On Thu, Jan 17, 2019 at 6:39 PM Dave Jiang <[email protected]> wrote: > > Add load-keys command to ndctl. This will attempt to load the master key > and the related encrypted keys for nvdimms. Also add reference config file > for modprobe.d in order to call ndctl load-keys and inject keys associated > with the nvdimms into the kernel user ring for unlock. > > Signed-off-by: Dave Jiang <[email protected]> > --- > Documentation/ndctl/Makefile.am | 3 > Documentation/ndctl/ndctl-load-keys.txt | 43 +++++ > Makefile.am | 4 > contrib/nvdimm-security.conf | 1 > ndctl.spec.in | 1 > ndctl/Makefile.am | 3 > ndctl/builtin.h | 1 > ndctl/lib/keys.c | 64 +++++--- > ndctl/lib/libndctl.sym | 1 > ndctl/libndctl.h | 2 > ndctl/load-keys.c | 257 > +++++++++++++++++++++++++++++++ > ndctl/ndctl.c | 1 > 12 files changed, 357 insertions(+), 24 deletions(-) > create mode 100644 Documentation/ndctl/ndctl-load-keys.txt > create mode 100644 contrib/nvdimm-security.conf > create mode 100644 ndctl/load-keys.c [..] > -static char *load_key_blob(struct ndctl_ctx *ctx, const char *path, int > *size) > +NDCTL_EXPORT char *ndctl_load_key_blob(struct ndctl_ctx *ctx, > + const char *path, int *size, const char *postfix, int dirfd)
As another example of the comment in patch3 this api seems particularly difficult to describe how a 3rd party could use it without subscribing to all of the assumptions of the ndctl implementation. _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
