diff options
| author | Dave Jiang <dave.jiang@intel.com> | 2018-12-07 21:29:09 +0100 |
|---|---|---|
| committer | Dan Williams <dan.j.williams@intel.com> | 2018-12-21 21:44:41 +0100 |
| commit | d2a4ac73f56a5d0709d28b41fec8d15e4500f8f1 (patch) | |
| tree | 6ae066b618c3c0c68865b0783f88da25d2d69a7a /drivers/nvdimm/dimm_devs.c | |
| parent | acpi/nfit, libnvdimm: Add disable passphrase support to Intel nvdimm. (diff) | |
| download | linux-d2a4ac73f56a5d0709d28b41fec8d15e4500f8f1.tar.xz linux-d2a4ac73f56a5d0709d28b41fec8d15e4500f8f1.zip | |
acpi/nfit, libnvdimm: Add enable/update passphrase support for Intel nvdimms
Add support for enabling and updating passphrase on the Intel nvdimms.
The passphrase is the an encrypted key in the kernel user keyring.
We trigger the update via writing "update <old_keyid> <new_keyid>" to the
sysfs attribute "security". If no <old_keyid> exists (for enabling
security) then a 0 should be used.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'drivers/nvdimm/dimm_devs.c')
| -rw-r--r-- | drivers/nvdimm/dimm_devs.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c index 7f42cc4e119b..1cc3a6af3d0e 100644 --- a/drivers/nvdimm/dimm_devs.c +++ b/drivers/nvdimm/dimm_devs.c @@ -392,8 +392,9 @@ static ssize_t security_show(struct device *dev, } #define OPS \ - C( OP_FREEZE, "freeze", 1), \ - C( OP_DISABLE, "disable", 2) + C( OP_FREEZE, "freeze", 1), \ + C( OP_DISABLE, "disable", 2), \ + C( OP_UPDATE, "update", 3) #undef C #define C(a, b, c) a enum nvdimmsec_op_ids { OPS }; @@ -444,6 +445,9 @@ static ssize_t __security_store(struct device *dev, const char *buf, size_t len) } else if (i == OP_DISABLE) { dev_dbg(dev, "disable %u\n", key); rc = nvdimm_security_disable(nvdimm, key); + } else if (i == OP_UPDATE) { + dev_dbg(dev, "update %u %u\n", key, newkey); + rc = nvdimm_security_update(nvdimm, key, newkey); } else return -EINVAL; @@ -493,7 +497,8 @@ static umode_t nvdimm_visible(struct kobject *kobj, struct attribute *a, int n) if (nvdimm->sec.state < 0) return 0; /* Are there any state mutation ops? */ - if (nvdimm->sec.ops->freeze || nvdimm->sec.ops->disable) + if (nvdimm->sec.ops->freeze || nvdimm->sec.ops->disable + || nvdimm->sec.ops->change_key) return a->mode; return 0444; } |