[PATCH 00/11] Additional patches for nvdimm security support

Saturday, 10 November 2018

The following series adds additional support for nvdimm security.
1. Converted logon keys to encrypted-keys.
2. Add overwrite DSM support
3. Add DSM 1.8 master passphrase support

The patch series is based off the branch from here:
https://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm.git/log/?h=...

Instead of squashing the previous changes, they are kept for history purposes
to document how we arrived to the current iteration.

Mimi,
Patch 1 requires your ack as it makes changes to encrypted-keys by adding
the nvdimm key format type. Dan wanted to restrict the key to 32bytes
during creation. I also wouldn't mind if you take a look at patch 2 and
make sure I'm providing correct usage of encrypted keys. Thank you!

---

Dave Jiang (11):
      keys-encrypted: add nvdimm key format type to encrypted keys
      libnvdimm/security: change clear text nvdimm keys to encrypted keys
      libnvdimm/security: add override module param for key self verification
      libnvdimm/security: introduce NDD_SECURITY_BUSY flag
      acpi/nfit, libnvdimm/security: Add security DSM overwrite support
      tools/testing/nvdimm: Add overwrite support for nfit_test
      libnvdimm/security: add overwrite status notification
      libnvdimm/security: add documentation for ovewrite
      acpi/nfit, libnvdimm/security: add Intel DSM 1.8 master passphrase support
      tools/testing/nvdimm: add Intel DSM 1.8 support for nfit_test
      acpi/nfit: prevent indiscriminate DSM payload dumping for security DSMs

 Documentation/nvdimm/security.txt        |   68 +++-
 drivers/acpi/nfit/Kconfig                |    7 
 drivers/acpi/nfit/core.c                 |   31 ++
 drivers/acpi/nfit/intel.c                |  245 +++++++++++++++
 drivers/acpi/nfit/intel.h                |   22 +
 drivers/acpi/nfit/nfit.h                 |    7 
 drivers/nvdimm/core.c                    |    3 
 drivers/nvdimm/dimm.c                    |    3 
 drivers/nvdimm/dimm_devs.c               |   50 +++
 drivers/nvdimm/nd-core.h                 |    9 -
 drivers/nvdimm/nd.h                      |   19 +
 drivers/nvdimm/region_devs.c             |    7 
 drivers/nvdimm/security.c                |  496 +++++++++++++++++-------------
 include/linux/libnvdimm.h                |   22 +
 security/keys/encrypted-keys/encrypted.c |   29 +-
 tools/testing/nvdimm/dimm_devs.c         |    2 
 tools/testing/nvdimm/test/nfit.c         |  141 +++++++++
 17 files changed, 895 insertions(+), 266 deletions(-)

--

2022

2021

2020

2019

2018

2017

2016

2015

2014

[PATCH 00/11] Additional patches for nvdimm security support