Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-8060

[RHEL8] ndctl keys not removed after ndctl sanitize-dimm operation

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-8.8.0
    • ndctl
    • None
    • None
    • sst_storage_io
    • ssg_filesystems_storage_and_HA
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      Version-Release number of selected component (if applicable):
      4.18.0-482.el8.x86_64
      ndctl-71.1-4.el8.x86_64

      How reproducible:

      Steps to Reproduce:
      1. Pls check additional info for detailed steps
      2.
      3.

      Actual results:
      After sanitize-dimm operation finished, the security state changed to "disabled", and the key still exists under /etc/ndctl/kerys.
      After system reboot, seems the key setup again and the security state changed to "unlocked", I have to manually remove-passphrase to disable the security state.

      Here is part of the manual from ndctl sanitize-dimm
      "
      Additionally, after completion of this command, the security and passphrase for the given NVDIMM will be disabled, and the passphrase and any key material will also be removed from the keyring and the ndctl keys directory at /etc/ndctl/keys
      "

      Expected results:

      Additional info:

      [root@intel-purley-04 ~]# keypath=/etc/ndctl/keys
      [root@intel-purley-04 ~]# masterkey=nvdimm-master
      [root@intel-purley-04 ~]# masterpath="$keypath/$masterkey.blob"
      [root@intel-purley-04 ~]# dev=nmem0
      [root@intel-purley-04 ~]# dd if=/dev/urandom bs=1 count=32 2>/dev/null | keyctl padd user "$masterkey" @u
      891331308
      [root@intel-purley-04 ~]# keyctl pipe "$(keyctl search @u user $masterkey)" > "$masterpath"

      [root@intel-purley-04 ~]# ndctl setup-passphrase "$dev" -k user:"$masterkey"
      passphrase enabled for 1 nmem.

      [root@intel-purley-04 ~]# ndctl list -Di
      [

      { "dev":"nmem1", "id":"8089-a2-1833-00000510", "handle":257, "phys_id":32, "flag_failed_map":true, "security":"disabled" }

      ,

      { "dev":"nmem3", "id":"8089-a2-1833-00000497", "handle":4353, "phys_id":44, "security":"disabled" }

      ,

      { "dev":"nmem0", "id":"8089-a2-1833-000004a3", "handle":1, "phys_id":26, "security":"unlocked" }

      ,

      { "dev":"nmem2", "id":"8089-a2-1833-000004a9", "handle":4097, "phys_id":38, "security":"disabled" }

      ]
      [root@intel-purley-04 ~]# ls /etc/ndctl/keys/
      keys.readme nvdimm_8089-a2-1833-000004a3_intel-purley-04.khw1.lab.eng.bos.redhat.com.blob nvdimm-master.blob

      [root@intel-purley-04 ~]# ndctl sanitize-dimm nmem0 --overwrite
      overwrite issued for 1 nmem.

      [root@intel-purley-04 ~]# ls /etc/ndctl/keys/
      keys.readme nvdimm_8089-a2-1833-000004a3_intel-purley-04.khw1.lab.eng.bos.redhat.com.blob nvdimm-master.blob

      [root@intel-purley-04 ~]# ndctl list -D
      [

      { "dev":"nmem1", "id":"8089-a2-1833-00000510", "handle":257, "phys_id":32, "flag_failed_map":true, "security":"disabled" }

      ,

      { "dev":"nmem3", "id":"8089-a2-1833-00000497", "handle":4353, "phys_id":44, "security":"disabled" }

      ,

      { "dev":"nmem0", "id":"8089-a2-1833-000004a3", "handle":1, "phys_id":26, "security":"disabled" }

      ,

      { "dev":"nmem2", "id":"8089-a2-1833-000004a9", "handle":4097, "phys_id":38, "security":"disabled" }

      ]

      [ 1982.925177] acpi_nfit_ctl:527: nfit ACPI0012:00: nmem0 cmd: 10: func: 26 input length: 0
      [ 1982.926183] acpi_nfit_ctl:571: nfit ACPI0012:00: nmem0 cmd: cmd_call output length: 4
      [ 1982.926186] cmd_call00000000: 00010007 ....
      [ 2134.471707] acpi_nfit_ctl:527: nfit ACPI0012:00: nmem0 cmd: 10: func: 26 input length: 0
      [ 2134.472774] acpi_nfit_ctl:571: nfit ACPI0012:00: nmem0 cmd: cmd_call output length: 4
      [ 2134.472777] cmd_call00000000: 00000000 ....
      [ 2134.483220] __nvdimm_security_overwrite_query:442: nvdimm nmem0: overwrite completed
      [ 2134.483232] acpi_nfit_ctl:527: nfit ACPI0012:00: nmem0 cmd: 10: func: 19 input length: 0
      [ 2134.483895] acpi_nfit_ctl:571: nfit ACPI0012:00: nmem0 cmd: cmd_call output length: 9
      [ 2134.483898] cmd_call00000000: 00 00 00 00 00 00 00 00 42 ........B
      [ 2134.483900] acpi_nfit_ctl:527: nfit ACPI0012:00: nmem0 cmd: 10: func: 19 input length: 0
      [ 2134.485195] acpi_nfit_ctl:571: nfit ACPI0012:00: nmem0 cmd: cmd_call output length: 9
      [ 2134.485196] cmd_call00000000: 00 00 00 00 00 00 00 00 42

      Reboot operation

      [root@intel-purley-04 ~]# ndctl list -Di
      [

      { "dev":"nmem1", "id":"8089-a2-1833-00000510", "handle":257, "phys_id":32, "flag_failed_map":true, "security":"disabled" }

      ,

      { "dev":"nmem3", "id":"8089-a2-1833-00000497", "handle":4353, "phys_id":44, "security":"disabled" }

      ,

      { "dev":"nmem0", "id":"8089-a2-1833-000004a3", "handle":1, "phys_id":26, "security":"unlocked" }

      ,

      { "dev":"nmem2", "id":"8089-a2-1833-000004a9", "handle":4097, "phys_id":38, "security":"disabled" }

      ]

            rhn-support-jmoyer Jeff Moyer
            yizhan@redhat.com Yi Zhang
            Jeff Moyer Jeff Moyer
            Yi Zhang Yi Zhang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: