From patchwork Fri Oct 12 20:40:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10639281 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BC056112B for ; Fri, 12 Oct 2018 20:40:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AAEA22C52B for ; Fri, 12 Oct 2018 20:40:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9FB1D2C53E; Fri, 12 Oct 2018 20:40:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3D46D2C52B for ; Fri, 12 Oct 2018 20:40:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 35CCE2116DFAD; Fri, 12 Oct 2018 13:40:13 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 72FFD2116DFA2 for ; Fri, 12 Oct 2018 13:40:11 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Oct 2018 13:40:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,373,1534834800"; d="scan'208";a="240904656" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by orsmga004.jf.intel.com with ESMTP; 12 Oct 2018 13:40:10 -0700 Subject: [PATCH v2 4/4] libnvdimm: address state where dimm is unlocked in preOS From: Dave Jiang To: dan.j.williams@intel.com Date: Fri, 12 Oct 2018 13:40:10 -0700 Message-ID: <153937681048.70378.10708098545828426905.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> References: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP When the nvdimm security state is unlocked during unlock, we will do a request_key() and verify the key against the hardware. If we fail, we will freeze the security configuration. Signed-off-by: Dave Jiang --- drivers/nvdimm/security.c | 55 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index eb778667cd93..3a905c58a935 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -245,6 +245,42 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) return rc; } +static int nvdimm_self_verify_key(struct nvdimm *nvdimm) +{ + struct key *key; + struct user_key_payload *payload; + void *data; + int rc; + + lockdep_assert_held(&nvdimm->key_mutex); + + key = nvdimm_request_key(nvdimm); + if (!key) + return -ENOKEY; + + if (key->datalen != NVDIMM_PASSPHRASE_LEN) { + key_put(key); + return -EINVAL; + } + + down_read(&key->sem); + payload = key->payload.data[0]; + data = payload->data; + + /* + * We send the same key to the hardware as new and old key to + * verify that the key is good. + */ + rc = nvdimm->security_ops->change_key(nvdimm, data, data); + if (rc < 0) { + key_put(key); + return rc; + } + up_read(&key->sem); + nvdimm->key = key; + return 0; +} + int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm) { struct key *key; @@ -255,12 +291,27 @@ int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm) if (!nvdimm->security_ops) return 0; - if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED || - nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED || + if (nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED || nvdimm->state == NVDIMM_SECURITY_DISABLED) return 0; mutex_lock(&nvdimm->key_mutex); + /* + * If the pre-OS has unlocked the DIMM, we will attempt to send + * the key from request_key() to the hardware for verification. + * If we are not able to verify the key against the hardware we + * will freeze the security configuration. This will prevent any + * other security operations. + */ + if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED) { + rc = nvdimm_self_verify_key(nvdimm); + if (rc < 0) { + rc = nvdimm_security_freeze_lock(nvdimm); + mutex_unlock(&nvdimm->key_mutex); + return rc; + } + } + key = nvdimm->key; if (!key) { key = nvdimm_request_key(nvdimm);