Intel DSM v1.8 introduced the concept of master passphrase and allowing
nvdimm to be secure erased via the master passphrase in addition to the
user passphrase. Add ndctl support to provide master passphrase secure
erase.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt
Add unit test for security enable, disable, update, erase, unlock, and
freeze.
Signed-off-by: Dave Jiang
---
test/Makefile.am |4 +
test/security.sh | 191 ++
2 files changed, 195 insertions(+)
create mode 100755 test/security.sh
diff
Adding reference config file for modprobe.d in order to trigger the
reference script that will inject keys associated with the nvdimms into
the kernel user ring for unlock.
Signed-off-by: Dave Jiang
---
Makefile.am | 10 ++
contrib/ndctl-loadkeys.sh| 24
Adding libndctl API call for retrieving security state for a DIMM and also
adding support to ndctl list for displaying security state.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-list.txt |8
ndctl/lib/dimm.c | 37
The following series implements mechanisms that utilize the sysfs knobs
provided by the kernel in order to support the Intel DSM v1.8 spec
that provides security to NVDIMM. The following abilities are added:
1. display security state
2. enable/update passphrase
3. disable passphrase
4. freeze
Add API call for triggering sysfs knob to update the security for a DIMM
in libndctl. Also add the ndctl "update-passphrase" to trigger the
operation.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |4
Documentation/ndctl/ndctl-enable-passphrase.txt | 35 ++
Add support to secure erase to libndctl and also command line option
of "sanitize-dimm" for ndctl. This will initiate the request to crypto
erase a DIMM.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +-
Documentation/ndctl/ndctl-sanitize-dimm.txt | 32
Add support for disable security to libndctl and also command line option
of "disable-passphrase" for ndctl. This provides a way to disable security
on the nvdimm.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 ++
Add support for overwrite to libndctl. The operation will be triggered
by the sanitize-dimm command with -o switch. This will initiate the request
to wipe the entire nvdimm. Success return of the command only indicate
overwrite has started and does not indicate completion of overwrite.
Add support for freeze security to libndctl and also command line option
of "freeze-security" for ndctl. This will lock the ability to make changes
to the NVDIMM security.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 ++-
Adding master passphrase enabling and update to ndctl. This is a new
feature from Intel DSM v1.8.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-enable-passphrase.txt |7 +
Documentation/ndctl/ndctl-update-passphrase.txt |7 +
ndctl/dimm.c|
Adding a monitoring command to ndctl in order to wait on the progress of
overwrite.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +
Documentation/ndctl/ndctl-wait-overwrite.txt | 31 ++
builtin.h|1
somOn Thu, Dec 13, 2018 at 1:45 AM Alexander Duyck
wrote:
>
> Try to consolidate all of the locking and unlocking of both the parent and
> device when attaching or removing a driver from a given device.
>
> To do that I first consolidated the lock pattern into two functions
>
From: Mike Snitzer
Sent: Thursday, December 13, 2018 6:43 AM
> On Wed, Dec 12 2018 at 4:15pm -0500,
> Theodore Y. Ts'o wrote:
>
> > On Wed, Dec 12, 2018 at 12:50:47PM -0500, Mike Snitzer wrote:
> > > On Wed, Dec 12 2018 at 11:12am -0500,
> > > Christoph Hellwig wrote:
> > >
> > > > Does it
14 matches
Mail list logo