From: David Howells <dhowells@redhat.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: alison.schofield@intel.com, keescook@chromium.org,
linux-nvdimm@lists.01.org, ebiggers3@gmail.com,
dhowells@redhat.com, keyrings@vger.kernel.org
Subject: Re: [PATCH v8 05/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs
Date: Sat, 22 Sep 2018 00:20:50 +0100 [thread overview]
Message-ID: <17433.1537572050@warthog.procyon.org.uk> (raw)
In-Reply-To: <153549646600.4089.2626014553500613547.stgit@djiang5-desk3.ch.intel.com>
Dave Jiang <dave.jiang@intel.com> wrote:
> + depends on KEYS
That needs to be in patch 2 where you create a keyring.
> + char desc[NVDIMM_KEY_DESC_LEN + strlen(NVDIMM_PREFIX)];
You should be using sizeof() not strlen() and do you need + 1 for the NUL
char?
> + sprintf(desc, "%s%s", NVDIMM_PREFIX, nvdimm->dimm_id);
NVDIMM_PREFIX is a constant string. I would recommend either declaring it as
a const char[] or just sticking it in the format string in place of the %s:
sprintf(desc, NVDIMM_PREFIX "%s", nvdimm->dimm_id);
> + if (!cached_key) {
> + key_link(nvdimm_keyring, key);
> + nvdimm->key = key;
> + key->perm |= KEY_USR_SEARCH;
> + }
Ummm... You're altering the key permission? That's not really yours to
change.
> +static int nvdimm_check_key_len(unsigned short len, bool update)
> +{
> + if (len == (NVDIMM_PASSPHRASE_LEN * 2) && update)
> + return 0;
In the cover you said:
- Modified "update" to take two key ids and and use lookup_user_key()
in order to improve security. (David)
is this a holdover?
David
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2018-09-21 23:20 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-28 22:47 [PATCH v8 00/12] Adding security support for nvdimm Dave Jiang
2018-08-28 22:47 ` [PATCH v8 01/12] nfit: add support for Intel DSM 1.7 commands Dave Jiang
2018-08-28 22:47 ` [PATCH v8 02/12] libnvdimm: create keyring to store security keys Dave Jiang
2018-09-22 0:19 ` Dan Williams
2018-09-24 21:04 ` David Howells
2018-09-24 21:12 ` Dave Jiang
2018-08-28 22:47 ` [PATCH v8 03/12] nfit/libnvdimm: store dimm id as a member to struct nvdimm Dave Jiang
2018-08-28 22:47 ` [PATCH v8 04/12] keys: export lookup_user_key to external users Dave Jiang
2018-09-21 21:59 ` Dan Williams
2018-09-21 22:02 ` Dave Jiang
2018-09-21 23:05 ` David Howells
2018-08-28 22:47 ` [PATCH v8 05/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-09-23 0:10 ` Dan Williams
2018-08-28 22:47 ` [PATCH v8 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms Dave Jiang
2018-08-28 22:47 ` [PATCH v8 07/12] nfit/libnvdimm: add disable passphrase support to Intel nvdimm Dave Jiang
2018-08-28 22:48 ` [PATCH v8 08/12] nfit/libnvdimm: add freeze security " Dave Jiang
2018-08-28 22:48 ` [PATCH v8 09/12] nfit/libnvdimm: add support for issue secure erase DSM " Dave Jiang
2018-08-28 22:48 ` [PATCH v8 10/12] nfit_test: add context to dimm_dev for nfit_test Dave Jiang
2018-08-28 22:48 ` [PATCH v8 11/12] nfit_test: add test support for Intel nvdimm security DSMs Dave Jiang
2018-08-28 22:48 ` [PATCH v8 12/12] libnvdimm: add documentation for nvdimm security support Dave Jiang
2018-09-21 23:07 ` [PATCH v8 02/12] libnvdimm: create keyring to store security keys David Howells
2018-09-21 23:20 ` David Howells [this message]
2018-09-21 23:27 ` [PATCH v8 05/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-09-21 23:51 ` Dan Williams
2018-09-21 23:57 ` [PATCH v8 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms David Howells
2018-09-22 0:25 ` Dave Jiang
2018-09-22 1:26 ` Dan Williams
2018-09-22 0:01 ` [PATCH v8 04/12] keys: export lookup_user_key to external users David Howells
2018-09-24 21:02 ` [PATCH v8 02/12] libnvdimm: create keyring to store security keys David Howells
2018-09-24 21:15 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=17433.1537572050@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=alison.schofield@intel.com \
--cc=dave.jiang@intel.com \
--cc=ebiggers3@gmail.com \
--cc=keescook@chromium.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).