From b60ffe9e065efcfe89415f984f6fde2d03675d5c Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Mon, 31 Jul 2023 16:24:49 +0200 Subject: [PATCH] Introduce LUKS2-OPAL private dm uuid prefix. LUKS2 devices with configured HW OPAL encryption (any configuration) get activated with private dm uuid prefix LUKS2-OPAL so that we can properly detect devices with HW OPAL encryption even with missing LUKS2 header (detached header). Internally LUKS2-OPAL prefix matches LUKS2 device type. --- lib/internal.h | 1 + lib/luks2/luks2_json_metadata.c | 8 ++++++-- lib/setup.c | 4 ++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/internal.h b/lib/internal.h index f9554933..3a6f3bbc 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -53,6 +53,7 @@ #define MAX_DM_DEPS 32 #define CRYPT_SUBDEV "SUBDEV" /* prefix for sublayered devices underneath public crypt types */ +#define CRYPT_LUKS2_HW_OPAL "LUKS2-OPAL" /* dm uuid prefix used for any HW OPAL enabled LUKS2 device */ #ifndef O_CLOEXEC #define O_CLOEXEC 0 diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c index 477c8fdc..e3a7659b 100644 --- a/lib/luks2/luks2_json_metadata.c +++ b/lib/luks2/luks2_json_metadata.c @@ -2754,9 +2754,13 @@ int LUKS2_activate(struct crypt_device *cd, if (dynamic) dmd.segment.size = dmdi.segment.size; - r = create_or_reload_device_with_integrity(cd, name, CRYPT_LUKS2, &dmd, &dmdi); + r = create_or_reload_device_with_integrity(cd, name, + opal_key ? CRYPT_LUKS2_HW_OPAL : CRYPT_LUKS2, + &dmd, &dmdi); } else - r = create_or_reload_device(cd, name, CRYPT_LUKS2, &dmd); + r = create_or_reload_device(cd, name, + opal_key ? CRYPT_LUKS2_HW_OPAL : CRYPT_LUKS2, + &dmd); dm_targets_free(cd, &dmd); dm_targets_free(cd, &dmdi); diff --git a/lib/setup.c b/lib/setup.c index 3d3082f1..dd9b3dd9 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -504,6 +504,10 @@ int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid) if (!dm_uuid || !hdr_uuid) return -EINVAL; + /* skip beyond LUKS2_HW_OPAL prefix */ + if (!strncmp(dm_uuid, CRYPT_LUKS2_HW_OPAL, strlen(CRYPT_LUKS2_HW_OPAL))) + dm_uuid = dm_uuid + strlen(CRYPT_LUKS2_HW_OPAL); + str = strchr(dm_uuid, '-'); if (!str) return -EINVAL;