summaryrefslogtreecommitdiff
path: root/drivers/acpi/nfit
diff options
context:
space:
mode:
authorDave Jiang <dave.jiang@intel.com>2018-12-07 20:33:30 +0300
committerDan Williams <dan.j.williams@intel.com>2018-12-21 23:44:41 +0300
commit03b65b22ada8115a7a7bfdf0789f6a94adfd6070 (patch)
treed8ac0a260db2dcac8b52ed36566bd9b89ab2d116 /drivers/acpi/nfit
parent4c6926a23b76ea23403976290cd45a7a143f6500 (diff)
downloadlinux-03b65b22ada8115a7a7bfdf0789f6a94adfd6070.tar.xz
acpi/nfit, libnvdimm: Add disable passphrase support to Intel nvdimm.
Add support to disable passphrase (security) for the Intel nvdimm. The passphrase used for disabling is pulled from an encrypted-key in the kernel user keyring. The action is triggered by writing "disable <keyid>" to the sysfs attribute "security". Signed-off-by: Dave Jiang <dave.jiang@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'drivers/acpi/nfit')
-rw-r--r--drivers/acpi/nfit/intel.c41
1 files changed, 41 insertions, 0 deletions
diff --git a/drivers/acpi/nfit/intel.c b/drivers/acpi/nfit/intel.c
index 38f2cb364853..bb033b74bff0 100644
--- a/drivers/acpi/nfit/intel.c
+++ b/drivers/acpi/nfit/intel.c
@@ -163,6 +163,46 @@ static int intel_security_unlock(struct nvdimm *nvdimm,
return 0;
}
+static int intel_security_disable(struct nvdimm *nvdimm,
+ const struct nvdimm_key_data *key_data)
+{
+ int rc;
+ struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
+ struct {
+ struct nd_cmd_pkg pkg;
+ struct nd_intel_disable_passphrase cmd;
+ } nd_cmd = {
+ .pkg = {
+ .nd_command = NVDIMM_INTEL_DISABLE_PASSPHRASE,
+ .nd_family = NVDIMM_FAMILY_INTEL,
+ .nd_size_in = ND_INTEL_PASSPHRASE_SIZE,
+ .nd_size_out = ND_INTEL_STATUS_SIZE,
+ .nd_fw_size = ND_INTEL_STATUS_SIZE,
+ },
+ };
+
+ if (!test_bit(NVDIMM_INTEL_DISABLE_PASSPHRASE, &nfit_mem->dsm_mask))
+ return -ENOTTY;
+
+ memcpy(nd_cmd.cmd.passphrase, key_data->data,
+ sizeof(nd_cmd.cmd.passphrase));
+ rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL);
+ if (rc < 0)
+ return rc;
+
+ switch (nd_cmd.cmd.status) {
+ case 0:
+ break;
+ case ND_INTEL_STATUS_INVALID_PASS:
+ return -EINVAL;
+ case ND_INTEL_STATUS_INVALID_STATE:
+ default:
+ return -ENXIO;
+ }
+
+ return 0;
+}
+
/*
* TODO: define a cross arch wbinvd equivalent when/if
* NVDIMM_FAMILY_INTEL command support arrives on another arch.
@@ -183,6 +223,7 @@ static const struct nvdimm_security_ops __intel_security_ops = {
.state = intel_security_state,
.freeze = intel_security_freeze,
.change_key = intel_security_change_key,
+ .disable = intel_security_disable,
#ifdef CONFIG_X86
.unlock = intel_security_unlock,
#endif