From patchwork Sat Aug 4 00:01:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10555529 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4ED481390 for ; Sat, 4 Aug 2018 00:01:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3D3A62C7D2 for ; Sat, 4 Aug 2018 00:01:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2DC372C805; Sat, 4 Aug 2018 00:01:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 278382C7D2 for ; Sat, 4 Aug 2018 00:01:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id BF30221A00AE6; Fri, 3 Aug 2018 17:01:11 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C56E321B02822 for ; Fri, 3 Aug 2018 17:01:10 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Aug 2018 17:01:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,440,1526367600"; d="scan'208";a="61978445" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by orsmga007.jf.intel.com with ESMTP; 03 Aug 2018 17:01:09 -0700 Subject: [PATCH v7 00/12] Adding security support for nvdimm From: Dave Jiang To: linux-nvdimm@lists.01.org Date: Fri, 03 Aug 2018 17:01:09 -0700 Message-ID: <153334018216.60955.13349338519981704524.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: alison.schofield@intel.com, keescook@chromium.org, ebiggers3@gmail.com, dhowells@redhat.com, keyrings@vger.kernel.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP The following series implements security support for nvdimm. Mostly adding new security DSM support from the Intel NVDIMM DSM spec v1.7, but also adding generic support libnvdimm for other vendors. The most important security features are unlocking locked nvdimms, and updating/setting security passphrase to nvdimms. Security folks, thanks in advance for taking a look at my key management implementation and making sure that I'm doing something sane. Mainly you'll want to review patches 2, 4, and 5 as most relevant ones that need scrutiny. v7: - Add CONFIG_KEYS depenency for libnvdimm. (Alison) - Export lookup_user_key(). (David) - Modified "update" to take two key ids and and use lookup_user_key() in order to improve security. (David) - Use key ptrs and key_validate() for cached keys. (David) v6: - Fix intel DSM data structures to use defined size for passphrase (Robert) - Fix memcpy size to use sizeof data structure member (Robert) - Fix defined dimm id length (Robert) - Making intel_security_ops const (Eric) - Remove unused var in nvdimm_key_search() (Eric) - Added wbinvd before secure erase is issued (Robert) - Removed key_put_sync() usage (David) - Use init_cred instead of creating own cred (David) - Exported init_cred symbol - Move keyring to dedicated (David) - Use logon_key_type and friends instead of creating custom (David) - Use key_lookup() with stored key serial (David) - Exported key_lookup() symbol - Mark passed in key data as const (David) - Added comment for change_pass_phrase to explain how it works (David) - Unlink key when it's being removed from keyring. (David) - Removed request_key() from all security ops except update and unlock. - Update will now update the existing key's payload with the new key's retrieved from userspace when the new payload is accepted by nvdimm. v5: - Moved dimm_id initialization (Dan) - Added a key_put_sync() in order to run key_gc_work and cleanup old key. (Dan) - Added check to block security state changes while DIMM is active. (Dan) v4: - flip payload layout for update passphrase to make it easier on userland. v3: - Set x86 wrappers for x86 only bits. (Dan) - Fixed up some verbiage in commit headers. - Put in usage of sysfs_streq() for sysfs inputs. - 0-day build fixes for non-x86 archs. v2: - Move inclusion of intel.h to relevant source files and not in nfit.h. (Dan) - Moved security ring relevant code to dimm_devs.c. (Dan) - Added dimm_id to nfit_mem to avoid recreate per sysfs show call. (Dan) - Added routine to return security_ops based on family supplied. (Dan) - Added nvdimm_key_data struct to wrap raw passphrase string. (Dan) - Allocate firmware package on stack. (Dan) - Added missing frozen state detection when retrieving security state. --- Dave Jiang (12): nfit: add support for Intel DSM 1.7 commands libnvdimm: create keyring to store security keys nfit/libnvdimm: store dimm id as a member to struct nvdimm keys: export lookup_user_key to external users nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs nfit/libnvdimm: add set passphrase support for Intel nvdimms nfit/libnvdimm: add disable passphrase support to Intel nvdimm. nfit/libnvdimm: add freeze security support to Intel nvdimm nfit/libnvdimm: add support for issue secure erase DSM to Intel nvdimm nfit_test: add context to dimm_dev for nfit_test nfit_test: add test support for Intel nvdimm security DSMs libnvdimm: add documentation for nvdimm security support Documentation/nvdimm/security.txt | 78 +++++ drivers/acpi/nfit/Makefile | 1 drivers/acpi/nfit/core.c | 58 +++- drivers/acpi/nfit/intel.c | 382 +++++++++++++++++++++++++++ drivers/acpi/nfit/intel.h | 82 ++++++ drivers/acpi/nfit/nfit.h | 20 + drivers/nvdimm/Kconfig | 1 drivers/nvdimm/bus.c | 2 drivers/nvdimm/core.c | 7 drivers/nvdimm/dimm.c | 7 drivers/nvdimm/dimm_devs.c | 527 +++++++++++++++++++++++++++++++++++++ drivers/nvdimm/nd-core.h | 6 drivers/nvdimm/nd.h | 2 include/linux/key.h | 3 include/linux/libnvdimm.h | 42 +++ kernel/cred.c | 1 security/keys/internal.h | 2 security/keys/process_keys.c | 1 tools/testing/nvdimm/Kbuild | 1 tools/testing/nvdimm/test/nfit.c | 227 +++++++++++++++- 20 files changed, 1414 insertions(+), 36 deletions(-) create mode 100644 Documentation/nvdimm/security.txt create mode 100644 drivers/acpi/nfit/intel.c create mode 100644 drivers/acpi/nfit/intel.h --