From patchwork Fri Mar 22 21:35:16 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dave Jiang <dave.jiang@intel.com>
X-Patchwork-Id: 10866541
Return-Path: <linux-nvdimm-bounces@lists.01.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3D388922
	for <patchwork-linux-nvdimm@patchwork.kernel.org>;
 Fri, 22 Mar 2019 21:35:19 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0FEB12A729
	for <patchwork-linux-nvdimm@patchwork.kernel.org>;
 Fri, 22 Mar 2019 21:35:19 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 0057B2A72F; Fri, 22 Mar 2019 21:35:18 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from ml01.01.org (ml01.01.org [198.145.21.10])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9ED2E2A729
	for <patchwork-linux-nvdimm@patchwork.kernel.org>;
 Fri, 22 Mar 2019 21:35:18 +0000 (UTC)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 80D47211E9583;
	Fri, 22 Mar 2019 14:35:18 -0700 (PDT)
X-Original-To: linux-nvdimm@lists.01.org
Delivered-To: linux-nvdimm@lists.01.org
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.120; helo=mga04.intel.com;
 envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 9C800211E831B
 for <linux-nvdimm@lists.01.org>; Fri, 22 Mar 2019 14:35:17 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 22 Mar 2019 14:35:17 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.60,256,1549958400"; d="scan'208";a="154310599"
Received: from djiang5-desk3.ch.intel.com ([143.182.136.93])
 by fmsmga002.fm.intel.com with ESMTP; 22 Mar 2019 14:35:16 -0700
Subject: [PATCH] dsactl: add support to allow keyless secure erase
From: Dave Jiang <dave.jiang@intel.com>
To: vishal.l.verma@intel.com, dan.j.williams@intel.com
Date: Fri, 22 Mar 2019 14:35:16 -0700
Message-ID: 
 <155329051601.45122.5794344301281956392.stgit@djiang5-desk3.ch.intel.com>
User-Agent: StGit/unknown-version
MIME-Version: 1.0
X-BeenThere: linux-nvdimm@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Linux-nvdimm developer list." <linux-nvdimm.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/linux-nvdimm>,
 <mailto:linux-nvdimm-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/linux-nvdimm/>
List-Post: <mailto:linux-nvdimm@lists.01.org>
List-Help: <mailto:linux-nvdimm-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/linux-nvdimm>,
 <mailto:linux-nvdimm-request@lists.01.org?subject=subscribe>
Cc: linux-nvdimm@lists.01.org
Errors-To: linux-nvdimm-bounces@lists.01.org
Sender: "Linux-nvdimm" <linux-nvdimm-bounces@lists.01.org>
X-Virus-Scanned: ClamAV using ClamSMTP

When security is not enabled, we reject secure erase currently. Add
support to allow secure erase to occur without key.

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
 Documentation/ndctl/ndctl-sanitize-dimm.txt |    2 ++
 ndctl/util/keys.c                           |   16 +++++++++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt b/Documentation/ndctl/ndctl-sanitize-dimm.txt
index 7f57a115..d9450dd3 100644
--- a/Documentation/ndctl/ndctl-sanitize-dimm.txt
+++ b/Documentation/ndctl/ndctl-sanitize-dimm.txt
@@ -33,6 +33,8 @@ erase. The default is 'crypto-erase', but additionally, an 'overwrite' option
 is available which overwrites not only the data area, but also the label area,
 thus losing record of any namespaces the given NVDIMM participates in.
 
+It is possible to crypto-erase or overwrite without a key.
+
 OPTIONS
 -------
 <dimm>::
diff --git a/ndctl/util/keys.c b/ndctl/util/keys.c
index c1f2e843..82c16539 100644
--- a/ndctl/util/keys.c
+++ b/ndctl/util/keys.c
@@ -612,12 +612,18 @@ int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
 int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
 		enum ndctl_key_type key_type)
 {
-	key_serial_t key;
+	key_serial_t key = 0;
 	int rc;
+	enum ndctl_security_state state;
 
-	key = check_dimm_key(dimm, true, key_type);
-	if (key < 0)
-		return key;
+	state = ndctl_dimm_get_security(dimm);
+
+	if (key_type != ND_MASTER_KEY &&
+			state != NDCTL_SECURITY_DISABLED) {
+		key = check_dimm_key(dimm, true, key_type);
+		if (key < 0)
+			return key;
+	}
 
 	if (key_type == ND_MASTER_KEY)
 		rc = run_key_op(dimm, key, ndctl_dimm_master_secure_erase,
@@ -630,7 +636,7 @@ int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
 	if (rc < 0)
 		return rc;
 
-	if (key_type == ND_USER_KEY)
+	if (key_type == ND_USER_KEY && key != 0)
 		return discard_key(dimm);
 
 	return 0;