diff mbox series

dsactl: add support to allow keyless secure erase

Message ID 155329051601.45122.5794344301281956392.stgit@djiang5-desk3.ch.intel.com (mailing list archive)
State New, archived
Headers show
Series dsactl: add support to allow keyless secure erase | expand

Commit Message

Dave Jiang March 22, 2019, 9:35 p.m. UTC
When security is not enabled, we reject secure erase currently. Add
support to allow secure erase to occur without key.

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
 Documentation/ndctl/ndctl-sanitize-dimm.txt |    2 ++
 ndctl/util/keys.c                           |   16 +++++++++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)

Comments

Dan Williams March 22, 2019, 9:47 p.m. UTC | #1
On Fri, Mar 22, 2019 at 2:35 PM Dave Jiang <dave.jiang@intel.com> wrote:
>
> When security is not enabled, we reject secure erase currently. Add
> support to allow secure erase to occur without key.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> ---
>  Documentation/ndctl/ndctl-sanitize-dimm.txt |    2 ++
>  ndctl/util/keys.c                           |   16 +++++++++++-----
>  2 files changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt b/Documentation/ndctl/ndctl-sanitize-dimm.txt
> index 7f57a115..d9450dd3 100644
> --- a/Documentation/ndctl/ndctl-sanitize-dimm.txt
> +++ b/Documentation/ndctl/ndctl-sanitize-dimm.txt
> @@ -33,6 +33,8 @@ erase. The default is 'crypto-erase', but additionally, an 'overwrite' option
>  is available which overwrites not only the data area, but also the label area,
>  thus losing record of any namespaces the given NVDIMM participates in.
>
> +It is possible to crypto-erase or overwrite without a key.
> +
>  OPTIONS
>  -------
>  <dimm>::
> diff --git a/ndctl/util/keys.c b/ndctl/util/keys.c
> index c1f2e843..82c16539 100644
> --- a/ndctl/util/keys.c
> +++ b/ndctl/util/keys.c
> @@ -612,12 +612,18 @@ int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
>  int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
>                 enum ndctl_key_type key_type)
>  {
> -       key_serial_t key;
> +       key_serial_t key = 0;
>         int rc;
> +       enum ndctl_security_state state;
>
> -       key = check_dimm_key(dimm, true, key_type);
> -       if (key < 0)
> -               return key;
> +       state = ndctl_dimm_get_security(dimm);
> +
> +       if (key_type != ND_MASTER_KEY &&
> +                       state != NDCTL_SECURITY_DISABLED) {

No, I'd rather not assume anything about the state relative to when to
use the zero-key. Make this a "-z / --zero-key" command line option.
Specifically because the Intel DSM security specification is different
than the semantics that are generically supported in ndctl.
diff mbox series

Patch

diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt b/Documentation/ndctl/ndctl-sanitize-dimm.txt
index 7f57a115..d9450dd3 100644
--- a/Documentation/ndctl/ndctl-sanitize-dimm.txt
+++ b/Documentation/ndctl/ndctl-sanitize-dimm.txt
@@ -33,6 +33,8 @@  erase. The default is 'crypto-erase', but additionally, an 'overwrite' option
 is available which overwrites not only the data area, but also the label area,
 thus losing record of any namespaces the given NVDIMM participates in.
 
+It is possible to crypto-erase or overwrite without a key.
+
 OPTIONS
 -------
 <dimm>::
diff --git a/ndctl/util/keys.c b/ndctl/util/keys.c
index c1f2e843..82c16539 100644
--- a/ndctl/util/keys.c
+++ b/ndctl/util/keys.c
@@ -612,12 +612,18 @@  int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
 int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
 		enum ndctl_key_type key_type)
 {
-	key_serial_t key;
+	key_serial_t key = 0;
 	int rc;
+	enum ndctl_security_state state;
 
-	key = check_dimm_key(dimm, true, key_type);
-	if (key < 0)
-		return key;
+	state = ndctl_dimm_get_security(dimm);
+
+	if (key_type != ND_MASTER_KEY &&
+			state != NDCTL_SECURITY_DISABLED) {
+		key = check_dimm_key(dimm, true, key_type);
+		if (key < 0)
+			return key;
+	}
 
 	if (key_type == ND_MASTER_KEY)
 		rc = run_key_op(dimm, key, ndctl_dimm_master_secure_erase,
@@ -630,7 +636,7 @@  int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
 	if (rc < 0)
 		return rc;
 
-	if (key_type == ND_USER_KEY)
+	if (key_type == ND_USER_KEY && key != 0)
 		return discard_key(dimm);
 
 	return 0;