From patchwork Wed Sep 26 20:46:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10616779 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7CEAA15A6 for ; Wed, 26 Sep 2018 20:46:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6CEEA2B6CF for ; Wed, 26 Sep 2018 20:46:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 611BC2B76E; Wed, 26 Sep 2018 20:46:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E763B2B6CF for ; Wed, 26 Sep 2018 20:46:52 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D0649211597FD; Wed, 26 Sep 2018 13:46:52 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.65; helo=mga03.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DF18E211597F3 for ; Wed, 26 Sep 2018 13:46:50 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2018 13:46:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,307,1534834800"; d="scan'208";a="93532627" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by fmsmga001.fm.intel.com with ESMTP; 26 Sep 2018 13:46:44 -0700 Subject: [PATCH v10 00/12] Adding security support for nvdimm From: Dave Jiang To: dan.j.williams@intel.com Date: Wed, 26 Sep 2018 13:46:44 -0700 Message-ID: <153799466529.71621.10728628542331983376.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: alison.schofield@intel.com, keescook@chromium.org, linux-nvdimm@lists.01.org, ebiggers3@gmail.com, dhowells@redhat.com, keyrings@vger.kernel.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP The following series implements security support for nvdimm. Mostly adding new security DSM support from the Intel NVDIMM DSM spec v1.7, but also adding generic support libnvdimm for other vendors. The most important security features are unlocking locked nvdimms, and updating/setting security passphrase to nvdimms. v10: - Change usage of strcmp to sysfs_streq. (Dan) - Lock nvdimm bus when doing secure erase. (Dan) - Change dev_info to dev_dbg for dimm unlocked success output. (Dan) v9: - Addressed various misc comments. (David, Dan) - Removed init_cred and replaced with current_cred(). (David) - Changed NVDIMM_PREFIX to char[] constant (David) - Moved NVDIMM_PREFIX to include/uapi/linux/ndctl.h (Dan) - Reworked security_update to use old user key to verify against kernel key and then update with new user key. (David) - Added requirement of disable and erase to require old user key for verify. (Dan) - Updated documentation. (Dave) v8: - Make the keys retained by the kernel user searchable in order to find the key that needs to be updated for key update. v7: - Add CONFIG_KEYS depenency for libnvdimm. (Alison) - Export lookup_user_key(). (David) - Modified "update" to take two key ids and and use lookup_user_key() in order to improve security. (David) - Use key ptrs and key_validate() for cached keys. (David) v6: - Fix intel DSM data structures to use defined size for passphrase (Robert) - Fix memcpy size to use sizeof data structure member (Robert) - Fix defined dimm id length (Robert) - Making intel_security_ops const (Eric) - Remove unused var in nvdimm_key_search() (Eric) - Added wbinvd before secure erase is issued (Robert) - Removed key_put_sync() usage (David) - Use init_cred instead of creating own cred (David) - Exported init_cred symbol - Move keyring to dedicated (David) - Use logon_key_type and friends instead of creating custom (David) - Use key_lookup() with stored key serial (David) - Exported key_lookup() symbol - Mark passed in key data as const (David) - Added comment for change_pass_phrase to explain how it works (David) - Unlink key when it's being removed from keyring. (David) - Removed request_key() from all security ops except update and unlock. - Update will now update the existing key's payload with the new key's retrieved from userspace when the new payload is accepted by nvdimm. v5: - Moved dimm_id initialization (Dan) - Added a key_put_sync() in order to run key_gc_work and cleanup old key. (Dan) - Added check to block security state changes while DIMM is active. (Dan) v4: - flip payload layout for update passphrase to make it easier on userland. v3: - Set x86 wrappers for x86 only bits. (Dan) - Fixed up some verbiage in commit headers. - Put in usage of sysfs_streq() for sysfs inputs. - 0-day build fixes for non-x86 archs. v2: - Move inclusion of intel.h to relevant source files and not in nfit.h. (Dan) - Moved security ring relevant code to dimm_devs.c. (Dan) - Added dimm_id to nfit_mem to avoid recreate per sysfs show call. (Dan) - Added routine to return security_ops based on family supplied. (Dan) - Added nvdimm_key_data struct to wrap raw passphrase string. (Dan) - Allocate firmware package on stack. (Dan) - Added missing frozen state detection when retrieving security state. --- Dave Jiang (12): nfit: add support for Intel DSM 1.7 commands libnvdimm: create keyring to store security keys nfit/libnvdimm: store dimm id as a member to struct nvdimm keys: export lookup_user_key to external users nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs nfit/libnvdimm: add set passphrase support for Intel nvdimms nfit/libnvdimm: add disable passphrase support to Intel nvdimm. nfit/libnvdimm: add freeze security support to Intel nvdimm nfit/libnvdimm: add support for issue secure erase DSM to Intel nvdimm nfit_test: add context to dimm_dev for nfit_test nfit_test: add test support for Intel nvdimm security DSMs libnvdimm: add documentation for nvdimm security support Documentation/nvdimm/security.txt | 99 +++++++ drivers/acpi/nfit/Makefile | 1 drivers/acpi/nfit/core.c | 58 +++- drivers/acpi/nfit/intel.c | 382 ++++++++++++++++++++++++++ drivers/acpi/nfit/intel.h | 82 +++++ drivers/acpi/nfit/nfit.h | 20 + drivers/nvdimm/Kconfig | 1 drivers/nvdimm/bus.c | 2 drivers/nvdimm/core.c | 7 drivers/nvdimm/dimm.c | 7 drivers/nvdimm/dimm_devs.c | 552 +++++++++++++++++++++++++++++++++++++ drivers/nvdimm/nd-core.h | 6 drivers/nvdimm/nd.h | 2 include/linux/key.h | 3 include/linux/libnvdimm.h | 42 +++ include/uapi/linux/ndctl.h | 6 security/keys/internal.h | 2 security/keys/process_keys.c | 1 tools/testing/nvdimm/Kbuild | 1 tools/testing/nvdimm/test/nfit.c | 227 ++++++++++++++- 20 files changed, 1465 insertions(+), 36 deletions(-) create mode 100644 Documentation/nvdimm/security.txt create mode 100644 drivers/acpi/nfit/intel.c create mode 100644 drivers/acpi/nfit/intel.h --