-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-8.8.0
-
None
-
None
-
rhel-sst-storage-io
-
ssg_filesystems_storage_and_HA
-
None
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem:
Version-Release number of selected component (if applicable):
4.18.0-482.el8.x86_64
ndctl-71.1-4.el8.x86_64
How reproducible:
Steps to Reproduce:
1. Pls check additional info for detailed steps
2.
3.
Actual results:
After sanitize-dimm operation finished, the security state changed to "disabled", and the key still exists under /etc/ndctl/kerys.
After system reboot, seems the key setup again and the security state changed to "unlocked", I have to manually remove-passphrase to disable the security state.
Here is part of the manual from ndctl sanitize-dimm
"
Additionally, after completion of this command, the security and passphrase for the given NVDIMM will be disabled, and the passphrase and any key material will also be removed from the keyring and the ndctl keys directory at /etc/ndctl/keys
"
Expected results:
Additional info:
[root@intel-purley-04 ~]# keypath=/etc/ndctl/keys
[root@intel-purley-04 ~]# masterkey=nvdimm-master
[root@intel-purley-04 ~]# masterpath="$keypath/$masterkey.blob"
[root@intel-purley-04 ~]# dev=nmem0
[root@intel-purley-04 ~]# dd if=/dev/urandom bs=1 count=32 2>/dev/null | keyctl padd user "$masterkey" @u
891331308
[root@intel-purley-04 ~]# keyctl pipe "$(keyctl search @u user $masterkey)" > "$masterpath"
[root@intel-purley-04 ~]# ndctl setup-passphrase "$dev" -k user:"$masterkey"
passphrase enabled for 1 nmem.
[root@intel-purley-04 ~]# ndctl list -Di
[
,
,
,
{ "dev":"nmem2", "id":"8089-a2-1833-000004a9", "handle":4097, "phys_id":38, "security":"disabled" }]
[root@intel-purley-04 ~]# ls /etc/ndctl/keys/
keys.readme nvdimm_8089-a2-1833-000004a3_intel-purley-04.khw1.lab.eng.bos.redhat.com.blob nvdimm-master.blob
[root@intel-purley-04 ~]# ndctl sanitize-dimm nmem0 --overwrite
overwrite issued for 1 nmem.
[root@intel-purley-04 ~]# ls /etc/ndctl/keys/
keys.readme nvdimm_8089-a2-1833-000004a3_intel-purley-04.khw1.lab.eng.bos.redhat.com.blob nvdimm-master.blob
[root@intel-purley-04 ~]# ndctl list -D
[
,
,
,
{ "dev":"nmem2", "id":"8089-a2-1833-000004a9", "handle":4097, "phys_id":38, "security":"disabled" }]
[ 1982.925177] acpi_nfit_ctl:527: nfit ACPI0012:00: nmem0 cmd: 10: func: 26 input length: 0
[ 1982.926183] acpi_nfit_ctl:571: nfit ACPI0012:00: nmem0 cmd: cmd_call output length: 4
[ 1982.926186] cmd_call00000000: 00010007 ....
[ 2134.471707] acpi_nfit_ctl:527: nfit ACPI0012:00: nmem0 cmd: 10: func: 26 input length: 0
[ 2134.472774] acpi_nfit_ctl:571: nfit ACPI0012:00: nmem0 cmd: cmd_call output length: 4
[ 2134.472777] cmd_call00000000: 00000000 ....
[ 2134.483220] __nvdimm_security_overwrite_query:442: nvdimm nmem0: overwrite completed
[ 2134.483232] acpi_nfit_ctl:527: nfit ACPI0012:00: nmem0 cmd: 10: func: 19 input length: 0
[ 2134.483895] acpi_nfit_ctl:571: nfit ACPI0012:00: nmem0 cmd: cmd_call output length: 9
[ 2134.483898] cmd_call00000000: 00 00 00 00 00 00 00 00 42 ........B
[ 2134.483900] acpi_nfit_ctl:527: nfit ACPI0012:00: nmem0 cmd: 10: func: 19 input length: 0
[ 2134.485195] acpi_nfit_ctl:571: nfit ACPI0012:00: nmem0 cmd: cmd_call output length: 9
[ 2134.485196] cmd_call00000000: 00 00 00 00 00 00 00 00 42
Reboot operation
[root@intel-purley-04 ~]# ndctl list -Di
[
,
,
,
{ "dev":"nmem2", "id":"8089-a2-1833-000004a9", "handle":4097, "phys_id":38, "security":"disabled" }]
- external trackers