Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

problem with unconditional "load-keys" in modprobe udev rule #238

Open
jchu314atgithub opened this issue May 2, 2023 · 1 comment
Open

problem with unconditional "load-keys" in modprobe udev rule #238

jchu314atgithub opened this issue May 2, 2023 · 1 comment

Comments

@jchu314atgithub
Copy link
Contributor

With /etc/modprobe.d/nvdimm-security.conf udev rule, "ndctl load-keys" is invoked regardless whether sys-admin has created nvdimm-master key or not. When there is no intention to exercise nvdimm secure lock and the master key isn't created, the udev rule generates failure messages upon reboot/reload libnvdimm.

Although the failure messages are benign and can be safely ignored in this case, but database customers who may not be savvy with kernel features could be alarmed and follow up with customer calls. And we'd like to avoid the unnecessary customer calls.

Is there a way for the udev rule to conditionally run "ndctl load-keys" IFF the master key was ever created? Is it sufficient to make decision based on whether the /etc/ndctl/keys/nvdimm-master.blob file exists? what about the TPM case?

Thanks!
@jchu314atgithub
Copy link
Contributor Author

Hmm, any one? Does it make sense to update the udev rule such that "load-keys" is run only if a master exists somewhere?
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jchu314atgithub