diff options
| author |   Dave Jiang <dave.jiang@intel.com> | 2018-12-10 10:53:22 -0700 |
|---|---|---|
| committer |   Dan Williams <dan.j.williams@intel.com> | 2018-12-21 12:44:41 -0800 |
| commit | 89fa9d8ea7bdfa841d19044485cec5f4171069e5 (patch) | |
| tree | 2be60d02c3f6baac9186566e9077a7879a523fac /drivers/nvdimm/nd-core.h | |
| parent | acpi/nfit, libnvdimm/security: Add security DSM overwrite support (diff) | |
| download | linux-dev-89fa9d8ea7bdfa841d19044485cec5f4171069e5.tar.xz linux-dev-89fa9d8ea7bdfa841d19044485cec5f4171069e5.zip | |
acpi/nfit, libnvdimm/security: add Intel DSM 1.8 master passphrase support
With Intel DSM 1.8 [1] two new security DSMs are introduced. Enable/update
master passphrase and master secure erase. The master passphrase allows
a secure erase to be performed without the user passphrase that is set on
the NVDIMM. The commands of master_update and master_erase are added to
the sysfs knob in order to initiate the DSMs. They are similar in opeartion
mechanism compare to update and erase.
[1]: http://pmem.io/documents/NVDIMM_DSM_Interface-V1.8.pdf
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'drivers/nvdimm/nd-core.h')
| -rw-r--r-- | drivers/nvdimm/nd-core.h | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/drivers/nvdimm/nd-core.h b/drivers/nvdimm/nd-core.h index 952d688982d8..52d20d9f39f6 100644 --- a/drivers/nvdimm/nd-core.h +++ b/drivers/nvdimm/nd-core.h @@ -46,6 +46,7 @@ struct nvdimm { struct { const struct nvdimm_security_ops *ops; enum nvdimm_security_state state; + enum nvdimm_security_state ext_state; unsigned int overwrite_tmo; struct kernfs_node *overwrite_state; } sec; @@ -53,19 +54,21 @@ struct nvdimm { }; static inline enum nvdimm_security_state nvdimm_security_state( - struct nvdimm *nvdimm) + struct nvdimm *nvdimm, bool master) { if (!nvdimm->sec.ops) return -ENXIO; - return nvdimm->sec.ops->state(nvdimm); + return nvdimm->sec.ops->state(nvdimm, master); } int nvdimm_security_freeze(struct nvdimm *nvdimm); #if IS_ENABLED(CONFIG_NVDIMM_KEYS) int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid); int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid, - unsigned int new_keyid); -int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid); + unsigned int new_keyid, + enum nvdimm_passphrase_type pass_type); +int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid, + enum nvdimm_passphrase_type pass_type); int nvdimm_security_overwrite(struct nvdimm *nvdimm, unsigned int keyid); void nvdimm_security_overwrite_query(struct work_struct *work); #else @@ -74,12 +77,16 @@ static inline int nvdimm_security_disable(struct nvdimm *nvdimm, { return -EOPNOTSUPP; } -static inline int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid, - unsigned int new_keyid) +static inline int nvdimm_security_update(struct nvdimm *nvdimm, + unsigned int keyid, + unsigned int new_keyid, + enum nvdimm_passphrase_type pass_type) { return -EOPNOTSUPP; } -static inline int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid) +static inline int nvdimm_security_erase(struct nvdimm *nvdimm, + unsigned int keyid, + enum nvdimm_passphrase_type pass_type) { return -EOPNOTSUPP; } |