Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LUKS HW-OPAL support #1266

Merged
merged 6 commits into from
Aug 15, 2024
Merged

LUKS HW-OPAL support #1266

merged 6 commits into from
Aug 15, 2024

Conversation

vojtechtrefny
Copy link
Member

Work in progress support for creating and managing OPAL self encrypting drives with LUKS. This for now contains only support for recognizing pre-existing LUKS HW-OPAL devices, because this doesn't require any additional support from libblockdev (which creating and removing these devices will require).

@vojtechtrefny
Add support for recognizing LUKS HW-OPAL devices
fc1d70a 
Just a simple check based on the LUKS subsystem. We cannot remove
an HW-OPAL LUKS format without admin password so just disable
removing the format for now.
@vojtechtrefny
Allow marking formats as protected
7aaf659 
Similar to protected devices, a format can also be protected.
Device with protected formats are also protected.
@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit 0742b64. @vojtechtrefny please check.

@vojtechtrefny
Copy link
Member Author

Note: Tests are failing because storaged-project/libblockdev#1047 needs to be merged first for the "full" LUKS OPAL support.

@vojtechtrefny vojtechtrefny force-pushed the 3.10-devel_hw-opal-support branch from 0742b64 to d5b4bff Compare August 9, 2024 09:41
@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit d5b4bff. @vojtechtrefny please check.

@vojtechtrefny
Mark existing LUKS HW-OPAL formats as protected
56ce28a 
This might change in the future, but for now we cannot allow
removing these formats -- HW-OPAL needs to be removed using
cryptsetup and removal requires the admin password to remove the
associated locking range. Removing the LUKS header with wipefs
won't remove the locking range.
@vojtechtrefny
Add support for creating LUKS HW-OPAL devices
319e6a6 
Needs the latest libblockdev and cryptsetup 2.7. Creating the
LUKS HW-OPAL format is controlled by specifying LUKS version to
either "luks-hw-opal" (combination of hardware and software
encryption layer) or "luks-hw-opal-only" (hardware encryption
only).
@vojtechtrefny vojtechtrefny force-pushed the 3.10-devel_hw-opal-support branch from d5b4bff to 319e6a6 Compare August 9, 2024 15:48
@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit 319e6a6. @vojtechtrefny please check.

@vojtechtrefny
Rename "opal_passphrase" to "opal_admin_passphrase"
bf401c7 
To make the naming consistent with the other projects.
@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit bf401c7. @vojtechtrefny please check.

@vojtechtrefny vojtechtrefny mentioned this pull request Aug 13, 2024
Merged
@vojtechtrefny
Copy link
Member Author

/packit test

@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit 9500c96. @vojtechtrefny please check.

@vojtechtrefny vojtechtrefny force-pushed the 3.10-devel_hw-opal-support branch from 9500c96 to ca4f13e Compare August 14, 2024 07:34
@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit ca4f13e. @vojtechtrefny please check.

@vojtechtrefny vojtechtrefny force-pushed the 3.10-devel_hw-opal-support branch from ca4f13e to acb179a Compare August 14, 2024 07:46
@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit acb179a. @vojtechtrefny please check.

@vojtechtrefny vojtechtrefny force-pushed the 3.10-devel_hw-opal-support branch from acb179a to d1aa494 Compare August 14, 2024 09:44
@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit d1aa494. @vojtechtrefny please check.

@vojtechtrefny vojtechtrefny force-pushed the 3.10-devel_hw-opal-support branch from d1aa494 to cda2574 Compare August 14, 2024 10:11
@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit cda2574. @vojtechtrefny please check.

@vojtechtrefny vojtechtrefny force-pushed the 3.10-devel_hw-opal-support branch 2 times, most recently from 593066d to f211a0d Compare August 14, 2024 11:34
@packit-as-a-service Packit-as-a-Service
Copy link

Blivet-GUI tests failed for commit f211a0d. @vojtechtrefny please check.

@vojtechtrefny
ci: Remove priority from Testing farm repositories
c0fe6c7 
Testing farm sets priority of their repositories to 9 which means
the repo is prioritized over all other repositories including our
Copr repo with daily builds preventing the latest libblockdev from
being installed.
@vojtechtrefny vojtechtrefny force-pushed the 3.10-devel_hw-opal-support branch from f211a0d to c0fe6c7 Compare August 14, 2024 11:53
@vojtechtrefny
Copy link
Member Author

/packit test

@vojtechtrefny vojtechtrefny marked this pull request as ready for review August 15, 2024 08:31
@vojtechtrefny vojtechtrefny merged commit 2f3e69d into storaged-project:3.10-devel Aug 15, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@vojtechtrefny