tools/testing/cxl: Add "passphrase secure erase" opcode support

	return 0;

}

static int mock_passphrase_secure_erase(struct cxl_dev_state *cxlds,

					struct cxl_mbox_cmd *cmd)

{

	struct cxl_mock_mem_pdata *mdata = dev_get_platdata(cxlds->dev);

	struct cxl_pass_erase *erase;

	if (cmd->size_in != sizeof(*erase))

		return -EINVAL;

	if (cmd->size_out != 0)

		return -EINVAL;

	erase = cmd->payload_in;

	if (mdata->security_state & CXL_PMEM_SEC_STATE_FROZEN) {

		cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;

		return -ENXIO;

	}

	if (mdata->security_state & CXL_PMEM_SEC_STATE_USER_PLIMIT &&

	    erase->type == CXL_PMEM_SEC_PASS_USER) {

		cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;

		return -ENXIO;

	}

	if (mdata->security_state & CXL_PMEM_SEC_STATE_MASTER_PLIMIT &&

	    erase->type == CXL_PMEM_SEC_PASS_MASTER) {

		cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;

		return -ENXIO;

	}

	switch (erase->type) {

	case CXL_PMEM_SEC_PASS_MASTER:

		/*

		 * The spec does not clearly define the behavior of the scenario

		 * where a master passphrase is passed in while the master

		 * passphrase is not set and user passphrase is not set. The

		 * code will take the assumption that it will behave the same

		 * as a CXL secure erase command without passphrase (0x4401).

		 */

		if (mdata->security_state & CXL_PMEM_SEC_STATE_MASTER_PASS_SET) {

			if (memcmp(mdata->master_pass, erase->pass,

				   NVDIMM_PASSPHRASE_LEN)) {

				master_plimit_check(mdata);

				cmd->return_code = CXL_MBOX_CMD_RC_PASSPHRASE;

				return -ENXIO;

			}

			mdata->master_limit = 0;

			mdata->user_limit = 0;

			mdata->security_state &= ~CXL_PMEM_SEC_STATE_USER_PASS_SET;

			memset(mdata->user_pass, 0, NVDIMM_PASSPHRASE_LEN);

			mdata->security_state &= ~CXL_PMEM_SEC_STATE_LOCKED;

		} else {

			/*

			 * CXL rev3 8.2.9.8.6.3 Disable Passphrase

			 * When master passphrase is disabled, the device shall

			 * return Invalid Input for the Passphrase Secure Erase

			 * command with master passphrase.

			 */

			return -EINVAL;

		}

		/* Scramble encryption keys so that data is effectively erased */

		break;

	case CXL_PMEM_SEC_PASS_USER:

		/*

		 * The spec does not clearly define the behavior of the scenario

		 * where a user passphrase is passed in while the user

		 * passphrase is not set. The code will take the assumption that

		 * it will behave the same as a CXL secure erase command without

		 * passphrase (0x4401).

		 */

		if (mdata->security_state & CXL_PMEM_SEC_STATE_USER_PASS_SET) {

			if (memcmp(mdata->user_pass, erase->pass,

				   NVDIMM_PASSPHRASE_LEN)) {

				user_plimit_check(mdata);

				cmd->return_code = CXL_MBOX_CMD_RC_PASSPHRASE;

				return -ENXIO;

			}

			mdata->user_limit = 0;

			mdata->security_state &= ~CXL_PMEM_SEC_STATE_USER_PASS_SET;

			memset(mdata->user_pass, 0, NVDIMM_PASSPHRASE_LEN);

		}

		/*

		 * CXL rev3 Table 8-118

		 * If user passphrase is not set or supported by device, current

		 * passphrase value is ignored. Will make the assumption that

		 * the operation will proceed as secure erase w/o passphrase

		 * since spec is not explicit.

		 */

		/* Scramble encryption keys so that data is effectively erased */

		break;

	default:

		return -EINVAL;

	}

	return 0;

}

static int mock_get_lsa(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd)

{

	struct cxl_mbox_get_lsa *get_lsa = cmd->payload_in;

	case CXL_MBOX_OP_UNLOCK:

		rc = mock_unlock_security(cxlds, cmd);

		break;

	case CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE:

		rc = mock_passphrase_secure_erase(cxlds, cmd);

		break;

	default:

		break;

	}