summaryrefslogtreecommitdiff
path: root/include/linux/libnvdimm.h
diff options
context:
space:
mode:
authorDave Jiang <dave.jiang@intel.com>2018-12-06 23:40:01 +0300
committerDan Williams <dan.j.williams@intel.com>2018-12-14 04:54:13 +0300
commit4c6926a23b76ea23403976290cd45a7a143f6500 (patch)
tree55dc830eafb03c36a4445f6b03c7e5dbe46be2dd /include/linux/libnvdimm.h
parent37833fb7989a9d3c3e26354e6878e682c340d718 (diff)
downloadlinux-4c6926a23b76ea23403976290cd45a7a143f6500.tar.xz
acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs
Add support to unlock the dimm via the kernel key management APIs. The passphrase is expected to be pulled from userspace through keyutils. The key management and sysfs attributes are libnvdimm generic. Encrypted keys are used to protect the nvdimm passphrase at rest. The master key can be a trusted-key sealed in a TPM, preferred, or an encrypted-key, more flexible, but more exposure to a potential attacker. Signed-off-by: Dave Jiang <dave.jiang@intel.com> Co-developed-by: Dan Williams <dan.j.williams@intel.com> Reported-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'include/linux/libnvdimm.h')
-rw-r--r--include/linux/libnvdimm.h12
1 files changed, 12 insertions, 0 deletions
diff --git a/include/linux/libnvdimm.h b/include/linux/libnvdimm.h
index 42c815f97c02..0f0ab276134e 100644
--- a/include/linux/libnvdimm.h
+++ b/include/linux/libnvdimm.h
@@ -163,9 +163,21 @@ enum nvdimm_security_state {
NVDIMM_SECURITY_OVERWRITE,
};
+#define NVDIMM_PASSPHRASE_LEN 32
+#define NVDIMM_KEY_DESC_LEN 22
+
+struct nvdimm_key_data {
+ u8 data[NVDIMM_PASSPHRASE_LEN];
+};
+
struct nvdimm_security_ops {
enum nvdimm_security_state (*state)(struct nvdimm *nvdimm);
int (*freeze)(struct nvdimm *nvdimm);
+ int (*change_key)(struct nvdimm *nvdimm,
+ const struct nvdimm_key_data *old_data,
+ const struct nvdimm_key_data *new_data);
+ int (*unlock)(struct nvdimm *nvdimm,
+ const struct nvdimm_key_data *key_data);
};
void badrange_init(struct badrange *badrange);