Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unclear reset procedure for a DIMM with lost passphrase #154

Open
problame opened this issue Nov 24, 2020 · 3 comments
Open

unclear reset procedure for a DIMM with lost passphrase #154

problame opened this issue Nov 24, 2020 · 3 comments

Comments

@problame
Copy link

It is unclear to me to how I would use either ndctl or impctl to "reset" a DIMM for which I have lost the passphrase.

Some docs seem to suggest the following command:

ipmctl set -dimm 0x0020 LockState=Disabled

But that command is only available if ipmctl is built with #ifndef OS_BUILD.
With standard CMAKE settings (no flags), invoking the command results in the following error:

Syntax Error: Invalid or unexpected token LockState=Disabled.
Did you mean:
     set -dimm [DimmIDs] 

     set -sensor (List of Sensors) [-dimm [DimmIDs]] 

     set -preferences

It would be helpful to have documentation on how a DIMM for which the passphrase / key was lost can be resetted.
@sscargal
Copy link
Contributor

@problame - I'd like to ask some clarifying questions:

  • How did you enable passphrase security? Did you use ndctl or the BIOS?
  • Which passphrase(s) did you set? User, Master, or both?
  • What OS are you using? Linux or Windows

If you used ndctl to enable security, ndctl writes the key blobs in /etc/ndctl/keys so we can unlock the PMem at boot time. If you have a backup of this directory you can restore the keys (nvdimm-master & blobs for each individual PMem device).

If you used the passphrase feature in the BIOS, you'll need to know that passphrase (User and/or Master).

There is no recovery option for a forgotten Master passphrase. Your only recourse is to replace the PMem.

If you only set and forgot your User passphrase, you can perform a secure erase from the BIOS. The option is only enabled if you did not set a Master passphrase. All the data will be lost, but this will allow you to reprovision the PMem.

@problame
Copy link
Author

problame commented Nov 24, 2020
edited
Loading

@problame - I'd like to ask some clarifying questions:

How did you enable passphrase security? Did you use ndctl or the BIOS?
Which passphrase(s) did you set? User, Master, or both?
What OS are you using? Linux or Windows

If you used ndctl to enable security, ndctl writes the key blobs in /etc/ndctl/keys so we can unlock the PMem at boot time. If you have a backup of this directory you can restore the keys (nvdimm-master & blobs for each individual PMem device).

If you used the passphrase feature in the BIOS, you'll need to know that passphrase (User and/or Master).

Thanks, that's very helpful.

There is no recovery option for a forgotten Master passphrase. Your only recourse is to replace the PMem.

Good to know. Is there some reason inherent to PMEM for this? It seems like a pretty severe usability issue to say the least.
I feel quite lucky now that I had the (test) password in my shell history.

@StevenPontsler
Copy link
Contributor

I believe the module would already need to be unlocked for the set dimm command to succeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@problame @sscargal @StevenPontsler