1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
|
'\" t
.\" Title: nvme-rpmb
.\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date: 08/05/2024
.\" Manual: NVMe Manual
.\" Source: NVMe
.\" Language: English
.\"
.TH "NVME\-RPMB" "1" "08/05/2024" "NVMe" "NVMe Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
nvme-rpmb \- Send RPMB commands to an NVMe device
.SH "SYNOPSIS"
.sp
.nf
\fInvme rpmb\fR <device> [\-\-cmd=<command> | \-c <command>]
[\-\-msgfile=<data\-file> | \-f <data\-file>]
[\-\-keyfile=<key\-file> | \-g <key\-file>]
[\-\-key=<key> | \-k <key>] [\-\-msg=<data> | \-d <data>]
[\-\-address=<offset> | \-o <offset>]
[\-\-blocks=<512 byte sectors> | \-b <sectors>]
[\-\-target=<target\-id> | \-t <id>]
[\-\-output\-format=<fmt> | \-o <fmt>] [\-\-verbose | \-v]
.fi
.SH "DESCRIPTION"
.sp
For the NVMe device given, send an nvme rpmb command and provide the results\&.
.sp
The <device> parameter is mandatory and NVMe character device (ex: /dev/nvme0) must be specified\&. If the given device supports RPMB targets, command given with \-\-cmd or \-c option shall be sent to the controller\&. If given NVMe device doesn\(cqt support RPMB targets, a message indicating the same shall be printed along with controller register values related RPMB\&.
.SH "OPTIONS"
.PP
\-c <command>, \-\-cmd=<command>
.RS 4
RPMB command to be sent to the device\&. It can be one of the following
.sp
.if n \{\
.RS 4
.\}
.nf
info \- print information regarding supported RPMB targets and
access and total sizes\&. No further arguments are required
.fi
.if n \{\
.RE
.\}
.sp
.if n \{\
.RS 4
.\}
.nf
program\-key \- program \*(Aqkey\*(Aq specified with \-k option or key read from
file specified with \-\-keyfile option to the specified
RPMB target given with \-\-target or \-t options\&. As per
spec, this is one time action which can\*(Aqt be undone\&.
.fi
.if n \{\
.RE
.\}
.sp
.if n \{\
.RS 4
.\}
.nf
read\-counter \- Read \*(Aqwrite counter\*(Aq of specified RPMB target\&. The
counter value read is printed onto STDOUT
.fi
.if n \{\
.RE
.\}
.sp
.if n \{\
.RS 4
.\}
.nf
read\-config \- Read 512 bytes of device configuration block data of
specified RPMB target of the NVMe device\&. The data read
is written to input file specified with \-\-msgfile or \-f
option\&.
write\-config \- Write 512 byes of device configuration block data
from file specified by \-\-msgfile or \-f options to the
RPMB target specified with \-\-target or \-t options\&.
.fi
.if n \{\
.RE
.\}
.sp
.if n \{\
.RS 4
.\}
.nf
read\-data \- Supports authenticated data reading from specified
RPMB target (\-\-target or \-t option) at given offset
specified with \-\-address or \-o option, using key
specified using \-\-keyfile or \-k options\&. \-\-blocks or
\-o option should be given to read the amount of data
to be read in 512 byte blocks\&.
.fi
.if n \{\
.RE
.\}
.sp
.if n \{\
.RS 4
.\}
.nf
write\-data \- Supports authenticated data writing to specified RPMB
target (\-\-target or \-t option) at given offset
specified with \-\-address or \-o option, using key
specified using \-\-keyfile or \-k options\&. \-\-blocks or
\-o option should be given to indicate amount of data
to be written in 512 byte blocks\&.
.fi
.if n \{\
.RE
.\}
.sp
.if n \{\
.RS 4
.\}
.nf
For data transfer (read/write) commands, if the specified size is not
within the total size supported by a target, the request is failed
nvme\-rpmb without sending it to device\&. RPMB target 0 is used as the
default target if \-\-target or \-t is not specified\&. 0x0 is used as the
default address if no \-address or \-o option is specified,
.fi
.if n \{\
.RE
.\}
.RE
.PP
\-t <target>, \-\-target=<target>
.RS 4
RPMB target id\&. This should be one of the supported RPMB targets as reported by
\fIinfo\fR
command\&. If nothing is given, default of 0 is used as RPMB target\&.
.RE
.PP
\-k <key>, \-\-key=<key>, \-g <key\-file>, \-\-keyfile=<key\-file>
.RS 4
Authentication key to be used for read/write commands\&. This should have been already programmed by
\fIprogram\-key\fR
command for given target\&. Key can be specified on command line using \-\-key or \-k options\&. Key can also be specified using file argument specified with \-\-keyfile or \-g options\&.
.RE
.PP
\-f <data\-file>, \-\-msgfile=<data\-file>
.RS 4
Name of the file to be used for data transfer commands (read or write)\&. For read command, if an existing file is specified, it will be appended\&.
.RE
.PP
\-d <data>, \-\-msg=<data>
.RS 4
These options provide the data on the command line itself\&.
.RE
.PP
\-o <offset>, \-\-address=<offset>
.RS 4
The address (in 512 byte sector offset from 0) to be used for data transfer commands (read or write) for a specified RPMB target\&.
.RE
.PP
\-b, \-\-blocks=<sectors>
.RS 4
The size in 512 byte sectors to be used for data transfer commands (read or write) for a specified RPMB target\&.
.RE
.PP
\-o <fmt>, \-\-output\-format=<fmt>
.RS 4
Set the reporting format to
\fInormal\fR,
\fIjson\fR
or
\fIbinary\fR\&. Only one output format can be used at a time\&.
.RE
.PP
\-v, \-\-verbose
.RS 4
Increase the information detail in the output\&.
.RE
.SH "EXAMPLES"
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Print RPMB support information of an NVMe device
.sp
.if n \{\
.RS 4
.\}
.nf
# nvme rpmb /dev/nvme0 \-\-cmd=info
.fi
.if n \{\
.RE
.\}
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Program
\fISecretKey\fR
as authentication key for target 1
.sp
.if n \{\
.RS 4
.\}
.nf
# nvme rpmb /dev/nvme0 \-\-cmd=program\-key \-key=\*(AqSecretKey\*(Aq \-\-target=1
.fi
.if n \{\
.RE
.\}
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Read current write counter of RPMB target 0
.sp
.if n \{\
.RS 4
.\}
.nf
# nvme rpmb /dev/nvme0 \-\-cmd=read\-counter \-\-target=0
.fi
.if n \{\
.RE
.\}
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Read configuration data block of target 2 into config\&.bin file
.sp
.if n \{\
.RS 4
.\}
.nf
# nvme rpmb /dev/nvme0 \-\-cmd=read\-config \-\-target=2 \-f config\&.bin
.fi
.if n \{\
.RE
.\}
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Write 200 blocks of (512 bytes) from input\&.bin onto target 0
.sp
.if n \{\
.RS 4
.\}
.nf
# nvme rpmb /dev/nvme0 \-c write\-data \-t 0 \-f input\&.bin \-b 200 \-k \*(AqSecretKey\*(Aq
.fi
.if n \{\
.RE
.\}
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Read 200 blocks of (512 bytes) from target 2, at offset 0x100 and save the
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
data onto output\&.bin
.sp
.if n \{\
.RS 4
.\}
.nf
# nvme rpmb /dev/nvme0 \-c read\-data \-t 2 \-f out\&.bin \-b 200 \-o 0x100
.fi
.if n \{\
.RE
.\}
.RE
.SH "NVME"
.sp
Part of the nvme\-user suite
|