From 64e77c8c047fb91ea8c7800c1238108a72f0bf9c Mon Sep 17 00:00:00 2001 From: Dave Jiang Date: Fri, 7 Dec 2018 14:02:12 -0700 Subject: acpi/nfit, libnvdimm: Add support for issue secure erase DSM to Intel nvdimm Add support to issue a secure erase DSM to the Intel nvdimm. The required passphrase is acquired from an encrypted key in the kernel user keyring. To trigger the action, "erase " is written to the "security" sysfs attribute. Signed-off-by: Dave Jiang Signed-off-by: Dan Williams --- drivers/acpi/nfit/intel.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++ drivers/nvdimm/dimm_devs.c | 9 +++++++-- drivers/nvdimm/nd-core.h | 5 +++++ drivers/nvdimm/security.c | 41 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 100 insertions(+), 2 deletions(-) (limited to 'drivers') diff --git a/drivers/acpi/nfit/intel.c b/drivers/acpi/nfit/intel.c index bb033b74bff0..e0e04b730b4f 100644 --- a/drivers/acpi/nfit/intel.c +++ b/drivers/acpi/nfit/intel.c @@ -203,6 +203,52 @@ static int intel_security_disable(struct nvdimm *nvdimm, return 0; } +static int intel_security_erase(struct nvdimm *nvdimm, + const struct nvdimm_key_data *key) +{ + int rc; + struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); + struct { + struct nd_cmd_pkg pkg; + struct nd_intel_secure_erase cmd; + } nd_cmd = { + .pkg = { + .nd_family = NVDIMM_FAMILY_INTEL, + .nd_size_in = ND_INTEL_PASSPHRASE_SIZE, + .nd_size_out = ND_INTEL_STATUS_SIZE, + .nd_fw_size = ND_INTEL_STATUS_SIZE, + .nd_command = NVDIMM_INTEL_SECURE_ERASE, + }, + }; + + if (!test_bit(NVDIMM_INTEL_SECURE_ERASE, &nfit_mem->dsm_mask)) + return -ENOTTY; + + /* flush all cache before we erase DIMM */ + nvdimm_invalidate_cache(); + memcpy(nd_cmd.cmd.passphrase, key->data, + sizeof(nd_cmd.cmd.passphrase)); + rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL); + if (rc < 0) + return rc; + + switch (nd_cmd.cmd.status) { + case 0: + break; + case ND_INTEL_STATUS_NOT_SUPPORTED: + return -EOPNOTSUPP; + case ND_INTEL_STATUS_INVALID_PASS: + return -EINVAL; + case ND_INTEL_STATUS_INVALID_STATE: + default: + return -ENXIO; + } + + /* DIMM erased, invalidate all CPU caches before we read it */ + nvdimm_invalidate_cache(); + return 0; +} + /* * TODO: define a cross arch wbinvd equivalent when/if * NVDIMM_FAMILY_INTEL command support arrives on another arch. @@ -226,6 +272,7 @@ static const struct nvdimm_security_ops __intel_security_ops = { .disable = intel_security_disable, #ifdef CONFIG_X86 .unlock = intel_security_unlock, + .erase = intel_security_erase, #endif }; diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c index 1cc3a6af3d0e..bc432b7c17b8 100644 --- a/drivers/nvdimm/dimm_devs.c +++ b/drivers/nvdimm/dimm_devs.c @@ -394,7 +394,8 @@ static ssize_t security_show(struct device *dev, #define OPS \ C( OP_FREEZE, "freeze", 1), \ C( OP_DISABLE, "disable", 2), \ - C( OP_UPDATE, "update", 3) + C( OP_UPDATE, "update", 3), \ + C( OP_ERASE, "erase", 2) #undef C #define C(a, b, c) a enum nvdimmsec_op_ids { OPS }; @@ -448,6 +449,9 @@ static ssize_t __security_store(struct device *dev, const char *buf, size_t len) } else if (i == OP_UPDATE) { dev_dbg(dev, "update %u %u\n", key, newkey); rc = nvdimm_security_update(nvdimm, key, newkey); + } else if (i == OP_ERASE) { + dev_dbg(dev, "erase %u\n", key); + rc = nvdimm_security_erase(nvdimm, key); } else return -EINVAL; @@ -498,7 +502,8 @@ static umode_t nvdimm_visible(struct kobject *kobj, struct attribute *a, int n) return 0; /* Are there any state mutation ops? */ if (nvdimm->sec.ops->freeze || nvdimm->sec.ops->disable - || nvdimm->sec.ops->change_key) + || nvdimm->sec.ops->change_key + || nvdimm->sec.ops->erase) return a->mode; return 0444; } diff --git a/drivers/nvdimm/nd-core.h b/drivers/nvdimm/nd-core.h index c2567f9ae07b..b4b633ccfbe9 100644 --- a/drivers/nvdimm/nd-core.h +++ b/drivers/nvdimm/nd-core.h @@ -61,6 +61,7 @@ int nvdimm_security_freeze(struct nvdimm *nvdimm); int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid); int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid, unsigned int new_keyid); +int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid); #else static inline int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) @@ -72,6 +73,10 @@ static inline int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int key { return -EOPNOTSUPP; } +static inline int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid) +{ + return -EOPNOTSUPP; +} #endif /** diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index df7f070e96fb..05677be3c0dd 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -33,6 +33,9 @@ static void *key_data(struct key *key) static void nvdimm_put_key(struct key *key) { + if (!key) + return; + up_read(&key->sem); key_put(key); } @@ -259,3 +262,41 @@ int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid, nvdimm->sec.state = nvdimm_security_state(nvdimm); return rc; } + +int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid) +{ + struct device *dev = &nvdimm->dev; + struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev); + struct key *key; + int rc; + + /* The bus lock should be held at the top level of the call stack */ + lockdep_assert_held(&nvdimm_bus->reconfig_mutex); + + if (!nvdimm->sec.ops || !nvdimm->sec.ops->erase + || nvdimm->sec.state < 0) + return -EOPNOTSUPP; + + if (atomic_read(&nvdimm->busy)) { + dev_warn(dev, "Unable to secure erase while DIMM active.\n"); + return -EBUSY; + } + + if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) { + dev_warn(dev, "Incorrect security state: %d\n", + nvdimm->sec.state); + return -EIO; + } + + key = nvdimm_lookup_user_key(nvdimm, keyid, NVDIMM_BASE_KEY); + if (!key) + return -ENOKEY; + + rc = nvdimm->sec.ops->erase(nvdimm, key_data(key)); + dev_dbg(dev, "key: %d erase: %s\n", key_serial(key), + rc == 0 ? "success" : "fail"); + + nvdimm_put_key(key); + nvdimm->sec.state = nvdimm_security_state(nvdimm); + return rc; +} -- cgit v1.2.3