| Message ID | 153936865468.55836.4349279559484495728.stgit@djiang5-desk3.ch.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/5] libnvdimm: fix updating of kernel key during nvdimm key update | expand |
On Fri, Oct 12, 2018 at 11:24 AM Dave Jiang <dave.jiang@intel.com> wrote: > > When the nvdimm security state is unlocked during unlock, we skip the > operation. In this state, we are not able to fetch a key for verification > and at the same time the dimm is unlocked. This prevents us from doing > any security operations. We will send the freeze security DSM to make the > state consistent. > > Signed-off-by: Dave Jiang <dave.jiang@intel.com> > --- > drivers/nvdimm/security.c | 15 +++++++++++++-- > 1 file changed, 13 insertions(+), 2 deletions(-) > > diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c > index 7b5d7c77514d..6c5423228b31 100644 > --- a/drivers/nvdimm/security.c > +++ b/drivers/nvdimm/security.c > @@ -250,8 +250,19 @@ int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm) > if (!nvdimm->security_ops) > return 0; > > - if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED || > - nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED || > + /* > + * If the pre-OS has unlocked the DIMM, we will not be able to > + * verify the key against the hardware. Therefore we will not > + * retrieve the key and will freeze the security config. This will > + * prevent any other security operations. > + */ I think we should try to retrieve the key if the DIMM is unlocked and verify it with a 'change-key-to-self' check. If either of those steps fail then freeze the dimm.
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index 7b5d7c77514d..6c5423228b31 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -250,8 +250,19 @@ int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm) if (!nvdimm->security_ops) return 0; - if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED || - nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED || + /* + * If the pre-OS has unlocked the DIMM, we will not be able to + * verify the key against the hardware. Therefore we will not + * retrieve the key and will freeze the security config. This will + * prevent any other security operations. + */ + if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED) { + rc = nvdimm_security_freeze_lock(nvdimm); + if (rc < 0) + return rc; + } + + if (nvdimm->state == NVDIMM_SECURITY_UNSUPPORTED || nvdimm->state == NVDIMM_SECURITY_DISABLED) return 0;
When the nvdimm security state is unlocked during unlock, we skip the operation. In this state, we are not able to fetch a key for verification and at the same time the dimm is unlocked. This prevents us from doing any security operations. We will send the freeze security DSM to make the state consistent. Signed-off-by: Dave Jiang <dave.jiang@intel.com> --- drivers/nvdimm/security.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-)