From: Dave Jiang <dave.jiang@intel.com>
To: dan.j.williams@intel.com, vishal.l.verma@intel.com
Cc: linux-nvdimm@lists.01.org
Subject: [PATCH v5 01/12] ndctl: add support for display security state
Date: Fri, 30 Nov 2018 14:33:30 -0700 [thread overview]
Message-ID: <154361361077.6129.2692055853938395877.stgit@djiang5-desk3.ch.intel.com> (raw)
In-Reply-To: <154361315118.6129.3346352930852675435.stgit@djiang5-desk3.ch.intel.com>
Adding libndctl API call for retrieving security state for a DIMM and also
adding support to ndctl list for displaying security state.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
Documentation/ndctl/ndctl-list.txt | 8 ++++++++
ndctl/lib/dimm.c | 37 ++++++++++++++++++++++++++++++++++++
ndctl/lib/libndctl.sym | 5 +++++
ndctl/libndctl.h | 13 +++++++++++++
util/json.c | 31 ++++++++++++++++++++++++++++++
5 files changed, 94 insertions(+)
diff --git a/Documentation/ndctl/ndctl-list.txt b/Documentation/ndctl/ndctl-list.txt
index e24c8f40..bdd69add 100644
--- a/Documentation/ndctl/ndctl-list.txt
+++ b/Documentation/ndctl/ndctl-list.txt
@@ -98,6 +98,14 @@ include::xable-region-options.txt[]
-D::
--dimms::
Include dimm info in the listing
+[verse]
+{
+ "dev":"nmem0",
+ "id":"cdab-0a-07e0-ffffffff",
+ "handle":0,
+ "phys_id":0,
+ "security:":"disabled"
+}
-H::
--health::
diff --git a/ndctl/lib/dimm.c b/ndctl/lib/dimm.c
index 5e41734d..cd2895c9 100644
--- a/ndctl/lib/dimm.c
+++ b/ndctl/lib/dimm.c
@@ -583,3 +583,40 @@ NDCTL_EXPORT unsigned long ndctl_dimm_get_available_labels(
return strtoul(buf, NULL, 0);
}
+
+NDCTL_EXPORT int ndctl_dimm_get_security(struct ndctl_dimm *dimm,
+ enum nd_security_state *state)
+{
+ struct ndctl_ctx *ctx = ndctl_dimm_get_ctx(dimm);
+ char *path = dimm->dimm_buf;
+ int len = dimm->buf_len;
+ char buf[64];
+ int rc;
+
+ if (snprintf(path, len, "%s/security", dimm->dimm_path) >= len) {
+ err(ctx, "%s: buffer too small!\n",
+ ndctl_dimm_get_devname(dimm));
+ return -ERANGE;
+ }
+
+ rc = sysfs_read_attr(ctx, path, buf);
+ if (rc < 0)
+ return rc;
+
+ if (strcmp(buf, "unsupported") == 0)
+ *state = ND_SECURITY_UNSUPPORTED;
+ else if (strcmp(buf, "disabled") == 0)
+ *state = ND_SECURITY_DISABLED;
+ else if (strcmp(buf, "unlocked") == 0)
+ *state = ND_SECURITY_UNLOCKED;
+ else if (strcmp(buf, "locked") == 0)
+ *state = ND_SECURITY_LOCKED;
+ else if (strcmp(buf, "frozen") == 0)
+ *state = ND_SECURITY_FROZEN;
+ else if (strcmp(buf, "overwrite") == 0)
+ *state = ND_SECURITY_OVERWRITE;
+ else
+ *state = ND_SECURITY_INVALID;
+
+ return 0;
+}
diff --git a/ndctl/lib/libndctl.sym b/ndctl/lib/libndctl.sym
index 6c4c8b4d..1bd63fa1 100644
--- a/ndctl/lib/libndctl.sym
+++ b/ndctl/lib/libndctl.sym
@@ -385,3 +385,8 @@ global:
ndctl_namespace_get_next_badblock;
ndctl_dimm_get_dirty_shutdown;
} LIBNDCTL_17;
+
+LIBNDCTL_19 {
+global:
+ ndctl_dimm_get_security;
+} LIBNDCTL_18;
diff --git a/ndctl/libndctl.h b/ndctl/libndctl.h
index 62cef9e8..a9f9167a 100644
--- a/ndctl/libndctl.h
+++ b/ndctl/libndctl.h
@@ -681,6 +681,19 @@ enum ND_FW_STATUS ndctl_cmd_fw_xlat_firmware_status(struct ndctl_cmd *cmd);
struct ndctl_cmd *ndctl_dimm_cmd_new_ack_shutdown_count(struct ndctl_dimm *dimm);
int ndctl_dimm_fw_update_supported(struct ndctl_dimm *dimm);
+enum nd_security_state {
+ ND_SECURITY_INVALID = -1,
+ ND_SECURITY_UNSUPPORTED = 0,
+ ND_SECURITY_DISABLED,
+ ND_SECURITY_UNLOCKED,
+ ND_SECURITY_LOCKED,
+ ND_SECURITY_FROZEN,
+ ND_SECURITY_OVERWRITE,
+};
+
+int ndctl_dimm_get_security(struct ndctl_dimm *dimm,
+ enum nd_security_state *sstate);
+
#ifdef __cplusplus
} /* extern "C" */
#endif
diff --git a/util/json.c b/util/json.c
index 5c3424e2..e3b9e72e 100644
--- a/util/json.c
+++ b/util/json.c
@@ -164,6 +164,7 @@ struct json_object *util_dimm_to_json(struct ndctl_dimm *dimm,
unsigned int handle = ndctl_dimm_get_handle(dimm);
unsigned short phys_id = ndctl_dimm_get_phys_id(dimm);
struct json_object *jobj;
+ enum nd_security_state sstate;
if (!jdimm)
return NULL;
@@ -243,6 +244,36 @@ struct json_object *util_dimm_to_json(struct ndctl_dimm *dimm,
json_object_object_add(jdimm, "flag_smart_event", jobj);
}
+ if (ndctl_dimm_get_security(dimm, &sstate) == 0) {
+ switch (sstate) {
+ case ND_SECURITY_UNSUPPORTED:
+ jobj = json_object_new_string("unsupported");
+ break;
+ case ND_SECURITY_DISABLED:
+ jobj = json_object_new_string("disabled");
+ break;
+ case ND_SECURITY_UNLOCKED:
+ jobj = json_object_new_string("unlocked");
+ break;
+ case ND_SECURITY_LOCKED:
+ jobj = json_object_new_string("locked");
+ break;
+ case ND_SECURITY_FROZEN:
+ jobj = json_object_new_string("frozen");
+ break;
+ case ND_SECURITY_OVERWRITE:
+ jobj = json_object_new_string("overwrite");
+ break;
+ case ND_SECURITY_INVALID:
+ default:
+ jobj = json_object_new_string("invalid");
+ break;
+ }
+ if (!jobj)
+ goto err;
+ json_object_object_add(jdimm, "security", jobj);
+ }
+
return jdimm;
err:
json_object_put(jdimm);
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2018-11-30 21:33 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-30 21:33 [PATCH v5 00/12] ndctl: add security support Dave Jiang
2018-11-30 21:33 ` Dave Jiang [this message]
2018-11-30 21:33 ` [PATCH v5 02/12] ndctl: add passphrase update to ndctl Dave Jiang
2018-11-30 21:33 ` [PATCH v5 03/12] ndctl: add disable security support Dave Jiang
2018-11-30 21:33 ` [PATCH v5 04/12] ndctl: add support for freeze security Dave Jiang
2018-11-30 21:33 ` [PATCH v5 05/12] ndctl: add support for sanitize dimm Dave Jiang
2018-11-30 21:33 ` [PATCH v5 06/12] ndctl: add unit test for security ops (minus overwrite) Dave Jiang
2018-11-30 21:34 ` [PATCH v5 07/12] ndctl: setup modprobe rules Dave Jiang
2018-11-30 21:34 ` [PATCH v5 08/12] ndctl: add overwrite operation support Dave Jiang
2018-11-30 21:34 ` [PATCH v5 09/12] ndctl: add overwrite-wait support Dave Jiang
2018-11-30 21:34 ` [PATCH v5 10/12] ndctl: master phassphrase management support Dave Jiang
2018-11-30 21:34 ` [PATCH v5 11/12] ndctl: add master secure erase support Dave Jiang
2018-11-30 21:34 ` [PATCH v5 12/12] ndctl: documentation for security and key management Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=154361361077.6129.2692055853938395877.stgit@djiang5-desk3.ch.intel.com \
--to=dave.jiang@intel.com \
--cc=dan.j.williams@intel.com \
--cc=linux-nvdimm@lists.01.org \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).