Provide the user an override via kernel module parameter for security key self verification. no_key_self_verify parameter is being added to bypass security key verify against the hardware during nvdimm unlock path.
Signed-off-by: Dave Jiang <[email protected]> --- drivers/nvdimm/security.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index ee741199d623..d2831e61f3d8 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 /* Copyright(c) 2018 Intel Corporation. All rights reserved. */ +#include <linux/module.h> #include <linux/device.h> #include <linux/ndctl.h> #include <linux/slab.h> @@ -14,6 +15,10 @@ #include "nd-core.h" #include "nd.h" +static bool no_key_self_verify; +module_param(no_key_self_verify, bool, 0644); +MODULE_PARM_DESC(no_key_self_verify, "Bypass security key self verify"); + /* * Retrieve user injected key */ @@ -235,6 +240,12 @@ int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm) * other security operations. */ if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED) { + /* bypass if user override */ + if (no_key_self_verify) { + mutex_unlock(&nvdimm->sec_mutex); + return 0; + } + key = nvdimm_self_verify_key(nvdimm); if (!key) { rc = nvdimm_security_freeze_lock(nvdimm); _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
