nvdimm.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Dan Williams <dan.j.williams@intel.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: "Schofield, Alison" <alison.schofield@intel.com>,
	Kees Cook <keescook@chromium.org>,
	linux-nvdimm <linux-nvdimm@lists.01.org>,
	Eric Biggers <ebiggers3@gmail.com>,
	David Howells <dhowells@redhat.com>,
	keyrings@vger.kernel.org
Subject: Re: [PATCH v9 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms
Date: Tue, 25 Sep 2018 17:42:31 -0700	[thread overview]
Message-ID: <CAPcyv4gVAvM3CPd7Z=AzuFK79RLC139F9xAvZ4G-SKLL8uEmpA@mail.gmail.com> (raw)
In-Reply-To: <153791869908.70158.3791301656095148670.stgit@djiang5-desk3.ch.intel.com>

On Tue, Sep 25, 2018 at 4:39 PM Dave Jiang <dave.jiang@intel.com> wrote:
>
> Add support for setting and/or updating passphrase on the Intel nvdimms.
> The passphrase is pulled from userspace through the kernel key management.
> We trigger the update via writing "update <old_keyid> <new_keyid>" to the
> sysfs attribute "security". If no <old_keyid> exists (for enabling security)
> then a 0 should be used. The state of the security can also be read via the
> "security" attribute. libnvdimm will generically support the key_change
> API call.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
[..]
> diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c
> index b7e22e6b80db..e915e6de6c12 100644
> --- a/drivers/nvdimm/dimm_devs.c
> +++ b/drivers/nvdimm/dimm_devs.c
[..]
> +#define SEC_CMD_SIZE 128
> +static ssize_t security_store(struct device *dev,
> +               struct device_attribute *attr, const char *buf, size_t len)
> +
> +{
> +       struct nvdimm *nvdimm = to_nvdimm(dev);
> +       struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
> +       ssize_t rc = -EINVAL;
> +       unsigned int new_key = 0, old_key = 0;
> +       char cmd[SEC_CMD_SIZE];
> +
> +       if (len > SEC_CMD_SIZE)
> +               return -EINVAL;
> +
> +        wait_nvdimm_bus_probe_idle(&nvdimm_bus->dev);
> +        if (atomic_read(&nvdimm->busy))
> +                return -EBUSY;
> +
> +       sscanf(buf, "%s %u %u", cmd, &old_key, &new_key);
> +       if (strcmp(cmd, "update") == 0) {

Please use sysfs_streq() here to catch garbage at the end of the string.
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

  reply	other threads:[~2018-09-26  0:42 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-25 23:37 [PATCH v9 00/12] Adding security support for nvdimm Dave Jiang
2018-09-25 23:37 ` [PATCH v9 01/12] nfit: add support for Intel DSM 1.7 commands Dave Jiang
2018-09-25 23:37 ` [PATCH v9 02/12] libnvdimm: create keyring to store security keys Dave Jiang
2018-09-25 23:38 ` [PATCH v9 03/12] nfit/libnvdimm: store dimm id as a member to struct nvdimm Dave Jiang
2018-09-25 23:38 ` [PATCH v9 04/12] keys: export lookup_user_key to external users Dave Jiang
2018-09-25 23:38 ` [PATCH v9 05/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-09-26  0:33   ` Dan Williams
2018-09-25 23:38 ` [PATCH v9 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms Dave Jiang
2018-09-26  0:42   ` Dan Williams [this message]
2018-09-25 23:38 ` [PATCH v9 07/12] nfit/libnvdimm: add disable passphrase support to Intel nvdimm Dave Jiang
2018-09-25 23:38 ` [PATCH v9 08/12] nfit/libnvdimm: add freeze security " Dave Jiang
2018-09-25 23:38 ` [PATCH v9 09/12] nfit/libnvdimm: add support for issue secure erase DSM " Dave Jiang
2018-09-26  1:04   ` Dan Williams
2018-09-25 23:38 ` [PATCH v9 10/12] nfit_test: add context to dimm_dev for nfit_test Dave Jiang
2018-09-25 23:38 ` [PATCH v9 11/12] nfit_test: add test support for Intel nvdimm security DSMs Dave Jiang
2018-09-25 23:38 ` [PATCH v9 12/12] libnvdimm: add documentation for nvdimm security support Dave Jiang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPcyv4gVAvM3CPd7Z=AzuFK79RLC139F9xAvZ4G-SKLL8uEmpA@mail.gmail.com' \
    --to=dan.j.williams@intel.com \
    --cc=alison.schofield@intel.com \
    --cc=dave.jiang@intel.com \
    --cc=dhowells@redhat.com \
    --cc=ebiggers3@gmail.com \
    --cc=keescook@chromium.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-nvdimm@lists.01.org \
    --subject='Re: [PATCH v9 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).