diff options
| author | Dave Jiang <dave.jiang@intel.com> | 2022-11-30 12:22:32 -0700 |
|---|---|---|
| committer | Dan Williams <dan.j.williams@intel.com> | 2022-12-01 12:42:35 -0800 |
| commit | 3b502e886d01c2f96b2774176be4c7bceef2516b (patch) | |
| tree | 3b4543e7f3e5a772644e52e0948423a4147cae97 /drivers/cxl/security.c | |
| parent | 8e80b18664934621c742f17cdac3c4fe00728612 (diff) | |
cxl/pmem: Add "Passphrase Secure Erase" security command support
Create callback function to support the nvdimm_security_ops() ->erase()
callback. Translate the operation to send "Passphrase Secure Erase"
security command for CXL memory device.
When the mem device is secure erased, cpu_cache_invalidate_memregion() is
called in order to invalidate all CPU caches before attempting to access
the mem device again.
See CXL 3.0 spec section 8.2.9.8.6.6 for reference.
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/166983615293.2734609.10358657600295932156.stgit@djiang5-desk3.ch.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'drivers/cxl/security.c')
| -rw-r--r-- | drivers/cxl/security.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/drivers/cxl/security.c b/drivers/cxl/security.c index 32b9e279e74b..4a8132559a96 100644 --- a/drivers/cxl/security.c +++ b/drivers/cxl/security.c @@ -120,12 +120,41 @@ static int cxl_pmem_security_unlock(struct nvdimm *nvdimm, return 0; } +static int cxl_pmem_security_passphrase_erase(struct nvdimm *nvdimm, + const struct nvdimm_key_data *key, + enum nvdimm_passphrase_type ptype) +{ + struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm); + struct cxl_memdev *cxlmd = cxl_nvd->cxlmd; + struct cxl_dev_state *cxlds = cxlmd->cxlds; + struct cxl_pass_erase erase; + int rc; + + if (!cpu_cache_has_invalidate_memregion()) + return -EINVAL; + + erase.type = ptype == NVDIMM_MASTER ? + CXL_PMEM_SEC_PASS_MASTER : CXL_PMEM_SEC_PASS_USER; + memcpy(erase.pass, key->data, NVDIMM_PASSPHRASE_LEN); + /* Flush all cache before we erase mem device */ + cpu_cache_invalidate_memregion(IORES_DESC_PERSISTENT_MEMORY); + rc = cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE, + &erase, sizeof(erase), NULL, 0); + if (rc < 0) + return rc; + + /* mem device erased, invalidate all CPU caches before data is read */ + cpu_cache_invalidate_memregion(IORES_DESC_PERSISTENT_MEMORY); + return 0; +} + static const struct nvdimm_security_ops __cxl_security_ops = { .get_flags = cxl_pmem_get_security_flags, .change_key = cxl_pmem_security_change_key, .disable = cxl_pmem_security_disable, .freeze = cxl_pmem_security_freeze, .unlock = cxl_pmem_security_unlock, + .erase = cxl_pmem_security_passphrase_erase, }; const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops; |