Port sedutil to FreeBSD and add many new features.#87
Open
amotin wants to merge 51 commits intoDrive-Trust-Alliance:masterfrom
Open
Port sedutil to FreeBSD and add many new features.#87amotin wants to merge 51 commits intoDrive-Trust-Alliance:masterfrom
amotin wants to merge 51 commits intoDrive-Trust-Alliance:masterfrom
Conversation
This includes support for ATA and SCSI disks via CAM pass API. This includes support for NVMe via IOCTL API (not really tested).
|
I forked the project into a new Github organization, and it's available at https://github.com/sedutil/sedutil Please join us there and re-submit this PR, we promise to merge it timely after passing the code review. Later edit: please ignore this, it seems DTA resumed active development so this fork is no longer needed. |
Contributor
|
Very nicely done. Thanks.
If we go option 1 then I will (try at least) to ensure that the code keeps up with future versions. I'll probably have to test booting to a usb attached device since my MoBo shares PCI lanes for the NVMe and SATA express ports I lost two SATA ports with my recent acquisition of an NVMe drive for testing. If we go with option 2 then the community will need to maintain compatibility with future releases. While this has no conflicts, I don't think it will cleanly compile and link with the current code (see DtaDevOS::scanDisk()). This additional static function allows us to work around NVMe drives not being /dev/sd? in Linux. |
r0m30
reviewed
Jul 21, 2017
Contributor
r0m30
left a comment
r0m30
left a comment
There was a problem hiding this comment.
Awaiting Contributor agreement.
Closed
Tested with SATA/Opal2 and SAS/Enterprise disks.
Those features I found implemented on Samsung 970 Pro NVMe.
Previous code was not reporting errors reported by the device.
I do not completely understand how this code supposed to work, all I see is that it just does not.
For SATA and NVMe devices we know explicitly whether they support Trusted Computing feature set and Security Send/Receive commands. This prevents errors from happening and being reported by kernel.
This is just for future reference.
This code handles both ATA and SCSI via CAM interface, and potentially may handle NVMe.
That parameter is optional even for Enterprise, and we found some devices failing StartSession when it is specified.
There may be some rough edges, but with this I successfully initialized, locked, unlocked and reverted Intel Optane 905 SSD, implementing Pyrite 1.0.
There are drives uing both upper and lower case symbols.
|
@amotin are you able to sign a contributor agreement for upstreaming? |
Author
|
Yes, if necessary. |
Should be no functional changes.
There are some Toshiba NVMe SSDs that fail attempts to enable PBA or load it. Since I don't think why it should be critical for devices not used for boot, ignore that error. Same time leave it there just to keep backward compatibility.
It is a part of Pyrite 2.0 SSC.
amotin
changed the title
It can be pretty long to list all the ranges, and actually looks like a bug, since Enterprise code always listed only one range there. When needed --listLockingRanges still can list all of them.
On different Enterprise drives both of them appear to be useful.
Package sedutil for debian
These two fields are uint8_t (unsigned char), causing them to be treated as literal char instead of int values. Need to cast to some int type to fix that.
Fix PIN dump in --query output
Fix verbose (-vvv..) command line arguments.
We've found thet some SAS/SATA interposers report incorrect error "ILLEGAL REQUEST asc:25,0 (Logical unit not supported)" when device behind them does not support TCG, that cause FreeBSD CAM to detach the LUN. To workaround that check whether SCSI device reports ATA Information VPD page, and if so, that it reports TCG support there.
It is pretty confusing to see errors if caller is going to handle them, either with retrial or custom reporting. Add parameter to mute the logging and use it in DtaSession::start() when retrying without SessionTimeout token.
I am not sure how it worked before, may be previous Linux kernels reported device errors as ioctl errors, but at least now it is no so. Extend error handling to SCSI, driver and host statuses, that fixes SAS disks operation, since otherwise due to lack of error handling for IDENTIFY request they were incorrectly handled as SATA. While there, alike to FreeBSD add check for TCG bit in ATA IDENTIFY data to avoid unneeded unsupported commands errors later.
The sedutil scan currently does not display drives other than sdX. In this commit, we extend the scan to include sdXYZ and, while we're at it, also add the scan for nvmeXYZ drives.
sedutil uses the serial number to hash the password for NVMe disk types and the model number for SCSI disk types. Tri-mode NVMe devices are exposed as SCSI devices, making them incompatible on non-tri-mode HBAs. This patch automates disk type selection by first checking if the disk is compatible with the NVMe IOCTL interface using the NVME_IOCTL_ID command. If it's not, it falls back to SCSI.
Contributor
|
Which FreeBSD architecture target? By default I would fall into |
|
FreeBSD's two tier-1 architectures are arm64 and amd64 so the two of those will be the most important to target |
|
Great idea. Any version of BSD as far as I I know. It was always my
favorite OS.
regards,
Bob Thibadeau, Ph.D.
c +1 412 370 1245
…On Tue, Jun 3, 2025 at 6:00 PM 'Scott Marks' via Drive Trust Alliance - Support ***@***.***> wrote:
*scottcmarks* left a comment (Drive-Trust-Alliance/sedutil#87)
<#87 (comment)>
Which FreeBSD architecture target? By default I would fall into amd64 or
i386 but UTM virtualization on my M1 Mac mini is quite fast for aarch64.
The OS factoring in the develop branch is supposed to make adding new
OSes reasonable; this would be a good exercise.
—
Reply to this email directly, view it on GitHub
<#87 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD52TFDJJ3OE2ZAAD4DNQ6T3BYLG7AVCNFSM6AAAAABQKL6LSKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSMZXGMZTQMRSGE>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This includes support for ATA and SCSI disks via CAM pass API.
This includes support for NVMe via IOCTL API (not really tested due to lack of hardware).