acpi/nfit, libnvdimm: Add support for issue secure erase DSM to Intel nvdimm
Add support to issue a secure erase DSM to the Intel nvdimm. The required passphrase is acquired from an encrypted key in the kernel user keyring. To trigger the action, "erase <keyid>" is written to the "security" sysfs attribute. Signed-off-by: Dave Jiang <dave.jiang@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This commit is contained in:
parent
d2a4ac73f5
commit
64e77c8c04
|
@ -203,6 +203,52 @@ static int intel_security_disable(struct nvdimm *nvdimm,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int intel_security_erase(struct nvdimm *nvdimm,
|
||||||
|
const struct nvdimm_key_data *key)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
|
||||||
|
struct {
|
||||||
|
struct nd_cmd_pkg pkg;
|
||||||
|
struct nd_intel_secure_erase cmd;
|
||||||
|
} nd_cmd = {
|
||||||
|
.pkg = {
|
||||||
|
.nd_family = NVDIMM_FAMILY_INTEL,
|
||||||
|
.nd_size_in = ND_INTEL_PASSPHRASE_SIZE,
|
||||||
|
.nd_size_out = ND_INTEL_STATUS_SIZE,
|
||||||
|
.nd_fw_size = ND_INTEL_STATUS_SIZE,
|
||||||
|
.nd_command = NVDIMM_INTEL_SECURE_ERASE,
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
if (!test_bit(NVDIMM_INTEL_SECURE_ERASE, &nfit_mem->dsm_mask))
|
||||||
|
return -ENOTTY;
|
||||||
|
|
||||||
|
/* flush all cache before we erase DIMM */
|
||||||
|
nvdimm_invalidate_cache();
|
||||||
|
memcpy(nd_cmd.cmd.passphrase, key->data,
|
||||||
|
sizeof(nd_cmd.cmd.passphrase));
|
||||||
|
rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL);
|
||||||
|
if (rc < 0)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
switch (nd_cmd.cmd.status) {
|
||||||
|
case 0:
|
||||||
|
break;
|
||||||
|
case ND_INTEL_STATUS_NOT_SUPPORTED:
|
||||||
|
return -EOPNOTSUPP;
|
||||||
|
case ND_INTEL_STATUS_INVALID_PASS:
|
||||||
|
return -EINVAL;
|
||||||
|
case ND_INTEL_STATUS_INVALID_STATE:
|
||||||
|
default:
|
||||||
|
return -ENXIO;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* DIMM erased, invalidate all CPU caches before we read it */
|
||||||
|
nvdimm_invalidate_cache();
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* TODO: define a cross arch wbinvd equivalent when/if
|
* TODO: define a cross arch wbinvd equivalent when/if
|
||||||
* NVDIMM_FAMILY_INTEL command support arrives on another arch.
|
* NVDIMM_FAMILY_INTEL command support arrives on another arch.
|
||||||
|
@ -226,6 +272,7 @@ static const struct nvdimm_security_ops __intel_security_ops = {
|
||||||
.disable = intel_security_disable,
|
.disable = intel_security_disable,
|
||||||
#ifdef CONFIG_X86
|
#ifdef CONFIG_X86
|
||||||
.unlock = intel_security_unlock,
|
.unlock = intel_security_unlock,
|
||||||
|
.erase = intel_security_erase,
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -394,7 +394,8 @@ static ssize_t security_show(struct device *dev,
|
||||||
#define OPS \
|
#define OPS \
|
||||||
C( OP_FREEZE, "freeze", 1), \
|
C( OP_FREEZE, "freeze", 1), \
|
||||||
C( OP_DISABLE, "disable", 2), \
|
C( OP_DISABLE, "disable", 2), \
|
||||||
C( OP_UPDATE, "update", 3)
|
C( OP_UPDATE, "update", 3), \
|
||||||
|
C( OP_ERASE, "erase", 2)
|
||||||
#undef C
|
#undef C
|
||||||
#define C(a, b, c) a
|
#define C(a, b, c) a
|
||||||
enum nvdimmsec_op_ids { OPS };
|
enum nvdimmsec_op_ids { OPS };
|
||||||
|
@ -448,6 +449,9 @@ static ssize_t __security_store(struct device *dev, const char *buf, size_t len)
|
||||||
} else if (i == OP_UPDATE) {
|
} else if (i == OP_UPDATE) {
|
||||||
dev_dbg(dev, "update %u %u\n", key, newkey);
|
dev_dbg(dev, "update %u %u\n", key, newkey);
|
||||||
rc = nvdimm_security_update(nvdimm, key, newkey);
|
rc = nvdimm_security_update(nvdimm, key, newkey);
|
||||||
|
} else if (i == OP_ERASE) {
|
||||||
|
dev_dbg(dev, "erase %u\n", key);
|
||||||
|
rc = nvdimm_security_erase(nvdimm, key);
|
||||||
} else
|
} else
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -498,7 +502,8 @@ static umode_t nvdimm_visible(struct kobject *kobj, struct attribute *a, int n)
|
||||||
return 0;
|
return 0;
|
||||||
/* Are there any state mutation ops? */
|
/* Are there any state mutation ops? */
|
||||||
if (nvdimm->sec.ops->freeze || nvdimm->sec.ops->disable
|
if (nvdimm->sec.ops->freeze || nvdimm->sec.ops->disable
|
||||||
|| nvdimm->sec.ops->change_key)
|
|| nvdimm->sec.ops->change_key
|
||||||
|
|| nvdimm->sec.ops->erase)
|
||||||
return a->mode;
|
return a->mode;
|
||||||
return 0444;
|
return 0444;
|
||||||
}
|
}
|
||||||
|
|
|
@ -61,6 +61,7 @@ int nvdimm_security_freeze(struct nvdimm *nvdimm);
|
||||||
int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid);
|
int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid);
|
||||||
int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid,
|
int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid,
|
||||||
unsigned int new_keyid);
|
unsigned int new_keyid);
|
||||||
|
int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid);
|
||||||
#else
|
#else
|
||||||
static inline int nvdimm_security_disable(struct nvdimm *nvdimm,
|
static inline int nvdimm_security_disable(struct nvdimm *nvdimm,
|
||||||
unsigned int keyid)
|
unsigned int keyid)
|
||||||
|
@ -72,6 +73,10 @@ static inline int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int key
|
||||||
{
|
{
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
}
|
}
|
||||||
|
static inline int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid)
|
||||||
|
{
|
||||||
|
return -EOPNOTSUPP;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -33,6 +33,9 @@ static void *key_data(struct key *key)
|
||||||
|
|
||||||
static void nvdimm_put_key(struct key *key)
|
static void nvdimm_put_key(struct key *key)
|
||||||
{
|
{
|
||||||
|
if (!key)
|
||||||
|
return;
|
||||||
|
|
||||||
up_read(&key->sem);
|
up_read(&key->sem);
|
||||||
key_put(key);
|
key_put(key);
|
||||||
}
|
}
|
||||||
|
@ -259,3 +262,41 @@ int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid,
|
||||||
nvdimm->sec.state = nvdimm_security_state(nvdimm);
|
nvdimm->sec.state = nvdimm_security_state(nvdimm);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid)
|
||||||
|
{
|
||||||
|
struct device *dev = &nvdimm->dev;
|
||||||
|
struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
|
||||||
|
struct key *key;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
/* The bus lock should be held at the top level of the call stack */
|
||||||
|
lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
|
||||||
|
|
||||||
|
if (!nvdimm->sec.ops || !nvdimm->sec.ops->erase
|
||||||
|
|| nvdimm->sec.state < 0)
|
||||||
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
|
if (atomic_read(&nvdimm->busy)) {
|
||||||
|
dev_warn(dev, "Unable to secure erase while DIMM active.\n");
|
||||||
|
return -EBUSY;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) {
|
||||||
|
dev_warn(dev, "Incorrect security state: %d\n",
|
||||||
|
nvdimm->sec.state);
|
||||||
|
return -EIO;
|
||||||
|
}
|
||||||
|
|
||||||
|
key = nvdimm_lookup_user_key(nvdimm, keyid, NVDIMM_BASE_KEY);
|
||||||
|
if (!key)
|
||||||
|
return -ENOKEY;
|
||||||
|
|
||||||
|
rc = nvdimm->sec.ops->erase(nvdimm, key_data(key));
|
||||||
|
dev_dbg(dev, "key: %d erase: %s\n", key_serial(key),
|
||||||
|
rc == 0 ? "success" : "fail");
|
||||||
|
|
||||||
|
nvdimm_put_key(key);
|
||||||
|
nvdimm->sec.state = nvdimm_security_state(nvdimm);
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
|
@ -180,6 +180,8 @@ struct nvdimm_security_ops {
|
||||||
const struct nvdimm_key_data *key_data);
|
const struct nvdimm_key_data *key_data);
|
||||||
int (*disable)(struct nvdimm *nvdimm,
|
int (*disable)(struct nvdimm *nvdimm,
|
||||||
const struct nvdimm_key_data *key_data);
|
const struct nvdimm_key_data *key_data);
|
||||||
|
int (*erase)(struct nvdimm *nvdimm,
|
||||||
|
const struct nvdimm_key_data *key_data);
|
||||||
};
|
};
|
||||||
|
|
||||||
void badrange_init(struct badrange *badrange);
|
void badrange_init(struct badrange *badrange);
|
||||||
|
|
Loading…
Reference in New Issue