@@ -67,6 +67,7 @@ static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0),
CXL_CMD(GET_SECURITY_STATE, 0, 0x4, 0),
CXL_CMD(SET_PASSPHRASE, 0x60, 0, 0),
+ CXL_CMD(DISABLE_PASSPHRASE, 0x40, 0, 0),
};
/*
@@ -275,6 +275,7 @@ enum cxl_opcode {
CXL_MBOX_OP_GET_SCAN_MEDIA = 0x4305,
CXL_MBOX_OP_GET_SECURITY_STATE = 0x4500,
CXL_MBOX_OP_SET_PASSPHRASE = 0x4501,
+ CXL_MBOX_OP_DISABLE_PASSPHRASE = 0x4502,
CXL_MBOX_OP_MAX = 0x10000
};
@@ -390,6 +391,13 @@ struct cxl_set_pass {
u8 new_pass[NVDIMM_PASSPHRASE_LEN];
} __packed;
+/* disable passphrase input payload */
+struct cxl_disable_pass {
+ u8 type;
+ u8 reserved[31];
+ u8 pass[NVDIMM_PASSPHRASE_LEN];
+} __packed;
+
enum {
CXL_PMEM_SEC_PASS_MASTER = 0,
CXL_PMEM_SEC_PASS_USER,
@@ -70,9 +70,35 @@ static int cxl_pmem_security_change_key(struct nvdimm *nvdimm,
return rc;
}
+static int cxl_pmem_security_disable(struct nvdimm *nvdimm,
+ const struct nvdimm_key_data *key_data)
+{
+ struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
+ struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
+ struct cxl_dev_state *cxlds = cxlmd->cxlds;
+ struct cxl_disable_pass dis_pass;
+ int rc;
+
+ /*
+ * While the CXL spec defines the ability to erase the master passphrase,
+ * the original nvdimm security ops does not provide that capability.
+ * The sysfs attribute exposed to user space assumes disable is for user
+ * passphrase only. In order to preserve the user interface, this callback
+ * will only support disable of user passphrase. The disable master passphrase
+ * ability will need to be added as a new callback.
+ */
+ dis_pass.type = CXL_PMEM_SEC_PASS_USER;
+ memcpy(dis_pass.pass, key_data->data, NVDIMM_PASSPHRASE_LEN);
+
+ rc = cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_DISABLE_PASSPHRASE,
+ &dis_pass, sizeof(dis_pass), NULL, 0);
+ return rc;
+}
+
static const struct nvdimm_security_ops __cxl_security_ops = {
.get_flags = cxl_pmem_get_security_flags,
.change_key = cxl_pmem_security_change_key,
+ .disable = cxl_pmem_security_disable,
};
const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops;
@@ -43,6 +43,7 @@
___C(GET_SCAN_MEDIA, "Get Scan Media Results"), \
___C(GET_SECURITY_STATE, "Get Security State"), \
___C(SET_PASSPHRASE, "Set Passphrase"), \
+ ___C(DISABLE_PASSPHRASE, "Disable Passphrase"), \
___C(MAX, "invalid / last command")
#define ___C(a, b) CXL_MEM_COMMAND_ID_##a