From: Dan Williams <dan.j.williams@intel.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: linux-nvdimm <linux-nvdimm@lists.01.org>
Subject: Re: [PATCH v4 5/7] ndctl: add support for sanitize dimm
Date: Mon, 15 Oct 2018 18:25:09 -0700 [thread overview]
Message-ID: <CAPcyv4j0Si4_Ud4o43Cbjfo-3_uPmockMvqBUpVTupySV5c1Ew@mail.gmail.com> (raw)
In-Reply-To: <153938334276.20740.14352246357588427406.stgit@djiang5-desk3.ch.intel.com>
On Fri, Oct 12, 2018 at 3:29 PM Dave Jiang <dave.jiang@intel.com> wrote:
>
> Add support to secure erase to libndctl and also command line option
> of "sanitize" for ndctl. This will initiate the request to crypto
> erase a DIMM. ndctl does not actually handle the verification of the
> security. That is handled by the kernel and the key upcall mechanism.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> ---
> Documentation/ndctl/Makefile.am | 3 +
> Documentation/ndctl/ndctl-sanitize.txt | 52 ++++++++++++++++++++++++
> builtin.h | 1
> ndctl/dimm.c | 70 ++++++++++++++++++++++++++++++++
> ndctl/lib/dimm.c | 9 ++++
> ndctl/lib/libndctl.sym | 1
> ndctl/libndctl.h | 1
> ndctl/ndctl.c | 1
> 8 files changed, 137 insertions(+), 1 deletion(-)
> create mode 100644 Documentation/ndctl/ndctl-sanitize.txt
>
> diff --git a/Documentation/ndctl/Makefile.am b/Documentation/ndctl/Makefile.am
> index 3a761ba0..8c171ecb 100644
> --- a/Documentation/ndctl/Makefile.am
> +++ b/Documentation/ndctl/Makefile.am
> @@ -50,7 +50,8 @@ man1_MANS = \
> ndctl-monitor.1 \
> ndctl-update-security.1 \
> ndctl-disable-security.1 \
> - ndctl-freeze-security.1
> + ndctl-freeze-security.1 \
> + ndctl-sanitize.1
>
> CLEANFILES = $(man1_MANS)
>
> diff --git a/Documentation/ndctl/ndctl-sanitize.txt b/Documentation/ndctl/ndctl-sanitize.txt
> new file mode 100644
> index 00000000..a02b4b31
> --- /dev/null
> +++ b/Documentation/ndctl/ndctl-sanitize.txt
> @@ -0,0 +1,52 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +ndctl-sanitize(1)
> +=================
> +
> +NAME
> +----
> +ndctl-sanitize - sanitize the data on the NVDIMM
> +
> +SYNOPSIS
> +--------
> +[verse]
> +'ndctl sanitize' <dimm> [<options>]
Lets call it secure-erase-dimm since to leave room for per-namespace
security commands in the future.
> +DESCRIPTION
> +-----------
> +Provide a generic interface to crypto erase a NVDIMM.
> +The use of this depends on support from the underlying
> +libndctl, kernel, as well as the platform itself.
Similar comment about dependencies as patch 2 I think it goes without saying.
> +
> +For the reference passphrase setup, /etc/nvdimm.passwd is read for passphrase
> +retrieval:
> +
> +The nvdimm.passwd is formatted as:
> +<description id>:<passphrase with padded 0 to 32bytes>
> +cdab-0a-07e0-feffffff:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> +
> +OPTIONS
> +-------
> +<dimm>::
> +include::xable-dimm-options.txt[]
> +
> +-m::
> +--method::
> + The method for sanitizing the dimm content.
> +
> + crypto-erase: replaces encryption keys. This does not change label data.
I assume this is to differentiate secure-erase vs overwrite? Given
overwrite is such an odd mechanism that needs to be monitored for
completion I'd put that off in its own command.
> +
> +-i::
> +--insecure::
> + Using the default reference support to parse the nvdimm passphrase
> + file, inject the key, and initiate disable operation. This is labeled
> + as insecure as it just provides a reference to how to inject keys
> + for the nvdimm. The passphrase is in clear text and is not considered
> + as secure as it can be.
> +
> +-e::
> +--exec::
> + The external binary module that would inject the passphrase and
> + initiate the disable operation. Use this or -i, not both.
Same comments about taking key material over stdio.
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2018-10-16 1:25 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-12 22:28 [PATCH v4 0/7] ndctl: add security support Dave Jiang
2018-10-12 22:28 ` [PATCH v4 1/7] ndctl: add support for display security state Dave Jiang
2018-10-13 17:57 ` Dan Williams
2018-10-15 22:12 ` Dan Williams
2018-10-12 22:28 ` [PATCH v4 2/7] ndctl: add update to security support Dave Jiang
2018-10-16 0:59 ` Dan Williams
2018-10-12 22:28 ` [PATCH v4 3/7] ndctl: add disable " Dave Jiang
2018-10-12 22:28 ` [PATCH v4 4/7] ndctl: add support for freeze security Dave Jiang
2018-10-12 22:29 ` [PATCH v4 5/7] ndctl: add support for sanitize dimm Dave Jiang
2018-10-16 1:25 ` Dan Williams [this message]
2018-10-12 22:29 ` [PATCH v4 6/7] ndctl: add request-key upcall reference app Dave Jiang
2018-10-16 3:06 ` Dan Williams
2018-10-12 22:29 ` [PATCH v4 7/7] ndctl: add unit test for security ops (minus overwrite) Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPcyv4j0Si4_Ud4o43Cbjfo-3_uPmockMvqBUpVTupySV5c1Ew@mail.gmail.com \
--to=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).