@@ -96,9 +96,19 @@ its keyid should be passed in via sysfs.
The command format for doing a secure erase is:
erase <current keyid>
-An "old" key with the passphrase payload that is tied to the nvdimm should be
-injected with a key description that does not have the "nvdimm:" prefix and
-its keyid should be passed in via sysfs.
+9. Overwrite
+------------
+The command format for doing an overwrite is:
+overwrite <current keyid>
+
+Overwrite can be done without a key if security is not enabled. A key serial
+of 0 can be passed in to indicate no key.
+
+The sysfs attribute "security" can be polled to wait on overwrite completion.
+Overwrite can last tens of minutes or more depending on nvdimm size.
+
+An encrypted key with the current key passphrase that is tied to the nvdimm
+should be injected and its keyid should be passed in via sysfs.
[1]: http://pmem.io/documents/NVDIMM_DSM_Interface-V1.7.pdf
[2]: http://www.t13.org/documents/UploadedDocuments/docs2006/e05179r4-ACS-SecurityClarifications.pdf
Add overwrite command usages to security documentation. Signed-off-by: Dave Jiang <dave.jiang@intel.com> --- Documentation/nvdimm/security.txt | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-)