On Wed, 2019-01-09 at 10:54 -0700, Dave Jiang wrote:
> Adding reference config file for modprobe.d in order to trigger the
> reference script that will inject keys associated with the nvdimms
> into
> the kernel user ring for unlock.
>
> Signed-off-by: Dave Jiang <dave.ji...@intel.com>
> ---
> Makefile.am | 10 ++++++++++
> contrib/ndctl-loadkeys.sh | 25 +++++++++++++++++++++++++
> contrib/nvdimm_modprobe.conf | 1 +
> 3 files changed, 36 insertions(+)
> create mode 100755 contrib/ndctl-loadkeys.sh
> create mode 100644 contrib/nvdimm_modprobe.conf
>
> diff --git a/Makefile.am b/Makefile.am
> index e0c463a3..5a3f03aa 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -42,6 +42,16 @@ bashcompletiondir = $(BASH_COMPLETION_DIR)
> dist_bashcompletion_DATA = contrib/ndctl
> endif
>
> +load_key_file = contrib/ndctl-loadkeys.sh
> +load_keydir = $(sysconfdir)/ndctl/
> +load_key_DATA = $(load_key_file)
> +EXTRA_DIST += $(load_key_file)
> +
> +modprobe_file = contrib/nvdimm_modprobe.conf
> +modprobedir = $(sysconfdir)/modprobe.d/
> +modprobe_DATA = $(modprobe_file)
> +EXTRA_DIST += $(modprobe_file)
> +
We're installing these files via the Makefile, but I think the spec is
missing them? Presumably the spec should also install them in the same
way?
> noinst_LIBRARIES = libccan.a
> libccan_a_SOURCES = \
> ccan/str/str.h \
> diff --git a/contrib/ndctl-loadkeys.sh b/contrib/ndctl-loadkeys.sh
> new file mode 100755
> index 00000000..bc2c94df
> --- /dev/null
> +++ b/contrib/ndctl-loadkeys.sh
> @@ -0,0 +1,25 @@
> +#!/bin/bash -Ex
I didn't catch this before, but this script doesn't need -E since we're
not setting up a trap.
If anything use -e, the regular version.
I'm also not sure -x is needed - it is just an example script right? I
don't feel strongly about it either way, if having the extra debug here
might be helpful we can keep it.
> +
> +# This script assumes a single master key for all DIMMs
> +
> +key_path=/etc/ndctl/keys
> +tpmh_path="$key_path"/tpm.handle
> +key_type=""
> +tpm_handle=""
> +id=""
> +
> +if [ -f $tpmh_path ]; then
> + key_type=trusted
> + tpm_handle="keyhandle=$(cat $tpmh_path)"
> +else
> + key_type=user
> +fi
> +
> +if ! keyctl search @u "$key_type" nvdimm-master; then
> + keyctl add "$key_type" nvdimm-master "load $(cat
> $key_path/nvdimm-master.blob) $tpm_handle" @u > /dev/null
> +fi
> +
> +for file in "$key_path"/nvdimm_*; do
> + id="$(cut -d'_' -f2 <<< "${file##*/}")"
> + keyctl add encrypted nvdimm:"$id" "load $(cat "$file")" @u
> +done
> diff --git a/contrib/nvdimm_modprobe.conf
> b/contrib/nvdimm_modprobe.conf
> new file mode 100644
> index 00000000..b113d8d7
> --- /dev/null
> +++ b/contrib/nvdimm_modprobe.conf
> @@ -0,0 +1 @@
> +install libnvdimm /usr/sbin/ndctl-loadkeys.sh ; /sbin/modprobe --
> ignore-install libnvdimm $CMDLINE_OPTS
I'm not familiar with how modprobe.conf works, but is it looking for
ndctl-loadkeys.sh in /usr/sbin? If so are we installing it there? The
lines above in the Makefile seem to have it going into /etc/ndctl ?
>
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
