Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

linux: Enable support for Self-Encrypting Drives #56147

Merged
merged 1 commit into from Feb 21, 2019

Conversation

callahad
Copy link
Member

Motivation for this change

To quote block/Kconfig:

Builds Logic for interfacing with Opal enabled controllers.
Enabling this option enables users to setup/unlock/lock
Locking ranges for SED devices using the Opal protocol.

Without BLK_SED_OPAL, it is impossible to resume from sleep when using a locked self-encrypting drive.

This configuration option appeared in earlier kernels, but only reached maturity in 4.14 according to discussion at:

This kernel option is enabled in the default kernels shipped with Fedora, Debian, and other mainstream Linux distributions.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

To quote block/Kconfig:

> Builds Logic for interfacing with Opal enabled controllers.
> Enabling this option enables users to setup/unlock/lock
> Locking ranges for SED devices using the Opal protocol.

Without `BLK_SED_OPAL`, it is impossible to resume from sleep when using
a locked self-encrypting drive.

This configuration option appeared in earlier kernels, but only reached
maturity in 4.14 according to discussion at:

- Drive-Trust-Alliance/sedutil#90 and
- Drive-Trust-Alliance/sedutil#190

This kernel option is enabled in the default kernels shipped with
Fedora, Debian, and other mainstream Linux distributions.
@nixos-discourse
Copy link

This pull request has been mentioned on Nix community. There might be relevant details there:

https://discourse.nixos.org/t/nixos-19-03-feature-freeze/1950/32

@fpletz fpletz merged commit bd3fdc9 into NixOS:master Feb 21, 2019
@fpletz
Copy link
Member

fpletz commented Feb 21, 2019

Thanks! 👍

@callahad
Copy link
Member Author

Thank you 🍻

@callahad callahad deleted the linux-kernel-sed branch February 21, 2019 14:39
@oxij
Copy link
Member

oxij commented Feb 22, 2019 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants