diff mbox series

[08/11] libnvdimm/security: add documentation for ovewrite

Message ID 154180166906.70506.2262123031486305806.stgit@djiang5-desk3.ch.intel.com (mailing list archive)
State New, archived
Headers show
Series Additional patches for nvdimm security support | expand

Commit Message

Dave Jiang Nov. 9, 2018, 10:14 p.m. UTC
Add overwrite command usages to security documentation.

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
 Documentation/nvdimm/security.txt |   16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)
diff mbox series


diff --git a/Documentation/nvdimm/security.txt b/Documentation/nvdimm/security.txt
index 11240ce48755..dfe70a8fa25b 100644
--- a/Documentation/nvdimm/security.txt
+++ b/Documentation/nvdimm/security.txt
@@ -96,9 +96,19 @@  its keyid should be passed in via sysfs.
 The command format for doing a secure erase is:
 erase <current keyid>
-An "old" key with the passphrase payload that is tied to the nvdimm should be
-injected with a key description that does not have the "nvdimm:" prefix and
-its keyid should be passed in via sysfs.
+9. Overwrite
+The command format for doing an overwrite is:
+overwrite <current keyid>
+Overwrite can be done without a key if security is not enabled. A key serial
+of 0 can be passed in to indicate no key.
+The sysfs attribute "security" can be polled to wait on overwrite completion.
+Overwrite can last tens of minutes or more depending on nvdimm size.
+An encrypted key with the current key passphrase that is tied to the nvdimm
+should be injected and its keyid should be passed in via sysfs.
 [1]: http://pmem.io/documents/NVDIMM_DSM_Interface-V1.7.pdf
 [2]: http://www.t13.org/documents/UploadedDocuments/docs2006/e05179r4-ACS-SecurityClarifications.pdf