From: David Howells <dhowells@redhat.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: alison.schofield@intel.com, keescook@chromium.org,
linux-nvdimm@lists.01.org, dhowells@redhat.com,
keyrings@vger.kernel.org
Subject: Re: [PATCH v5 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms
Date: Thu, 02 Aug 2018 12:07:00 +0100 [thread overview]
Message-ID: <13701.1533208020@warthog.procyon.org.uk> (raw)
In-Reply-To: <7f826777-c9bd-d602-a8d5-613adc6b4a94@intel.com>
Dave Jiang <dave.jiang@intel.com> wrote:
> New:
> 1. userspace inject key into kernel keyring
I presume this step is what you do to use the nvdimm? If so, this can use
request_key() and then splice the key across to the kernel keyring.
> 2. userspace triggers update with new key id and old key id
> 3. kernel looks up keys with key-id in kernel
> 4. kernel tries to update with hardware
> 5. on success kernel accepts new key (or update old key payload)
... and splices the key into the kernel keyring.
> Also, unlock right now basically is a request-key to userspace to retrieve
> the key before we unlock. If we go the other way it sounds like we need to
> inject all the keys from userspace first before unlock can happen?
No, you'd still use request_key() for that.
It's the change-password event that I'm suggesting you should use two
explicitly nominated keys for.
> I do think associating with the current key id with the nvdimm object
> can make things a lot easier and I can just do key_lookup() instead of
> calling request_key().
You shouldn't be using key_lookup().
> What about:
> 1. user triggers update through sysfs
> 2. kernel fetches old key with key-id that's associated with the nvdimm
> object from keyring
You can do that. You'd use key_search() for that.
> 3. kernel request_key from userspace for new key
This bit I quibble with. I think you should specify it to make sure that you
get the password you intended and don't pick something else up by accident.
> 4. kernel sends both payloads to hardware to attempt update
> 5. on success kernel invalidates old key and updates key-id associated
> with the nvdimm object
I think you should just link the new key across. It should have the same
description as the old key to the kernel keyring. This would displace the
old key automatically.
> ... lookup the key via key-id ...
You shouldn't use key IDs within the kernel, except at the UAPI boundary. You
should be using the key description as the handle - and, in this case, it
should be an identifier you can match uniquely within the system with the
particular nvdimm.
David
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2018-08-02 11:07 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-17 20:54 [PATCH v5 00/12] Adding security support for nvdimm Dave Jiang
2018-07-17 20:54 ` [PATCH v5 01/12] nfit: add support for Intel DSM 1.7 commands Dave Jiang
2018-07-18 17:02 ` Elliott, Robert (Persistent Memory)
2018-07-17 20:54 ` [PATCH v5 02/12] libnvdimm: create keyring to store security keys Dave Jiang
2018-07-17 23:56 ` Eric Biggers
2018-07-17 20:54 ` [PATCH v5 03/12] nfit/libnvdimm: store dimm id as a member to struct nvdimm Dave Jiang
2018-07-18 15:40 ` Elliott, Robert (Persistent Memory)
2018-07-18 15:49 ` Dave Jiang
2018-07-17 20:54 ` [PATCH v5 04/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-07-18 0:00 ` Eric Biggers
2018-07-17 20:54 ` [PATCH v5 05/12] keys: add call key_put_sync() to flush key_gc_work when doing a key_put() Dave Jiang
2018-07-17 23:53 ` Eric Biggers
2018-07-17 23:58 ` Dave Jiang
2018-07-17 20:54 ` [PATCH v5 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms Dave Jiang
2018-07-17 20:54 ` [PATCH v5 07/12] nfit/libnvdimm: add disable passphrase support to Intel nvdimm Dave Jiang
2018-07-17 20:54 ` [PATCH v5 08/12] nfit/libnvdimm: add freeze security " Dave Jiang
2018-07-17 20:54 ` [PATCH v5 09/12] nfit/libnvdimm: add support for issue secure erase DSM " Dave Jiang
2018-07-18 17:27 ` Elliott, Robert (Persistent Memory)
2018-07-18 17:41 ` Dave Jiang
2018-07-19 1:43 ` Elliott, Robert (Persistent Memory)
2018-07-19 6:09 ` Li, Juston
2018-07-19 20:06 ` Dave Jiang
2018-07-17 20:55 ` [PATCH v5 10/12] nfit_test: add context to dimm_dev for nfit_test Dave Jiang
2018-07-17 20:55 ` [PATCH v5 11/12] nfit_test: add test support for Intel nvdimm security DSMs Dave Jiang
2018-07-17 20:55 ` [PATCH v5 12/12] libnvdimm: add documentation for nvdimm security support Dave Jiang
2018-07-17 23:26 ` [PATCH v5 00/12] Adding security support for nvdimm Eric Biggers
2018-07-17 23:37 ` Dave Jiang
2018-07-18 10:40 ` [PATCH v5 05/12] keys: add call key_put_sync() to flush key_gc_work when doing a key_put() David Howells
2018-07-18 10:50 ` [PATCH v5 02/12] libnvdimm: create keyring to store security keys David Howells
2018-07-18 19:40 ` Dave Jiang
2018-07-18 20:38 ` David Howells
2018-07-18 11:14 ` [PATCH v5 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms David Howells
2018-07-18 16:05 ` Dave Jiang
2018-07-18 19:47 ` Dave Jiang
2018-07-18 20:41 ` David Howells
2018-07-18 20:47 ` Dave Jiang
2018-07-19 0:28 ` Dave Jiang
2018-07-19 8:22 ` David Howells
2018-07-19 21:28 ` Dave Jiang
2018-07-20 0:04 ` Dave Jiang
2018-07-20 15:40 ` David Howells
2018-07-20 16:40 ` Dave Jiang
2018-08-02 11:07 ` David Howells [this message]
2018-07-18 11:17 ` [PATCH v5 05/12] keys: add call key_put_sync() to flush key_gc_work when doing a key_put() David Howells
2018-07-18 11:20 ` [PATCH v5 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=13701.1533208020@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=alison.schofield@intel.com \
--cc=dave.jiang@intel.com \
--cc=keescook@chromium.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).