diff options
| author | Dave Jiang <dave.jiang@intel.com> | 2018-12-06 21:40:01 +0100 |
|---|---|---|
| committer | Dan Williams <dan.j.williams@intel.com> | 2018-12-14 02:54:13 +0100 |
| commit | 4c6926a23b76ea23403976290cd45a7a143f6500 (patch) | |
| tree | 55dc830eafb03c36a4445f6b03c7e5dbe46be2dd /drivers/nvdimm/nd.h | |
| parent | acpi/nfit, libnvdimm: Add freeze security support to Intel nvdimm (diff) | |
| download | linux-4c6926a23b76ea23403976290cd45a7a143f6500.tar.xz linux-4c6926a23b76ea23403976290cd45a7a143f6500.zip | |
acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs
Add support to unlock the dimm via the kernel key management APIs. The
passphrase is expected to be pulled from userspace through keyutils.
The key management and sysfs attributes are libnvdimm generic.
Encrypted keys are used to protect the nvdimm passphrase at rest. The
master key can be a trusted-key sealed in a TPM, preferred, or an
encrypted-key, more flexible, but more exposure to a potential attacker.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Co-developed-by: Dan Williams <dan.j.williams@intel.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'drivers/nvdimm/nd.h')
| -rw-r--r-- | drivers/nvdimm/nd.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/drivers/nvdimm/nd.h b/drivers/nvdimm/nd.h index e79cc8e5c114..cfde992684e7 100644 --- a/drivers/nvdimm/nd.h +++ b/drivers/nvdimm/nd.h @@ -250,6 +250,14 @@ long nvdimm_clear_poison(struct device *dev, phys_addr_t phys, void nvdimm_set_aliasing(struct device *dev); void nvdimm_set_locked(struct device *dev); void nvdimm_clear_locked(struct device *dev); +#if IS_ENABLED(CONFIG_NVDIMM_KEYS) +int nvdimm_security_unlock(struct device *dev); +#else +static inline int nvdimm_security_unlock(struct device *dev) +{ + return 0; +} +#endif struct nd_btt *to_nd_btt(struct device *dev); struct nd_gen_sb { |