Initial import
This commit is contained in:
parent
a879d5d02f
commit
910c1674f5
1
.gitignore
vendored
1
.gitignore
vendored
@ -0,0 +1 @@
|
|||||||
|
/sedutil-1.12.tar.gz
|
138
56.patch
Normal file
138
56.patch
Normal file
@ -0,0 +1,138 @@
|
|||||||
|
From 5ca6100917a025f6e11ae20838e1e37e7db2d587 Mon Sep 17 00:00:00 2001
|
||||||
|
From: JanLuca <jan@naumannsfamily.de>
|
||||||
|
Date: Mon, 30 May 2016 00:21:48 +0200
|
||||||
|
Subject: [PATCH] Use nvme_ioctl.h for newer kernel versions #55
|
||||||
|
|
||||||
|
The header linux/nvme.h was replaced by linux/nvme_ioctl.h in kernel versions greater than 4.4: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9d99a8dda154
|
||||||
|
|
||||||
|
The needed structs and opcodes are copied into a new header file from nvme.h.
|
||||||
|
|
||||||
|
See also:
|
||||||
|
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a9cf8284b45110a4d98aea180a89c857e53bf850
|
||||||
|
https://www.bountysource.com/issues/29775575-linux-nvme-h-has-been-renamed-in-linux-4-4
|
||||||
|
---
|
||||||
|
linux/DtaDevLinuxNvme.h | 8 ++-
|
||||||
|
linux/DtaDevLinuxNvmeStructsOpCodes.h | 95 +++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 102 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100755 linux/DtaDevLinuxNvmeStructsOpCodes.h
|
||||||
|
|
||||||
|
diff --git a/linux/DtaDevLinuxNvme.h b/linux/DtaDevLinuxNvme.h
|
||||||
|
index cc55761..7a67385 100755
|
||||||
|
--- a/linux/DtaDevLinuxNvme.h
|
||||||
|
+++ b/linux/DtaDevLinuxNvme.h
|
||||||
|
@@ -18,7 +18,13 @@ along with sedutil. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
* C:E********************************************************************** */
|
||||||
|
#pragma once
|
||||||
|
-#include "linux/nvme.h"
|
||||||
|
+#include <linux/version.h>
|
||||||
|
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
|
||||||
|
+#include <linux/nvme_ioctl.h>
|
||||||
|
+#include "DtaDevLinuxNvmeStructsOpCodes.h"
|
||||||
|
+#else
|
||||||
|
+#include <linux/nvme.h>
|
||||||
|
+#endif
|
||||||
|
#include "DtaStructures.h"
|
||||||
|
#include "DtaDevLinuxDrive.h"
|
||||||
|
|
||||||
|
diff --git a/linux/DtaDevLinuxNvmeStructsOpCodes.h b/linux/DtaDevLinuxNvmeStructsOpCodes.h
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000..b781949
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/linux/DtaDevLinuxNvmeStructsOpCodes.h
|
||||||
|
@@ -0,0 +1,95 @@
|
||||||
|
+/*
|
||||||
|
+ * Definitions for the NVM Express interface
|
||||||
|
+ * Copyright (c) 2011-2014, Intel Corporation.
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or modify it
|
||||||
|
+ * under the terms and conditions of the GNU General Public License,
|
||||||
|
+ * version 2, as published by the Free Software Foundation.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope it will be useful, but WITHOUT
|
||||||
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||||
|
+ * more details.
|
||||||
|
+ */
|
||||||
|
+#pragma once
|
||||||
|
+
|
||||||
|
+enum nvme_admin_opcode {
|
||||||
|
+ nvme_admin_delete_sq = 0x00,
|
||||||
|
+ nvme_admin_create_sq = 0x01,
|
||||||
|
+ nvme_admin_get_log_page = 0x02,
|
||||||
|
+ nvme_admin_delete_cq = 0x04,
|
||||||
|
+ nvme_admin_create_cq = 0x05,
|
||||||
|
+ nvme_admin_identify = 0x06,
|
||||||
|
+ nvme_admin_abort_cmd = 0x08,
|
||||||
|
+ nvme_admin_set_features = 0x09,
|
||||||
|
+ nvme_admin_get_features = 0x0a,
|
||||||
|
+ nvme_admin_async_event = 0x0c,
|
||||||
|
+ nvme_admin_activate_fw = 0x10,
|
||||||
|
+ nvme_admin_download_fw = 0x11,
|
||||||
|
+ nvme_admin_format_nvm = 0x80,
|
||||||
|
+ nvme_admin_security_send = 0x81,
|
||||||
|
+ nvme_admin_security_recv = 0x82,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+struct nvme_id_power_state {
|
||||||
|
+ __le16 max_power; /* centiwatts */
|
||||||
|
+ __u8 rsvd2;
|
||||||
|
+ __u8 flags;
|
||||||
|
+ __le32 entry_lat; /* microseconds */
|
||||||
|
+ __le32 exit_lat; /* microseconds */
|
||||||
|
+ __u8 read_tput;
|
||||||
|
+ __u8 read_lat;
|
||||||
|
+ __u8 write_tput;
|
||||||
|
+ __u8 write_lat;
|
||||||
|
+ __le16 idle_power;
|
||||||
|
+ __u8 idle_scale;
|
||||||
|
+ __u8 rsvd19;
|
||||||
|
+ __le16 active_power;
|
||||||
|
+ __u8 active_work_scale;
|
||||||
|
+ __u8 rsvd23[9];
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+struct nvme_id_ctrl {
|
||||||
|
+ __le16 vid;
|
||||||
|
+ __le16 ssvid;
|
||||||
|
+ char sn[20];
|
||||||
|
+ char mn[40];
|
||||||
|
+ char fr[8];
|
||||||
|
+ __u8 rab;
|
||||||
|
+ __u8 ieee[3];
|
||||||
|
+ __u8 mic;
|
||||||
|
+ __u8 mdts;
|
||||||
|
+ __le16 cntlid;
|
||||||
|
+ __le32 ver;
|
||||||
|
+ __u8 rsvd84[172];
|
||||||
|
+ __le16 oacs;
|
||||||
|
+ __u8 acl;
|
||||||
|
+ __u8 aerl;
|
||||||
|
+ __u8 frmw;
|
||||||
|
+ __u8 lpa;
|
||||||
|
+ __u8 elpe;
|
||||||
|
+ __u8 npss;
|
||||||
|
+ __u8 avscc;
|
||||||
|
+ __u8 apsta;
|
||||||
|
+ __le16 wctemp;
|
||||||
|
+ __le16 cctemp;
|
||||||
|
+ __u8 rsvd270[242];
|
||||||
|
+ __u8 sqes;
|
||||||
|
+ __u8 cqes;
|
||||||
|
+ __u8 rsvd514[2];
|
||||||
|
+ __le32 nn;
|
||||||
|
+ __le16 oncs;
|
||||||
|
+ __le16 fuses;
|
||||||
|
+ __u8 fna;
|
||||||
|
+ __u8 vwc;
|
||||||
|
+ __le16 awun;
|
||||||
|
+ __le16 awupf;
|
||||||
|
+ __u8 nvscc;
|
||||||
|
+ __u8 rsvd531;
|
||||||
|
+ __le16 acwu;
|
||||||
|
+ __u8 rsvd534[2];
|
||||||
|
+ __le32 sgls;
|
||||||
|
+ __u8 rsvd540[1508];
|
||||||
|
+ struct nvme_id_power_state psd[32];
|
||||||
|
+ __u8 vs[1024];
|
||||||
|
+};
|
93
sedutil-cli.8
Normal file
93
sedutil-cli.8
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
|
||||||
|
.TH SEDUTIL-CLI "8" "May 2017" "sedutil-cli 1.12" "System Administration Utilities"
|
||||||
|
.SH NAME
|
||||||
|
sedutil-cli \- manage self-encrypting drives
|
||||||
|
.SH SYNOPSIS
|
||||||
|
.B sedutil\-cli
|
||||||
|
[\fI\,ACTION\/\fR] [\fI\,OPTION\/\fR]... [\fI\,DEVICE\/\fR]
|
||||||
|
.SH DESCRIPTION
|
||||||
|
A utility to manage self encrypting drives that conform
|
||||||
|
to the Trusted Computing Group OPAL 2.0 SSC specification.
|
||||||
|
.TP
|
||||||
|
\fB\-v\fR
|
||||||
|
increase verbosity, one to five v's
|
||||||
|
.TP
|
||||||
|
\fB\-n\fR
|
||||||
|
no password hashing. Passwords will be sent in clear text!
|
||||||
|
.TP
|
||||||
|
\fBACTIONS:\fR
|
||||||
|
.TP
|
||||||
|
\fB\-\-scan\fR
|
||||||
|
Scans the devices on the system, identifying Opal compliant devices
|
||||||
|
.TP
|
||||||
|
\fB\-\-query\fR <device>
|
||||||
|
Display the Discovery 0 response of a device
|
||||||
|
.TP
|
||||||
|
\fB\-\-isValidSED\fR <device>
|
||||||
|
Verify whether the given device is SED or not
|
||||||
|
.TP
|
||||||
|
\fB\-\-listLockingRanges\fR <password> <device>
|
||||||
|
List all Locking Ranges
|
||||||
|
.TP
|
||||||
|
\fB\-\-listLockingRange\fR <0...n> <password> <device>
|
||||||
|
List all Locking Ranges, 0 = GLobal 1..n = LRn
|
||||||
|
.TP
|
||||||
|
\fB\-\-eraseLockingRange\fR <0...n> <password> <device>
|
||||||
|
Erase a Locking Range, 0 = GLobal 1..n = LRn
|
||||||
|
.TP
|
||||||
|
\fB\-\-setupLockingRange\fR <0...n> <RangeStart> <RangeLength> <password> <device>
|
||||||
|
Setup a new Locking Range, 0 = GLobal 1..n = LRn
|
||||||
|
.TP
|
||||||
|
\fB\-\-initialSetup\fR <SIDpassword> <device>
|
||||||
|
Setup the device for use with sedutil. <SIDpassword> is new SID and Admin1 password
|
||||||
|
.TP
|
||||||
|
\fB\-\-setSIDPassword\fR <SIDpassword> <newSIDpassword> <device>
|
||||||
|
Change the SID password
|
||||||
|
.TP
|
||||||
|
\fB\-\-setAdmin1Pwd\fR <Admin1password> <newAdmin1password> <device>
|
||||||
|
Change the Admin1 password
|
||||||
|
.TP
|
||||||
|
\fB\-\-setPassword\fR <oldpassword, "" for MSID> <userid> <newpassword> <device>
|
||||||
|
Change the Enterprise password for userid "EraseMaster" or "BandMaster<n>", 0 <= n <= 1023
|
||||||
|
.TP
|
||||||
|
\fB\-\-setLockingRange\fR <0...n> <RW|RO|LK> <Admin1password> <device>
|
||||||
|
Set the status of a Locking Range, 0 = GLobal 1..n = LRn
|
||||||
|
.TP
|
||||||
|
\fB\-\-enableLockingRange\fR <0...n> <Admin1password> <device>
|
||||||
|
Enable a Locking Range, 0 = GLobal 1..n = LRn
|
||||||
|
.TP
|
||||||
|
\fB\-\-disableLockingRange\fR <0...n> <Admin1password> <device>
|
||||||
|
Disable a Locking Range, 0 = GLobal 1..n = LRn
|
||||||
|
.TP
|
||||||
|
\fB\-\-setMBREnable\fR <on|off> <Admin1password> <device>
|
||||||
|
Enable|Disable MBR shadowing
|
||||||
|
.TP
|
||||||
|
\fB\-\-setMBRDone\fR <on|off> <Admin1password> <device>
|
||||||
|
set|unset MBRDone
|
||||||
|
.TP
|
||||||
|
\fB\-\-loadPBAimage\fR <Admin1password> <file> <device>
|
||||||
|
Write <file> to MBR Shadow area
|
||||||
|
.TP
|
||||||
|
\fB\-\-revertTPer\fR <SIDpassword> <device>
|
||||||
|
set the device back to factory defaults. This **ERASES ALL DATA**
|
||||||
|
.TP
|
||||||
|
\fB\-\-revertNoErase\fR <Admin1password> <device>
|
||||||
|
deactivate the Locking SP without erasing the data on GLOBAL RANGE *ONLY*
|
||||||
|
.TP
|
||||||
|
\fB\-\-yesIreallywanttoERASEALLmydatausingthePSID\fR <PSID> <device>
|
||||||
|
revert the device using the PSID *ERASING* *ALL* the data
|
||||||
|
.TP
|
||||||
|
\fB\-\-printDefaultPassword\fR <device>
|
||||||
|
print MSID
|
||||||
|
.SH EXAMPLES
|
||||||
|
sedutil\-cli \fB\-\-scan\fR
|
||||||
|
.PP
|
||||||
|
sedutil\-cli \fB\-\-query\fR \fI\,/dev/sdc\/\fP
|
||||||
|
.PP
|
||||||
|
sedutil\-cli \fB\-\-yesIreallywanttoERASEALLmydatausingthePSID\fR <PSIDALLCAPSNODASHED> \fI\,/dev/sdc\/\fP
|
||||||
|
.PP
|
||||||
|
sedutil\-cli \fB\-\-initialSetup\fR <newSIDpassword> \fI\,/dev/sdc\/\fP
|
||||||
|
.SH COPYRIGHT
|
||||||
|
sedutil v1.12 Copyright 2014\-2016 Bright Plaza Inc. <drivetrust@drivetrust.com>
|
||||||
|
.SH SEE ALSO
|
||||||
|
See further documentation in /usr/share/doc/sedutil
|
144
sedutil.spec
Normal file
144
sedutil.spec
Normal file
@ -0,0 +1,144 @@
|
|||||||
|
%global gittag0 1.12
|
||||||
|
|
||||||
|
%global _hardened_build 1
|
||||||
|
|
||||||
|
Name: sedutil
|
||||||
|
Version: %{gittag0}
|
||||||
|
Release: 3%{?dist}
|
||||||
|
Summary: Tools to manage the activation and use of self encrypting drives
|
||||||
|
|
||||||
|
# Everything is GPLv3+ except:
|
||||||
|
# - Common/pbkdf2/* which is GPLv2+, a bundled copy of some gnulib code.
|
||||||
|
# - Common/Dta*Dump* which is BSD (https://github.com/Drive-Trust-Alliance/sedutil/issues/145)
|
||||||
|
License: GPLv3+ and GPLv2+ and BSD
|
||||||
|
URL: https://github.com/Drive-Trust-Alliance/sedutil/wiki
|
||||||
|
Source0: https://github.com/Drive-Trust-Alliance/%{name}/archive/%{gittag0}/%{name}-%{gittag0}.tar.gz
|
||||||
|
# Make a manual page from the help output:
|
||||||
|
#help2man --name=sedutil-cli \
|
||||||
|
# --section=8 \
|
||||||
|
# --no-info \
|
||||||
|
# --version-string=%%{version} \
|
||||||
|
# --no-discard-stderr \
|
||||||
|
# --output=./dist/Release_x86_64/GNU-Linux/sedutil-cli.8 \
|
||||||
|
# ./dist/Release_x86_64/GNU-Linux/sedutil-cli
|
||||||
|
# Cleaned up with manual edits:
|
||||||
|
Source1: sedutil-cli.8
|
||||||
|
Patch0: https://github.com/Drive-Trust-Alliance/sedutil/pull/56.patch
|
||||||
|
|
||||||
|
# sedutil does not work on big-endian architectures
|
||||||
|
ExcludeArch: ppc ppc64 s390 s390x
|
||||||
|
|
||||||
|
BuildRequires: ncurses-devel
|
||||||
|
|
||||||
|
# This package uses gnulib. It was granted an exception in:
|
||||||
|
# https://fedorahosted.org/fpc/ticket/174
|
||||||
|
Provides: bundled(gnulib)
|
||||||
|
|
||||||
|
# Replaces msed, but doesn't provide a compatible CLI command
|
||||||
|
Obsoletes: msed <= 0.23-0.20
|
||||||
|
|
||||||
|
%description
|
||||||
|
The Drive Trust Alliance software (sedutil) is an Open Source (GPLv3)
|
||||||
|
effort to make Self Encrypting Drive technology freely available to
|
||||||
|
everyone. It is a combination of the two known available Open Source
|
||||||
|
code bases today: msed and OpalTool.
|
||||||
|
|
||||||
|
sedutil is a Self-Encrypting Drive (SED) management program and
|
||||||
|
Pre-Boot Authorization (PBA) image that will allow the activation and
|
||||||
|
use of self encrypting drives that comply with the Trusted Computing
|
||||||
|
Group Opal 2.0 SSC.
|
||||||
|
|
||||||
|
This package provides the sedutil-cli and linuxpba binaries, but not
|
||||||
|
the PBA image itself.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n sedutil-%{gittag0}
|
||||||
|
%patch0 -p1 -b .nvme_ioctl
|
||||||
|
# Adjust the GitVersion.sh script to just use the git tag from the
|
||||||
|
# checkout so we don't need a full git tree or the git tool itself.
|
||||||
|
cd linux
|
||||||
|
sed -i -e's/^GITVER=.*/GITVER=%{gittag0}/' GitVersion.sh
|
||||||
|
# Remove stray execute permissions from source code
|
||||||
|
find . -type f -name '*.h' -exec chmod -x {} \;
|
||||||
|
find . -type f -name '*.cpp' -exec chmod -x {} \;
|
||||||
|
|
||||||
|
|
||||||
|
%build
|
||||||
|
# Always use the x86_64 build configuration, because we override
|
||||||
|
# CFLAGS etc. for each arch build anyway and the upstream makefiles
|
||||||
|
# don't have build configs for every arch we support.
|
||||||
|
cd linux/CLI
|
||||||
|
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" CONF=Release_x86_64
|
||||||
|
|
||||||
|
# Copy in our manual page
|
||||||
|
cp -p %{SOURCE1} dist/Release_x86_64/GNU-Linux/sedutil-cli.8
|
||||||
|
|
||||||
|
cd ../../LinuxPBA
|
||||||
|
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" CONF=Release
|
||||||
|
|
||||||
|
%install
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
||||||
|
install -p -m755 linux/CLI/dist/Release_x86_64/GNU-Linux/sedutil-cli $RPM_BUILD_ROOT%{_sbindir}/sedutil-cli
|
||||||
|
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
|
||||||
|
install -p -m644 linux/CLI/dist/Release_x86_64/GNU-Linux/sedutil-cli.8 $RPM_BUILD_ROOT%{_mandir}/man8/sedutil-cli.8
|
||||||
|
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
|
||||||
|
install -p -m755 LinuxPBA/dist/Release/GNU-Linux/linuxpba $RPM_BUILD_ROOT%{_libexecdir}/linuxpba
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc README.md Common/Copyright.txt Common/ReadMe.txt linux/PSIDRevert_LINUX.txt
|
||||||
|
%license Common/LICENSE.txt
|
||||||
|
%{_sbindir}/sedutil-cli
|
||||||
|
%{_mandir}/man8/sedutil-cli.8*
|
||||||
|
%{_libexecdir}/linuxpba
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Tue May 9 2017 Charles R. Anderson <cra@wpi.edu> - 1.12-3
|
||||||
|
- Remove commented out macros
|
||||||
|
- Clarify multiple licensing scenario
|
||||||
|
- Provides: bundled(gnulib)
|
||||||
|
- Move sedutil-cli to /usr/sbin and linuxbpa to /usr/libexec
|
||||||
|
- Provide a manual page for sedutil-cli
|
||||||
|
|
||||||
|
* Wed May 3 2017 Charles R. Anderson <cra@wpi.edu> - 1.12-2
|
||||||
|
- Obsolete msed package
|
||||||
|
- Remove stray execute permissions from source code
|
||||||
|
|
||||||
|
* Wed May 3 2017 Charles R. Anderson <cra@wpi.edu> - 1.12-1
|
||||||
|
- Use nvme_ioctl.h for newer kernel versions (upstream pull request #56)
|
||||||
|
|
||||||
|
* Tue Jan 3 2017 Charles R. Anderson <cra@wpi.edu>
|
||||||
|
- update to 1.12
|
||||||
|
- sedutil-nvme_ioctl_h.patch for renamed linux/nvme.h header
|
||||||
|
|
||||||
|
* Wed Nov 11 2015 Charles R. Anderson <cra@wpi.edu> - 1.10-0.1.beta.git350b22c
|
||||||
|
- switch to DriveTrustAlliance/sedutil upstream where all further development
|
||||||
|
of msed happens now.
|
||||||
|
|
||||||
|
* Fri Aug 07 2015 Rafael Fonseca <rdossant@redhat.com> - 0.23-0.7.beta.gite38a16d
|
||||||
|
- disable build on big endian architectures (rhbz#1251520)
|
||||||
|
|
||||||
|
* Mon Jul 27 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.6.beta.gite38a16d
|
||||||
|
- add comments about upstream pull requests for patches
|
||||||
|
|
||||||
|
* Sun Jul 26 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.5.beta.gite38a16d
|
||||||
|
- use Github Source0 URL and standard macros for git hash
|
||||||
|
- patch GitVersion.sh to use a static git tag so we do not need a
|
||||||
|
full git tree or the git tool for building.
|
||||||
|
- preserve timestamps of installed files
|
||||||
|
|
||||||
|
* Tue Jul 21 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.4.beta.gite38a16d
|
||||||
|
- mark LICENSE.txt as a license text
|
||||||
|
- enable hardened build
|
||||||
|
|
||||||
|
* Tue Jul 21 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.3.beta.gite38a16d
|
||||||
|
- add more documentation
|
||||||
|
|
||||||
|
* Tue Jul 21 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.2.beta.gite38a16d
|
||||||
|
- add BR git to properly define GIT_VERSION
|
||||||
|
|
||||||
|
* Mon Jul 20 2015 Charles R. Anderson <cra@wpi.edu> - 0.23-0.1.beta.gite38a16d
|
||||||
|
- initial package
|
Loading…
Reference in New Issue
Block a user