GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-23 23:32:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs

Browse source 
Add support to unlock the dimm via the kernel key management APIs. The
passphrase is expected to be pulled from userspace through keyutils.
The key management and sysfs attributes are libnvdimm generic.

Encrypted keys are used to protect the nvdimm passphrase at rest. The
master key can be a trusted-key sealed in a TPM, preferred, or an
encrypted-key, more flexible, but more exposure to a potential attacker.

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Co-developed-by: Dan Williams <dan.j.williams@intel.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This commit is contained in:
Dave Jiang 2018-12-06 12:40:01 -08:00 committed by Dan Williams
parent 37833fb798
commit 4c6926a23b
8 changed files with 299 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
include/linux/libnvdimm.h
View file

@ -163,9 +163,21 @@ enum nvdimm_security_state {
NVDIMM_SECURITY_OVERWRITE,
};
#define NVDIMM_PASSPHRASE_LEN 32
#define NVDIMM_KEY_DESC_LEN 22
struct nvdimm_key_data {
u8 data[NVDIMM_PASSPHRASE_LEN];
};
struct nvdimm_security_ops {
enum nvdimm_security_state (*state)(struct nvdimm *nvdimm);
int (*freeze)(struct nvdimm *nvdimm);
int (*change_key)(struct nvdimm *nvdimm,
const struct nvdimm_key_data *old_data,
const struct nvdimm_key_data *new_data);
int (*unlock)(struct nvdimm *nvdimm,
const struct nvdimm_key_data *key_data);
};
void badrange_init(struct badrange *badrange);