Commit c4ef680d authored by Dave Jiang's avatar Dave Jiang Committed by Dan Williams
Browse files

cxl/pmem: Add Disable Passphrase security command support 



Create callback function to support the nvdimm_security_ops ->disable()
callback. Translate the operation to send "Disable Passphrase" security
command for CXL memory device. The operation supports disabling a
passphrase for the CXL persistent memory device. In the original
implementation of nvdimm_security_ops, this operation only supports
disabling of the user passphrase. This is due to the NFIT version of
disable passphrase only supported disabling of user passphrase. The CXL
spec allows disabling of the master passphrase as well which
nvidmm_security_ops does not support yet. In this commit, the callback
function will only support user passphrase.

See CXL rev3.0 spec section 8.2.9.8.6.3 for reference.

Reviewed-by: default avatarDavidlohr Bueso <dave@stgolabs.net>
Reviewed-by: default avatarJonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: default avatarDave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/166983611878.2734609.10602135274526390127.stgit@djiang5-desk3.ch.intel.com


Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
parent 53d2ce6e

drivers/cxl/core/mbox.c

+1 −0
Original line number Diff line number Diff line
@@ -67,6 +67,7 @@ static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = { 
	CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0),

	CXL_CMD(GET_SECURITY_STATE, 0, 0x4, 0),

	CXL_CMD(SET_PASSPHRASE, 0x60, 0, 0),

	CXL_CMD(DISABLE_PASSPHRASE, 0x40, 0, 0),

};



/*

drivers/cxl/cxlmem.h

+8 −0
Original line number Diff line number Diff line
@@ -275,6 +275,7 @@ enum cxl_opcode { 
	CXL_MBOX_OP_GET_SCAN_MEDIA	= 0x4305,

	CXL_MBOX_OP_GET_SECURITY_STATE	= 0x4500,

	CXL_MBOX_OP_SET_PASSPHRASE	= 0x4501,

	CXL_MBOX_OP_DISABLE_PASSPHRASE	= 0x4502,

	CXL_MBOX_OP_MAX			= 0x10000

};
@@ -390,6 +391,13 @@ struct cxl_set_pass { 
	u8 new_pass[NVDIMM_PASSPHRASE_LEN];

} __packed;



/* disable passphrase input payload */

struct cxl_disable_pass {

	u8 type;

	u8 reserved[31];

	u8 pass[NVDIMM_PASSPHRASE_LEN];

} __packed;



enum {

	CXL_PMEM_SEC_PASS_MASTER = 0,

	CXL_PMEM_SEC_PASS_USER,

drivers/cxl/security.c

+18 −0
Original line number Diff line number Diff line
@@ -70,9 +70,27 @@ static int cxl_pmem_security_change_key(struct nvdimm *nvdimm, 
	return rc;

}



static int cxl_pmem_security_disable(struct nvdimm *nvdimm,

				     const struct nvdimm_key_data *key_data)

{

	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);

	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;

	struct cxl_dev_state *cxlds = cxlmd->cxlds;

	struct cxl_disable_pass dis_pass;

	int rc;



	dis_pass.type = CXL_PMEM_SEC_PASS_USER;

	memcpy(dis_pass.pass, key_data->data, NVDIMM_PASSPHRASE_LEN);



	rc = cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_DISABLE_PASSPHRASE,

			       &dis_pass, sizeof(dis_pass), NULL, 0);

	return rc;

}



static const struct nvdimm_security_ops __cxl_security_ops = {

	.get_flags = cxl_pmem_get_security_flags,

	.change_key = cxl_pmem_security_change_key,

	.disable = cxl_pmem_security_disable,

};



const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops;

include/uapi/linux/cxl_mem.h

+1 −0
Original line number Diff line number Diff line
@@ -43,6 +43,7 @@ 
	___C(GET_SCAN_MEDIA, "Get Scan Media Results"),                   \

	___C(GET_SECURITY_STATE, "Get Security State"),			  \

	___C(SET_PASSPHRASE, "Set Passphrase"),				  \

	___C(DISABLE_PASSPHRASE, "Disable Passphrase"),			  \

	___C(MAX, "invalid / last command")



#define ___C(a, b) CXL_MEM_COMMAND_ID_##a