* [PATCH] ndctl: create disable master passphrase support
@ 2022-09-21 20:58 Dave Jiang
2022-12-07 21:26 ` Verma, Vishal L
0 siblings, 1 reply; 3+ messages in thread
From: Dave Jiang @ 2022-09-21 20:58 UTC (permalink / raw)
To: linux-cxl, nvdimm; +Cc: vishal.l.verma
The cxl spec supports disabling of master passphrase. This is a new command
that previously was not supported through nvdimm. Add support command to
support "master passhprase disable".
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
ndctl/builtin.h | 1 +
ndctl/dimm.c | 25 ++++++++++++++++++++++++-
ndctl/keys.c | 15 +++++++++++----
ndctl/keys.h | 5 +++--
ndctl/lib/dimm.c | 9 +++++++++
ndctl/lib/libndctl.sym | 4 ++++
ndctl/libndctl.h | 1 +
ndctl/ndctl.c | 1 +
8 files changed, 54 insertions(+), 7 deletions(-)
diff --git a/ndctl/builtin.h b/ndctl/builtin.h
index d3dbbb1afbdd..af759ef0cbfa 100644
--- a/ndctl/builtin.h
+++ b/ndctl/builtin.h
@@ -39,6 +39,7 @@ int cmd_inject_smart(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_setup_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_update_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_remove_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
+int cmd_remove_master_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_freeze_security(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_sanitize_dimm(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_load_keys(int argc, const char **argv, struct ndctl_ctx *ctx);
diff --git a/ndctl/dimm.c b/ndctl/dimm.c
index ac7c5270e971..df95ac895458 100644
--- a/ndctl/dimm.c
+++ b/ndctl/dimm.c
@@ -1028,7 +1028,19 @@ static int action_remove_passphrase(struct ndctl_dimm *dimm,
return -EOPNOTSUPP;
}
- return ndctl_dimm_remove_key(dimm);
+ return ndctl_dimm_remove_key(dimm, ND_USER_KEY);
+}
+
+static int action_remove_master_passphrase(struct ndctl_dimm *dimm,
+ struct action_context *actx)
+{
+ if (ndctl_dimm_get_security(dimm) < 0) {
+ error("%s: security operation not supported\n",
+ ndctl_dimm_get_devname(dimm));
+ return -EOPNOTSUPP;
+ }
+
+ return ndctl_dimm_remove_key(dimm, ND_MASTER_KEY);
}
static int action_security_freeze(struct ndctl_dimm *dimm,
@@ -1595,6 +1607,17 @@ int cmd_remove_passphrase(int argc, const char **argv, void *ctx)
return count >= 0 ? 0 : EXIT_FAILURE;
}
+int cmd_remove_master_passphrase(int argc, const char **argv, void *ctx)
+{
+ int count = dimm_action(argc, argv, ctx, action_remove_master_passphrase,
+ base_options,
+ "ndctl remove-master-passphrase <nmem0> [<nmem1>..<nmemN>] [<options>]");
+
+ fprintf(stderr, "master passphrase removed for %d nmem%s.\n", count >= 0 ? count : 0,
+ count > 1 ? "s" : "");
+ return count >= 0 ? 0 : EXIT_FAILURE;
+}
+
int cmd_freeze_security(int argc, const char **argv, void *ctx)
{
int count = dimm_action(argc, argv, ctx, action_security_freeze, base_options,
diff --git a/ndctl/keys.c b/ndctl/keys.c
index 2f33b8fb488c..9bc558802bc4 100644
--- a/ndctl/keys.c
+++ b/ndctl/keys.c
@@ -602,17 +602,24 @@ static int discard_key(struct ndctl_dimm *dimm)
return 0;
}
-int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
+int ndctl_dimm_remove_key(struct ndctl_dimm *dimm, enum ndctl_key_type key_type)
{
key_serial_t key;
int rc;
- key = check_dimm_key(dimm, true, ND_USER_KEY);
+ key = check_dimm_key(dimm, true, key_type);
if (key < 0)
return key;
- rc = run_key_op(dimm, key, ndctl_dimm_disable_passphrase,
- "remove passphrase");
+ if (key_type == ND_USER_KEY)
+ rc = run_key_op(dimm, key, ndctl_dimm_disable_passphrase,
+ "remove passphrase");
+ else if (key_type == ND_MASTER_KEY)
+ rc = run_key_op(dimm, key, ndctl_dimm_disable_master_passphrase,
+ "remove master passphrase");
+ else
+ return -EINVAL;
+
if (rc < 0)
return rc;
diff --git a/ndctl/keys.h b/ndctl/keys.h
index 03cb509e6404..9e77319c2ae6 100644
--- a/ndctl/keys.h
+++ b/ndctl/keys.h
@@ -25,7 +25,7 @@ int ndctl_dimm_setup_key(struct ndctl_dimm *dimm, const char *kek,
enum ndctl_key_type key_type);
int ndctl_dimm_update_key(struct ndctl_dimm *dimm, const char *kek,
enum ndctl_key_type key_type);
-int ndctl_dimm_remove_key(struct ndctl_dimm *dimm);
+int ndctl_dimm_remove_key(struct ndctl_dimm *dimm, enum ndctl_key_type key_type);
int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
enum ndctl_key_type key_type);
int ndctl_dimm_overwrite_key(struct ndctl_dimm *dimm);
@@ -47,7 +47,8 @@ static inline int ndctl_dimm_update_key(struct ndctl_dimm *dimm,
return -EOPNOTSUPP;
}
-static inline int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
+static inline int ndctl_dimm_remove_key(struct ndctl_dimm *dimm,
+ enum ndctl_key_type key_type)
{
return -EOPNOTSUPP;
}
diff --git a/ndctl/lib/dimm.c b/ndctl/lib/dimm.c
index 9e36e289dcc2..9936183af292 100644
--- a/ndctl/lib/dimm.c
+++ b/ndctl/lib/dimm.c
@@ -757,6 +757,15 @@ NDCTL_EXPORT int ndctl_dimm_disable_passphrase(struct ndctl_dimm *dimm,
return write_security(dimm, buf);
}
+NDCTL_EXPORT int ndctl_dimm_disable_master_passphrase(struct ndctl_dimm *dimm,
+ long key)
+{
+ char buf[SYSFS_ATTR_SIZE];
+
+ sprintf(buf, "disable_master %ld\n", key);
+ return write_security(dimm, buf);
+}
+
NDCTL_EXPORT int ndctl_dimm_freeze_security(struct ndctl_dimm *dimm)
{
return write_security(dimm, "freeze");
diff --git a/ndctl/lib/libndctl.sym b/ndctl/lib/libndctl.sym
index f1f9edd4b6ff..c933163c0380 100644
--- a/ndctl/lib/libndctl.sym
+++ b/ndctl/lib/libndctl.sym
@@ -462,3 +462,7 @@ LIBNDCTL_26 {
LIBNDCTL_27 {
ndctl_dimm_refresh_flags;
} LIBNDCTL_26;
+
+LIBNDCTL_28 {
+ ndctl_dimm_disable_master_passphrase;
+} LIBNDCTL_27;
diff --git a/ndctl/libndctl.h b/ndctl/libndctl.h
index 57cf93d8d151..c52e82a6f826 100644
--- a/ndctl/libndctl.h
+++ b/ndctl/libndctl.h
@@ -765,6 +765,7 @@ bool ndctl_dimm_security_is_frozen(struct ndctl_dimm *dimm);
int ndctl_dimm_update_passphrase(struct ndctl_dimm *dimm,
long ckey, long nkey);
int ndctl_dimm_disable_passphrase(struct ndctl_dimm *dimm, long key);
+int ndctl_dimm_disable_master_passphrase(struct ndctl_dimm *dimm, long key);
int ndctl_dimm_freeze_security(struct ndctl_dimm *dimm);
int ndctl_dimm_secure_erase(struct ndctl_dimm *dimm, long key);
int ndctl_dimm_overwrite(struct ndctl_dimm *dimm, long key);
diff --git a/ndctl/ndctl.c b/ndctl/ndctl.c
index 31d2c5e35939..eebcaf7aa915 100644
--- a/ndctl/ndctl.c
+++ b/ndctl/ndctl.c
@@ -84,6 +84,7 @@ static struct cmd_struct commands[] = {
{ "setup-passphrase", { cmd_setup_passphrase } },
{ "update-passphrase", { cmd_update_passphrase } },
{ "remove-passphrase", { cmd_remove_passphrase } },
+ { "remove-master-passphrase", { cmd_remove_master_passphrase } },
{ "freeze-security", { cmd_freeze_security } },
{ "sanitize-dimm", { cmd_sanitize_dimm } },
#ifdef ENABLE_KEYUTILS
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] ndctl: create disable master passphrase support
2022-09-21 20:58 [PATCH] ndctl: create disable master passphrase support Dave Jiang
@ 2022-12-07 21:26 ` Verma, Vishal L
2022-12-07 23:32 ` Dave Jiang
0 siblings, 1 reply; 3+ messages in thread
From: Verma, Vishal L @ 2022-12-07 21:26 UTC (permalink / raw)
To: Jiang, Dave, linux-cxl, nvdimm
On Wed, 2022-09-21 at 13:58 -0700, Dave Jiang wrote:
> The cxl spec supports disabling of master passphrase. This is a new command
> that previously was not supported through nvdimm. Add support command to
> support "master passhprase disable".
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> ---
> ndctl/builtin.h | 1 +
> ndctl/dimm.c | 25 ++++++++++++++++++++++++-
> ndctl/keys.c | 15 +++++++++++----
> ndctl/keys.h | 5 +++--
> ndctl/lib/dimm.c | 9 +++++++++
> ndctl/lib/libndctl.sym | 4 ++++
> ndctl/libndctl.h | 1 +
> ndctl/ndctl.c | 1 +
> 8 files changed, 54 insertions(+), 7 deletions(-)
Hi Dave,
Catching up on the ndctl backlog.. is this missing a man page update?
Other than that everything looks okay.
>
> diff --git a/ndctl/builtin.h b/ndctl/builtin.h
> index d3dbbb1afbdd..af759ef0cbfa 100644
> --- a/ndctl/builtin.h
> +++ b/ndctl/builtin.h
> @@ -39,6 +39,7 @@ int cmd_inject_smart(int argc, const char **argv, struct ndctl_ctx *ctx);
> int cmd_setup_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
> int cmd_update_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
> int cmd_remove_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
> +int cmd_remove_master_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
> int cmd_freeze_security(int argc, const char **argv, struct ndctl_ctx *ctx);
> int cmd_sanitize_dimm(int argc, const char **argv, struct ndctl_ctx *ctx);
> int cmd_load_keys(int argc, const char **argv, struct ndctl_ctx *ctx);
> diff --git a/ndctl/dimm.c b/ndctl/dimm.c
> index ac7c5270e971..df95ac895458 100644
> --- a/ndctl/dimm.c
> +++ b/ndctl/dimm.c
> @@ -1028,7 +1028,19 @@ static int action_remove_passphrase(struct ndctl_dimm *dimm,
> return -EOPNOTSUPP;
> }
>
> - return ndctl_dimm_remove_key(dimm);
> + return ndctl_dimm_remove_key(dimm, ND_USER_KEY);
> +}
> +
> +static int action_remove_master_passphrase(struct ndctl_dimm *dimm,
> + struct action_context *actx)
> +{
> + if (ndctl_dimm_get_security(dimm) < 0) {
> + error("%s: security operation not supported\n",
> + ndctl_dimm_get_devname(dimm));
> + return -EOPNOTSUPP;
> + }
> +
> + return ndctl_dimm_remove_key(dimm, ND_MASTER_KEY);
> }
>
> static int action_security_freeze(struct ndctl_dimm *dimm,
> @@ -1595,6 +1607,17 @@ int cmd_remove_passphrase(int argc, const char **argv, void *ctx)
> return count >= 0 ? 0 : EXIT_FAILURE;
> }
>
> +int cmd_remove_master_passphrase(int argc, const char **argv, void *ctx)
> +{
> + int count = dimm_action(argc, argv, ctx, action_remove_master_passphrase,
> + base_options,
> + "ndctl remove-master-passphrase <nmem0> [<nmem1>..<nmemN>] [<options>]");
> +
> + fprintf(stderr, "master passphrase removed for %d nmem%s.\n", count >= 0 ? count : 0,
> + count > 1 ? "s" : "");
> + return count >= 0 ? 0 : EXIT_FAILURE;
> +}
> +
> int cmd_freeze_security(int argc, const char **argv, void *ctx)
> {
> int count = dimm_action(argc, argv, ctx, action_security_freeze, base_options,
> diff --git a/ndctl/keys.c b/ndctl/keys.c
> index 2f33b8fb488c..9bc558802bc4 100644
> --- a/ndctl/keys.c
> +++ b/ndctl/keys.c
> @@ -602,17 +602,24 @@ static int discard_key(struct ndctl_dimm *dimm)
> return 0;
> }
>
> -int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
> +int ndctl_dimm_remove_key(struct ndctl_dimm *dimm, enum ndctl_key_type key_type)
> {
> key_serial_t key;
> int rc;
>
> - key = check_dimm_key(dimm, true, ND_USER_KEY);
> + key = check_dimm_key(dimm, true, key_type);
> if (key < 0)
> return key;
>
> - rc = run_key_op(dimm, key, ndctl_dimm_disable_passphrase,
> - "remove passphrase");
> + if (key_type == ND_USER_KEY)
> + rc = run_key_op(dimm, key, ndctl_dimm_disable_passphrase,
> + "remove passphrase");
> + else if (key_type == ND_MASTER_KEY)
> + rc = run_key_op(dimm, key, ndctl_dimm_disable_master_passphrase,
> + "remove master passphrase");
> + else
> + return -EINVAL;
> +
> if (rc < 0)
> return rc;
>
> diff --git a/ndctl/keys.h b/ndctl/keys.h
> index 03cb509e6404..9e77319c2ae6 100644
> --- a/ndctl/keys.h
> +++ b/ndctl/keys.h
> @@ -25,7 +25,7 @@ int ndctl_dimm_setup_key(struct ndctl_dimm *dimm, const char *kek,
> enum ndctl_key_type key_type);
> int ndctl_dimm_update_key(struct ndctl_dimm *dimm, const char *kek,
> enum ndctl_key_type key_type);
> -int ndctl_dimm_remove_key(struct ndctl_dimm *dimm);
> +int ndctl_dimm_remove_key(struct ndctl_dimm *dimm, enum ndctl_key_type key_type);
> int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
> enum ndctl_key_type key_type);
> int ndctl_dimm_overwrite_key(struct ndctl_dimm *dimm);
> @@ -47,7 +47,8 @@ static inline int ndctl_dimm_update_key(struct ndctl_dimm *dimm,
> return -EOPNOTSUPP;
> }
>
> -static inline int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
> +static inline int ndctl_dimm_remove_key(struct ndctl_dimm *dimm,
> + enum ndctl_key_type key_type)
> {
> return -EOPNOTSUPP;
> }
> diff --git a/ndctl/lib/dimm.c b/ndctl/lib/dimm.c
> index 9e36e289dcc2..9936183af292 100644
> --- a/ndctl/lib/dimm.c
> +++ b/ndctl/lib/dimm.c
> @@ -757,6 +757,15 @@ NDCTL_EXPORT int ndctl_dimm_disable_passphrase(struct ndctl_dimm *dimm,
> return write_security(dimm, buf);
> }
>
> +NDCTL_EXPORT int ndctl_dimm_disable_master_passphrase(struct ndctl_dimm *dimm,
> + long key)
> +{
> + char buf[SYSFS_ATTR_SIZE];
> +
> + sprintf(buf, "disable_master %ld\n", key);
> + return write_security(dimm, buf);
> +}
> +
> NDCTL_EXPORT int ndctl_dimm_freeze_security(struct ndctl_dimm *dimm)
> {
> return write_security(dimm, "freeze");
> diff --git a/ndctl/lib/libndctl.sym b/ndctl/lib/libndctl.sym
> index f1f9edd4b6ff..c933163c0380 100644
> --- a/ndctl/lib/libndctl.sym
> +++ b/ndctl/lib/libndctl.sym
> @@ -462,3 +462,7 @@ LIBNDCTL_26 {
> LIBNDCTL_27 {
> ndctl_dimm_refresh_flags;
> } LIBNDCTL_26;
> +
> +LIBNDCTL_28 {
> + ndctl_dimm_disable_master_passphrase;
> +} LIBNDCTL_27;
> diff --git a/ndctl/libndctl.h b/ndctl/libndctl.h
> index 57cf93d8d151..c52e82a6f826 100644
> --- a/ndctl/libndctl.h
> +++ b/ndctl/libndctl.h
> @@ -765,6 +765,7 @@ bool ndctl_dimm_security_is_frozen(struct ndctl_dimm *dimm);
> int ndctl_dimm_update_passphrase(struct ndctl_dimm *dimm,
> long ckey, long nkey);
> int ndctl_dimm_disable_passphrase(struct ndctl_dimm *dimm, long key);
> +int ndctl_dimm_disable_master_passphrase(struct ndctl_dimm *dimm, long key);
> int ndctl_dimm_freeze_security(struct ndctl_dimm *dimm);
> int ndctl_dimm_secure_erase(struct ndctl_dimm *dimm, long key);
> int ndctl_dimm_overwrite(struct ndctl_dimm *dimm, long key);
> diff --git a/ndctl/ndctl.c b/ndctl/ndctl.c
> index 31d2c5e35939..eebcaf7aa915 100644
> --- a/ndctl/ndctl.c
> +++ b/ndctl/ndctl.c
> @@ -84,6 +84,7 @@ static struct cmd_struct commands[] = {
> { "setup-passphrase", { cmd_setup_passphrase } },
> { "update-passphrase", { cmd_update_passphrase } },
> { "remove-passphrase", { cmd_remove_passphrase } },
> + { "remove-master-passphrase", { cmd_remove_master_passphrase } },
> { "freeze-security", { cmd_freeze_security } },
> { "sanitize-dimm", { cmd_sanitize_dimm } },
> #ifdef ENABLE_KEYUTILS
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ndctl: create disable master passphrase support
2022-12-07 21:26 ` Verma, Vishal L
@ 2022-12-07 23:32 ` Dave Jiang
0 siblings, 0 replies; 3+ messages in thread
From: Dave Jiang @ 2022-12-07 23:32 UTC (permalink / raw)
To: Verma, Vishal L, linux-cxl, nvdimm
On 12/7/2022 2:26 PM, Verma, Vishal L wrote:
> On Wed, 2022-09-21 at 13:58 -0700, Dave Jiang wrote:
>> The cxl spec supports disabling of master passphrase. This is a new command
>> that previously was not supported through nvdimm. Add support command to
>> support "master passhprase disable".
>>
>> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
>> ---
>> ndctl/builtin.h | 1 +
>> ndctl/dimm.c | 25 ++++++++++++++++++++++++-
>> ndctl/keys.c | 15 +++++++++++----
>> ndctl/keys.h | 5 +++--
>> ndctl/lib/dimm.c | 9 +++++++++
>> ndctl/lib/libndctl.sym | 4 ++++
>> ndctl/libndctl.h | 1 +
>> ndctl/ndctl.c | 1 +
>> 8 files changed, 54 insertions(+), 7 deletions(-)
>
> Hi Dave,
>
> Catching up on the ndctl backlog.. is this missing a man page update?
Looks like it. I'll add.
>
> Other than that everything looks okay.
>
>>
>> diff --git a/ndctl/builtin.h b/ndctl/builtin.h
>> index d3dbbb1afbdd..af759ef0cbfa 100644
>> --- a/ndctl/builtin.h
>> +++ b/ndctl/builtin.h
>> @@ -39,6 +39,7 @@ int cmd_inject_smart(int argc, const char **argv, struct ndctl_ctx *ctx);
>> int cmd_setup_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
>> int cmd_update_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
>> int cmd_remove_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
>> +int cmd_remove_master_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
>> int cmd_freeze_security(int argc, const char **argv, struct ndctl_ctx *ctx);
>> int cmd_sanitize_dimm(int argc, const char **argv, struct ndctl_ctx *ctx);
>> int cmd_load_keys(int argc, const char **argv, struct ndctl_ctx *ctx);
>> diff --git a/ndctl/dimm.c b/ndctl/dimm.c
>> index ac7c5270e971..df95ac895458 100644
>> --- a/ndctl/dimm.c
>> +++ b/ndctl/dimm.c
>> @@ -1028,7 +1028,19 @@ static int action_remove_passphrase(struct ndctl_dimm *dimm,
>> return -EOPNOTSUPP;
>> }
>>
>> - return ndctl_dimm_remove_key(dimm);
>> + return ndctl_dimm_remove_key(dimm, ND_USER_KEY);
>> +}
>> +
>> +static int action_remove_master_passphrase(struct ndctl_dimm *dimm,
>> + struct action_context *actx)
>> +{
>> + if (ndctl_dimm_get_security(dimm) < 0) {
>> + error("%s: security operation not supported\n",
>> + ndctl_dimm_get_devname(dimm));
>> + return -EOPNOTSUPP;
>> + }
>> +
>> + return ndctl_dimm_remove_key(dimm, ND_MASTER_KEY);
>> }
>>
>> static int action_security_freeze(struct ndctl_dimm *dimm,
>> @@ -1595,6 +1607,17 @@ int cmd_remove_passphrase(int argc, const char **argv, void *ctx)
>> return count >= 0 ? 0 : EXIT_FAILURE;
>> }
>>
>> +int cmd_remove_master_passphrase(int argc, const char **argv, void *ctx)
>> +{
>> + int count = dimm_action(argc, argv, ctx, action_remove_master_passphrase,
>> + base_options,
>> + "ndctl remove-master-passphrase <nmem0> [<nmem1>..<nmemN>] [<options>]");
>> +
>> + fprintf(stderr, "master passphrase removed for %d nmem%s.\n", count >= 0 ? count : 0,
>> + count > 1 ? "s" : "");
>> + return count >= 0 ? 0 : EXIT_FAILURE;
>> +}
>> +
>> int cmd_freeze_security(int argc, const char **argv, void *ctx)
>> {
>> int count = dimm_action(argc, argv, ctx, action_security_freeze, base_options,
>> diff --git a/ndctl/keys.c b/ndctl/keys.c
>> index 2f33b8fb488c..9bc558802bc4 100644
>> --- a/ndctl/keys.c
>> +++ b/ndctl/keys.c
>> @@ -602,17 +602,24 @@ static int discard_key(struct ndctl_dimm *dimm)
>> return 0;
>> }
>>
>> -int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
>> +int ndctl_dimm_remove_key(struct ndctl_dimm *dimm, enum ndctl_key_type key_type)
>> {
>> key_serial_t key;
>> int rc;
>>
>> - key = check_dimm_key(dimm, true, ND_USER_KEY);
>> + key = check_dimm_key(dimm, true, key_type);
>> if (key < 0)
>> return key;
>>
>> - rc = run_key_op(dimm, key, ndctl_dimm_disable_passphrase,
>> - "remove passphrase");
>> + if (key_type == ND_USER_KEY)
>> + rc = run_key_op(dimm, key, ndctl_dimm_disable_passphrase,
>> + "remove passphrase");
>> + else if (key_type == ND_MASTER_KEY)
>> + rc = run_key_op(dimm, key, ndctl_dimm_disable_master_passphrase,
>> + "remove master passphrase");
>> + else
>> + return -EINVAL;
>> +
>> if (rc < 0)
>> return rc;
>>
>> diff --git a/ndctl/keys.h b/ndctl/keys.h
>> index 03cb509e6404..9e77319c2ae6 100644
>> --- a/ndctl/keys.h
>> +++ b/ndctl/keys.h
>> @@ -25,7 +25,7 @@ int ndctl_dimm_setup_key(struct ndctl_dimm *dimm, const char *kek,
>> enum ndctl_key_type key_type);
>> int ndctl_dimm_update_key(struct ndctl_dimm *dimm, const char *kek,
>> enum ndctl_key_type key_type);
>> -int ndctl_dimm_remove_key(struct ndctl_dimm *dimm);
>> +int ndctl_dimm_remove_key(struct ndctl_dimm *dimm, enum ndctl_key_type key_type);
>> int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
>> enum ndctl_key_type key_type);
>> int ndctl_dimm_overwrite_key(struct ndctl_dimm *dimm);
>> @@ -47,7 +47,8 @@ static inline int ndctl_dimm_update_key(struct ndctl_dimm *dimm,
>> return -EOPNOTSUPP;
>> }
>>
>> -static inline int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
>> +static inline int ndctl_dimm_remove_key(struct ndctl_dimm *dimm,
>> + enum ndctl_key_type key_type)
>> {
>> return -EOPNOTSUPP;
>> }
>> diff --git a/ndctl/lib/dimm.c b/ndctl/lib/dimm.c
>> index 9e36e289dcc2..9936183af292 100644
>> --- a/ndctl/lib/dimm.c
>> +++ b/ndctl/lib/dimm.c
>> @@ -757,6 +757,15 @@ NDCTL_EXPORT int ndctl_dimm_disable_passphrase(struct ndctl_dimm *dimm,
>> return write_security(dimm, buf);
>> }
>>
>> +NDCTL_EXPORT int ndctl_dimm_disable_master_passphrase(struct ndctl_dimm *dimm,
>> + long key)
>> +{
>> + char buf[SYSFS_ATTR_SIZE];
>> +
>> + sprintf(buf, "disable_master %ld\n", key);
>> + return write_security(dimm, buf);
>> +}
>> +
>> NDCTL_EXPORT int ndctl_dimm_freeze_security(struct ndctl_dimm *dimm)
>> {
>> return write_security(dimm, "freeze");
>> diff --git a/ndctl/lib/libndctl.sym b/ndctl/lib/libndctl.sym
>> index f1f9edd4b6ff..c933163c0380 100644
>> --- a/ndctl/lib/libndctl.sym
>> +++ b/ndctl/lib/libndctl.sym
>> @@ -462,3 +462,7 @@ LIBNDCTL_26 {
>> LIBNDCTL_27 {
>> ndctl_dimm_refresh_flags;
>> } LIBNDCTL_26;
>> +
>> +LIBNDCTL_28 {
>> + ndctl_dimm_disable_master_passphrase;
>> +} LIBNDCTL_27;
>> diff --git a/ndctl/libndctl.h b/ndctl/libndctl.h
>> index 57cf93d8d151..c52e82a6f826 100644
>> --- a/ndctl/libndctl.h
>> +++ b/ndctl/libndctl.h
>> @@ -765,6 +765,7 @@ bool ndctl_dimm_security_is_frozen(struct ndctl_dimm *dimm);
>> int ndctl_dimm_update_passphrase(struct ndctl_dimm *dimm,
>> long ckey, long nkey);
>> int ndctl_dimm_disable_passphrase(struct ndctl_dimm *dimm, long key);
>> +int ndctl_dimm_disable_master_passphrase(struct ndctl_dimm *dimm, long key);
>> int ndctl_dimm_freeze_security(struct ndctl_dimm *dimm);
>> int ndctl_dimm_secure_erase(struct ndctl_dimm *dimm, long key);
>> int ndctl_dimm_overwrite(struct ndctl_dimm *dimm, long key);
>> diff --git a/ndctl/ndctl.c b/ndctl/ndctl.c
>> index 31d2c5e35939..eebcaf7aa915 100644
>> --- a/ndctl/ndctl.c
>> +++ b/ndctl/ndctl.c
>> @@ -84,6 +84,7 @@ static struct cmd_struct commands[] = {
>> { "setup-passphrase", { cmd_setup_passphrase } },
>> { "update-passphrase", { cmd_update_passphrase } },
>> { "remove-passphrase", { cmd_remove_passphrase } },
>> + { "remove-master-passphrase", { cmd_remove_master_passphrase } },
>> { "freeze-security", { cmd_freeze_security } },
>> { "sanitize-dimm", { cmd_sanitize_dimm } },
>> #ifdef ENABLE_KEYUTILS
>>
>>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-12-07 23:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-21 20:58 [PATCH] ndctl: create disable master passphrase support Dave Jiang
2022-12-07 21:26 ` Verma, Vishal L
2022-12-07 23:32 ` Dave Jiang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).