On Fri, Oct 12, 2018 at 3:29 PM Dave Jiang <[email protected]> wrote: > > Add support to secure erase to libndctl and also command line option > of "sanitize" for ndctl. This will initiate the request to crypto > erase a DIMM. ndctl does not actually handle the verification of the > security. That is handled by the kernel and the key upcall mechanism. > > Signed-off-by: Dave Jiang <[email protected]> > --- > Documentation/ndctl/Makefile.am | 3 + > Documentation/ndctl/ndctl-sanitize.txt | 52 ++++++++++++++++++++++++ > builtin.h | 1 > ndctl/dimm.c | 70 > ++++++++++++++++++++++++++++++++ > ndctl/lib/dimm.c | 9 ++++ > ndctl/lib/libndctl.sym | 1 > ndctl/libndctl.h | 1 > ndctl/ndctl.c | 1 > 8 files changed, 137 insertions(+), 1 deletion(-) > create mode 100644 Documentation/ndctl/ndctl-sanitize.txt > > diff --git a/Documentation/ndctl/Makefile.am b/Documentation/ndctl/Makefile.am > index 3a761ba0..8c171ecb 100644 > --- a/Documentation/ndctl/Makefile.am > +++ b/Documentation/ndctl/Makefile.am > @@ -50,7 +50,8 @@ man1_MANS = \ > ndctl-monitor.1 \ > ndctl-update-security.1 \ > ndctl-disable-security.1 \ > - ndctl-freeze-security.1 > + ndctl-freeze-security.1 \ > + ndctl-sanitize.1 > > CLEANFILES = $(man1_MANS) > > diff --git a/Documentation/ndctl/ndctl-sanitize.txt > b/Documentation/ndctl/ndctl-sanitize.txt > new file mode 100644 > index 00000000..a02b4b31 > --- /dev/null > +++ b/Documentation/ndctl/ndctl-sanitize.txt > @@ -0,0 +1,52 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +ndctl-sanitize(1) > +================= > + > +NAME > +---- > +ndctl-sanitize - sanitize the data on the NVDIMM > + > +SYNOPSIS > +-------- > +[verse] > +'ndctl sanitize' <dimm> [<options>]
Lets call it secure-erase-dimm since to leave room for per-namespace security commands in the future. > +DESCRIPTION > +----------- > +Provide a generic interface to crypto erase a NVDIMM. > +The use of this depends on support from the underlying > +libndctl, kernel, as well as the platform itself. Similar comment about dependencies as patch 2 I think it goes without saying. > + > +For the reference passphrase setup, /etc/nvdimm.passwd is read for passphrase > +retrieval: > + > +The nvdimm.passwd is formatted as: > +<description id>:<passphrase with padded 0 to 32bytes> > +cdab-0a-07e0-feffffff:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > + > +OPTIONS > +------- > +<dimm>:: > +include::xable-dimm-options.txt[] > + > +-m:: > +--method:: > + The method for sanitizing the dimm content. > + > + crypto-erase: replaces encryption keys. This does not change label > data. I assume this is to differentiate secure-erase vs overwrite? Given overwrite is such an odd mechanism that needs to be monitored for completion I'd put that off in its own command. > + > +-i:: > +--insecure:: > + Using the default reference support to parse the nvdimm passphrase > + file, inject the key, and initiate disable operation. This is labeled > + as insecure as it just provides a reference to how to inject keys > + for the nvdimm. The passphrase is in clear text and is not considered > + as secure as it can be. > + > +-e:: > +--exec:: > + The external binary module that would inject the passphrase and > + initiate the disable operation. Use this or -i, not both. Same comments about taking key material over stdio. _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
