| Message ID | 155329051601.45122.5794344301281956392.stgit@djiang5-desk3.ch.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | dsactl: add support to allow keyless secure erase | expand |
On Fri, Mar 22, 2019 at 2:35 PM Dave Jiang <dave.jiang@intel.com> wrote: > > When security is not enabled, we reject secure erase currently. Add > support to allow secure erase to occur without key. > > Signed-off-by: Dave Jiang <dave.jiang@intel.com> > --- > Documentation/ndctl/ndctl-sanitize-dimm.txt | 2 ++ > ndctl/util/keys.c | 16 +++++++++++----- > 2 files changed, 13 insertions(+), 5 deletions(-) > > diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt b/Documentation/ndctl/ndctl-sanitize-dimm.txt > index 7f57a115..d9450dd3 100644 > --- a/Documentation/ndctl/ndctl-sanitize-dimm.txt > +++ b/Documentation/ndctl/ndctl-sanitize-dimm.txt > @@ -33,6 +33,8 @@ erase. The default is 'crypto-erase', but additionally, an 'overwrite' option > is available which overwrites not only the data area, but also the label area, > thus losing record of any namespaces the given NVDIMM participates in. > > +It is possible to crypto-erase or overwrite without a key. > + > OPTIONS > ------- > <dimm>:: > diff --git a/ndctl/util/keys.c b/ndctl/util/keys.c > index c1f2e843..82c16539 100644 > --- a/ndctl/util/keys.c > +++ b/ndctl/util/keys.c > @@ -612,12 +612,18 @@ int ndctl_dimm_remove_key(struct ndctl_dimm *dimm) > int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm, > enum ndctl_key_type key_type) > { > - key_serial_t key; > + key_serial_t key = 0; > int rc; > + enum ndctl_security_state state; > > - key = check_dimm_key(dimm, true, key_type); > - if (key < 0) > - return key; > + state = ndctl_dimm_get_security(dimm); > + > + if (key_type != ND_MASTER_KEY && > + state != NDCTL_SECURITY_DISABLED) { No, I'd rather not assume anything about the state relative to when to use the zero-key. Make this a "-z / --zero-key" command line option. Specifically because the Intel DSM security specification is different than the semantics that are generically supported in ndctl.
diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt b/Documentation/ndctl/ndctl-sanitize-dimm.txt index 7f57a115..d9450dd3 100644 --- a/Documentation/ndctl/ndctl-sanitize-dimm.txt +++ b/Documentation/ndctl/ndctl-sanitize-dimm.txt @@ -33,6 +33,8 @@ erase. The default is 'crypto-erase', but additionally, an 'overwrite' option is available which overwrites not only the data area, but also the label area, thus losing record of any namespaces the given NVDIMM participates in. +It is possible to crypto-erase or overwrite without a key. + OPTIONS ------- <dimm>:: diff --git a/ndctl/util/keys.c b/ndctl/util/keys.c index c1f2e843..82c16539 100644 --- a/ndctl/util/keys.c +++ b/ndctl/util/keys.c @@ -612,12 +612,18 @@ int ndctl_dimm_remove_key(struct ndctl_dimm *dimm) int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm, enum ndctl_key_type key_type) { - key_serial_t key; + key_serial_t key = 0; int rc; + enum ndctl_security_state state; - key = check_dimm_key(dimm, true, key_type); - if (key < 0) - return key; + state = ndctl_dimm_get_security(dimm); + + if (key_type != ND_MASTER_KEY && + state != NDCTL_SECURITY_DISABLED) { + key = check_dimm_key(dimm, true, key_type); + if (key < 0) + return key; + } if (key_type == ND_MASTER_KEY) rc = run_key_op(dimm, key, ndctl_dimm_master_secure_erase, @@ -630,7 +636,7 @@ int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm, if (rc < 0) return rc; - if (key_type == ND_USER_KEY) + if (key_type == ND_USER_KEY && key != 0) return discard_key(dimm); return 0;
When security is not enabled, we reject secure erase currently. Add support to allow secure erase to occur without key. Signed-off-by: Dave Jiang <dave.jiang@intel.com> --- Documentation/ndctl/ndctl-sanitize-dimm.txt | 2 ++ ndctl/util/keys.c | 16 +++++++++++----- 2 files changed, 13 insertions(+), 5 deletions(-)