• Linus Torvalds's avatar
    Merge tag 'libnvdimm-for-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 75f95da0
    Linus Torvalds authored
    Pull libnvdimm updates from Dan Williams:
     "The vast bulk of this update is the new support for the security
      capabilities of some nvdimms.
    
      The userspace tooling for this capability is still a work in progress,
      but the changes survive the existing libnvdimm unit tests. The changes
      also pass manual checkout on hardware and the new nfit_test emulation
      of the security capability.
    
      The touches of the security/keys/ files have received the necessary
      acks from Mimi and David. Those changes were necessary to allow for a
      new generic encrypted-key type, and allow the nvdimm sub-system to
      lookup key material referenced by the libnvdimm-sysfs interface.
    
      Summary:
    
       - Add support for the security features of nvdimm devices that
         implement a security model similar to ATA hard drive security. The
         security model supports locking access to the media at
         device-power-loss, to be unlocked with a passphrase, and
         secure-erase (crypto-scramble).
    
         Unlike the ATA security case where the kernel expects device
         security to be managed in a pre-OS environment, the libnvdimm
         security implementation allows key provisioning and key-operations
         at OS runtime. Keys are managed with the kernel's encrypted-keys
         facility to provide data-at-rest security for the libnvdimm key
         material. The usage model mirrors fscrypt key management, but is
         driven via libnvdimm sysfs.
    
       - Miscellaneous updates for api usage and comment fixes"
    
    * tag 'libnvdimm-for-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: (21 commits)
      libnvdimm/security: Quiet security operations
      libnvdimm/security: Add documentation for nvdimm security support
      tools/testing/nvdimm: add Intel DSM 1.8 support for nfit_test
      tools/testing/nvdimm: Add overwrite support for nfit_test
      tools/testing/nvdimm: Add test support for Intel nvdimm security DSMs
      acpi/nfit, libnvdimm/security: add Intel DSM 1.8 master passphrase support
      acpi/nfit, libnvdimm/security: Add security DSM overwrite support
      acpi/nfit, libnvdimm: Add support for issue secure erase DSM to Intel nvdimm
      acpi/nfit, libnvdimm: Add enable/update passphrase support for Intel nvdimms
      acpi/nfit, libnvdimm: Add disable passphrase support to Intel nvdimm.
      acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs
      acpi/nfit, libnvdimm: Add freeze security support to Intel nvdimm
      acpi/nfit, libnvdimm: Introduce nvdimm_security_ops
      keys-encrypted: add nvdimm key format type to encrypted keys
      keys: Export lookup_user_key to external users
      acpi/nfit, libnvdimm: Store dimm id as a member to struct nvdimm
      libnvdimm, namespace: Replace kmemdup() with kstrndup()
      libnvdimm, label: Switch to bitmap_zalloc()
      ACPI/nfit: Adjust annotation for why return 0 if fail to find NFIT at start
      libnvdimm, bus: Check id immediately following ida_simple_get
      ...
    75f95da0
process_keys.c 21.1 KB