On Fri, Mar 22, 2019 at 5:17 PM Dave Jiang <dave.ji...@intel.com> wrote: > > Sync update passphrase and overwrite to utilize the the same mechansim for > zero key. > > Signed-off-by: Dave Jiang <dave.ji...@intel.com> > --- > > v3: > - new patch. sync rest of the commands to use zero key. (Dan) > > drivers/nvdimm/security.c | 28 +++++++++++++++------------- > 1 file changed, 15 insertions(+), 13 deletions(-) > > diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c > index 6bea6852bf27..429cb3cbc1c3 100644 > --- a/drivers/nvdimm/security.c > +++ b/drivers/nvdimm/security.c > @@ -235,8 +235,9 @@ int nvdimm_security_update(struct nvdimm *nvdimm, > unsigned int keyid, > { > struct device *dev = &nvdimm->dev; > struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev); > - struct key *key, *newkey; > + struct key *key = NULL, *newkey; > int rc; > + const void *data; > > /* The bus lock should be held at the top level of the call stack */ > lockdep_assert_held(&nvdimm_bus->reconfig_mutex); > @@ -251,13 +252,13 @@ int nvdimm_security_update(struct nvdimm *nvdimm, > unsigned int keyid, > return -EIO; > } > > - if (keyid == 0) > - key = NULL; > - else { > + if (keyid != 0) { > key = nvdimm_lookup_user_key(nvdimm, keyid, NVDIMM_BASE_KEY); > if (!key) > return -ENOKEY; > - } > + data = key_data(key); > + } else > + data = zero_key; > > newkey = nvdimm_lookup_user_key(nvdimm, new_keyid, NVDIMM_NEW_KEY); > if (!newkey) { > @@ -265,8 +266,8 @@ int nvdimm_security_update(struct nvdimm *nvdimm, > unsigned int keyid, > return -ENOKEY; > } > > - rc = nvdimm->sec.ops->change_key(nvdimm, key ? key_data(key) : NULL, > - key_data(newkey), pass_type); > + rc = nvdimm->sec.ops->change_key(nvdimm, data, key_data(newkey), > + pass_type);
This means we can drop the "if (old_data)" special case in intel_security_change_key() > dev_dbg(dev, "key: %d %d update%s: %s\n", > key_serial(key), key_serial(newkey), > pass_type == NVDIMM_MASTER ? "(master)" : "(user)", > @@ -344,8 +345,9 @@ int nvdimm_security_overwrite(struct nvdimm *nvdimm, > unsigned int keyid) > { > struct device *dev = &nvdimm->dev; > struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev); > - struct key *key; > + struct key *key = NULL; > int rc; > + const void *data; > > /* The bus lock should be held at the top level of the call stack */ > lockdep_assert_held(&nvdimm_bus->reconfig_mutex); > @@ -375,15 +377,15 @@ int nvdimm_security_overwrite(struct nvdimm *nvdimm, > unsigned int keyid) > return -EBUSY; > } > > - if (keyid == 0) > - key = NULL; > - else { > + if (keyid != 0) { > key = nvdimm_lookup_user_key(nvdimm, keyid, NVDIMM_BASE_KEY); > if (!key) > return -ENOKEY; > - } > + data = key_data(key); > + } else > + data = zero_key; > > - rc = nvdimm->sec.ops->overwrite(nvdimm, key ? key_data(key) : NULL); > + rc = nvdimm->sec.ops->overwrite(nvdimm, data); ...and the "if (nkey)" special case in intel_security_overwrite() _______________________________________________ Linux-nvdimm mailing list Linux-nvdimm@lists.01.org https://lists.01.org/mailman/listinfo/linux-nvdimm