On 8/3/2020 2:10 PM, Jane Chu wrote:
Hi, Dave,
On 8/3/2020 1:41 PM, Dave Jiang wrote:
On 7/24/2020 9:09 AM, Jane Chu wrote:
Since
commit d78c620a2e82 ("libnvdimm/security: Introduce a 'frozen' attribute"),
when issue
# ndctl sanitize-dimm nmem0 --overwrite
then immedia
re the internal
dimm security state and flags have been updated, so the userspace poll thread
wakes up and fetches the not-yet-updated attr and falls back to sleep, forever.
But if user from another terminal issue "ndctl wait-overwrite nmemX" again,
the command returns instantly.
Cc
thinking git bisect
later on to track issues. Otherwise Reviewed-by: Dave Jiang
Cc: Dan Williams
Fixes: d78c620a2e82 ("libnvdimm/security: Introduce a 'frozen' attribute")
Signed-off-by: Jane Chu
---
drivers/nvdimm/dimm_devs.c | 4 ++--
drivers/nvdimm/security.c | 2 +-
2 file
+0x68/0xe0
do_syscall_64+0x5c/0xa0
entry_SYSCALL_64_after_hwframe+0x49/0xb3
Cc: Dan Williams
Cc: Vishal Verma
Cc: Dave Jiang
Cc: Ira Weiny
Suggested-by: David Howells
Fixes: 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than a
mask")
Signed-off-by: Dan Williams
Rev
key 661489677
request-key[4606]: Cannot find command to construct key 34713726
...
Fixes: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for
Intel DIMMs")
Cc: sta...@vger.kernel.org
Signed-off-by: Dave Jiang
---
v2:
- Fix up commit header to add more information and
ouldn't rely on that. Replace the strcmp() calls in question with
> an explicit strncmp().
>
> Fixes: 3c0c7db045ec ("ndctl: add a wait-overwrite command")
> Cc: Dave Jiang
> Cc: Dan Williams
> Signed-off-by: Vishal Verma
Reviewed-by: Dave Jiang
> ---
> ndctl/lib/dimm.c
Current implementation attempts to request keys from the keyring even when
security is not enabled. Change behavior so when security is disabled it
will skip key request.
Signed-off-by: Dave Jiang
---
drivers/nvdimm/security.c |4
1 file changed, 4 insertions(+)
diff --git a/drivers
On 9/11/19 8:48 AM, Dan Williams wrote:
> Document the basic policies of the libnvdimm subsystem and provide a first
> example of a Maintainer Entry Profile for others to duplicate and edit.
>
> Cc: Vishal Verma
> Cc: Dave Jiang
> Signed-off-by: Dan Williams
Ac
> drivers/nvdimm/nd-core.h | 51 --
> drivers/nvdimm/security.c| 199
> +-
> include/linux/libnvdimm.h|9 +-
> tools/testing/nvdimm/dimm_devs.c | 19 +---
> 7 f
Add to security.sh to test load-keys for user keys.
Signed-off-by: Dave Jiang
---
V2:
- Add quotes around $masterkey. (Vishal)
- Change fail to failed in output. (Vishal)
test/security.sh | 68 --
1 file changed, 61 insertions(+), 7
The syntax for loading user master key is different than loading a trusted
key. Fix so we can load user key properly.
Signed-off-by: Dave Jiang
---
v2: No change
ndctl/load-keys.c | 13 +
ndctl/util/keys.c | 20 +++-
ndctl/util/keys.h | 10 --
3 files
load-keys incorrectly assumes that all keys have TPM handles. TPM handle is
only for trusted-keys. Fix in order to allow user master-key to operate.
Signed-off-by: Dave Jiang
---
v2:
- Make output go to stderr. (Dan)
ndctl/load-keys.c |6 ++
1 file changed, 2 insertions(+), 4
On 3/28/19 12:18 PM, Dan Williams wrote:
> On Thu, Mar 28, 2019 at 12:07 PM Dave Jiang wrote:
>>
>> The syntax for loading user master key is different than loading a trusted
>> key. Fix so we can load user key properly.
>>
>> Signed-off-by: Dave Jiang
&g
On 3/28/19 12:11 PM, Dan Williams wrote:
> On Thu, Mar 28, 2019 at 12:07 PM Dave Jiang wrote:
>>
>> load-keys incorrectly assumes that all keys have TPM handles. TPM handle is
>> only for trusted-keys. Fix in order to allow user master-key work.
>
> s/work/to ope
load-keys incorrectly assumes that all keys have TPM handles. TPM handle is
only for trusted-keys. Fix in order to allow user master-key work.
Signed-off-by: Dave Jiang
---
ndctl/load-keys.c |6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/ndctl/load-keys.c b/ndctl
The syntax for loading user master key is different than loading a trusted
key. Fix so we can load user key properly.
Signed-off-by: Dave Jiang
---
ndctl/load-keys.c | 13 +
ndctl/util/keys.c | 20 +++-
ndctl/util/keys.h | 10 --
3 files changed, 28
Add to security.sh to test load-keys for user keys.
Signed-off-by: Dave Jiang
---
test/security.sh | 56 ++
1 file changed, 52 insertions(+), 4 deletions(-)
diff --git a/test/security.sh b/test/security.sh
index 1b7a9a1a..7bd60293 100755
uniformly handle the key material even with zero_key.
Signed-off-by: Dave Jiang
---
v5:
- Updated commit message and header.
- Added helper functions for key payload management to support zero_key
(Dan)
- Fixed up security unlock path as well. (Dan)
v4:
- Remove deprecated code to detect NULL key
it can use the zero key to do crypto erase. Some other security commands
already use zero keys. This introduces a standard zero-key to allow
unification of semantics cross nvdimm security commands.
Signed-off-by: Dave Jiang
---
v5:
- Updated commit message and header. (Dan)
v4: No change
v3:
- Add
Sync update passphrase and overwrite to utilize the the same mechansim for
zero key.
Signed-off-by: Dave Jiang
---
v4:
- Remove deprecated code to detect NULL key in acpi/nfit. (Dan)
v3:
- new patch. sync rest of the commands to use zero key. (Dan)
drivers/acpi/nfit/intel.c | 10
Adding support to allow secure erase to happen when security state is not
enabled. Key data of 0's will be passed in.
Some other security commands already use zero keys. This is to unifiy
semantics cross commands with respect to using zero keys.
Signed-off-by: Dave Jiang
---
v4: No change
v3
Adding support to allow secure erase to happen when security state is not
enabled. Key data of 0's will be passed in.
Some other security commands already use zero keys. This is to unifiy
semantics cross commands with respect to using zero keys.
Signed-off-by: Dave Jiang
---
v3:
- Add note
correct master_passphrase to master-passphrase
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt
b/Documentation/ndctl/ndctl-sanitize-dimm.txt
index
Providing a way for crypto-erase to pass in a key that is with 0's as
payload.
Signed-off-by: Dave Jiang
---
v2:
- Make zero key option explicit with -z parameter. Otherwise we will look
for a key. (Dan)
Documentation/ndctl/ndctl-sanitize-dimm.txt |4
ndctl/dimm.c
Adding support to allow secure erase to happen when security state is not
enabled. Key data of 0's will be passed in.
Signed-off-by: Dave Jiang
---
v2:
- Make patch header explicitly zero key (Dan)
- Declare global static zero key (Dan)
- Make nfit_test explicitly test zero key (Dan)
drivers
On 3/22/19 2:43 PM, Dan Williams wrote:
> On Fri, Mar 22, 2019 at 2:33 PM Dave Jiang wrote:
>>
>> Adding support to allow secure erase to happen when security state is not
>> enabled. Key data of 0's will be passed in.
>
> I think I want to change this wor
When security is not enabled, we reject secure erase currently. Add
support to allow secure erase to occur without key.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt |2 ++
ndctl/util/keys.c | 16 +++-
2 files changed, 13
Adding support to allow secure erase to happen when security state is not
enabled. Key data of 0's will be passed in.
Signed-off-by: Dave Jiang
---
drivers/nvdimm/security.c| 17 -
tools/testing/nvdimm/test/nfit.c |3 +--
2 files changed, 13 insertions(+), 7
On 3/18/19 11:06 PM, Dan Williams wrote:
> Lookup the key type by name and protect libnvdimm from encrypted_keys.ko
> module load failures.
>
> Cc: Vishal Verma
> Cc: Dave Jiang
> Cc: Keith Busch
> Cc: Ira Weiny
> Signed-off-by: Dan Williams
Reviewed-by: Dave
Overwrite retains the security state after completion of operation.
Fix nfit_test to reflect this.
Fixes: 926f74802cb ("tools/testing/nvdimm: Add overwrite support for
nfit_test")
Signed-off-by: Dave Jiang
---
tools/testing/nvdimm/test/nfit.c |6 --
1 file changed, 4 insert
The security state after overwrite completion is expected to remain the
same as before overwrite. Current implementation assumed that overwrite
would remove the security state and therefore removing the keys. Update
so security keys are not removed.
Dave Jiang
---
ndctl/util/keys.c |3
: DSO missing
> from command line
>
> Seems like libkeyutils is incorrectly linked against libndctl,
> where in reality it's the ndctl application that uses keyutils.
>
> Cc: Dave Jiang
> Fixes: 86b078b44275 ("ndctl: add passphrase management commands")
> Signed-o
Adding master passphrase enabling and update to ndctl. This is a new
feature from Intel DSM v1.8.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-setup-passphrase.txt |5 +
Documentation/ndctl/ndctl-update-passphrase.txt |6 +
ndctl/dimm.c
Add a blocking 'wait-overwrite' command to ndctl to let a user wait for an
overwrite operation on a dimm to complete.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +
Documentation/ndctl/ndctl-wait-overwrite.txt | 31 ++
ndctl/builtin.h
-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt | 26 +++
ndctl/dimm.c| 46 +++
ndctl/lib/dimm.c|8 +
ndctl/lib/libndctl.sym |1 +
ndctl/libndctl.h
Add support to secure erase to libndctl and also command line option
of "sanitize-dimm" for ndctl. This will initiate the request to crypto
erase a DIMM.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +
Documentation/ndctl/ndctl-sanitize-dimm.
Intel DSM v1.8 introduced the concept of master passphrase and allowing
nvdimm to be secure erased via the master passphrase in addition to the
user passphrase. Add ndctl support to provide master passphrase secure
erase.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt
Add load-keys command to ndctl. This will attempt to load the master key
and the related encrypted keys for nvdimms. Also add reference config file
for modprobe.d in order to call ndctl load-keys and inject keys associated
with the nvdimms into the kernel user ring for unlock.
Signed-off-by: Dave
Add unit test for security enable, disable, update, erase, unlock, and
freeze.
Signed-off-by: Dave Jiang
---
test/Makefile.am |4 +
test/security.sh | 222 ++
2 files changed, 226 insertions(+)
create mode 100755 test/security.sh
diff
l security calls
v3:
- Added support to inject keys in order to update nvdimm security.
v2:
- Fixup the upcall util to match recent kernel updates for nvdimm security.
---
Dave Jiang (12):
ndctl: add support for display security state
ndctl: add passphrase update to ndctl
ndctl:
Add API call for triggering sysfs knob to update the security for a DIMM
in libndctl. Also add the ndctl "update-passphrase" to trigger the
operation.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |5
Documentation/ndctl/ndctl-setup-passphrase.t
Add support for freeze security to libndctl and also command line option
of "freeze-security" for ndctl. This will lock the ability to make changes
to the NVDIMM security.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +
Documentation/ndctl/nd
Add support for disable security to libndctl and also command line option
of "disable-passphrase" for ndctl. This provides a way to disable security
on the nvdimm.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 ++-
Documentation/ndctl/nd
Adding libndctl API call for retrieving security state for a DIMM and also
adding support to ndctl list for displaying security state.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-list.txt |8
ndctl/lib/dimm.c | 33
Jiang
Signed-off-by: Dan Williams
Reviewed-by: Dave Jiang
---
drivers/acpi/nfit/core.c |5 -
drivers/nvdimm/dimm.c |6 ++
drivers/nvdimm/dimm_devs.c | 22 +-
drivers/nvdimm/nd.h|1 +
include/linux/libnvdimm.h |1 -
5 files
On 1/18/19 4:29 PM, Verma, Vishal L wrote:
>
> On Thu, 2019-01-17 at 19:39 -0700, Dave Jiang wrote:
>> Add a "Theory of Operation" section describing the Intel DSM operations to
>> the relevant man pages.
>>
>> Signed-off-by: Dave Jiang
>> ---
>
On 1/18/19 1:58 PM, Verma, Vishal L wrote:
>
> On Thu, 2019-01-17 at 19:38 -0700, Dave Jiang wrote:
>> Add command that allows the user to provide the master encryption key name
>> to be installed in the key material directory where ndctl can refer to
>> for l
gt; explicitly). The different asciidoc(tor) source files can then include
> attrs.adoc to use these variables.
>
> Finally, convert instances of '/etc/ndctl/monitor.conf' in the monitor
> documentation to use this new facility.
>
> Cc: QI Fuli
> Cc: Dave Jiang
> Cc: Dan Willi
On 1/17/19 7:38 PM, Dave Jiang wrote:
> The following series implements mechanisms that utilize the sysfs knobs
> provided by the kernel in order to support the Intel DSM v1.8 spec
> that provides security to NVDIMM. The following abilities are added:
> 1. display security state
Add load-keys command to ndctl. This will attempt to load the master key
and the related encrypted keys for nvdimms. Also add reference config file
for modprobe.d in order to call ndctl load-keys and inject keys associated
with the nvdimms into the kernel user ring for unlock.
Signed-off-by: Dave
Add support for freeze security to libndctl and also command line option
of "freeze-security" for ndctl. This will lock the ability to make changes
to the NVDIMM security.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +
Documentation/ndctl/nd
Add support to secure erase to libndctl and also command line option
of "sanitize-dimm" for ndctl. This will initiate the request to crypto
erase a DIMM.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +
Documentation/ndctl/ndctl-sanitize-dimm.
Add a "Theory of Operation" section describing the Intel DSM operations to
the relevant man pages.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/intel-nvdimm-security.txt | 139 +++
Documentation/ndctl/ndctl-freeze-security.txt |2
Documentation/n
-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt | 12 ++-
ndctl/dimm.c| 47 ---
ndctl/lib/dimm.c|8 +
ndctl/lib/keys.c| 33 ---
ndctl
Add API call for triggering sysfs knob to update the security for a DIMM
in libndctl. Also add the ndctl "update-passphrase" to trigger the
operation.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |4
Documentation/ndctl/ndctl-setup-passphrase.t
Adding master passphrase enabling and update to ndctl. This is a new
feature from Intel DSM v1.8.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-setup-passphrase.txt |5 +
Documentation/ndctl/ndctl-update-passphrase.txt |5 +
ndctl/dimm.c
Intel DSM v1.8 introduced the concept of master passphrase and allowing
nvdimm to be secure erased via the master passphrase in addition to the
user passphrase. Add ndctl support to provide master passphrase secure
erase.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt
Add a blocking 'wait-overwrite' command to ndctl to let a user wait for an
overwrite operation on a dimm to complete.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +
Documentation/ndctl/ndctl-wait-overwrite.txt | 31 ++
ndctl/builtin.h
Add unit test for security enable, disable, update, erase, unlock, and
freeze.
Signed-off-by: Dave Jiang
---
test/Makefile.am |4 +
test/security.sh | 223 ++
2 files changed, 227 insertions(+)
create mode 100755 test/security.sh
diff
y calls
v3:
- Added support to inject keys in order to update nvdimm security.
v2:
- Fixup the upcall util to match recent kernel updates for nvdimm security.
---
Dave Jiang (13):
ndctl: add support for display security state
ndctl: add command for ndctl to receive the key en
Add support for disable security to libndctl and also command line option
of "disable-passphrase" for ndctl. This provides a way to disable security
on the nvdimm.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 ++
Documentation/ndctl/nd
Adding libndctl API call for retrieving security state for a DIMM and also
adding support to ndctl list for displaying security state.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-list.txt |8
ndctl/lib/dimm.c | 33
Add command that allows the user to provide the master encryption key name
to be installed in the key material directory where ndctl can refer to
for later security operations.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3
Documentation/ndctl/ndctl
On 1/16/19 8:08 PM, Jane Chu wrote:
> Hi, Dave,
>
> On 1/14/2019 12:07 PM, Dave Jiang wrote:
>> Add support to secure erase to libndctl and also command line option
>> of "sanitize-dimm" for ndctl. This will initiate the request to crypto
>> erase a
reate the /etc/ndctl/keys directory to try
the test. Also, we discovered that the security test needs to be run as
a root user or sudo -i, just sudo will not do due to not having access
to the root user key ring. As Vishal said there's an update coming which
addresses several issues we found in the scri
On 1/16/19 10:43 AM, Verma, Vishal L wrote:
>
> On Tue, 2019-01-15 at 17:56 -0800, Dan Williams wrote:
>> Some comments below...
>>
>> On Mon, Jan 14, 2019 at 12:06 PM Dave Jiang wrote:
>>>
>>> Add API call for triggering sysfs knob to update the sec
On 1/15/19 2:56 PM, Elliott, Robert (Persistent Memory) wrote:
>
>
>> -Original Message-
>> From: Linux-nvdimm [mailto:linux-nvdimm-boun...@lists.01.org] On Behalf Of
>> Dave Jiang
>> Sent: Thursday, December 13, 2018 5:49 PM
>> To: dan.j.willi...
pport")
Signed-off-by: Dave Jiang
---
drivers/nvdimm/nd-core.h |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/nvdimm/nd-core.h b/drivers/nvdimm/nd-core.h
index 2b2cf4e554d3..e5ffd5733540 100644
--- a/drivers/nvdimm/nd-core.h
+++ b/drivers/nvdimm/nd-core.h
@@ -54
The override status function needs to be updated to use the proper
request parameter in order to get the security state.
Fixes: 3c13e2ac74 ("tools/testing/nvdimm: Add test support for Intel nvdimm
security DSMs")
Reported-by: Vishal Verma
Signed-off-by: Dave Jiang
---
tools/test
-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt |4
ndctl/dimm.c| 21 +
ndctl/lib/dimm.c|8
ndctl/lib/keys.c| 21 -
ndctl/lib
Add a "Theory of Operation" section describing the Intel DSM operations to
the relevant man pages.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/intel-nvdimm-security.txt| 140 ++
Documentation/ndctl/ndctl-disable-passphrase.txt |2
Documentation/n
Intel DSM v1.8 introduced the concept of master passphrase and allowing
nvdimm to be secure erased via the master passphrase in addition to the
user passphrase. Add ndctl support to provide master passphrase secure
erase.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt
Add a blocking 'wait-overwrite' command to ndctl to let a user wait for an
overwrite operation on a dimm to complete.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +
Documentation/ndctl/ndctl-wait-overwrite.txt | 31 ++
ndctl/builtin.h
inject keys in order to update nvdimm security.
v2:
- Fixup the upcall util to match recent kernel updates for nvdimm security.
---
Dave Jiang (12):
ndctl: add support for display security state
ndctl: add passphrase update to ndctl
ndctl: add disable security support
ndctl: ad
Add support for disable security to libndctl and also command line option
of "disable-passphrase" for ndctl. This provides a way to disable security
on the nvdimm.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +-
Documentation/ndctl/ndc
Adding master passphrase enabling and update to ndctl. This is a new
feature from Intel DSM v1.8.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-enable-passphrase.txt |7 +
Documentation/ndctl/ndctl-update-passphrase.txt |7 +
ndctl/dimm.c
Add support to secure erase to libndctl and also command line option
of "sanitize-dimm" for ndctl. This will initiate the request to crypto
erase a DIMM.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +-
Documentation/ndctl/ndctl-sanitize-dimm.
Add API call for triggering sysfs knob to update the security for a DIMM
in libndctl. Also add the ndctl "update-passphrase" to trigger the
operation.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |4
Documentation/ndctl/ndctl-enable-passphrase.
Add load-keys command to ndctl. This will attempt to load the master key
and the related encrypted keys for nvdimms. Also add reference config file
for modprobe.d in order to call ndctl load-keys and inject keys associated
with the nvdimms into the kernel user ring for unlock.
Signed-off-by: Dave
Add unit test for security enable, disable, update, erase, unlock, and
freeze.
Signed-off-by: Dave Jiang
---
test/Makefile.am |4 +
test/security.sh | 197 ++
2 files changed, 201 insertions(+)
create mode 100755 test/security.sh
diff
Add support for freeze security to libndctl and also command line option
of "freeze-security" for ndctl. This will lock the ability to make changes
to the NVDIMM security.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 ++-
Documentation/ndctl/nd
Adding libndctl API call for retrieving security state for a DIMM and also
adding support to ndctl list for displaying security state.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-list.txt |8
ndctl/lib/dimm.c | 37
Adding master passphrase enabling and update to ndctl. This is a new
feature from Intel DSM v1.8.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-enable-passphrase.txt |7 +
Documentation/ndctl/ndctl-update-passphrase.txt |7 +
ndctl/dimm.c
Add a "Theory of Operation" section describing the Intel DSM operations to
the relevant man pages.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/intel-nvdimm-security.txt| 140 ++
Documentation/ndctl/ndctl-disable-passphrase.txt |2
Documentation/n
Intel DSM v1.8 introduced the concept of master passphrase and allowing
nvdimm to be secure erased via the master passphrase in addition to the
user passphrase. Add ndctl support to provide master passphrase secure
erase.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt
Add a blocking 'wait-overwrite' command to ndctl to let a user wait for an
overwrite operation on a dimm to complete.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +
Documentation/ndctl/ndctl-wait-overwrite.txt | 31 ++
ndctl/builtin.h
Adding reference config file for modprobe.d in order to trigger the
reference script that will inject keys associated with the nvdimms into
the kernel user ring for unlock.
Signed-off-by: Dave Jiang
---
Makefile.am | 10 ++
contrib/ndctl-loadkeys.sh| 25
Add unit test for security enable, disable, update, erase, unlock, and
freeze.
Signed-off-by: Dave Jiang
---
test/Makefile.am |4 +
test/security.sh | 203 ++
2 files changed, 207 insertions(+)
create mode 100755 test/security.sh
diff
Add support for freeze security to libndctl and also command line option
of "freeze-security" for ndctl. This will lock the ability to make changes
to the NVDIMM security.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 ++-
Documentation/ndctl/nd
Adding libndctl API call for retrieving security state for a DIMM and also
adding support to ndctl list for displaying security state.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-list.txt |8
ndctl/lib/dimm.c | 37
Add support to secure erase to libndctl and also command line option
of "sanitize-dimm" for ndctl. This will initiate the request to crypto
erase a DIMM.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +-
Documentation/ndctl/ndctl-sanitize-dimm.
Add support for disable security to libndctl and also command line option
of "disable-passphrase" for ndctl. This provides a way to disable security
on the nvdimm.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |3 +-
Documentation/ndctl/ndc
Add API call for triggering sysfs knob to update the security for a DIMM
in libndctl. Also add the ndctl "update-passphrase" to trigger the
operation.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |4
Documentation/ndctl/ndctl-enable-passphrase.
st. (Dan)
- Move all keyutils related operations to libndctl. (Dan)
v4:
- Updated to match latest kernel interface.
- Added unit test for all security calls
v3:
- Added support to inject keys in order to update nvdimm security.
v2:
- Fixup the upcall util to match recent kernel updates for nvdimm
Intel DSM v1.8 introduced the concept of master passphrase and allowing
nvdimm to be secure erased via the master passphrase in addition to the
user passphrase. Add ndctl support to provide master passphrase secure
erase.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-sanitize-dimm.txt
Add unit test for security enable, disable, update, erase, unlock, and
freeze.
Signed-off-by: Dave Jiang
---
test/Makefile.am |4 +
test/security.sh | 191 ++
2 files changed, 195 insertions(+)
create mode 100755 test/security.sh
diff
Adding reference config file for modprobe.d in order to trigger the
reference script that will inject keys associated with the nvdimms into
the kernel user ring for unlock.
Signed-off-by: Dave Jiang
---
Makefile.am | 10 ++
contrib/ndctl-loadkeys.sh| 24
Adding libndctl API call for retrieving security state for a DIMM and also
adding support to ndctl list for displaying security state.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/ndctl-list.txt |8
ndctl/lib/dimm.c | 37
inject keys in order to update nvdimm security.
v2:
- Fixup the upcall util to match recent kernel updates for nvdimm security.
---
Dave Jiang (12):
ndctl: add support for display security state
ndctl: add passphrase update to ndctl
ndctl: add disable security support
Add API call for triggering sysfs knob to update the security for a DIMM
in libndctl. Also add the ndctl "update-passphrase" to trigger the
operation.
Signed-off-by: Dave Jiang
---
Documentation/ndctl/Makefile.am |4
Documentation/ndctl/ndctl-enable-passphrase.
1 - 100 of 874 matches
Mail list logo