[03/11] libnvdimm/security: add override module param for key self verification
diff mbox series

Message ID 154180164225.70506.5284765160410580627.stgit@djiang5-desk3.ch.intel.com
State New, archived
Headers show
Series
  • Additional patches for nvdimm security support
Related show

Commit Message

Dave Jiang Nov. 9, 2018, 10:14 p.m. UTC
Provide the user an override via kernel module parameter for security key
self verification. no_key_self_verify parameter is being added to bypass
security key verify against the hardware during nvdimm unlock path.

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
 drivers/nvdimm/security.c |   11 +++++++++++
 1 file changed, 11 insertions(+)

Patch
diff mbox series

diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index ee741199d623..d2831e61f3d8 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -1,6 +1,7 @@ 
 // SPDX-License-Identifier: GPL-2.0
 /* Copyright(c) 2018 Intel Corporation. All rights reserved. */
 
+#include <linux/module.h>
 #include <linux/device.h>
 #include <linux/ndctl.h>
 #include <linux/slab.h>
@@ -14,6 +15,10 @@ 
 #include "nd-core.h"
 #include "nd.h"
 
+static bool no_key_self_verify;
+module_param(no_key_self_verify, bool, 0644);
+MODULE_PARM_DESC(no_key_self_verify, "Bypass security key self verify");
+
 /*
  * Retrieve user injected key
  */
@@ -235,6 +240,12 @@  int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm)
 	 * other security operations.
 	 */
 	if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED) {
+		/* bypass if user override */
+		if (no_key_self_verify) {
+			mutex_unlock(&nvdimm->sec_mutex);
+			return 0;
+		}
+
 		key = nvdimm_self_verify_key(nvdimm);
 		if (!key) {
 			rc = nvdimm_security_freeze_lock(nvdimm);