xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

acpi/nfit, libnvdimm/security: add Intel DSM 1.8 master passphrase support

Browse Source 
With Intel DSM 1.8 [1] two new security DSMs are introduced. Enable/update
master passphrase and master secure erase. The master passphrase allows
a secure erase to be performed without the user passphrase that is set on
the NVDIMM. The commands of master_update and master_erase are added to
the sysfs knob in order to initiate the DSMs. They are similar in opeartion
mechanism compare to update and erase.

[1]: http://pmem.io/documents/NVDIMM_DSM_Interface-V1.8.pdf

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This commit is contained in:
Dave Jiang
2018-12-10 10:53:22 -07:00
committed by Dan Williams
parent 7d988097c5
commit 89fa9d8ea7
6 changed files with 118 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
drivers/nvdimm/nd-core.h
View File

@@ -46,6 +46,7 @@ struct nvdimm {
struct {
const struct nvdimm_security_ops *ops;
enum nvdimm_security_state state;
enum nvdimm_security_state ext_state;
unsigned int overwrite_tmo;
struct kernfs_node *overwrite_state;
} sec;
@@ -53,19 +54,21 @@ struct nvdimm {
};
static inline enum nvdimm_security_state nvdimm_security_state(
struct nvdimm *nvdimm)
struct nvdimm *nvdimm, bool master)
{
if (!nvdimm->sec.ops)
return -ENXIO;
return nvdimm->sec.ops->state(nvdimm);
return nvdimm->sec.ops->state(nvdimm, master);
}
int nvdimm_security_freeze(struct nvdimm *nvdimm);
#if IS_ENABLED(CONFIG_NVDIMM_KEYS)
int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid);
int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid,
unsigned int new_keyid);
int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid);
unsigned int new_keyid,
enum nvdimm_passphrase_type pass_type);
int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid,
enum nvdimm_passphrase_type pass_type);
int nvdimm_security_overwrite(struct nvdimm *nvdimm, unsigned int keyid);
void nvdimm_security_overwrite_query(struct work_struct *work);
#else
@@ -74,12 +77,16 @@ static inline int nvdimm_security_disable(struct nvdimm *nvdimm,
{
return -EOPNOTSUPP;
}
static inline int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid,
unsigned int new_keyid)
static inline int nvdimm_security_update(struct nvdimm *nvdimm,
unsigned int keyid,
unsigned int new_keyid,
enum nvdimm_passphrase_type pass_type)
{
return -EOPNOTSUPP;
}
static inline int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid)
static inline int nvdimm_security_erase(struct nvdimm *nvdimm,
unsigned int keyid,
enum nvdimm_passphrase_type pass_type)
{
return -EOPNOTSUPP;
}