nvme/066: test NVMe host driver code for NVME SED operations

Add comprehensive test coverage for NVMe host driver code about NVMe
Self-Encrypting Drive operations including discover, initialize,
lock/unlock, password management, and revert functionality.
This test verifies the complete SED lifecycle:

- Discovery of SED capabilities and initial state
- SED initialization with password setup
- Device locking and unlocking operations
- Password change functionality
- Regular revert to disable SED
- Destructive revert testing

The test uses expect scripts to handle interactive password prompts and
includes proper verification of each operation through discovery output
parsing. Also adds helper functions to the nvme test framework for SED
support detection and nvme-cli SED plugin availability checking.

Signed-off-by: Yi Zhang <[email protected]>

Author: yizhanglinux

tests/nvme/066

@@ -0,0 +1,173 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-3.0+
+# Copyright (C) 2025 Yi Zhang <[email protected]>
+#
+# Test NVMe host driver code for NVME SED (Self-Encryptiong Drive) operations
+# including discover, initialize, lock/unlock, password change and revert
+#
+
+. tests/nvme/rc
+
+DESCRIPTION="Test NVMe host driver code for NVME SED operations"
+QUICK=1
+
+# SED test passwords
+SED_PASSWORD="password"
+SED_NEW_PASSWORD="PASSWORD"
+
+requires() {
+	_nvme_requires
+	_have_kernel_option BLK_SED_OPAL
+	_have_program expect
+	_have_program nvme
+	_require_nvme_cli_sed
+}
+
+device_requires() {
+	_require_test_dev_is_nvme
+	_require_test_dev_support_sed
+}
+
+nvme_sed_discover() {
+	local device=$1
+
+	nvme sed discover "$device"
+}
+
+nvme_sed_init() {
+	local device=$1
+
+	expect <<EOF
+		spawn nvme sed initialize $device
+		expect "New Password:"
+		send "$SED_PASSWORD\r"
+		expect "Re-enter New Password:"
+		send "$SED_PASSWORD\r"
+		expect eof
+EOF
+}
+
+nvme_sed_lock() {
+	local device=$1
+
+	nvme sed lock "$device"
+}
+
+nvme_sed_unlock() {
+	local device=$1
+
+	nvme sed unlock "$device"
+}
+
+nvme_sed_change_password() {
+	local device=$1
+
+	expect <<EOF
+		spawn nvme sed password $device
+		expect "Password:"
+		send "$SED_PASSWORD\r"
+		expect "New Password:"
+		send "$SED_NEW_PASSWORD\r"
+		expect "Re-enter New Password:"
+		send "$SED_NEW_PASSWORD\r"
+		expect eof
+EOF
+}
+
+nvme_sed_revert() {
+	local device=$1
+
+	expect <<EOF
+		spawn nvme sed revert $device
+		expect "Password:"
+		send "$SED_NEW_PASSWORD\r"
+		expect eof
+EOF
+}
+
+nvme_sed_revert_destructive() {
+	local device=$1
+
+	expect <<EOF
+		spawn nvme sed revert -e $device
+		expect "Destructive revert erases drive data. Continue (y/n)?"
+		send "y\r"
+		expect "Are you sure (y/n)?"
+		send "y\r"
+		expect "Password:"
+		send "$SED_PASSWORD\r"
+		expect eof
+EOF
+}
+
+test_device() {
+	echo "Running ${TEST_NAME}"
+
+	# Test 1: Discover initial state
+	echo "Initial SED state:"
+	nvme_sed_discover "$TEST_DEV" | grep -E "Locking|Locked"
+
+	# Test 2: Initialize SED
+	echo "Initializing SED..."
+	nvme_sed_init "$TEST_DEV" > /dev/null 2>&1
+
+	# Verify initialization
+	if nvme_sed_discover "$TEST_DEV" | grep -q "Locking Feature Enabled.*: yes"; then
+		echo "SED initialization successful"
+	else
+		echo "SED initialization failed"
+		return
+	fi
+
+	# Test 3: Lock the device
+	echo "Locking device..."
+	nvme_sed_lock "$TEST_DEV"
+
+	# Verify lock
+	if nvme_sed_discover "$TEST_DEV" | grep -q "Locked.*: yes"; then
+		echo "Device locked successfully"
+	else
+		echo "Device lock failed"
+	fi
+
+	# Test 4: Unlock the device
+	echo "Unlocking device..."
+	nvme_sed_unlock "$TEST_DEV"
+
+	# Verify unlock
+	if nvme_sed_discover "$TEST_DEV" | grep -q "Locked.*: no"; then
+		echo "Device unlocked successfully"
+	else
+		echo "Device unlock failed"
+	fi
+
+	# Test 5: Change password
+	echo "Changing password..."
+	nvme_sed_change_password "$TEST_DEV" &> /dev/null
+
+	# Test 6: Revert to disable locking
+	echo "Reverting SED..."
+	nvme_sed_revert "$TEST_DEV" &> /dev/null
+
+	# Verify revert
+	if nvme_sed_discover "$TEST_DEV" | grep -q "Locking Feature Enabled.*: no"; then
+		echo "SED revert successful"
+	else
+		echo "SED revert failed"
+	fi
+
+	# Test 7: Reset to disable locking with destructive revert
+	echo "Destructive revert SED..."
+	nvme_sed_init "$TEST_DEV" &> /dev/null
+	nvme_sed_lock "$TEST_DEV"
+	nvme_sed_revert_destructive "$TEST_DEV" &> /dev/null
+
+	# Verify destructive revert
+	if nvme_sed_discover "$TEST_DEV" | grep -q "Locking Feature Enabled.*: no"; then
+		echo "Destructive revert successful"
+	else
+		echo "Destructive revert failed"
+	fi
+
+	echo "Test complete"
+}

tests/nvme/066.out

@@ -0,0 +1,18 @@
+Running nvme/066
+Initial SED state:
+Locking Features:
+	Locking Supported               : yes
+	Locking Feature Enabled         : no
+	Locked                          : no
+Initializing SED...
+SED initialization successful
+Locking device...
+Device locked successfully
+Unlocking device...
+Device unlocked successfully
+Changing password...
+Reverting SED...
+SED revert successful
+Destructive revert SED...
+Destructive revert successful
+Test complete

tests/nvme/rc

@@ -153,6 +153,18 @@ _require_test_dev_is_not_nvme_multipath() {
 	return 0
 }
 
+_require_test_dev_support_sed() {
+	if ! nvme sed discover "$TEST_DEV" &> /dev/null; then
+		SKIP_REASONS+=("$TEST_DEV doesn't support SED operations")
+		return 1
+	fi
+	if nvme sed discover "$TEST_DEV" | grep -q "Locking Supported.*: yes"; then
+		return 0
+	fi
+	SKIP_REASONS+=("$TEST_DEV doesn't support SED operations")
+	return 1
+}
+
 _test_dev_has_metadata() {
 	if [ ! -e "${TEST_DEV_SYSFS}/metadata_bytes" ] || \
 		   (( ! $(<"${TEST_DEV_SYSFS}/metadata_bytes") )); then
@@ -216,6 +228,14 @@ _require_nvme_cli_tls() {
 	return 0
 }
 
+_require_nvme_cli_sed() {
+	if ! nvme sed help &> /dev/null; then
+		SKIP_REASONS+=("nvme doesn't support sed plugin")
+		return 1
+	fi
+	return 0
+}
+
 _require_kernel_nvme_fabrics_feature() {
 	local feature="$1"