From patchwork Fri Oct 12 20:39:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10639275 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 87BFF112B for ; Fri, 12 Oct 2018 20:39:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 772722C529 for ; Fri, 12 Oct 2018 20:39:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6A3D52C531; Fri, 12 Oct 2018 20:39:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 18F1C2C529 for ; Fri, 12 Oct 2018 20:39:56 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D8E552116DFA7; Fri, 12 Oct 2018 13:39:56 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 797D32116DFA6 for ; Fri, 12 Oct 2018 13:39:55 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Oct 2018 13:39:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,373,1534834800"; d="scan'208";a="265235456" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by orsmga005.jf.intel.com with ESMTP; 12 Oct 2018 13:39:54 -0700 Subject: [PATCH v2 1/4] libnvdimm: fix updating of kernel key during nvdimm key update From: Dave Jiang To: dan.j.williams@intel.com Date: Fri, 12 Oct 2018 13:39:54 -0700 Message-ID: <153937679428.70378.14173556349575982662.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> References: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP There are several issues WRT kernel key update when we are doing nvdimm security key update. 1. The kernel key created needs to have proper permission for update 2. We need to check key_update() return value and make sure it didn't fail 3. We need to not hold the key->sem when calling key_update() since it will call down_write() when doing modification to the key. Signed-off-by: Dave Jiang --- drivers/nvdimm/security.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index 2e764abe015a..8de34b03d402 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -27,7 +27,8 @@ static struct key *make_kernel_key(struct key *key) new_key = key_alloc(&key_type_logon, key->description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), - KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA, NULL); + KEY_POS_ALL & ~KEY_POS_SETATTR, + KEY_ALLOC_NOT_IN_QUOTA, NULL); if (IS_ERR(new_key)) return NULL; @@ -413,11 +414,23 @@ int nvdimm_security_change_key(struct nvdimm *nvdimm, dev_warn(dev, "key update failed: %d\n", rc); if (old_key) { - /* copy new payload to old payload */ - if (rc == 0) - key_update(make_key_ref(old_key, 1), new_data, - old_key->datalen); up_read(&old_key->sem); + /* + * With the key update done via hardware, we no longer need + * the old payload and need to replace it with the new + * payload. key_update() will acquire write sem of the + * old key and update with new data. + */ + if (rc == 0) { + rc = key_update(make_key_ref(old_key, 1), new_data, + old_key->datalen); + if (rc < 0) { + dev_warn(dev, + "kernel key update failed: %d\n", rc); + key_destroy(old_key); + nvdimm->key = NULL; + } + } } up_read(&key->sem); From patchwork Fri Oct 12 20:39:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10639277 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7CE68112B for ; Fri, 12 Oct 2018 20:40:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 677A92C529 for ; Fri, 12 Oct 2018 20:40:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 572B32C533; Fri, 12 Oct 2018 20:40:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1E64F2C529 for ; Fri, 12 Oct 2018 20:40:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 0588A2116DFA5; Fri, 12 Oct 2018 13:40:02 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8B8BB2116DFA5 for ; Fri, 12 Oct 2018 13:40:00 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Oct 2018 13:40:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,373,1534834800"; d="scan'208";a="82174297" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by orsmga006.jf.intel.com with ESMTP; 12 Oct 2018 13:39:59 -0700 Subject: [PATCH v2 2/4] libnvdimm: fix incorrect output when nvdimm disable failed From: Dave Jiang To: dan.j.williams@intel.com Date: Fri, 12 Oct 2018 13:39:59 -0700 Message-ID: <153937679973.70378.344478114274716419.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> References: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP Fix inocrrect dev_warn() in nvdimm_security_disable(). Signed-off-by: Dave Jiang --- drivers/nvdimm/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index 8de34b03d402..2de5ef107216 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -251,7 +251,7 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) (const struct nvdimm_key_data *)payload->data); up_read(&key->sem); if (rc < 0) { - dev_warn(dev, "unlock failed\n"); + dev_warn(dev, "security disable failed\n"); goto out; } From patchwork Fri Oct 12 20:40:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10639279 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 65DAB5CAF for ; Fri, 12 Oct 2018 20:40:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 55AE02C52B for ; Fri, 12 Oct 2018 20:40:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 499A52C533; Fri, 12 Oct 2018 20:40:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 37BC82C52B for ; Fri, 12 Oct 2018 20:40:07 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 1E4C82116DFA9; Fri, 12 Oct 2018 13:40:07 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D26EA2116DFA2 for ; Fri, 12 Oct 2018 13:40:05 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Oct 2018 13:40:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,373,1534834800"; d="scan'208";a="87940777" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by FMSMGA003.fm.intel.com with ESMTP; 12 Oct 2018 13:40:05 -0700 Subject: [PATCH v2 3/4] libnvdimm: remove code to pull user key when there's no kernel key From: Dave Jiang To: dan.j.williams@intel.com Date: Fri, 12 Oct 2018 13:40:05 -0700 Message-ID: <153937680516.70378.5638887247499767544.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> References: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP Remove extraneous code that used to expect nvdimm_get_and_verify_key() to return NULL when there's no kernel key. We want to enforce the behavior that when there is no kernel key we should fail security ops. Signed-off-by: Dave Jiang --- drivers/nvdimm/security.c | 49 +++++++++------------------------------------ 1 file changed, 10 insertions(+), 39 deletions(-) diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index 2de5ef107216..eb778667cd93 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -122,6 +122,12 @@ struct key *nvdimm_get_and_verify_key(struct nvdimm *nvdimm, return key; } +static void key_destroy(struct key *key) +{ + key_invalidate(key); + key_put(key); +} + int nvdimm_security_get_state(struct nvdimm *nvdimm) { if (!nvdimm->security_ops) @@ -136,7 +142,6 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid) struct key *key; struct user_key_payload *payload; struct device *dev = &nvdimm->dev; - bool is_userkey = false; if (!nvdimm->security_ops) return -EOPNOTSUPP; @@ -162,18 +167,6 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid) rc = PTR_ERR(key); goto out; } - if (!key) { - dev_dbg(dev, "No cached key found\n"); - /* get old user key */ - key = nvdimm_lookup_user_key(dev, keyid); - if (!key) { - dev_dbg(dev, "Unable to retrieve user key: %#x\n", - keyid); - rc = -ENOKEY; - goto out; - } - is_userkey = true; - } down_read(&key->sem); payload = key->payload.data[0]; @@ -182,11 +175,8 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid) up_read(&key->sem); /* remove key since secure erase kills the passphrase */ - if (!is_userkey) { - key_invalidate(key); - nvdimm->key = NULL; - } - key_put(key); + key_destroy(key); + nvdimm->key = NULL; out: mutex_unlock(&nvdimm->key_mutex); @@ -219,7 +209,6 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) struct key *key; struct user_key_payload *payload; struct device *dev = &nvdimm->dev; - bool is_userkey = false; if (!nvdimm->security_ops) return -EOPNOTSUPP; @@ -234,15 +223,6 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) mutex_unlock(&nvdimm->key_mutex); return PTR_ERR(key); } - if (!key) { - /* get old user key */ - key = nvdimm_lookup_user_key(dev, keyid); - if (!key) { - mutex_unlock(&nvdimm->key_mutex); - return -ENOKEY; - } - is_userkey = true; - } down_read(&key->sem); payload = key->payload.data[0]; @@ -256,11 +236,8 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) } /* If we succeed then remove the key */ - if (!is_userkey) { - key_invalidate(key); - nvdimm->key = NULL; - } - key_put(key); + key_destroy(key); + nvdimm->key = NULL; out: mutex_unlock(&nvdimm->key_mutex); @@ -330,12 +307,6 @@ void nvdimm_security_release(struct nvdimm *nvdimm) mutex_unlock(&nvdimm->key_mutex); } -static void key_destroy(struct key *key) -{ - key_invalidate(key); - key_put(key); -} - int nvdimm_security_change_key(struct nvdimm *nvdimm, unsigned int old_keyid, unsigned int new_keyid) { From patchwork Fri Oct 12 20:40:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10639281 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BC056112B for ; Fri, 12 Oct 2018 20:40:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AAEA22C52B for ; Fri, 12 Oct 2018 20:40:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9FB1D2C53E; Fri, 12 Oct 2018 20:40:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3D46D2C52B for ; Fri, 12 Oct 2018 20:40:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 35CCE2116DFAD; Fri, 12 Oct 2018 13:40:13 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 72FFD2116DFA2 for ; Fri, 12 Oct 2018 13:40:11 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Oct 2018 13:40:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,373,1534834800"; d="scan'208";a="240904656" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by orsmga004.jf.intel.com with ESMTP; 12 Oct 2018 13:40:10 -0700 Subject: [PATCH v2 4/4] libnvdimm: address state where dimm is unlocked in preOS From: Dave Jiang To: dan.j.williams@intel.com Date: Fri, 12 Oct 2018 13:40:10 -0700 Message-ID: <153937681048.70378.10708098545828426905.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> References: <153937659078.70378.7857051533055879370.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP When the nvdimm security state is unlocked during unlock, we will do a request_key() and verify the key against the hardware. If we fail, we will freeze the security configuration. Signed-off-by: Dave Jiang --- drivers/nvdimm/security.c | 55 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index eb778667cd93..3a905c58a935 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -245,6 +245,42 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) return rc; } +static int nvdimm_self_verify_key(struct nvdimm *nvdimm) +{ + struct key *key; + struct user_key_payload *payload; + void *data; + int rc; + + lockdep_assert_held(&nvdimm->key_mutex); + + key = nvdimm_request_key(nvdimm); + if (!key) + return -ENOKEY; + + if (key->datalen != NVDIMM_PASSPHRASE_LEN) { + key_put(key); + return -EINVAL; + } + + down_read(&key->sem); + payload = key->payload.data[0]; + data = payload->data; + + /* + * We send the same key to the hardware as new and old key to + * verify that the key is good. + */ + rc = nvdimm->security_ops->change_key(nvdimm, data, data); + if (rc < 0) { + key_put(key); + return rc; + } + up_read(&key->sem); + nvdimm->key = key; + return 0; +} + int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm) { struct key *key; @@ -255,12 +291,27 @@ int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm) if (!nvdimm->security_ops) return 0; - if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED || - nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED || + if (nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED || nvdimm->state == NVDIMM_SECURITY_DISABLED) return 0; mutex_lock(&nvdimm->key_mutex); + /* + * If the pre-OS has unlocked the DIMM, we will attempt to send + * the key from request_key() to the hardware for verification. + * If we are not able to verify the key against the hardware we + * will freeze the security configuration. This will prevent any + * other security operations. + */ + if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED) { + rc = nvdimm_self_verify_key(nvdimm); + if (rc < 0) { + rc = nvdimm_security_freeze_lock(nvdimm); + mutex_unlock(&nvdimm->key_mutex); + return rc; + } + } + key = nvdimm->key; if (!key) { key = nvdimm_request_key(nvdimm);