documentation used is given in the implementation.
Ability in general describes what type of encryption is supported, Status
describes in what state the disk with encryption support is. The current
patch includes only the implementation of reading encryption information,
functions will be used in one of the next patches.
Motivation for adding this functionality is to block mixing of disks in
IMSM arrays with encryption enabled and disabled. The main goal is to not
allow stealing data by rebuilding array to not encrypted drive which can be
read elsewhere.
Value ENA_OTHER from enum encryption_ability will be used in the next
patch.
Signed-off-by: Blazej Kucman <blazej.kucman@intel.com>
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
Diffstat (limited to 'drive_encryption.h')
| -rw-r--r-- | drive_encryption.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/drive_encryption.h b/drive_encryption.h new file mode 100644 index 00000000..82c2c624 --- /dev/null +++ b/drive_encryption.h @@ -0,0 +1,32 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Read encryption information for Opal and ATA devices. + * + * Copyright (C) 2024 Intel Corporation + * Author: Blazej Kucman <blazej.kucman@intel.com> + */ + +typedef enum encryption_status { + /* The drive is not currently encrypted. */ + ENC_STATUS_UNENCRYPTED = 0, + /* The drive is encrypted and the data is not accessible. */ + ENC_STATUS_LOCKED, + /* The drive is encrypted but the data is accessible in unencrypted form. */ + ENC_STATUS_UNLOCKED +} encryption_status_t; + +typedef enum encryption_ability { + ENC_ABILITY_NONE = 0, + ENC_ABILITY_OTHER, + /* Self encrypted drive */ + ENC_ABILITY_SED +} encryption_ability_t; + +typedef struct encryption_information { + encryption_ability_t ability; + encryption_status_t status; +} encryption_information_t; + +mdadm_status_t +get_nvme_opal_encryption_information(int disk_fd, struct encryption_information *information, + const int verbose); |