| // SPDX-License-Identifier: GPL-2.0 |
| /* Copyright(c) 2018 Intel Corporation. All rights reserved. */ |
| #include <linux/libnvdimm.h> |
| #include <linux/ndctl.h> |
| #include <linux/acpi.h> |
| #include <asm/smp.h> |
| #include "intel.h" |
| #include "nfit.h" |
| |
| static unsigned long intel_security_flags(struct nvdimm *nvdimm, |
| enum nvdimm_passphrase_type ptype) |
| { |
| struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); |
| unsigned long security_flags = 0; |
| struct { |
| struct nd_cmd_pkg pkg; |
| struct nd_intel_get_security_state cmd; |
| } nd_cmd = { |
| .pkg = { |
| .nd_command = NVDIMM_INTEL_GET_SECURITY_STATE, |
| .nd_family = NVDIMM_FAMILY_INTEL, |
| .nd_size_out = |
| sizeof(struct nd_intel_get_security_state), |
| .nd_fw_size = |
| sizeof(struct nd_intel_get_security_state), |
| }, |
| }; |
| int rc; |
| |
| if (!test_bit(NVDIMM_INTEL_GET_SECURITY_STATE, &nfit_mem->dsm_mask)) |
| return 0; |
| |
| /* |
| * Short circuit the state retrieval while we are doing overwrite. |
| * The DSM spec states that the security state is indeterminate |
| * until the overwrite DSM completes. |
| */ |
| if (nvdimm_in_overwrite(nvdimm) && ptype == NVDIMM_USER) |
| return BIT(NVDIMM_SECURITY_OVERWRITE); |
| |
| rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL); |
| if (rc < 0 || nd_cmd.cmd.status) { |
| pr_err("%s: security state retrieval failed (%d:%#x)\n", |
| nvdimm_name(nvdimm), rc, nd_cmd.cmd.status); |
| return 0; |
| } |
| |
| /* check and see if security is enabled and locked */ |
| if (ptype == NVDIMM_MASTER) { |
| if (nd_cmd.cmd.extended_state & ND_INTEL_SEC_ESTATE_ENABLED) |
| set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags); |
| else |
| set_bit(NVDIMM_SECURITY_DISABLED, &security_flags); |
| if (nd_cmd.cmd.extended_state & ND_INTEL_SEC_ESTATE_PLIMIT) |
| set_bit(NVDIMM_SECURITY_FROZEN, &security_flags); |
| return security_flags; |
| } |
| |
| if (nd_cmd.cmd.state & ND_INTEL_SEC_STATE_UNSUPPORTED) |
| return 0; |
| |
| if (nd_cmd.cmd.state & ND_INTEL_SEC_STATE_ENABLED) { |
| if (nd_cmd.cmd.state & ND_INTEL_SEC_STATE_FROZEN || |
| nd_cmd.cmd.state & ND_INTEL_SEC_STATE_PLIMIT) |
| set_bit(NVDIMM_SECURITY_FROZEN, &security_flags); |
| |
| if (nd_cmd.cmd.state & ND_INTEL_SEC_STATE_LOCKED) |
| set_bit(NVDIMM_SECURITY_LOCKED, &security_flags); |
| else |
| set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags); |
| } else |
| set_bit(NVDIMM_SECURITY_DISABLED, &security_flags); |
| |
| return security_flags; |
| } |
| |
| static int intel_security_freeze(struct nvdimm *nvdimm) |
| { |
| struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); |
| struct { |
| struct nd_cmd_pkg pkg; |
| struct nd_intel_freeze_lock cmd; |
| } nd_cmd = { |
| .pkg = { |
| .nd_command = NVDIMM_INTEL_FREEZE_LOCK, |
| .nd_family = NVDIMM_FAMILY_INTEL, |
| .nd_size_out = ND_INTEL_STATUS_SIZE, |
| .nd_fw_size = ND_INTEL_STATUS_SIZE, |
| }, |
| }; |
| int rc; |
| |
| if (!test_bit(NVDIMM_INTEL_FREEZE_LOCK, &nfit_mem->dsm_mask)) |
| return -ENOTTY; |
| |
| rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL); |
| if (rc < 0) |
| return rc; |
| if (nd_cmd.cmd.status) |
| return -EIO; |
| return 0; |
| } |
| |
| static int intel_security_change_key(struct nvdimm *nvdimm, |
| const struct nvdimm_key_data *old_data, |
| const struct nvdimm_key_data *new_data, |
| enum nvdimm_passphrase_type ptype) |
| { |
| struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); |
| unsigned int cmd = ptype == NVDIMM_MASTER ? |
| NVDIMM_INTEL_SET_MASTER_PASSPHRASE : |
| NVDIMM_INTEL_SET_PASSPHRASE; |
| struct { |
| struct nd_cmd_pkg pkg; |
| struct nd_intel_set_passphrase cmd; |
| } nd_cmd = { |
| .pkg = { |
| .nd_family = NVDIMM_FAMILY_INTEL, |
| .nd_size_in = ND_INTEL_PASSPHRASE_SIZE * 2, |
| .nd_size_out = ND_INTEL_STATUS_SIZE, |
| .nd_fw_size = ND_INTEL_STATUS_SIZE, |
| .nd_command = cmd, |
| }, |
| }; |
| int rc; |
| |
| if (!test_bit(cmd, &nfit_mem->dsm_mask)) |
| return -ENOTTY; |
| |
| memcpy(nd_cmd.cmd.old_pass, old_data->data, |
| sizeof(nd_cmd.cmd.old_pass)); |
| memcpy(nd_cmd.cmd.new_pass, new_data->data, |
| sizeof(nd_cmd.cmd.new_pass)); |
| rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL); |
| if (rc < 0) |
| return rc; |
| |
| switch (nd_cmd.cmd.status) { |
| case 0: |
| return 0; |
| case ND_INTEL_STATUS_INVALID_PASS: |
| return -EINVAL; |
| case ND_INTEL_STATUS_NOT_SUPPORTED: |
| return -EOPNOTSUPP; |
| case ND_INTEL_STATUS_INVALID_STATE: |
| default: |
| return -EIO; |
| } |
| } |
| |
| static void nvdimm_invalidate_cache(void); |
| |
| static int __maybe_unused intel_security_unlock(struct nvdimm *nvdimm, |
| const struct nvdimm_key_data *key_data) |
| { |
| struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); |
| struct { |
| struct nd_cmd_pkg pkg; |
| struct nd_intel_unlock_unit cmd; |
| } nd_cmd = { |
| .pkg = { |
| .nd_command = NVDIMM_INTEL_UNLOCK_UNIT, |
| .nd_family = NVDIMM_FAMILY_INTEL, |
| .nd_size_in = ND_INTEL_PASSPHRASE_SIZE, |
| .nd_size_out = ND_INTEL_STATUS_SIZE, |
| .nd_fw_size = ND_INTEL_STATUS_SIZE, |
| }, |
| }; |
| int rc; |
| |
| if (!test_bit(NVDIMM_INTEL_UNLOCK_UNIT, &nfit_mem->dsm_mask)) |
| return -ENOTTY; |
| |
| memcpy(nd_cmd.cmd.passphrase, key_data->data, |
| sizeof(nd_cmd.cmd.passphrase)); |
| rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL); |
| if (rc < 0) |
| return rc; |
| switch (nd_cmd.cmd.status) { |
| case 0: |
| break; |
| case ND_INTEL_STATUS_INVALID_PASS: |
| return -EINVAL; |
| default: |
| return -EIO; |
| } |
| |
| /* DIMM unlocked, invalidate all CPU caches before we read it */ |
| nvdimm_invalidate_cache(); |
| |
| return 0; |
| } |
| |
| static int intel_security_disable(struct nvdimm *nvdimm, |
| const struct nvdimm_key_data *key_data) |
| { |
| int rc; |
| struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); |
| struct { |
| struct nd_cmd_pkg pkg; |
| struct nd_intel_disable_passphrase cmd; |
| } nd_cmd = { |
| .pkg = { |
| .nd_command = NVDIMM_INTEL_DISABLE_PASSPHRASE, |
| .nd_family = NVDIMM_FAMILY_INTEL, |
| .nd_size_in = ND_INTEL_PASSPHRASE_SIZE, |
| .nd_size_out = ND_INTEL_STATUS_SIZE, |
| .nd_fw_size = ND_INTEL_STATUS_SIZE, |
| }, |
| }; |
| |
| if (!test_bit(NVDIMM_INTEL_DISABLE_PASSPHRASE, &nfit_mem->dsm_mask)) |
| return -ENOTTY; |
| |
| memcpy(nd_cmd.cmd.passphrase, key_data->data, |
| sizeof(nd_cmd.cmd.passphrase)); |
| rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL); |
| if (rc < 0) |
| return rc; |
| |
| switch (nd_cmd.cmd.status) { |
| case 0: |
| break; |
| case ND_INTEL_STATUS_INVALID_PASS: |
| return -EINVAL; |
| case ND_INTEL_STATUS_INVALID_STATE: |
| default: |
| return -ENXIO; |
| } |
| |
| return 0; |
| } |
| |
| static int __maybe_unused intel_security_erase(struct nvdimm *nvdimm, |
| const struct nvdimm_key_data *key, |
| enum nvdimm_passphrase_type ptype) |
| { |
| int rc; |
| struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); |
| unsigned int cmd = ptype == NVDIMM_MASTER ? |
| NVDIMM_INTEL_MASTER_SECURE_ERASE : NVDIMM_INTEL_SECURE_ERASE; |
| struct { |
| struct nd_cmd_pkg pkg; |
| struct nd_intel_secure_erase cmd; |
| } nd_cmd = { |
| .pkg = { |
| .nd_family = NVDIMM_FAMILY_INTEL, |
| .nd_size_in = ND_INTEL_PASSPHRASE_SIZE, |
| .nd_size_out = ND_INTEL_STATUS_SIZE, |
| .nd_fw_size = ND_INTEL_STATUS_SIZE, |
| .nd_command = cmd, |
| }, |
| }; |
| |
| if (!test_bit(cmd, &nfit_mem->dsm_mask)) |
| return -ENOTTY; |
| |
| /* flush all cache before we erase DIMM */ |
| nvdimm_invalidate_cache(); |
| memcpy(nd_cmd.cmd.passphrase, key->data, |
| sizeof(nd_cmd.cmd.passphrase)); |
| rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL); |
| if (rc < 0) |
| return rc; |
| |
| switch (nd_cmd.cmd.status) { |
| case 0: |
| break; |
| case ND_INTEL_STATUS_NOT_SUPPORTED: |
| return -EOPNOTSUPP; |
| case ND_INTEL_STATUS_INVALID_PASS: |
| return -EINVAL; |
| case ND_INTEL_STATUS_INVALID_STATE: |
| default: |
| return -ENXIO; |
| } |
| |
| /* DIMM erased, invalidate all CPU caches before we read it */ |
| nvdimm_invalidate_cache(); |
| return 0; |
| } |
| |
| static int __maybe_unused intel_security_query_overwrite(struct nvdimm *nvdimm) |
| { |
| int rc; |
| struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); |
| struct { |
| struct nd_cmd_pkg pkg; |
| struct nd_intel_query_overwrite cmd; |
| } nd_cmd = { |
| .pkg = { |
| .nd_command = NVDIMM_INTEL_QUERY_OVERWRITE, |
| .nd_family = NVDIMM_FAMILY_INTEL, |
| .nd_size_out = ND_INTEL_STATUS_SIZE, |
| .nd_fw_size = ND_INTEL_STATUS_SIZE, |
| }, |
| }; |
| |
| if (!test_bit(NVDIMM_INTEL_QUERY_OVERWRITE, &nfit_mem->dsm_mask)) |
| return -ENOTTY; |
| |
| rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL); |
| if (rc < 0) |
| return rc; |
| |
| switch (nd_cmd.cmd.status) { |
| case 0: |
| break; |
| case ND_INTEL_STATUS_OQUERY_INPROGRESS: |
| return -EBUSY; |
| default: |
| return -ENXIO; |
| } |
| |
| /* flush all cache before we make the nvdimms available */ |
| nvdimm_invalidate_cache(); |
| return 0; |
| } |
| |
| static int __maybe_unused intel_security_overwrite(struct nvdimm *nvdimm, |
| const struct nvdimm_key_data *nkey) |
| { |
| int rc; |
| struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); |
| struct { |
| struct nd_cmd_pkg pkg; |
| struct nd_intel_overwrite cmd; |
| } nd_cmd = { |
| .pkg = { |
| .nd_command = NVDIMM_INTEL_OVERWRITE, |
| .nd_family = NVDIMM_FAMILY_INTEL, |
| .nd_size_in = ND_INTEL_PASSPHRASE_SIZE, |
| .nd_size_out = ND_INTEL_STATUS_SIZE, |
| .nd_fw_size = ND_INTEL_STATUS_SIZE, |
| }, |
| }; |
| |
| if (!test_bit(NVDIMM_INTEL_OVERWRITE, &nfit_mem->dsm_mask)) |
| return -ENOTTY; |
| |
| /* flush all cache before we erase DIMM */ |
| nvdimm_invalidate_cache(); |
| memcpy(nd_cmd.cmd.passphrase, nkey->data, |
| sizeof(nd_cmd.cmd.passphrase)); |
| rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL); |
| if (rc < 0) |
| return rc; |
| |
| switch (nd_cmd.cmd.status) { |
| case 0: |
| return 0; |
| case ND_INTEL_STATUS_OVERWRITE_UNSUPPORTED: |
| return -ENOTSUPP; |
| case ND_INTEL_STATUS_INVALID_PASS: |
| return -EINVAL; |
| case ND_INTEL_STATUS_INVALID_STATE: |
| default: |
| return -ENXIO; |
| } |
| } |
| |
| /* |
| * TODO: define a cross arch wbinvd equivalent when/if |
| * NVDIMM_FAMILY_INTEL command support arrives on another arch. |
| */ |
| #ifdef CONFIG_X86 |
| static void nvdimm_invalidate_cache(void) |
| { |
| wbinvd_on_all_cpus(); |
| } |
| #else |
| static void nvdimm_invalidate_cache(void) |
| { |
| WARN_ON_ONCE("cache invalidation required after unlock\n"); |
| } |
| #endif |
| |
| static const struct nvdimm_security_ops __intel_security_ops = { |
| .get_flags = intel_security_flags, |
| .freeze = intel_security_freeze, |
| .change_key = intel_security_change_key, |
| .disable = intel_security_disable, |
| #ifdef CONFIG_X86 |
| .unlock = intel_security_unlock, |
| .erase = intel_security_erase, |
| .overwrite = intel_security_overwrite, |
| .query_overwrite = intel_security_query_overwrite, |
| #endif |
| }; |
| |
| const struct nvdimm_security_ops *intel_security_ops = &__intel_security_ops; |