From patchwork Tue Jul 17 20:54:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10530651 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8FF8B600D0 for ; Tue, 17 Jul 2018 20:54:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 813DD29410 for ; Tue, 17 Jul 2018 20:54:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7562729441; Tue, 17 Jul 2018 20:54:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 168F929410 for ; Tue, 17 Jul 2018 20:54:57 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 0D805209884D4; Tue, 17 Jul 2018 13:54:57 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 02566209605D9 for ; Tue, 17 Jul 2018 13:54:55 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2018 13:54:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,367,1526367600"; d="scan'208";a="72186595" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by fmsmga004.fm.intel.com with ESMTP; 17 Jul 2018 13:54:54 -0700 Subject: [PATCH v5 09/12] nfit/libnvdimm: add support for issue secure erase DSM to Intel nvdimm From: Dave Jiang To: dan.j.williams@intel.com Date: Tue, 17 Jul 2018 13:54:55 -0700 Message-ID: <153186089522.27463.4537738384176593789.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <153186061802.27463.14539931103401173743.stgit@djiang5-desk3.ch.intel.com> References: <153186061802.27463.14539931103401173743.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dhowells@redhat.com, alison.schofield@intel.com, keyrings@vger.kernel.org, keescook@chromium.org, linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP Add support to issue a secure erase DSM to the Intel nvdimm. The required passphrase is acquired from userspace through the kernel key management. To trigger the action, "erase" is written to the "security" sysfs attribute. libnvdimm will support the erase generic API call. Signed-off-by: Dave Jiang Reviewed-by: Dan Williams --- drivers/acpi/nfit/intel.c | 55 ++++++++++++++++++++++++++++++++++++++++++++ drivers/nvdimm/dimm_devs.c | 47 ++++++++++++++++++++++++++++++++++++++ include/linux/libnvdimm.h | 2 ++ 3 files changed, 104 insertions(+) diff --git a/drivers/acpi/nfit/intel.c b/drivers/acpi/nfit/intel.c index 0ab56f03ebc4..6449db6db85d 100644 --- a/drivers/acpi/nfit/intel.c +++ b/drivers/acpi/nfit/intel.c @@ -18,6 +18,60 @@ #include "intel.h" #include "nfit.h" +static int intel_dimm_security_erase(struct nvdimm_bus *nvdimm_bus, + struct nvdimm *nvdimm, struct nvdimm_key_data *nkey) +{ + struct nvdimm_bus_descriptor *nd_desc = to_nd_desc(nvdimm_bus); + int cmd_rc, rc = 0; + struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); + struct { + struct nd_cmd_pkg pkg; + struct nd_intel_secure_erase cmd; + } nd_cmd = { + .pkg = { + .nd_command = NVDIMM_INTEL_SECURE_ERASE, + .nd_family = NVDIMM_FAMILY_INTEL, + .nd_size_in = ND_INTEL_PASSPHRASE_SIZE, + .nd_size_out = ND_INTEL_STATUS_SIZE, + .nd_fw_size = ND_INTEL_STATUS_SIZE, + }, + .cmd = { + .status = 0, + }, + }; + + if (!test_bit(NVDIMM_INTEL_SECURE_ERASE, &nfit_mem->dsm_mask)) + return -ENOTTY; + + memcpy(nd_cmd.cmd.passphrase, nkey->data, ND_INTEL_PASSPHRASE_SIZE); + rc = nd_desc->ndctl(nd_desc, nvdimm, ND_CMD_CALL, &nd_cmd, + sizeof(nd_cmd), &cmd_rc); + if (rc < 0) + goto out; + if (cmd_rc < 0) { + rc = cmd_rc; + goto out; + } + + switch (nd_cmd.cmd.status) { + case 0: + break; + case ND_INTEL_STATUS_INVALID_PASS: + rc = -EINVAL; + goto out; + case ND_INTEL_STATUS_INVALID_STATE: + default: + rc = -ENXIO; + goto out; + } + + /* DIMM unlocked, invalidate all CPU caches before we read it */ + wbinvd_on_all_cpus(); + + out: + return rc; +} + static int intel_dimm_security_freeze_lock(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm) { @@ -308,4 +362,5 @@ struct nvdimm_security_ops intel_security_ops = { .change_key = intel_dimm_security_update_passphrase, .disable = intel_dimm_security_disable, .freeze_lock = intel_dimm_security_freeze_lock, + .erase = intel_dimm_security_erase, }; diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c index 6a653476bb7c..ed56649bc971 100644 --- a/drivers/nvdimm/dimm_devs.c +++ b/drivers/nvdimm/dimm_devs.c @@ -125,6 +125,51 @@ int nvdimm_security_get_state(struct device *dev) &nvdimm->state); } +static int nvdimm_security_erase(struct device *dev) +{ + struct nvdimm *nvdimm = to_nvdimm(dev); + struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev); + struct key *key; + void *payload; + int rc = 0; + + if (!nvdimm->security_ops) + return 0; + + /* lock the device and disallow driver bind */ + device_lock(dev); + /* No driver data means dimm is disabled. Proceed if so. */ + if (dev_get_drvdata(dev)) { + dev_warn(dev, "Unable to secure erase while DIMM active.\n"); + rc = -EINVAL; + goto out; + } + + if (nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED) + goto out; + + key = nvdimm_search_key(dev); + if (!key) + key = nvdimm_request_key(dev); + if (!key) { + rc = -ENXIO; + goto out; + } + + down_read(&key->sem); + payload = key->payload.data[0]; + rc = nvdimm->security_ops->erase(nvdimm_bus, nvdimm, payload); + up_read(&key->sem); + /* remove key since secure erase kills the passphrase */ + key_invalidate(key); + key_put(key); + + out: + device_unlock(dev); + nvdimm_security_get_state(dev); + return rc; +} + static int nvdimm_security_freeze_lock(struct device *dev) { struct nvdimm *nvdimm = to_nvdimm(dev); @@ -694,6 +739,8 @@ static ssize_t security_store(struct device *dev, rc = nvdimm_security_disable(dev); else if (sysfs_streq(buf, "freeze")) rc = nvdimm_security_freeze_lock(dev); + else if (sysfs_streq(buf, "erase")) + rc = nvdimm_security_erase(dev); else return -EINVAL; diff --git a/include/linux/libnvdimm.h b/include/linux/libnvdimm.h index 1836599ed5b8..1ac5acb3c457 100644 --- a/include/linux/libnvdimm.h +++ b/include/linux/libnvdimm.h @@ -187,6 +187,8 @@ struct nvdimm_security_ops { struct nvdimm *nvdimm, struct nvdimm_key_data *nkey); int (*freeze_lock)(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm); + int (*erase)(struct nvdimm_bus *nvdimm_bus, + struct nvdimm *nvdimm, struct nvdimm_key_data *nkey); }; void badrange_init(struct badrange *badrange);