View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017844 | CentOS-8 | kernel | public | 2020-11-12 05:32 | 2021-04-17 18:17 |
Reporter | ladar | Assigned To | |||
Priority | low | Severity | crash | Reproducibility | always |
Status | resolved | Resolution | fixed | ||
Product Version | 8.2.2004 | ||||
Summary | 0017844: SED OPAL kernel support is needed or disks don't get a good night's rest. | ||||
Description | I've already reported this issue to Red Hat, since the problem is inherited through their kernel configuration. But am reporting it here in the hope that CentOS will be faster to fix it. That said, the rambling description goes something like: My hard drive is tired, but the kernel won't let it sleep. That's because my hard drive is one of those self encrypting drives. Which means it goes to sleep like every other hard drive. But when it wakes up, it likes to play the morning after game. It wants to know if its partner, the kernel, remembers its name. And if it doesn't, then Miss Disk will play hard to get. I don't know what happens next. But I do know its a total system crash. And that's bad. The good news is they don't need couples therapy. All Miss Disk needs is for the kernel to be compiled with CONFIG_BLK_SED_OPAL="y" ... I verified this the hard way. By recompiling a kernel myself. It was painful. If there is any bad news, it's that support for self encrypting OPAL drives can't be compiled as a standalone module. So I'm hoping the you can enable this flag for me. I'm not quite sure why this kernel flag is unset. I checked every Fedora release from Core 25 through Core 33 and all of them had this flag enabled already. ### The problem is that without kernel support for SED OPAL drives. [ladar@crossroads ~]$ sudo /usr/local/sbin/sedutil-cli -s --prepareForS3Sleep 0 Admin1 /dev/nvme0n1 Please enter password ********************************* Error saving the password to the kernel errno = 25 [ladar@crossroads ~]$ ### I get the above error, and if the system does go to sleep, it will slumber just fine, only to blink and crash when it wakes back up. ### With kernel support for SED OPAL drives enabled. [ladar@crossroads ~]$ sudo /usr/local/sbin/sedutil-cli -s --prepareForS3Sleep 0 Admin1 /dev/nvme0n1 Please enter password ********************************* [ladar@crossroads ~]$ ### After this, I can put the system to sleep, and wake it back up again, all without issue. For those who stumble upon this bug report, once the kernel has OPAL support, the drive can be prepared for its nap automatically by a systemd service: ### /etc/systemd/system/sedutil-sleep.service [Unit] Description=sedutil-sleep [Service] Type=oneshot ExecStart=/usr/local/sbin/sedutil-cli -n -x --prepareForS3Sleep 1 User1 <HASHED_PASSWORD> /dev/nvme0n1 RemainAfterExit=true [Install] WantedBy=multi-user.target ### In this example, the service file would have the hashed user password at locking range 1, and would supply that hash to kernel so it can properly wake up the drive when needed. ### The CentOS and CentOS kernels I checked. [ladar@centos8 ~]$ cat /boot/config-4.18.0-193.28.1.el8_2.x86_64 | grep OPAL # CONFIG_BLK_SED_OPAL is not set [ladar@centos8 ~]$ cat /boot/config-4.18.0-193.19.1.el8_2.centos.plus.x86_64 | grep OPAL # CONFIG_BLK_SED_OPAL is not set [ladar@centos8 ~]$ cat /etc/os-release NAME="CentOS Linux" VERSION="8 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="8" PLATFORM_ID="platform:el8" PRETTY_NAME="CentOS Linux 8 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:8" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-8" CENTOS_MANTISBT_PROJECT_VERSION="8" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="8" ### When I recompiled a kernel for testing, I simply patched the kernel-plus.spec file. But that may not be ideal. I'm only providing a recompile/patch in case others want to try out this fix. On a separate, but related note of some importance, I couldn't find the kernel-plus-4.18.0-193.19.1.el8_2.centos.plus.src.rpm source RPM in any of the usual places. I had to dig just to find the kernel-plus-4.18.0-193.14.2.el8_2.centos.plus.src.rpm source RPM. I believe its available via this URL: https://koji.mbox.centos.org/pkgs/packages/kernel-plus/4.18.0/193.19.1.el8_2.centos.plus/src/kernel-plus-4.18.0-193.19.1.el8_2.centos.plus.src.rpm But as an outsider, I get a 403 error. I can access this page : https://koji.mbox.centos.org/koji/buildinfo?buildID=13615 Which is a bit of a tease... Moving on. Myrebuild script... ### Kernel patch and rebuild script using the CentOS plus kernel. sudo dnf --assumeyes --enablerepo=PowerTools install asciidoc audit-libs-devel autoconf automake bash bc binutils binutils-devel bison byacc cmake ctags diffstat diffutils dwarves elfutils elfutils-devel elfutils-libelf-devel expect findutils flex gawk gcc gcc-c++ gdb gettext git glibc-devel gzip hmaccalc hostname intltool java-devel jna kabi-dw libbpf-devel libcap-devel libcap-ng-devel libtool llvm-toolset ltrace m4 make module-init-tools ncurses-devel net-tools newt-devel numactl-devel openssl openssl-devel patch patchutils pciutils-devel perl perl-devel perl-ExtUtils-Embed perl-Fedora-VSP perl-generators pesign pkgconf pkgconf-m4 pkgconf-pkg-config python3-devel python3-docutils redhat-rpm-config rpm-build rpmdevtools rpmlint rpm-sign rsync sh-utils source-highlight strace systemtap tar valgrind valgrind-devel xmlto xz zlib-devel ## Start the build phase. mkdir -p ~/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS} # Download the kernel source. cd ~/rpmbuild/SRPMS/ # In this case using CentOS kernel-plus v4.18.0-193.14.2. curl -O https://mirror.ams1.nl.leaseweb.net/centos-vault/8.2.2004/centosplus/Source/SPackages/kernel-plus-4.18.0-193.14.2.el8_2.centos.plus.src.rpm (printf "6693d033cf0c09910505acca2b41bb71307731d539466fb93fb798312e660de5 kernel-plus-4.18.0-193.14.2.el8_2.centos.plus.src.rpm" | sha256sum -c) || (printf "\\n\\nSource RPM did not match the expected hash value.\\n\\n" ; exit 1) chown $USER:$USER kernel-plus-4.18.0-193.14.2.el8_2.centos.plus.src.rpm rpm -i kernel-plus-4.18.0-193.14.2.el8_2.centos.plus.src.rpm # We need to prep the spec file. cd ~/rpmbuild/SPECS/ # This is where the magic happens. We enable SED OPAL block devices. patch -p1 <<-EOF diff --git a/kernel-plus.spec b/kernel-plus.spec index 770a5c8..12331be 100644 --- a/kernel-plus.spec +++ b/kernel-plus.spec @@ -1113,6 +1113,9 @@ do done %endif +# Enable the SED OPAL block device driver. +sed -i "s/.*CONFIG_BLK_SED_OPAL.*/CONFIG_BLK_SED_OPAL=y/g" *.config + cp %{SOURCE42} . ./process_configs.sh -w -c %{name} %{rpmversion} EOF # I decided to give the custom kernel this build ID, so it would be easy # to spot on a GRUB boot menu. export BUILDID="_oo00800oo_" # And finally to kickoff the build and produce freshly baked kernel RPMs. rpmbuild -ba --define="buildid $BUILDID" --target=$(uname -m) kernel-plus.spec ### The script above was tested and a working kernel built using the "generic/centos8" vagrant box. Finally some GitHub issues which may help. https://github.com/ladar/sedutil/issues/13 https://github.com/Drive-Trust-Alliance/sedutil/issues/90 And my report to the upstream authorities. https://bugzilla.redhat.com/show_bug.cgi?id=1897014 | ||||
Tags | No tags attached. | ||||
The distro kernel cannot be modified (other than debranding). It has to wait for RHEL kernels to include the change you have filed upstream. In the meantime the plus kernel can accommodate the request. I will try to enable CONFIG_BLK_SED_OPAL in the next kernel-plus update. |
|
The plus kernel has CONFIG_BLK_SED_OPAL=y as of 4.18.0-240.8.1.el8_3. Closing the bug report as 'resolved'. Should the status change upstream, lets update the info here. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2020-11-12 05:32 | ladar | New Issue | |
2020-11-12 23:55 | toracat | Status | new => acknowledged |
2020-11-12 23:55 | toracat | Note Added: 0037893 | |
2021-04-17 18:17 | toracat | Status | acknowledged => resolved |
2021-04-17 18:17 | toracat | Resolution | open => fixed |
2021-04-17 18:17 | toracat | Note Added: 0038389 |