From patchwork Tue Dec 11 20:25:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10724687 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1F0926C5 for ; Tue, 11 Dec 2018 20:25:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0CB4C2B71E for ; Tue, 11 Dec 2018 20:25:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 010752B724; Tue, 11 Dec 2018 20:25:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 687472B71E for ; Tue, 11 Dec 2018 20:25:20 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 0EC94211982F6; Tue, 11 Dec 2018 12:25:20 -0800 (PST) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.93; helo=mga11.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E8C6121194860 for ; Tue, 11 Dec 2018 12:25:17 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Dec 2018 12:25:17 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,343,1539673200"; d="scan'208";a="282791841" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by orsmga005.jf.intel.com with ESMTP; 11 Dec 2018 12:25:16 -0800 Subject: [PATCH v13 00/17] Adding security support for nvdimm From: Dave Jiang To: dan.j.williams@intel.com Date: Tue, 11 Dec 2018 13:25:16 -0700 Message-ID: <154455914081.26509.7988630204184570351.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dhowells@redhat.com, zohar@linux.vnet.ibm.com, linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP The following series implements security support for nvdimm based on Intel DSM spec v1.8. The passphrase is protected by encrypted-key and managed through the kernel key management framework. The security features supported are security state show, passphrase enable/update, passphrase disable, crypto erase, overwrite, and master passphrase enable/update and erase. Instead of allowing the security DSMs being issued via ioctl, the features are managed through a sysfs attribute that accept the relevant keyid for the encrypted-key(s). v13: - Rebased to v4.20-rc5 and combined/squashed various patches from the two patch series. Various cleanups from Dan. (Mimi) - Change encrypted-key nvdimm key format to enc32 key format to make it generic for future usages. (Dan) - Output error code for nvdimm_setup_security_events() failure. (Robert) - Make nfit_test output consistent. (Robert) v12: - Add a mutex for the cached key and remove key_get/key_put messiness (Dan) - Move security code to its own C file and wrap under CONFIG_NVDIMM_SECURITY in order to fix issue reported by 0-day build without CONFIG_KEYS. v11: - Dropped keyring usage. (David) - Fixed up scanf handling. (David) - Removed callout info for request_key(). (David) - Included Dan's patches and folded in some changes from Dan. (Dan) - Made security_show a weak function to allow test override. (Dan) v10: - Change usage of strcmp to sysfs_streq. (Dan) - Lock nvdimm bus when doing secure erase. (Dan) - Change dev_info to dev_dbg for dimm unlocked success output. (Dan) v9: - Addressed various misc comments. (David, Dan) - Removed init_cred and replaced with current_cred(). (David) - Changed NVDIMM_PREFIX to char[] constant (David) - Moved NVDIMM_PREFIX to include/uapi/linux/ndctl.h (Dan) - Reworked security_update to use old user key to verify against kernel key and then update with new user key. (David) - Added requirement of disable and erase to require old user key for verify. (Dan) - Updated documentation. (Dave) v8: - Make the keys retained by the kernel user searchable in order to find the key that needs to be updated for key update. v7: - Add CONFIG_KEYS depenency for libnvdimm. (Alison) - Export lookup_user_key(). (David) - Modified "update" to take two key ids and and use lookup_user_key() in order to improve security. (David) - Use key ptrs and key_validate() for cached keys. (David) v6: - Fix intel DSM data structures to use defined size for passphrase (Robert) - Fix memcpy size to use sizeof data structure member (Robert) - Fix defined dimm id length (Robert) - Making intel_security_ops const (Eric) - Remove unused var in nvdimm_key_search() (Eric) - Added wbinvd before secure erase is issued (Robert) - Removed key_put_sync() usage (David) - Use init_cred instead of creating own cred (David) - Exported init_cred symbol - Move keyring to dedicated (David) - Use logon_key_type and friends instead of creating custom (David) - Use key_lookup() with stored key serial (David) - Exported key_lookup() symbol - Mark passed in key data as const (David) - Added comment for change_pass_phrase to explain how it works (David) - Unlink key when it's being removed from keyring. (David) - Removed request_key() from all security ops except update and unlock. - Update will now update the existing key's payload with the new key's retrieved from userspace when the new payload is accepted by nvdimm. v5: - Moved dimm_id initialization (Dan) - Added a key_put_sync() in order to run key_gc_work and cleanup old key. (Dan) - Added check to block security state changes while DIMM is active. (Dan) v4: - flip payload layout for update passphrase to make it easier on userland. v3: - Set x86 wrappers for x86 only bits. (Dan) - Fixed up some verbiage in commit headers. - Put in usage of sysfs_streq() for sysfs inputs. - 0-day build fixes for non-x86 archs. v2: - Move inclusion of intel.h to relevant source files and not in nfit.h. (Dan) - Moved security ring relevant code to dimm_devs.c. (Dan) - Added dimm_id to nfit_mem to avoid recreate per sysfs show call. (Dan) - Added routine to return security_ops based on family supplied. (Dan) - Added nvdimm_key_data struct to wrap raw passphrase string. (Dan) - Allocate firmware package on stack. (Dan) - Added missing frozen state detection when retrieving security state. --- Dan Williams (1): acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs Dave Jiang (16): acpi/nfit: Add support for Intel DSM 1.8 commands acpi/nfit, libnvdimm: Store dimm id as a member to struct nvdimm keys: Export lookup_user_key to external users keys-encrypted: add nvdimm key format type to encrypted keys acpi/nfit, libnvdimm: Introduce nvdimm_security_ops acpi/nfit, libnvdimm: Add freeze security support to Intel nvdimm acpi/nfit, libnvdimm: Add disable passphrase support to Intel nvdimm. acpi/nfit, libnvdimm: Add enable/update passphrase support for Intel nvdimms acpi/nfit, libnvdimm: Add support for issue secure erase DSM to Intel nvdimm libnvdimm/security: introduce NDD_SECURITY_BUSY flag acpi/nfit, libnvdimm/security: Add security DSM overwrite support acpi/nfit, libnvdimm/security: add Intel DSM 1.8 master passphrase support tools/testing/nvdimm: Add test support for Intel nvdimm security DSMs tools/testing/nvdimm: Add overwrite support for nfit_test tools/testing/nvdimm: add Intel DSM 1.8 support for nfit_test libnvdimm/security: Add documentation for nvdimm security support Documentation/nvdimm/security.txt | 143 +++++++ Documentation/security/keys/trusted-encrypted.rst | 6 drivers/acpi/nfit/Kconfig | 11 + drivers/acpi/nfit/Makefile | 1 drivers/acpi/nfit/core.c | 93 ++++- drivers/acpi/nfit/intel.c | 404 ++++++++++++++++++++ drivers/acpi/nfit/intel.h | 76 ++++ drivers/acpi/nfit/nfit.h | 25 + drivers/nvdimm/Kconfig | 4 drivers/nvdimm/Makefile | 1 drivers/nvdimm/bus.c | 8 drivers/nvdimm/core.c | 3 drivers/nvdimm/dimm.c | 16 + drivers/nvdimm/dimm_devs.c | 220 ++++++++++- drivers/nvdimm/nd-core.h | 45 ++ drivers/nvdimm/nd.h | 3 drivers/nvdimm/region_devs.c | 7 drivers/nvdimm/security.c | 431 +++++++++++++++++++++ include/linux/key.h | 3 include/linux/libnvdimm.h | 68 +++ security/keys/encrypted-keys/encrypted.c | 29 + security/keys/internal.h | 2 security/keys/process_keys.c | 1 tools/testing/nvdimm/Kbuild | 3 tools/testing/nvdimm/dimm_devs.c | 41 ++ tools/testing/nvdimm/test/nfit.c | 321 ++++++++++++++++ 26 files changed, 1923 insertions(+), 42 deletions(-) create mode 100644 Documentation/nvdimm/security.txt create mode 100644 drivers/acpi/nfit/intel.c create mode 100644 drivers/nvdimm/security.c create mode 100644 tools/testing/nvdimm/dimm_devs.c --