提交 d7258548 编写于 作者: D Dave Jiang 提交者: Caspar Zhang

acpi/nfit: Add support for Intel DSM 1.8 commands

to #27305291

commit b3ed2ce024c36054e51cca2eb31a1cdbe4a5f11e upstream.

Add command definition for security commands defined in Intel DSM
specification v1.8 [1]. This includes "get security state", "set
passphrase", "unlock unit", "freeze lock", "secure erase", "overwrite",
"overwrite query", "master passphrase enable/disable", and "master
erase", . Since this adds several Intel definitions, move the relevant
bits to their own header.

These commands mutate physical data, but that manipulation is not cache
coherent. The requirement to flush and invalidate caches makes these
commands unsuitable to be called from userspace, so extra logic is added
to detect and block these commands from being submitted via the ioctl
command submission path.

Lastly, the commands may contain sensitive key material that should not
be dumped in a standard debug session. Update the nvdimm-command
payload-dump facility to move security command payloads behind a
default-off compile time switch.

[1]: http://pmem.io/documents/NVDIMM_DSM_Interface-V1.8.pdfSigned-off-by: NDave Jiang <dave.jiang@intel.com>
Signed-off-by: NDan Williams <dan.j.williams@intel.com>

[ Shile: fixed conflicts:
This patch updated the file "drivers/acpi/nfit/intel.h". The header file is
introduced by commit 0ead111 ("acpi, nfit: Collect shutdown status") in
upstream, which also update the test files. So let's fetch this part to fix
the conflict:
- tools/testing/nvdimm/test/nfit.c
- tools/testing/nvdimm/test/nfit_test.h ]
Signed-off-by: NShile Zhang <shile.zhang@linux.alibaba.com>
Reviewed-by: NYang Shi <yang.shi@linux.alibaba.com>
上级 1f9ef808
......@@ -13,3 +13,14 @@ config ACPI_NFIT
To compile this driver as a module, choose M here:
the module will be called nfit.
config NFIT_SECURITY_DEBUG
bool "Enable debug for NVDIMM security commands"
depends on ACPI_NFIT
help
Some NVDIMM devices and controllers support encryption and
other security features. The payloads for the commands that
enable those features may contain sensitive clear-text
security material. Disable debug of those command payloads
by default. If you are a kernel developer actively working
on NVDIMM security enabling say Y, otherwise say N.
......@@ -24,6 +24,7 @@
#include <linux/nd.h>
#include <asm/cacheflush.h>
#include <acpi/nfit.h>
#include "intel.h"
#include "nfit.h"
/*
......@@ -377,6 +378,14 @@ static u8 nfit_dsm_revid(unsigned family, unsigned func)
[NVDIMM_INTEL_QUERY_FWUPDATE] = 2,
[NVDIMM_INTEL_SET_THRESHOLD] = 2,
[NVDIMM_INTEL_INJECT_ERROR] = 2,
[NVDIMM_INTEL_GET_SECURITY_STATE] = 2,
[NVDIMM_INTEL_SET_PASSPHRASE] = 2,
[NVDIMM_INTEL_DISABLE_PASSPHRASE] = 2,
[NVDIMM_INTEL_UNLOCK_UNIT] = 2,
[NVDIMM_INTEL_FREEZE_LOCK] = 2,
[NVDIMM_INTEL_SECURE_ERASE] = 2,
[NVDIMM_INTEL_OVERWRITE] = 2,
[NVDIMM_INTEL_QUERY_OVERWRITE] = 2,
},
};
u8 id;
......@@ -421,6 +430,17 @@ static int cmd_to_func(struct nfit_mem *nfit_mem, unsigned int cmd,
return 0;
}
static bool payload_dumpable(struct nvdimm *nvdimm, unsigned int func)
{
struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
if (nfit_mem && nfit_mem->family == NVDIMM_FAMILY_INTEL
&& func >= NVDIMM_INTEL_GET_SECURITY_STATE
&& func <= NVDIMM_INTEL_MASTER_SECURE_ERASE)
return IS_ENABLED(CONFIG_NFIT_SECURITY_DEBUG);
return true;
}
int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm,
unsigned int cmd, void *buf, unsigned int buf_len, int *cmd_rc)
{
......@@ -503,9 +523,10 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm,
dev_dbg(dev, "%s cmd: %d: func: %d input length: %d\n",
dimm_name, cmd, func, in_buf.buffer.length);
print_hex_dump_debug("nvdimm in ", DUMP_PREFIX_OFFSET, 4, 4,
in_buf.buffer.pointer,
min_t(u32, 256, in_buf.buffer.length), true);
if (payload_dumpable(nvdimm, func))
print_hex_dump_debug("nvdimm in ", DUMP_PREFIX_OFFSET, 4, 4,
in_buf.buffer.pointer,
min_t(u32, 256, in_buf.buffer.length), true);
/* call the BIOS, prefer the named methods over _DSM if available */
if (nvdimm && cmd == ND_CMD_GET_CONFIG_SIZE && nfit_mem->has_lsr)
......@@ -3323,7 +3344,7 @@ static int acpi_nfit_flush_probe(struct nvdimm_bus_descriptor *nd_desc)
return 0;
}
static int acpi_nfit_clear_to_send(struct nvdimm_bus_descriptor *nd_desc,
static int __acpi_nfit_clear_to_send(struct nvdimm_bus_descriptor *nd_desc,
struct nvdimm *nvdimm, unsigned int cmd)
{
struct acpi_nfit_desc *acpi_desc = to_acpi_nfit_desc(nd_desc);
......@@ -3345,6 +3366,23 @@ static int acpi_nfit_clear_to_send(struct nvdimm_bus_descriptor *nd_desc,
return 0;
}
/* prevent security commands from being issued via ioctl */
static int acpi_nfit_clear_to_send(struct nvdimm_bus_descriptor *nd_desc,
struct nvdimm *nvdimm, unsigned int cmd, void *buf)
{
struct nd_cmd_pkg *call_pkg = buf;
unsigned int func;
if (nvdimm && cmd == ND_CMD_CALL &&
call_pkg->nd_family == NVDIMM_FAMILY_INTEL) {
func = call_pkg->nd_command;
if ((1 << func) & NVDIMM_INTEL_SECURITY_CMDMASK)
return -EOPNOTSUPP;
}
return __acpi_nfit_clear_to_send(nd_desc, nvdimm, cmd);
}
int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc,
enum nfit_ars_state req_type)
{
......
// SPDX-License-Identifier: GPL-2.0
/*
* Copyright(c) 2018 Intel Corporation. All rights reserved.
* Intel specific definitions for NVDIMM Firmware Interface Table - NFIT
*/
#ifndef _NFIT_INTEL_H_
#define _NFIT_INTEL_H_
#define ND_INTEL_SMART 1
#define ND_INTEL_SMART_SHUTDOWN_COUNT_VALID (1 << 5)
#define ND_INTEL_SMART_SHUTDOWN_VALID (1 << 10)
struct nd_intel_smart {
u32 status;
union {
struct {
u32 flags;
u8 reserved0[4];
u8 health;
u8 spares;
u8 life_used;
u8 alarm_flags;
u16 media_temperature;
u16 ctrl_temperature;
u32 shutdown_count;
u8 ait_status;
u16 pmic_temperature;
u8 reserved1[8];
u8 shutdown_state;
u32 vendor_size;
u8 vendor_data[92];
} __packed;
u8 data[128];
};
} __packed;
#define ND_INTEL_STATUS_SIZE 4
#define ND_INTEL_PASSPHRASE_SIZE 32
#define ND_INTEL_STATUS_NOT_SUPPORTED 1
#define ND_INTEL_STATUS_RETRY 5
#define ND_INTEL_STATUS_NOT_READY 9
#define ND_INTEL_STATUS_INVALID_STATE 10
#define ND_INTEL_STATUS_INVALID_PASS 11
#define ND_INTEL_STATUS_OVERWRITE_UNSUPPORTED 0x10007
#define ND_INTEL_STATUS_OQUERY_INPROGRESS 0x10007
#define ND_INTEL_STATUS_OQUERY_SEQUENCE_ERR 0x20007
#define ND_INTEL_SEC_STATE_ENABLED 0x02
#define ND_INTEL_SEC_STATE_LOCKED 0x04
#define ND_INTEL_SEC_STATE_FROZEN 0x08
#define ND_INTEL_SEC_STATE_PLIMIT 0x10
#define ND_INTEL_SEC_STATE_UNSUPPORTED 0x20
#define ND_INTEL_SEC_STATE_OVERWRITE 0x40
#define ND_INTEL_SEC_ESTATE_ENABLED 0x01
#define ND_INTEL_SEC_ESTATE_PLIMIT 0x02
struct nd_intel_get_security_state {
u32 status;
u8 extended_state;
u8 reserved[3];
u8 state;
u8 reserved1[3];
} __packed;
struct nd_intel_set_passphrase {
u8 old_pass[ND_INTEL_PASSPHRASE_SIZE];
u8 new_pass[ND_INTEL_PASSPHRASE_SIZE];
u32 status;
} __packed;
struct nd_intel_unlock_unit {
u8 passphrase[ND_INTEL_PASSPHRASE_SIZE];
u32 status;
} __packed;
struct nd_intel_disable_passphrase {
u8 passphrase[ND_INTEL_PASSPHRASE_SIZE];
u32 status;
} __packed;
struct nd_intel_freeze_lock {
u32 status;
} __packed;
struct nd_intel_secure_erase {
u8 passphrase[ND_INTEL_PASSPHRASE_SIZE];
u32 status;
} __packed;
struct nd_intel_overwrite {
u8 passphrase[ND_INTEL_PASSPHRASE_SIZE];
u32 status;
} __packed;
struct nd_intel_query_overwrite {
u32 status;
} __packed;
struct nd_intel_set_master_passphrase {
u8 old_pass[ND_INTEL_PASSPHRASE_SIZE];
u8 new_pass[ND_INTEL_PASSPHRASE_SIZE];
u32 status;
} __packed;
struct nd_intel_master_secure_erase {
u8 passphrase[ND_INTEL_PASSPHRASE_SIZE];
u32 status;
} __packed;
#endif
......@@ -60,14 +60,33 @@ enum nvdimm_family_cmds {
NVDIMM_INTEL_QUERY_FWUPDATE = 16,
NVDIMM_INTEL_SET_THRESHOLD = 17,
NVDIMM_INTEL_INJECT_ERROR = 18,
NVDIMM_INTEL_GET_SECURITY_STATE = 19,
NVDIMM_INTEL_SET_PASSPHRASE = 20,
NVDIMM_INTEL_DISABLE_PASSPHRASE = 21,
NVDIMM_INTEL_UNLOCK_UNIT = 22,
NVDIMM_INTEL_FREEZE_LOCK = 23,
NVDIMM_INTEL_SECURE_ERASE = 24,
NVDIMM_INTEL_OVERWRITE = 25,
NVDIMM_INTEL_QUERY_OVERWRITE = 26,
NVDIMM_INTEL_SET_MASTER_PASSPHRASE = 27,
NVDIMM_INTEL_MASTER_SECURE_ERASE = 28,
};
#define NVDIMM_INTEL_SECURITY_CMDMASK \
(1 << NVDIMM_INTEL_GET_SECURITY_STATE | 1 << NVDIMM_INTEL_SET_PASSPHRASE \
| 1 << NVDIMM_INTEL_DISABLE_PASSPHRASE | 1 << NVDIMM_INTEL_UNLOCK_UNIT \
| 1 << NVDIMM_INTEL_FREEZE_LOCK | 1 << NVDIMM_INTEL_SECURE_ERASE \
| 1 << NVDIMM_INTEL_OVERWRITE | 1 << NVDIMM_INTEL_QUERY_OVERWRITE \
| 1 << NVDIMM_INTEL_SET_MASTER_PASSPHRASE \
| 1 << NVDIMM_INTEL_MASTER_SECURE_ERASE)
#define NVDIMM_INTEL_CMDMASK \
(NVDIMM_STANDARD_CMDMASK | 1 << NVDIMM_INTEL_GET_MODES \
| 1 << NVDIMM_INTEL_GET_FWINFO | 1 << NVDIMM_INTEL_START_FWUPDATE \
| 1 << NVDIMM_INTEL_SEND_FWUPDATE | 1 << NVDIMM_INTEL_FINISH_FWUPDATE \
| 1 << NVDIMM_INTEL_QUERY_FWUPDATE | 1 << NVDIMM_INTEL_SET_THRESHOLD \
| 1 << NVDIMM_INTEL_INJECT_ERROR | 1 << NVDIMM_INTEL_LATCH_SHUTDOWN)
| 1 << NVDIMM_INTEL_INJECT_ERROR | 1 << NVDIMM_INTEL_LATCH_SHUTDOWN \
| NVDIMM_INTEL_SECURITY_CMDMASK)
enum nfit_uuids {
/* for simplicity alias the uuid index with the family id */
......
......@@ -928,7 +928,7 @@ static int nd_cmd_clear_to_send(struct nvdimm_bus *nvdimm_bus,
/* ask the bus provider if it would like to block this request */
if (nd_desc->clear_to_send) {
int rc = nd_desc->clear_to_send(nd_desc, nvdimm, cmd);
int rc = nd_desc->clear_to_send(nd_desc, nvdimm, cmd, data);
if (rc)
return rc;
......
......@@ -91,7 +91,7 @@ struct nvdimm_bus_descriptor {
ndctl_fn ndctl;
int (*flush_probe)(struct nvdimm_bus_descriptor *nd_desc);
int (*clear_to_send)(struct nvdimm_bus_descriptor *nd_desc,
struct nvdimm *nvdimm, unsigned int cmd);
struct nvdimm *nvdimm, unsigned int cmd, void *data);
};
struct nd_cmd_desc {
......
......@@ -25,6 +25,7 @@
#include <linux/list.h>
#include <linux/slab.h>
#include <nd-core.h>
#include <intel.h>
#include <nfit.h>
#include <nd.h>
#include "nfit_test.h"
......
......@@ -118,30 +118,6 @@ struct nd_cmd_ars_err_inj_stat {
#define ND_INTEL_SMART_INJECT_FATAL (1 << 2)
#define ND_INTEL_SMART_INJECT_SHUTDOWN (1 << 3)
struct nd_intel_smart {
__u32 status;
union {
struct {
__u32 flags;
__u8 reserved0[4];
__u8 health;
__u8 spares;
__u8 life_used;
__u8 alarm_flags;
__u16 media_temperature;
__u16 ctrl_temperature;
__u32 shutdown_count;
__u8 ait_status;
__u16 pmic_temperature;
__u8 reserved1[8];
__u8 shutdown_state;
__u32 vendor_size;
__u8 vendor_data[92];
} __packed;
__u8 data[128];
};
} __packed;
struct nd_intel_smart_threshold {
__u32 status;
union {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册