-
Task
-
Resolution: Unresolved
-
Normal
-
None
-
None
Add support for SED OPAL2 single user mode. We already have support for basic support in SED OPAL devices in cryptsetup 2.7.0, but we would like to address one general issue that might be with the support with. Described in OPAL2 SUM extension document as follows:
The goal of the Single User Mode feature set is to provide a mechanism that addresses the following use cases:
1. The Information Technology (IT) rep provisions the Storage Device and controls the partitions, but gives complete control over the access to at least one of the partitions to a Vice President (VP). The VP is able to lock/unlock and enable/disable locking for the private partition(s) given to him. The IT rep should be able to repurpose the SD by reclaiming the storage, but only in a destructive way for the private partition(s) and should never be able to access to the data on the private partition(s) unless unlocked by the VP.
2. The Storage Device is used in a system where all user management is performed by host software.
Multiple software agents may exist and each one has exclusive control over a range of the LBAs in the
Storage Device. Each software agent has its own user management models and authentication
mechanisms and there is no agent with control over another’s LBA range