sed-key 0.1.5

Tool + library for controlling NVMe SED/OPAL lock states on Linux
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

{
  description = "sed-key: minimal OPAL unlock tool";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";

    rust-overlay = {
      url = "github:oxalica/rust-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, flake-utils, rust-overlay, ... }:
    flake-utils.lib.eachDefaultSystem (system:
      let
        pkgs = import nixpkgs {
          inherit system;
          overlays = [ rust-overlay.overlays.default ];
        };
      in {
        packages.default = pkgs.rustPlatform.buildRustPackage {
          pname = "sed-key";
          version = "0.1.5";
          src = ./.;
          cargoLock.lockFile = ./Cargo.lock;

          nativeBuildInputs = with pkgs; [
            (rust-bin.stable.latest.default.override {
              targets = [ "x86_64-unknown-linux-musl" ];
            })
            pkg-config
            llvmPackages.libclang
            llvmPackages.llvm
            linuxHeaders
            openssl.dev
          ];

          LIBCLANG_PATH = "${pkgs.llvmPackages.libclang.lib}/lib";
          LLVM_CONFIG_PATH = "${pkgs.llvmPackages.llvm.dev}/bin/llvm-config";
          BINDGEN_EXTRA_CLANG_ARGS = "-I${pkgs.linuxHeaders}/include";

          OPENSSL_DIR = "${pkgs.openssl}";
          OPENSSL_INCLUDE_DIR = "${pkgs.openssl.dev}/include";
          OPENSSL_LIB_DIR = "${pkgs.openssl.out}/lib";
          PKG_CONFIG_PATH = "${pkgs.openssl.dev}/lib/pkgconfig";

          meta = with pkgs.lib; {
            description = "Minimal Rust tool to unlock NVMe OPAL SED drives";
            homepage = "https://github.com/daveman1010221/sed-key";
            license = licenses.mit;
            platforms = platforms.linux;
          };
        };

        devShells.default = pkgs.mkShell {
          packages = with pkgs; [
            (rust-bin.stable.latest.default.override {
              targets = [ "x86_64-unknown-linux-musl" ];
            })
            rust-bindgen
            pkg-config
            llvmPackages.libclang
            llvmPackages.llvm
            linuxHeaders
            openssl
            binutils
            cacert
          ];

          LIBCLANG_PATH = "${pkgs.llvmPackages.libclang.lib}/lib";
          LLVM_CONFIG_PATH = "${pkgs.llvmPackages.llvm.dev}/bin/llvm-config";
          BINDGEN_EXTRA_CLANG_ARGS = "-I${pkgs.linuxHeaders}/include";

          OPENSSL_DIR = "${pkgs.openssl}";
          OPENSSL_INCLUDE_DIR = "${pkgs.openssl.dev}/include";
          OPENSSL_LIB_DIR = "${pkgs.openssl.out}/lib";
          PKG_CONFIG_PATH = "${pkgs.openssl.dev}/lib/pkgconfig";
          LD_LIBRARY_PATH = "${pkgs.openssl.out}/lib";

          shellHook = ''
            export NIX_HARDENING_ENABLE="fortify stackprotector pie relro bindnow"
            export CARGO_HOME=$PWD/.cargo
            echo "nix-style hardening enabled; cargo builds should match flake outputs."
          '';
        };
      });
}