On Fri, Nov 9, 2018 at 2:13 PM Dave Jiang <dave.ji...@intel.com> wrote: > > In order to make nvdimm more secure, encrypted keys will be used instead of > clear text keys. A master key will be created to seal encrypted nvdimm > keys. The master key can be a trusted key generated from TPM 2.0 or a less > secure user key. > > In the process of this conversion, the kernel cached key will be removed > in order to simplify the verification process. The hardware will be used to > verify the decrypted user payload directly. > > Signed-off-by: Dave Jiang <dave.ji...@intel.com> > --- > Documentation/nvdimm/security.txt | 29 ++- > drivers/nvdimm/dimm.c | 3 > drivers/nvdimm/dimm_devs.c | 2 > drivers/nvdimm/nd-core.h | 3 > drivers/nvdimm/nd.h | 5 - > drivers/nvdimm/security.c | 316 > ++++++++++--------------------------- > 6 files changed, 108 insertions(+), 250 deletions(-)
Remove twice the amount of code that it adds and gains features / security, nice! _______________________________________________ Linux-nvdimm mailing list Linux-nvdimm@lists.01.org https://lists.01.org/mailman/listinfo/linux-nvdimm