Skip to content

linux: Enable support for Self-Encrypting Drives#56147

Merged
fpletz merged 1 commit intoNixOS:masterfrom
callahad:linux-kernel-sed
Feb 21, 2019
Merged

linux: Enable support for Self-Encrypting Drives#56147
fpletz merged 1 commit intoNixOS:masterfrom
callahad:linux-kernel-sed

Conversation

@callahad
Copy link
Member

@callahad callahad commented Feb 21, 2019

Motivation for this change

To quote block/Kconfig:

Builds Logic for interfacing with Opal enabled controllers.
Enabling this option enables users to setup/unlock/lock
Locking ranges for SED devices using the Opal protocol.

Without BLK_SED_OPAL, it is impossible to resume from sleep when using a locked self-encrypting drive.

This configuration option appeared in earlier kernels, but only reached maturity in 4.14 according to discussion at:

This kernel option is enabled in the default kernels shipped with Fedora, Debian, and other mainstream Linux distributions.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@callahad
linux: Enable support for Self-Encrypting Drives
0ea8c6e 
To quote block/Kconfig:

> Builds Logic for interfacing with Opal enabled controllers.
> Enabling this option enables users to setup/unlock/lock
> Locking ranges for SED devices using the Opal protocol.

Without `BLK_SED_OPAL`, it is impossible to resume from sleep when using
a locked self-encrypting drive.

This configuration option appeared in earlier kernels, but only reached
maturity in 4.14 according to discussion at:

- Drive-Trust-Alliance/sedutil#90 and
- Drive-Trust-Alliance/sedutil#190

This kernel option is enabled in the default kernels shipped with
Fedora, Debian, and other mainstream Linux distributions.
@GrahamcOfBorg GrahamcOfBorg added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 501-1000 This PR causes many rebuilds on Linux and should normally target the staging branches. labels Feb 21, 2019
@nixos-discourse
Copy link

nixos-discourse commented Feb 21, 2019

This pull request has been mentioned on Nix community. There might be relevant details there:

https://discourse.nixos.org/t/nixos-19-03-feature-freeze/1950/32

@fpletz fpletz merged commit bd3fdc9 into NixOS:master Feb 21, 2019
@fpletz
Copy link
Member

fpletz commented Feb 21, 2019

Thanks! 👍

@callahad
Copy link
Member Author

callahad commented Feb 21, 2019

Thank you 🍻

@callahad callahad deleted the linux-kernel-sed branch February 21, 2019 14:39
@oxij
Copy link
Member

oxij commented Feb 22, 2019 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 501-1000 This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@callahad @nixos-discourse @fpletz @oxij @GrahamcOfBorg