rpms
/
sedutil
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial import

This commit is contained in:
Charles R. Anderson 2017-05-16 16:53:39 -04:00
parent a879d5d02f
commit 910c1674f5
5 changed files with 377 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -0,0 +1 @@
/sedutil-1.12.tar.gz

138
56.patch Normal file
View File

@ -0,0 +1,138 @@
From 5ca6100917a025f6e11ae20838e1e37e7db2d587 Mon Sep 17 00:00:00 2001
From: JanLuca <jan@naumannsfamily.de>
Date: Mon, 30 May 2016 00:21:48 +0200
Subject: [PATCH] Use nvme_ioctl.h for newer kernel versions #55
The header linux/nvme.h was replaced by linux/nvme_ioctl.h in kernel versions greater than 4.4: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9d99a8dda154
The needed structs and opcodes are copied into a new header file from nvme.h.
See also:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a9cf8284b45110a4d98aea180a89c857e53bf850
https://www.bountysource.com/issues/29775575-linux-nvme-h-has-been-renamed-in-linux-4-4
---
linux/DtaDevLinuxNvme.h | 8 ++-
linux/DtaDevLinuxNvmeStructsOpCodes.h | 95 +++++++++++++++++++++++++++++++++++
2 files changed, 102 insertions(+), 1 deletion(-)
create mode 100755 linux/DtaDevLinuxNvmeStructsOpCodes.h
diff --git a/linux/DtaDevLinuxNvme.h b/linux/DtaDevLinuxNvme.h
index cc55761..7a67385 100755
--- a/linux/DtaDevLinuxNvme.h
+++ b/linux/DtaDevLinuxNvme.h
@@ -18,7 +18,13 @@ along with sedutil. If not, see <http://www.gnu.org/licenses/>.
* C:E********************************************************************** */
#pragma once
-#include "linux/nvme.h"
+#include <linux/version.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
+#include <linux/nvme_ioctl.h>
+#include "DtaDevLinuxNvmeStructsOpCodes.h"
+#else
+#include <linux/nvme.h>
+#endif
#include "DtaStructures.h"
#include "DtaDevLinuxDrive.h"
diff --git a/linux/DtaDevLinuxNvmeStructsOpCodes.h b/linux/DtaDevLinuxNvmeStructsOpCodes.h
new file mode 100755
index 0000000..b781949
--- /dev/null
+++ b/linux/DtaDevLinuxNvmeStructsOpCodes.h
@@ -0,0 +1,95 @@
+/*
+ * Definitions for the NVM Express interface
+ * Copyright (c) 2011-2014, Intel Corporation.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ */
+#pragma once
+
+enum nvme_admin_opcode {
+ nvme_admin_delete_sq = 0x00,
+ nvme_admin_create_sq = 0x01,
+ nvme_admin_get_log_page = 0x02,
+ nvme_admin_delete_cq = 0x04,
+ nvme_admin_create_cq = 0x05,
+ nvme_admin_identify = 0x06,
+ nvme_admin_abort_cmd = 0x08,
+ nvme_admin_set_features = 0x09,
+ nvme_admin_get_features = 0x0a,
+ nvme_admin_async_event = 0x0c,
+ nvme_admin_activate_fw = 0x10,
+ nvme_admin_download_fw = 0x11,
+ nvme_admin_format_nvm = 0x80,
+ nvme_admin_security_send = 0x81,
+ nvme_admin_security_recv = 0x82,
+};
+
+struct nvme_id_power_state {
+ __le16 max_power; /* centiwatts */
+ __u8 rsvd2;
+ __u8 flags;
+ __le32 entry_lat; /* microseconds */
+ __le32 exit_lat; /* microseconds */
+ __u8 read_tput;
+ __u8 read_lat;
+ __u8 write_tput;
+ __u8 write_lat;
+ __le16 idle_power;
+ __u8 idle_scale;
+ __u8 rsvd19;
+ __le16 active_power;
+ __u8 active_work_scale;
+ __u8 rsvd23[9];
+};
+
+struct nvme_id_ctrl {
+ __le16 vid;
+ __le16 ssvid;
+ char sn[20];
+ char mn[40];
+ char fr[8];
+ __u8 rab;
+ __u8 ieee[3];
+ __u8 mic;
+ __u8 mdts;
+ __le16 cntlid;
+ __le32 ver;
+ __u8 rsvd84[172];
+ __le16 oacs;
+ __u8 acl;
+ __u8 aerl;
+ __u8 frmw;
+ __u8 lpa;
+ __u8 elpe;
+ __u8 npss;
+ __u8 avscc;
+ __u8 apsta;
+ __le16 wctemp;
+ __le16 cctemp;
+ __u8 rsvd270[242];
+ __u8 sqes;
+ __u8 cqes;
+ __u8 rsvd514[2];
+ __le32 nn;
+ __le16 oncs;
+ __le16 fuses;
+ __u8 fna;
+ __u8 vwc;
+ __le16 awun;
+ __le16 awupf;
+ __u8 nvscc;
+ __u8 rsvd531;
+ __le16 acwu;
+ __u8 rsvd534[2];
+ __le32 sgls;
+ __u8 rsvd540[1508];
+ struct nvme_id_power_state psd[32];
+ __u8 vs[1024];
+};

93
sedutil-cli.8 Normal file
View File

@ -0,0 +1,93 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH SEDUTIL-CLI "8" "May 2017" "sedutil-cli 1.12" "System Administration Utilities"
.SH NAME
sedutil-cli \- manage self-encrypting drives
.SH SYNOPSIS
.B sedutil\-cli
[\fI\,ACTION\/\fR] [\fI\,OPTION\/\fR]... [\fI\,DEVICE\/\fR]
.SH DESCRIPTION
A utility to manage self encrypting drives that conform
to the Trusted Computing Group OPAL 2.0 SSC specification.
.TP
\fB\-v\fR
increase verbosity, one to five v's
.TP
\fB\-n\fR
no password hashing. Passwords will be sent in clear text!
.TP
\fBACTIONS:\fR
.TP
\fB\-\-scan\fR
Scans the devices on the system, identifying Opal compliant devices
.TP
\fB\-\-query\fR <device>
Display the Discovery 0 response of a device
.TP
\fB\-\-isValidSED\fR <device>
Verify whether the given device is SED or not
.TP
\fB\-\-listLockingRanges\fR <password> <device>
List all Locking Ranges
.TP
\fB\-\-listLockingRange\fR <0...n> <password> <device>
List all Locking Ranges, 0 = GLobal 1..n = LRn
.TP
\fB\-\-eraseLockingRange\fR <0...n> <password> <device>
Erase a Locking Range, 0 = GLobal 1..n = LRn
.TP
\fB\-\-setupLockingRange\fR <0...n> <RangeStart> <RangeLength> <password> <device>
Setup a new Locking Range, 0 = GLobal 1..n = LRn
.TP
\fB\-\-initialSetup\fR <SIDpassword> <device>
Setup the device for use with sedutil. <SIDpassword> is new SID and Admin1 password
.TP
\fB\-\-setSIDPassword\fR <SIDpassword> <newSIDpassword> <device>
Change the SID password
.TP
\fB\-\-setAdmin1Pwd\fR <Admin1password> <newAdmin1password> <device>
Change the Admin1 password
.TP
\fB\-\-setPassword\fR <oldpassword, "" for MSID> <userid> <newpassword> <device>
Change the Enterprise password for userid "EraseMaster" or "BandMaster<n>", 0 <= n <= 1023
.TP
\fB\-\-setLockingRange\fR <0...n> <RW|RO|LK> <Admin1password> <device>
Set the status of a Locking Range, 0 = GLobal 1..n = LRn
.TP
\fB\-\-enableLockingRange\fR <0...n> <Admin1password> <device>
Enable a Locking Range, 0 = GLobal 1..n = LRn
.TP
\fB\-\-disableLockingRange\fR <0...n> <Admin1password> <device>
Disable a Locking Range, 0 = GLobal 1..n = LRn
.TP
\fB\-\-setMBREnable\fR <on|off> <Admin1password> <device>
Enable|Disable MBR shadowing
.TP
\fB\-\-setMBRDone\fR <on|off> <Admin1password> <device>
set|unset MBRDone
.TP
\fB\-\-loadPBAimage\fR <Admin1password> <file> <device>
Write <file> to MBR Shadow area
.TP
\fB\-\-revertTPer\fR <SIDpassword> <device>
set the device back to factory defaults. This **ERASES ALL DATA**
.TP
\fB\-\-revertNoErase\fR <Admin1password> <device>
deactivate the Locking SP without erasing the data on GLOBAL RANGE *ONLY*
.TP
\fB\-\-yesIreallywanttoERASEALLmydatausingthePSID\fR <PSID> <device>
revert the device using the PSID *ERASING* *ALL* the data
.TP
\fB\-\-printDefaultPassword\fR <device>
print MSID
.SH EXAMPLES
sedutil\-cli \fB\-\-scan\fR
.PP
sedutil\-cli \fB\-\-query\fR \fI\,/dev/sdc\/\fP
.PP
sedutil\-cli \fB\-\-yesIreallywanttoERASEALLmydatausingthePSID\fR <PSIDALLCAPSNODASHED> \fI\,/dev/sdc\/\fP
.PP
sedutil\-cli \fB\-\-initialSetup\fR <newSIDpassword> \fI\,/dev/sdc\/\fP
.SH COPYRIGHT
sedutil v1.12 Copyright 2014\-2016 Bright Plaza Inc. <drivetrust@drivetrust.com>
.SH SEE ALSO
See further documentation in /usr/share/doc/sedutil

144
sedutil.spec Normal file
View File

@ -0,0 +1,144 @@
%global gittag0 1.12
%global _hardened_build 1
Name: sedutil
Version: %{gittag0}
Release: 3%{?dist}
Summary: Tools to manage the activation and use of self encrypting drives
# Everything is GPLv3+ except:
# - Common/pbkdf2/* which is GPLv2+, a bundled copy of some gnulib code.
# - Common/Dta*Dump* which is BSD (https://github.com/Drive-Trust-Alliance/sedutil/issues/145)
License: GPLv3+ and GPLv2+ and BSD
URL: https://github.com/Drive-Trust-Alliance/sedutil/wiki
Source0: https://github.com/Drive-Trust-Alliance/%{name}/archive/%{gittag0}/%{name}-%{gittag0}.tar.gz
# Make a manual page from the help output:
#help2man --name=sedutil-cli \
# --section=8 \
# --no-info \
# --version-string=%%{version} \
# --no-discard-stderr \
# --output=./dist/Release_x86_64/GNU-Linux/sedutil-cli.8 \
# ./dist/Release_x86_64/GNU-Linux/sedutil-cli
# Cleaned up with manual edits:
Source1: sedutil-cli.8
Patch0: https://github.com/Drive-Trust-Alliance/sedutil/pull/56.patch
# sedutil does not work on big-endian architectures
ExcludeArch: ppc ppc64 s390 s390x
BuildRequires: ncurses-devel
# This package uses gnulib. It was granted an exception in:
# https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib)
# Replaces msed, but doesn't provide a compatible CLI command
Obsoletes: msed <= 0.23-0.20
%description
The Drive Trust Alliance software (sedutil) is an Open Source (GPLv3)
effort to make Self Encrypting Drive technology freely available to
everyone. It is a combination of the two known available Open Source
code bases today: msed and OpalTool.
sedutil is a Self-Encrypting Drive (SED) management program and
Pre-Boot Authorization (PBA) image that will allow the activation and
use of self encrypting drives that comply with the Trusted Computing
Group Opal 2.0 SSC.
This package provides the sedutil-cli and linuxpba binaries, but not
the PBA image itself.
%prep
%setup -q -n sedutil-%{gittag0}
%patch0 -p1 -b .nvme_ioctl
# Adjust the GitVersion.sh script to just use the git tag from the
# checkout so we don't need a full git tree or the git tool itself.
cd linux
sed -i -e's/^GITVER=.*/GITVER=%{gittag0}/' GitVersion.sh
# Remove stray execute permissions from source code
find . -type f -name '*.h' -exec chmod -x {} \;
find . -type f -name '*.cpp' -exec chmod -x {} \;
%build
# Always use the x86_64 build configuration, because we override
# CFLAGS etc. for each arch build anyway and the upstream makefiles
# don't have build configs for every arch we support.
cd linux/CLI
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" CONF=Release_x86_64
# Copy in our manual page
cp -p %{SOURCE1} dist/Release_x86_64/GNU-Linux/sedutil-cli.8
cd ../../LinuxPBA
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" CONF=Release
%install
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
install -p -m755 linux/CLI/dist/Release_x86_64/GNU-Linux/sedutil-cli $RPM_BUILD_ROOT%{_sbindir}/sedutil-cli
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
install -p -m644 linux/CLI/dist/Release_x86_64/GNU-Linux/sedutil-cli.8 $RPM_BUILD_ROOT%{_mandir}/man8/sedutil-cli.8
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
install -p -m755 LinuxPBA/dist/Release/GNU-Linux/linuxpba $RPM_BUILD_ROOT%{_libexecdir}/linuxpba
%files
%doc README.md Common/Copyright.txt Common/ReadMe.txt linux/PSIDRevert_LINUX.txt
%license Common/LICENSE.txt
%{_sbindir}/sedutil-cli
%{_mandir}/man8/sedutil-cli.8*
%{_libexecdir}/linuxpba
%changelog
* Tue May 9 2017 Charles R. Anderson <cra@wpi.edu> - 1.12-3
- Remove commented out macros
- Clarify multiple licensing scenario
- Provides: bundled(gnulib)
- Move sedutil-cli to /usr/sbin and linuxbpa to /usr/libexec
- Provide a manual page for sedutil-cli
* Wed May 3 2017 Charles R. Anderson <cra@wpi.edu> - 1.12-2
- Obsolete msed package
- Remove stray execute permissions from source code
* Wed May 3 2017 Charles R. Anderson <cra@wpi.edu> - 1.12-1
- Use nvme_ioctl.h for newer kernel versions (upstream pull request #56)
* Tue Jan 3 2017 Charles R. Anderson <cra@wpi.edu>
- update to 1.12
- sedutil-nvme_ioctl_h.patch for renamed linux/nvme.h header
* Wed Nov 11 2015 Charles R. Anderson <cra@wpi.edu> - 1.10-0.1.beta.git350b22c
- switch to DriveTrustAlliance/sedutil upstream where all further development
of msed happens now.
* Fri Aug 07 2015 Rafael Fonseca <rdossant@redhat.com> - 0.23-0.7.beta.gite38a16d
- disable build on big endian architectures (rhbz#1251520)
* Mon Jul 27 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.6.beta.gite38a16d
- add comments about upstream pull requests for patches
* Sun Jul 26 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.5.beta.gite38a16d
- use Github Source0 URL and standard macros for git hash
- patch GitVersion.sh to use a static git tag so we do not need a
full git tree or the git tool for building.
- preserve timestamps of installed files
* Tue Jul 21 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.4.beta.gite38a16d
- mark LICENSE.txt as a license text
- enable hardened build
* Tue Jul 21 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.3.beta.gite38a16d
- add more documentation
* Tue Jul 21 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.2.beta.gite38a16d
- add BR git to properly define GIT_VERSION
* Mon Jul 20 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.1.beta.gite38a16d
- initial package

1
sources
View File

@ -0,0 +1 @@
SHA512 (sedutil-1.12.tar.gz) = f17fbb5a6d71d5bdd59d0fc85eed11036a8e365545133bc1374a733ce1975d6c8dd2cdc500bd46cffbec1f2bef621a98ca392e0dd314734c1ef12c073d70b0de