From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 26D52211963E1 for ; Fri, 30 Nov 2018 13:34:04 -0800 (PST) Subject: [PATCH v5 07/12] ndctl: setup modprobe rules From: Dave Jiang Date: Fri, 30 Nov 2018 14:34:03 -0700 Message-ID: <154361364349.6129.8773626009759872130.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <154361315118.6129.3346352930852675435.stgit@djiang5-desk3.ch.intel.com> References: <154361315118.6129.3346352930852675435.stgit@djiang5-desk3.ch.intel.com> MIME-Version: 1.0 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" To: dan.j.williams@intel.com, vishal.l.verma@intel.com Cc: linux-nvdimm@lists.01.org List-ID: Adding reference config file for modprobe.d in order to trigger the reference script that will inject keys associated with the nvdimms into the kernel user ring for unlock. Signed-off-by: Dave Jiang --- Makefile.am | 10 ++++++++++ contrib/ndctl-loadkeys.sh | 24 ++++++++++++++++++++++++ contrib/nvdimm_modprobe.conf | 1 + 3 files changed, 35 insertions(+) create mode 100755 contrib/ndctl-loadkeys.sh create mode 100644 contrib/nvdimm_modprobe.conf diff --git a/Makefile.am b/Makefile.am index e0c463a3..5a3f03aa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -42,6 +42,16 @@ bashcompletiondir = $(BASH_COMPLETION_DIR) dist_bashcompletion_DATA = contrib/ndctl endif +load_key_file = contrib/ndctl-loadkeys.sh +load_keydir = $(sysconfdir)/ndctl/ +load_key_DATA = $(load_key_file) +EXTRA_DIST += $(load_key_file) + +modprobe_file = contrib/nvdimm_modprobe.conf +modprobedir = $(sysconfdir)/modprobe.d/ +modprobe_DATA = $(modprobe_file) +EXTRA_DIST += $(modprobe_file) + noinst_LIBRARIES = libccan.a libccan_a_SOURCES = \ ccan/str/str.h \ diff --git a/contrib/ndctl-loadkeys.sh b/contrib/ndctl-loadkeys.sh new file mode 100755 index 00000000..75ad3562 --- /dev/null +++ b/contrib/ndctl-loadkeys.sh @@ -0,0 +1,24 @@ +#!/bin/bash -Ex + +# This script assumes a single master key for all DIMMs + +KEY_PATH=/etc/ndctl/keys +TPMH_PATH=$KEY_PATH/tpm.handle +KEYTPE="" +TPM_HANDLE="" +id="" + +if [ -f $TPMH_PATH ]; then + KEYTYPE=trusted + TPM_HANDLE="keyhandle=`cat $TPMH_PATH`" +else + KEYTYPE=user +fi + +keyctl show | grep -q nvdimm_master || keyctl add $KEYTYPE nvdimm-master "load `cat $KEY_PATH/nvdimm-master.blob` $TPM_HANDLE" @u > /dev/null + +for i in `ls -1 $KEY_PATH/nvdimm_*.blob`; +do + id=`echo $i | cut -d'_' -f2` + keyctl add encrypted nvdimm:$id "load `cat $i`" @u +done diff --git a/contrib/nvdimm_modprobe.conf b/contrib/nvdimm_modprobe.conf new file mode 100644 index 00000000..291c70a0 --- /dev/null +++ b/contrib/nvdimm_modprobe.conf @@ -0,0 +1 @@ +install libnvdimm /usr/sbin/ndctl-loadkeys.sh ; /sbin/modprobe libnvdimm $CMDLINE_OPTS _______________________________________________ Linux-nvdimm mailing list Linux-nvdimm@lists.01.org https://lists.01.org/mailman/listinfo/linux-nvdimm