README
¶
OPAL (WIP)
Command line tools and library for controlling Opal disk drives using Linux IOCTLs with sedutil compatibility layer.
Requirements
Different IOCTLs were added in different kernel versions, the most notable in 4.14 so make sure your kernel is not that old.
CONFIG_BLK_SED_OPAL kernel parameter must be enabled:
zcat /proc/config.gz | grep CONFIG_BLK_SED_OPAL
sedutil compatibility
By default opalctl uses password hashing just like sedutil does. Instead of sending a raw password to a device it's PBKDF2'd first.
If you use a sedutil fork (1, 2) that switched to SHA512 password hashing algorithm use -sha512 option.
To use raw passwords pass -raw option with -hex if needed.
Usage
Unlock After Suspend
To enable drive unlocking after a suspend of a device previously encrypted with sedutil:
opalctl save <device> RW
Documentation
¶
Overview ¶
IOCTLs implementation can be found here: https://github.com/torvalds/linux/blob/master/block/sed-opal.c
Index ¶
- type Client
- func (c *Client) ActivateLSP(key *Key) error
- func (c *Client) ActivateUser(sess *Session) error
- func (c *Client) AddUserToLR(sess *Session, state LockUnlockState) error
- func (c *Client) Close() error
- func (c *Client) Device() string
- func (c *Client) EnableDisableMBR(key *Key, enable bool) error
- func (c *Client) EraseLR(sess *Session) error
- func (c *Client) LockUnlock(sess *Session, state LockUnlockState) error
- func (c *Client) MBRDone(key *Key, done bool) error
- func (c *Client) MBRWriteShadow(key *Key, r io.Reader) error
- func (c *Client) PSIDRevertTPR(key *Key) error
- func (c *Client) RevertTPR(key *Key) error
- func (c *Client) Save(sess *Session, state LockUnlockState) error
- func (c *Client) SecureEraseLR(sess *Session) error
- func (c *Client) SetPassword(sess, newUserPw *Session) error
- func (c *Client) SetupLR(sess *Session, rle, wle bool) error
- func (c *Client) TakeOwnership(key *Key) error
- type Error
- type Key
- type LockUnlockState
- type Session
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func (*Client) ActivateLSP ¶
func (*Client) ActivateUser ¶
func (*Client) AddUserToLR ¶
func (c *Client) AddUserToLR(sess *Session, state LockUnlockState) error
func (*Client) LockUnlock ¶
func (c *Client) LockUnlock(sess *Session, state LockUnlockState) error
func (*Client) PSIDRevertTPR ¶
func (*Client) SecureEraseLR ¶
func (*Client) SetPassword ¶
func (*Client) TakeOwnership ¶
type LockUnlockState ¶
type LockUnlockState uint
const ( LockUnlockReadOnly LockUnlockState = C.OPAL_RO LockUnlockReadWrite LockUnlockState = C.OPAL_RW LockUnlockLock LockUnlockState = C.OPAL_LK )
type User ¶
type User uint
const ( Admin1 User = C.OPAL_ADMIN1 User1 User = C.OPAL_USER1 User2 User = C.OPAL_USER2 User3 User = C.OPAL_USER3 User4 User = C.OPAL_USER4 User5 User = C.OPAL_USER5 User6 User = C.OPAL_USER6 User7 User = C.OPAL_USER7 User8 User = C.OPAL_USER8 User9 User = C.OPAL_USER9 )
Source Files
Directories