From: Dave Jiang <dave.jiang@intel.com>
To: dan.j.williams@intel.com
Cc: linux-nvdimm@lists.01.org
Subject: [PATCH v2 4/4] libnvdimm: address state where dimm is unlocked in preOS
Date: Fri, 12 Oct 2018 13:40:10 -0700 [thread overview]
Message-ID: <153937681048.70378.10708098545828426905.stgit@djiang5-desk3.ch.intel.com> (raw)
In-Reply-To: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com>
When the nvdimm security state is unlocked during unlock, we will do a
request_key() and verify the key against the hardware. If we fail, we
will freeze the security configuration.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
drivers/nvdimm/security.c | 55 +++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 53 insertions(+), 2 deletions(-)
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index eb778667cd93..3a905c58a935 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -245,6 +245,42 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid)
return rc;
}
+static int nvdimm_self_verify_key(struct nvdimm *nvdimm)
+{
+ struct key *key;
+ struct user_key_payload *payload;
+ void *data;
+ int rc;
+
+ lockdep_assert_held(&nvdimm->key_mutex);
+
+ key = nvdimm_request_key(nvdimm);
+ if (!key)
+ return -ENOKEY;
+
+ if (key->datalen != NVDIMM_PASSPHRASE_LEN) {
+ key_put(key);
+ return -EINVAL;
+ }
+
+ down_read(&key->sem);
+ payload = key->payload.data[0];
+ data = payload->data;
+
+ /*
+ * We send the same key to the hardware as new and old key to
+ * verify that the key is good.
+ */
+ rc = nvdimm->security_ops->change_key(nvdimm, data, data);
+ if (rc < 0) {
+ key_put(key);
+ return rc;
+ }
+ up_read(&key->sem);
+ nvdimm->key = key;
+ return 0;
+}
+
int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm)
{
struct key *key;
@@ -255,12 +291,27 @@ int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm)
if (!nvdimm->security_ops)
return 0;
- if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED ||
- nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED ||
+ if (nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED ||
nvdimm->state == NVDIMM_SECURITY_DISABLED)
return 0;
mutex_lock(&nvdimm->key_mutex);
+ /*
+ * If the pre-OS has unlocked the DIMM, we will attempt to send
+ * the key from request_key() to the hardware for verification.
+ * If we are not able to verify the key against the hardware we
+ * will freeze the security configuration. This will prevent any
+ * other security operations.
+ */
+ if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED) {
+ rc = nvdimm_self_verify_key(nvdimm);
+ if (rc < 0) {
+ rc = nvdimm_security_freeze_lock(nvdimm);
+ mutex_unlock(&nvdimm->key_mutex);
+ return rc;
+ }
+ }
+
key = nvdimm->key;
if (!key) {
key = nvdimm_request_key(nvdimm);
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2018-10-12 20:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-12 20:39 [PATCH v2 0/4] misc patches for nvdimm security fixes Dave Jiang
2018-10-12 20:39 ` [PATCH v2 1/4] libnvdimm: fix updating of kernel key during nvdimm key update Dave Jiang
2018-10-12 20:39 ` [PATCH v2 2/4] libnvdimm: fix incorrect output when nvdimm disable failed Dave Jiang
2018-10-12 20:40 ` [PATCH v2 3/4] libnvdimm: remove code to pull user key when there's no kernel key Dave Jiang
2018-10-12 20:40 ` Dave Jiang [this message]
2018-10-12 23:26 ` [PATCH v2 0/4] misc patches for nvdimm security fixes Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=153937681048.70378.10708098545828426905.stgit@djiang5-desk3.ch.intel.com \
--to=dave.jiang@intel.com \
--cc=dan.j.williams@intel.com \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).