From 4ed17b0765881d9bd9a52de8ae4d285af51e461e Mon Sep 17 00:00:00 2001
From: Oliver Okrongli <oliver.okrongli@infix.de>
Date: Fri, 4 Sep 2020 10:37:26 +0200
Subject: [PATCH 1/4] Support OPAL 2 self-encrypting NVMe disk drives (fix
 #2475)

---
 usr/share/rear/lib/layout-functions.sh |  4 +++-
 usr/share/rear/lib/opal-functions.sh   | 26 +++++++++++++++++++++-----
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/usr/share/rear/lib/layout-functions.sh b/usr/share/rear/lib/layout-functions.sh
index 0dc618db6d..18df316c2e 100644
--- a/usr/share/rear/lib/layout-functions.sh
+++ b/usr/share/rear/lib/layout-functions.sh
@@ -221,7 +221,9 @@ generate_layout_dependencies() {
             opaldisk)
                 dev=$(echo "$remainder" | cut -d " " -f "1")
                 add_component "opaldisk:$dev" "opaldisk"
-                add_dependency "$dev" "opaldisk:$dev"
+                for disk in $(opal_device_disks "$dev"); do
+                    add_dependency "$disk" "opaldisk:$dev"
+                done
                 ;;
         esac
     done < $LAYOUT_FILE
diff --git a/usr/share/rear/lib/opal-functions.sh b/usr/share/rear/lib/opal-functions.sh
index 12b80097e5..607a79c108 100644
--- a/usr/share/rear/lib/opal-functions.sh
+++ b/usr/share/rear/lib/opal-functions.sh
@@ -17,7 +17,7 @@
 
 #
 # Functions in this section are meant to be used independently from ReaR. They do not rely on any external
-# script code unless. Return codes must be checked by the caller.
+# script code unless stated otherwise. Return codes must be checked by the caller.
 #
 
 function opal_devices() {
@@ -26,6 +26,22 @@ function opal_devices() {
     sedutil-cli --scan | awk '$1 ~ /\/dev\// && $2 ~ /2/ { print $1; }'
 }
 
+function opal_device_disks() {
+    local device="${1:?}"
+    # prints all block devices belonging to the given Opal device.
+    # Normally, this is just the Opal device itself, however, NVME devices have one or more namespaces per primary
+    # device and these namespaces act as disks.
+
+    case "$device" in
+        (*/nvme*)
+            echo "$device"n[0-9]  # consider all namespace block devices (NOTE: relies on nullglob)
+            ;;
+        (*)
+            echo "$device"
+            ;;
+    esac
+}
+
 function opal_device_attributes() {
     local device="${1:?}"
     local result_variable_name="${2:?}"
@@ -140,7 +156,7 @@ function opal_device_regenerate_dek_ERASING_ALL_DATA() {
     # This is recommended initially to ensure that the data encryption key is not known by any third party.
     # Returns 0 on success.
 
-    sedutil-cli --rekeyLockingRange 0 "$password" "$device" && partprobe "$device"
+    sedutil-cli --rekeyLockingRange 0 "$password" "$device" && partprobe $(opal_device_disks "$device")
 }
 
 function opal_device_factory_reset_ERASING_ALL_DATA() {
@@ -148,7 +164,7 @@ function opal_device_factory_reset_ERASING_ALL_DATA() {
     local password="${2:?}"
     # factory-resets the device, ERASING ALL DATA ON THE DRIVE, returns 0 on success
 
-    sedutil-cli --reverttper "$password" "$device" && partprobe "$device"
+    sedutil-cli --reverttper "$password" "$device" && partprobe $(opal_device_disks "$device")
 }
 
 function opal_device_load_pba_image() {
@@ -172,7 +188,7 @@ function opal_device_disable_mbr() {
     local password="${2:?}"
     # disables the device's shadow MBR, returns 0 on success.
 
-    sedutil-cli --setMBREnable off "$password" "$device" && partprobe "$device"
+    sedutil-cli --setMBREnable off "$password" "$device" && partprobe $(opal_device_disks "$device")
 }
 
 function opal_device_enable_mbr() {
@@ -189,7 +205,7 @@ function opal_device_hide_mbr() {
     # hides the device's shadow MBR if one has been enabled, does nothing otherwise.
     # Returns 0 on success.
 
-    sedutil-cli --setMBRDone on "$password" "$device" && partprobe "$device"
+    sedutil-cli --setMBRDone on "$password" "$device" && partprobe $(opal_device_disks "$device")
 }
 
 function opal_device_unlock() {

From 36ffa1ecaa286945bdc20c9ddc08432cc45dd612 Mon Sep 17 00:00:00 2001
From: Oliver Okrongli <oliver.okrongli@infix.de>
Date: Thu, 17 Sep 2020 15:22:17 +0200
Subject: [PATCH 2/4] OPAL 2 NVME support: extend covered namespace IDs to
 1..99

---
 usr/share/rear/lib/opal-functions.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/usr/share/rear/lib/opal-functions.sh b/usr/share/rear/lib/opal-functions.sh
index 607a79c108..4d61fbb6aa 100644
--- a/usr/share/rear/lib/opal-functions.sh
+++ b/usr/share/rear/lib/opal-functions.sh
@@ -34,7 +34,8 @@ function opal_device_disks() {
 
     case "$device" in
         (*/nvme*)
-            echo "$device"n[0-9]  # consider all namespace block devices (NOTE: relies on nullglob)
+            # consider all namespace block devices
+            echo "$device"n[1-9] "$device"n[1-9][0-9]  # cover namespace IDs 1..99  (NOTE: relies on nullglob)
             ;;
         (*)
             echo "$device"

From 48669d230486adee85755f92bf5c6a0c5b5a7f92 Mon Sep 17 00:00:00 2001
From: Oliver Okrongli <oliver.okrongli@infix.de>
Date: Fri, 18 Sep 2020 09:48:47 +0200
Subject: [PATCH 3/4] OPAL 2 NVME support: completely cover namespace IDs (use
 extglob)

---
 usr/share/rear/lib/opal-functions.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/usr/share/rear/lib/opal-functions.sh b/usr/share/rear/lib/opal-functions.sh
index 4d61fbb6aa..aaab1c4ff4 100644
--- a/usr/share/rear/lib/opal-functions.sh
+++ b/usr/share/rear/lib/opal-functions.sh
@@ -34,8 +34,7 @@ function opal_device_disks() {
 
     case "$device" in
         (*/nvme*)
-            # consider all namespace block devices
-            echo "$device"n[1-9] "$device"n[1-9][0-9]  # cover namespace IDs 1..99  (NOTE: relies on nullglob)
+            echo "$device"n+([0-9])  # consider all namespace block devices (NOTE: relies on nullglob extglob)
             ;;
         (*)
             echo "$device"

From 5e96b5205f8fde5e23cc26879991dcd7936867cd Mon Sep 17 00:00:00 2001
From: Oliver Okrongli <oliver.okrongli@infix.de>
Date: Tue, 3 Nov 2020 12:43:22 +0100
Subject: [PATCH 4/4] Fix missing 'nullglob extglob' options in PBA

---
 usr/share/rear/lib/opal-functions.sh                      | 1 +
 usr/share/rear/skel/default/etc/scripts/unlock-opal-disks | 1 +
 2 files changed, 2 insertions(+)

diff --git a/usr/share/rear/lib/opal-functions.sh b/usr/share/rear/lib/opal-functions.sh
index aaab1c4ff4..2bbd09931a 100644
--- a/usr/share/rear/lib/opal-functions.sh
+++ b/usr/share/rear/lib/opal-functions.sh
@@ -18,6 +18,7 @@
 #
 # Functions in this section are meant to be used independently from ReaR. They do not rely on any external
 # script code unless stated otherwise. Return codes must be checked by the caller.
+# Before using these functions ensure that pattern matching extensions are enabled : 'shopt -s nullglob extglob'.
 #
 
 function opal_devices() {
diff --git a/usr/share/rear/skel/default/etc/scripts/unlock-opal-disks b/usr/share/rear/skel/default/etc/scripts/unlock-opal-disks
index 77d489fcd1..2f77e5a08b 100755
--- a/usr/share/rear/skel/default/etc/scripts/unlock-opal-disks
+++ b/usr/share/rear/skel/default/etc/scripts/unlock-opal-disks
@@ -7,6 +7,7 @@
 # To avoid delays, this script will perform a hard reset or power-off instead of a regular
 # system shutdown.
 
+shopt -s nullglob extglob  # Enable pattern matching extensions required for 'opal-functions.sh'
 source /usr/share/rear/lib/opal-functions.sh
 [[ -f /.OPAL_PBA_SETTINGS.sh ]] && source /.OPAL_PBA_SETTINGS.sh