1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright(c) 2022 Intel Corporation. All rights reserved. */
3 #include <linux/libnvdimm.h>
4 #include <asm/unaligned.h>
5 #include <linux/module.h>
6 #include <linux/async.h>
7 #include <linux/slab.h>
8 #include <linux/memregion.h>
12 static unsigned long cxl_pmem_get_security_flags(struct nvdimm *nvdimm,
13 enum nvdimm_passphrase_type ptype)
15 struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
16 struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
17 struct cxl_dev_state *cxlds = cxlmd->cxlds;
18 unsigned long security_flags = 0;
19 struct cxl_get_security_output {
22 struct cxl_mbox_cmd mbox_cmd;
26 mbox_cmd = (struct cxl_mbox_cmd) {
27 .opcode = CXL_MBOX_OP_GET_SECURITY_STATE,
28 .size_out = sizeof(out),
32 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
36 sec_out = le32_to_cpu(out.flags);
37 if (ptype == NVDIMM_MASTER) {
38 if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PASS_SET)
39 set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);
41 set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);
42 if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PLIMIT)
43 set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);
44 return security_flags;
47 if (sec_out & CXL_PMEM_SEC_STATE_USER_PASS_SET) {
48 if (sec_out & CXL_PMEM_SEC_STATE_FROZEN ||
49 sec_out & CXL_PMEM_SEC_STATE_USER_PLIMIT)
50 set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);
52 if (sec_out & CXL_PMEM_SEC_STATE_LOCKED)
53 set_bit(NVDIMM_SECURITY_LOCKED, &security_flags);
55 set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);
57 set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);
60 return security_flags;
63 static int cxl_pmem_security_change_key(struct nvdimm *nvdimm,
64 const struct nvdimm_key_data *old_data,
65 const struct nvdimm_key_data *new_data,
66 enum nvdimm_passphrase_type ptype)
68 struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
69 struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
70 struct cxl_dev_state *cxlds = cxlmd->cxlds;
71 struct cxl_mbox_cmd mbox_cmd;
72 struct cxl_set_pass set_pass;
74 set_pass = (struct cxl_set_pass) {
75 .type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
76 CXL_PMEM_SEC_PASS_USER,
78 memcpy(set_pass.old_pass, old_data->data, NVDIMM_PASSPHRASE_LEN);
79 memcpy(set_pass.new_pass, new_data->data, NVDIMM_PASSPHRASE_LEN);
81 mbox_cmd = (struct cxl_mbox_cmd) {
82 .opcode = CXL_MBOX_OP_SET_PASSPHRASE,
83 .size_in = sizeof(set_pass),
84 .payload_in = &set_pass,
87 return cxl_internal_send_cmd(cxlds, &mbox_cmd);
90 static int __cxl_pmem_security_disable(struct nvdimm *nvdimm,
91 const struct nvdimm_key_data *key_data,
92 enum nvdimm_passphrase_type ptype)
94 struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
95 struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
96 struct cxl_dev_state *cxlds = cxlmd->cxlds;
97 struct cxl_disable_pass dis_pass;
98 struct cxl_mbox_cmd mbox_cmd;
100 dis_pass = (struct cxl_disable_pass) {
101 .type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
102 CXL_PMEM_SEC_PASS_USER,
104 memcpy(dis_pass.pass, key_data->data, NVDIMM_PASSPHRASE_LEN);
106 mbox_cmd = (struct cxl_mbox_cmd) {
107 .opcode = CXL_MBOX_OP_DISABLE_PASSPHRASE,
108 .size_in = sizeof(dis_pass),
109 .payload_in = &dis_pass,
112 return cxl_internal_send_cmd(cxlds, &mbox_cmd);
115 static int cxl_pmem_security_disable(struct nvdimm *nvdimm,
116 const struct nvdimm_key_data *key_data)
118 return __cxl_pmem_security_disable(nvdimm, key_data, NVDIMM_USER);
121 static int cxl_pmem_security_disable_master(struct nvdimm *nvdimm,
122 const struct nvdimm_key_data *key_data)
124 return __cxl_pmem_security_disable(nvdimm, key_data, NVDIMM_MASTER);
127 static int cxl_pmem_security_freeze(struct nvdimm *nvdimm)
129 struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
130 struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
131 struct cxl_dev_state *cxlds = cxlmd->cxlds;
132 struct cxl_mbox_cmd mbox_cmd = {
133 .opcode = CXL_MBOX_OP_FREEZE_SECURITY,
136 return cxl_internal_send_cmd(cxlds, &mbox_cmd);
139 static int cxl_pmem_security_unlock(struct nvdimm *nvdimm,
140 const struct nvdimm_key_data *key_data)
142 struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
143 struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
144 struct cxl_dev_state *cxlds = cxlmd->cxlds;
145 u8 pass[NVDIMM_PASSPHRASE_LEN];
146 struct cxl_mbox_cmd mbox_cmd;
149 memcpy(pass, key_data->data, NVDIMM_PASSPHRASE_LEN);
150 mbox_cmd = (struct cxl_mbox_cmd) {
151 .opcode = CXL_MBOX_OP_UNLOCK,
152 .size_in = NVDIMM_PASSPHRASE_LEN,
156 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
163 static int cxl_pmem_security_passphrase_erase(struct nvdimm *nvdimm,
164 const struct nvdimm_key_data *key,
165 enum nvdimm_passphrase_type ptype)
167 struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
168 struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
169 struct cxl_dev_state *cxlds = cxlmd->cxlds;
170 struct cxl_mbox_cmd mbox_cmd;
171 struct cxl_pass_erase erase;
174 erase = (struct cxl_pass_erase) {
175 .type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
176 CXL_PMEM_SEC_PASS_USER,
178 memcpy(erase.pass, key->data, NVDIMM_PASSPHRASE_LEN);
179 mbox_cmd = (struct cxl_mbox_cmd) {
180 .opcode = CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE,
181 .size_in = sizeof(erase),
182 .payload_in = &erase,
185 rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
192 static const struct nvdimm_security_ops __cxl_security_ops = {
193 .get_flags = cxl_pmem_get_security_flags,
194 .change_key = cxl_pmem_security_change_key,
195 .disable = cxl_pmem_security_disable,
196 .freeze = cxl_pmem_security_freeze,
197 .unlock = cxl_pmem_security_unlock,
198 .erase = cxl_pmem_security_passphrase_erase,
199 .disable_master = cxl_pmem_security_disable_master,
202 const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops;
projects / linux-block.git / blob