[PATCH 03/11] libnvdimm/security: add override module param for key self verification
Provide the user an override via kernel module parameter for security key
self verification. no_key_self_verify parameter is being added to bypass
security key verify against the hardware during nvdimm unlock path.
Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
---
drivers/nvdimm/security.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index ee741199d623..d2831e61f3d8 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0
/* Copyright(c) 2018 Intel Corporation. All rights reserved. */
+#include <linux/module.h>
#include <linux/device.h>
#include <linux/ndctl.h>
#include <linux/slab.h>
@@ -14,6 +15,10 @@
#include "nd-core.h"
#include "nd.h"
+static bool no_key_self_verify;
+module_param(no_key_self_verify, bool, 0644);
+MODULE_PARM_DESC(no_key_self_verify, "Bypass security key self verify");
+
/*
* Retrieve user injected key
*/
@@ -235,6 +240,12 @@ int nvdimm_security_unlock_dimm(struct nvdimm *nvdimm)
* other security operations.
*/
if (nvdimm->state == NVDIMM_SECURITY_UNLOCKED) {
+ /* bypass if user override */
+ if (no_key_self_verify) {
+ mutex_unlock(&nvdimm->sec_mutex);
+ return 0;
+ }
+
key = nvdimm_self_verify_key(nvdimm);
if (!key) {
rc = nvdimm_security_freeze_lock(nvdimm);