From: Dave Jiang <dave.jiang@intel.com>
To: linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev
Cc: dan.j.williams@intel.com, bwidawsk@kernel.org,
ira.weiny@intel.com, vishal.l.verma@intel.com,
alison.schofield@intel.com, dave@stgolabs.net
Subject: [PATCH RFC 04/15] cxl/pmem: Add "Set Passphrase" security command support
Date: Fri, 15 Jul 2022 14:08:55 -0700 [thread overview]
Message-ID: <165791933557.2491387.2141316283759403219.stgit@djiang5-desk3.ch.intel.com> (raw)
In-Reply-To: <165791918718.2491387.4203738301057301285.stgit@djiang5-desk3.ch.intel.com>
Create callback function to support the nvdimm_security_ops ->change_key()
callback. Translate the operation to send "Set Passphrase" security command
for CXL memory device. The operation supports setting a passphrase for the
CXL persistent memory device. It also supports the changing of the
currently set passphrase. The operation allows manipulation of a user
passphrase or a master passphrase.
See CXL 2.0 spec section 8.2.9.5.6.2 for reference.
However, the spec leaves a gap WRT master passphrase usages. The spec does
not define any ways to retrieve the status of if the support of master
passphrase is available for the device, nor does the commands that utilize
master passphrase will return a specific error that indicates master
passphrase is not supported. If using a device does not support master
passphrase and a command is issued with a master passphrase, the error
message returned by the device will be ambiguos.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
drivers/cxl/cxlmem.h | 14 ++++++++++++++
drivers/cxl/security.c | 27 +++++++++++++++++++++++++++
2 files changed, 41 insertions(+)
diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h
index 35de2889aac3..1e76d22f4fd2 100644
--- a/drivers/cxl/cxlmem.h
+++ b/drivers/cxl/cxlmem.h
@@ -251,6 +251,7 @@ enum cxl_opcode {
CXL_MBOX_OP_SCAN_MEDIA = 0x4304,
CXL_MBOX_OP_GET_SCAN_MEDIA = 0x4305,
CXL_MBOX_OP_GET_SECURITY_STATE = 0x4500,
+ CXL_MBOX_OP_SET_PASSPHRASE = 0x4501,
CXL_MBOX_OP_MAX = 0x10000
};
@@ -350,6 +351,19 @@ struct cxl_mem_command {
#define CXL_PMEM_SEC_STATE_USER_PLIMIT 0x10
#define CXL_PMEM_SEC_STATE_MASTER_PLIMIT 0x20
+/* set passphrase input payload */
+struct cxl_set_pass {
+ u8 type;
+ u8 reserved[31];
+ u8 old_pass[NVDIMM_PASSPHRASE_LEN];
+ u8 new_pass[NVDIMM_PASSPHRASE_LEN];
+} __packed;
+
+enum {
+ CXL_PMEM_SEC_PASS_MASTER = 0,
+ CXL_PMEM_SEC_PASS_USER,
+};
+
int cxl_mbox_send_cmd(struct cxl_dev_state *cxlds, u16 opcode, void *in,
size_t in_size, void *out, size_t out_size);
int cxl_dev_state_identify(struct cxl_dev_state *cxlds);
diff --git a/drivers/cxl/security.c b/drivers/cxl/security.c
index 5b830ae621db..76ec5087f966 100644
--- a/drivers/cxl/security.c
+++ b/drivers/cxl/security.c
@@ -50,8 +50,35 @@ static unsigned long cxl_pmem_get_security_flags(struct nvdimm *nvdimm,
return security_flags;
}
+static int cxl_pmem_security_change_key(struct nvdimm *nvdimm,
+ const struct nvdimm_key_data *old_data,
+ const struct nvdimm_key_data *new_data,
+ enum nvdimm_passphrase_type ptype)
+{
+ struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
+ struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
+ struct cxl_dev_state *cxlds = cxlmd->cxlds;
+ struct cxl_set_pass *set_pass;
+ int rc;
+
+ set_pass = kzalloc(sizeof(*set_pass), GFP_KERNEL);
+ if (!set_pass)
+ return -ENOMEM;
+
+ set_pass->type = ptype == NVDIMM_MASTER ?
+ CXL_PMEM_SEC_PASS_MASTER : CXL_PMEM_SEC_PASS_USER;
+ memcpy(set_pass->old_pass, old_data->data, NVDIMM_PASSPHRASE_LEN);
+ memcpy(set_pass->new_pass, new_data->data, NVDIMM_PASSPHRASE_LEN);
+
+ rc = cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_SET_PASSPHRASE,
+ set_pass, sizeof(*set_pass), NULL, 0);
+ kfree(set_pass);
+ return rc;
+}
+
static const struct nvdimm_security_ops __cxl_security_ops = {
.get_flags = cxl_pmem_get_security_flags,
+ .change_key = cxl_pmem_security_change_key,
};
const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops;
next prev parent reply other threads:[~2022-07-15 21:08 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-15 21:08 [PATCH RFC 00/15] Introduce security commands for CXL pmem device Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 01/15] cxl/pmem: Introduce nvdimm_security_ops with ->get_flags() operation Dave Jiang
2022-07-15 21:09 ` Davidlohr Bueso
2022-08-03 16:29 ` Jonathan Cameron
2022-07-18 5:34 ` [PATCH RFC 1/15] " Davidlohr Bueso
2022-07-15 21:08 ` [PATCH RFC 02/15] tools/testing/cxl: Create context for cxl mock device Dave Jiang
2022-07-18 6:29 ` [PATCH RFC 2/15] " Davidlohr Bueso
2022-08-03 16:36 ` [PATCH RFC 02/15] " Jonathan Cameron
2022-08-09 20:30 ` Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 03/15] tools/testing/cxl: Add "Get Security State" opcode support Dave Jiang
2022-08-03 16:51 ` Jonathan Cameron
2022-07-15 21:08 ` Dave Jiang [this message]
2022-07-18 6:36 ` [PATCH RFC 4/15] cxl/pmem: Add "Set Passphrase" security command support Davidlohr Bueso
2022-07-19 18:55 ` Dave Jiang
2022-08-03 17:01 ` [PATCH RFC 04/15] " Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 05/15] tools/testing/cxl: Add "Set Passphrase" opcode support Dave Jiang
2022-08-03 17:15 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 06/15] cxl/pmem: Add Disable Passphrase security command support Dave Jiang
2022-08-03 17:21 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 07/15] tools/testing/cxl: Add "Disable" security opcode support Dave Jiang
2022-08-03 17:23 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 08/15] cxl/pmem: Add "Freeze Security State" security command support Dave Jiang
2022-08-03 17:23 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 09/15] tools/testing/cxl: Add "Freeze Security State" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 10/15] x86: add an arch helper function to invalidate all cache for nvdimm Dave Jiang
2022-07-18 5:30 ` Davidlohr Bueso
2022-07-19 19:07 ` Dave Jiang
2022-08-03 17:37 ` Jonathan Cameron
2022-08-03 17:37 ` Jonathan Cameron
2022-08-09 21:47 ` Dave Jiang
2022-08-09 21:47 ` Dave Jiang
2022-08-10 14:15 ` Mark Rutland
2022-08-10 14:15 ` Mark Rutland
2022-08-10 14:31 ` Eliot Moss
2022-08-10 14:31 ` Eliot Moss
2022-08-10 18:09 ` Mark Rutland
2022-08-10 18:09 ` Mark Rutland
2022-08-10 18:11 ` Eliot Moss
2022-08-10 18:11 ` Eliot Moss
2022-08-10 20:06 ` Dan Williams
2022-08-10 20:06 ` Dan Williams
2022-08-10 21:13 ` Davidlohr Bueso
2022-08-10 21:13 ` Davidlohr Bueso
2022-08-10 21:30 ` Dan Williams
2022-08-10 21:30 ` Dan Williams
2022-08-10 21:31 ` Davidlohr Bueso
2022-08-10 21:31 ` Davidlohr Bueso
2022-08-15 16:07 ` [PATCH] arch/cacheflush: Introduce flush_all_caches() Davidlohr Bueso
2022-08-15 16:07 ` Davidlohr Bueso
2022-08-16 9:01 ` Peter Zijlstra
2022-08-16 9:01 ` Peter Zijlstra
2022-08-16 16:50 ` Dan Williams
2022-08-16 16:50 ` Dan Williams
2022-08-16 16:53 ` Davidlohr Bueso
2022-08-16 16:53 ` Davidlohr Bueso
2022-08-16 17:42 ` Dan Williams
2022-08-16 17:42 ` Dan Williams
2022-08-16 17:52 ` Davidlohr Bueso
2022-08-16 17:52 ` Davidlohr Bueso
2022-08-16 18:49 ` Dan Williams
2022-08-16 18:49 ` Dan Williams
2022-08-17 7:53 ` Peter Zijlstra
2022-08-17 7:53 ` Peter Zijlstra
2022-08-17 7:49 ` Peter Zijlstra
2022-08-17 7:49 ` Peter Zijlstra
2022-07-15 21:09 ` [PATCH RFC 11/15] cxl/pmem: Add "Unlock" security command support Dave Jiang
2022-08-04 13:19 ` Jonathan Cameron
2022-08-09 22:31 ` Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 12/15] tools/testing/cxl: Add "Unlock" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 13/15] cxl/pmem: Add "Passphrase Secure Erase" security command support Dave Jiang
2022-07-20 6:17 ` Davidlohr Bueso
2022-07-20 17:38 ` Dave Jiang
2022-07-20 18:02 ` Davidlohr Bueso
2022-07-15 21:09 ` [PATCH RFC 14/15] tools/testing/cxl: Add "passphrase secure erase" opcode support Dave Jiang
2022-07-15 21:10 ` [PATCH RFC 15/15] nvdimm/cxl/pmem: Add support for master passphrase disable security command Dave Jiang
2022-07-15 21:29 ` [PATCH RFC 00/15] Introduce security commands for CXL pmem device Davidlohr Bueso
2022-07-19 18:53 ` Dave Jiang
2022-08-03 17:03 ` Jonathan Cameron
2022-08-08 22:18 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=165791933557.2491387.2141316283759403219.stgit@djiang5-desk3.ch.intel.com \
--to=dave.jiang@intel.com \
--cc=alison.schofield@intel.com \
--cc=bwidawsk@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=dave@stgolabs.net \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.