On Thu, Jan 17, 2019 at 6:38 PM Dave Jiang <[email protected]> wrote: > > Add API call for triggering sysfs knob to update the security for a DIMM > in libndctl. Also add the ndctl "update-passphrase" to trigger the > operation. > > Signed-off-by: Dave Jiang <[email protected]> > --- > Documentation/ndctl/Makefile.am | 4 > Documentation/ndctl/ndctl-setup-passphrase.txt | 34 ++ > Documentation/ndctl/ndctl-update-passphrase.txt | 36 ++ > configure.ac | 14 + > ndctl.spec.in | 2 > ndctl/builtin.h | 2 > ndctl/dimm.c | 68 +++- > ndctl/lib/Makefile.am | 8 > ndctl/lib/dimm.c | 24 + > ndctl/lib/keys.c | 387 > +++++++++++++++++++++++ > ndctl/lib/libndctl.sym | 3 > ndctl/libndctl.h | 31 ++ > ndctl/ndctl.c | 2 > 13 files changed, 603 insertions(+), 12 deletions(-) > create mode 100644 Documentation/ndctl/ndctl-setup-passphrase.txt > create mode 100644 Documentation/ndctl/ndctl-update-passphrase.txt > create mode 100644 ndctl/lib/keys.c [..] > diff --git a/ndctl/lib/dimm.c b/ndctl/lib/dimm.c > index 712223fc..72b6f66c 100644 > --- a/ndctl/lib/dimm.c > +++ b/ndctl/lib/dimm.c > @@ -631,3 +631,27 @@ NDCTL_EXPORT enum ndctl_security_state > ndctl_dimm_get_security( [..] > +NDCTL_EXPORT int ndctl_dimm_update_passphrase(struct ndctl_dimm *dimm, [..] > diff --git a/ndctl/lib/keys.c b/ndctl/lib/keys.c > new file mode 100644 > index 00000000..1ae0ff02 > --- /dev/null > +++ b/ndctl/lib/keys.c > @@ -0,0 +1,387 @@ [..] > +NDCTL_EXPORT int ndctl_dimm_enable_key(struct ndctl_dimm *dimm) [..] > +NDCTL_EXPORT int ndctl_dimm_update_key(struct ndctl_dimm *dimm)
So, a general comment. I'm having a hard time envisioning how these apis and other exports further in the series make sense to a consumer that is not ndctl/dimm.c? There's quite a bit of assumptions of built around how the ndctl command uses the keys that makes these apis not generically useful to anyone else. Exporting ndctl_dimm_get_security() makes sense because that's generic, all of these other exports seem specific to the ndctl implementation / scheme. It would be great to eventually have an api for 3rd party key management implementations, but I think that's a v65 (or later) concern and we should export as little as possible until it is clear how a 3rd party implementation would consume the apis. I think the only private detail of the dimm that needs to be exported is the raw sysfs interactions. Everything else should be private to the ndctl use case in something like ndctl/util/keys.c, not publicly exported in ndctl/lib/keys. _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
