From patchwork Thu Jul 12 20:49:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10522301 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 728EE602B3 for ; Thu, 12 Jul 2018 20:49:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 602D429A33 for ; Thu, 12 Jul 2018 20:49:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5448829A36; Thu, 12 Jul 2018 20:49:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id EEB0429A33 for ; Thu, 12 Jul 2018 20:49:08 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id DB4DC2097F57A; Thu, 12 Jul 2018 13:49:08 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E23F2209605CD for ; Thu, 12 Jul 2018 13:49:07 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Jul 2018 13:49:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,345,1526367600"; d="scan'208";a="70934657" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by fmsmga004.fm.intel.com with ESMTP; 12 Jul 2018 13:49:07 -0700 Subject: [PATCH v4 07/11] nfit/libnvdimm: add freeze security support to Intel nvdimm From: Dave Jiang To: dan.j.williams@intel.com Date: Thu, 12 Jul 2018 13:49:07 -0700 Message-ID: <153142854714.27297.10145290341563367334.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <153142840572.27297.8070233763007198738.stgit@djiang5-desk3.ch.intel.com> References: <153142840572.27297.8070233763007198738.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dhowells@redhat.com, alison.schofield@intel.com, keyrings@vger.kernel.org, keescook@chromium.org, linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP Add support for freeze security on Intel nvdimm. This locks out any changes to security for the DIMM unless a reboot is done. This is triggered by writing "freeze" to the "security" sysfs attribute. libnvdimm will support the generic freeze_lock API call. Signed-off-by: Dave Jiang Reviewed-by: Dan Williams --- drivers/acpi/nfit/intel.c | 51 ++++++++++++++++++++++++++++++++++++++++++++ drivers/nvdimm/dimm_devs.c | 22 +++++++++++++++++++ include/linux/libnvdimm.h | 2 ++ 3 files changed, 75 insertions(+) diff --git a/drivers/acpi/nfit/intel.c b/drivers/acpi/nfit/intel.c index 2418f4b8c1fd..0ab56f03ebc4 100644 --- a/drivers/acpi/nfit/intel.c +++ b/drivers/acpi/nfit/intel.c @@ -18,6 +18,53 @@ #include "intel.h" #include "nfit.h" +static int intel_dimm_security_freeze_lock(struct nvdimm_bus *nvdimm_bus, + struct nvdimm *nvdimm) +{ + struct nvdimm_bus_descriptor *nd_desc = to_nd_desc(nvdimm_bus); + int cmd_rc, rc = 0; + struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); + struct { + struct nd_cmd_pkg pkg; + struct nd_intel_freeze_lock cmd; + } nd_cmd = { + .pkg = { + .nd_command = NVDIMM_INTEL_FREEZE_LOCK, + .nd_family = NVDIMM_FAMILY_INTEL, + .nd_size_in = 0, + .nd_size_out = ND_INTEL_STATUS_SIZE, + .nd_fw_size = ND_INTEL_STATUS_SIZE, + }, + .cmd = { + .status = 0, + }, + }; + + if (!test_bit(NVDIMM_INTEL_FREEZE_LOCK, &nfit_mem->dsm_mask)) + return -ENOTTY; + + rc = nd_desc->ndctl(nd_desc, nvdimm, ND_CMD_CALL, &nd_cmd, + sizeof(nd_cmd), &cmd_rc); + if (rc < 0) + goto out; + if (cmd_rc < 0) { + rc = cmd_rc; + goto out; + } + + switch (nd_cmd.cmd.status) { + case 0: + break; + case ND_INTEL_STATUS_INVALID_STATE: + default: + rc = -ENXIO; + goto out; + } + + out: + return rc; +} + static int intel_dimm_security_disable(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm, struct nvdimm_key_data *nkey) { @@ -241,6 +288,9 @@ static int intel_dimm_security_state(struct nvdimm_bus *nvdimm_bus, else if (nd_cmd.cmd.state & ND_INTEL_SEC_STATE_ENABLED) { if (nd_cmd.cmd.state & ND_INTEL_SEC_STATE_LOCKED) *state = NVDIMM_SECURITY_LOCKED; + else if (nd_cmd.cmd.state & ND_INTEL_SEC_STATE_FROZEN || + nd_cmd.cmd.state & ND_INTEL_SEC_STATE_PLIMIT) + *state = NVDIMM_SECURITY_FROZEN; else *state = NVDIMM_SECURITY_UNLOCKED; } else @@ -257,4 +307,5 @@ struct nvdimm_security_ops intel_security_ops = { .unlock = intel_dimm_security_unlock, .change_key = intel_dimm_security_update_passphrase, .disable = intel_dimm_security_disable, + .freeze_lock = intel_dimm_security_freeze_lock, }; diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c index 0ef89a2ec9d2..f1f2a52a108d 100644 --- a/drivers/nvdimm/dimm_devs.c +++ b/drivers/nvdimm/dimm_devs.c @@ -125,6 +125,26 @@ int nvdimm_security_get_state(struct device *dev) &nvdimm->state); } +static int nvdimm_security_freeze_lock(struct device *dev) +{ + struct nvdimm *nvdimm = to_nvdimm(dev); + struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev); + int rc; + + if (!nvdimm->security_ops) + return 0; + + if (nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED) + return 0; + + rc = nvdimm->security_ops->freeze_lock(nvdimm_bus, nvdimm); + if (rc < 0) + return rc; + + nvdimm_security_get_state(dev); + return 0; +} + static int nvdimm_security_disable(struct device *dev) { struct nvdimm *nvdimm = to_nvdimm(dev); @@ -668,6 +688,8 @@ static ssize_t security_store(struct device *dev, rc = nvdimm_security_change_key(dev); else if (sysfs_streq(buf, "disable")) rc = nvdimm_security_disable(dev); + else if (sysfs_streq(buf, "freeze")) + rc = nvdimm_security_freeze_lock(dev); else return -EINVAL; diff --git a/include/linux/libnvdimm.h b/include/linux/libnvdimm.h index 59ad04261f34..1836599ed5b8 100644 --- a/include/linux/libnvdimm.h +++ b/include/linux/libnvdimm.h @@ -185,6 +185,8 @@ struct nvdimm_security_ops { struct nvdimm_key_data *new_data); int (*disable)(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm, struct nvdimm_key_data *nkey); + int (*freeze_lock)(struct nvdimm_bus *nvdimm_bus, + struct nvdimm *nvdimm); }; void badrange_init(struct badrange *badrange);