xref: /third_party/ltp/testcases/kernel/security/mmc_security/README

MMC Password Protection Reference UI
------------------------------------

This is a simple text-mode reference UI for the MMC password protection
support, written in shell script. It's very simple and does not hash nor cache
passwords.

It's composed of the following files:

- ask_password.sh: get the password from userspace. It's called when unlocking
  the card or assigning a new password to an unlocked card.
- change_password.sh: used to change the password from a unlocked card.
- forced_erase.sh: used to force-erase a card, usually when the user has forgot
  the password and wants to unlock the card. NOTE: all the card's contents are
  lost when using this option! It only works for _locked_ cards.
- remove_password.sh: used to remove the passwor from a card previously unlocked.

Setting up
----------

1) Install the keyutils package available from http://people.redhat.com/~dhowells/keyutils/
2) Install this package:


2) Add the following lines to /etc/request-key.conf (remember to remove any
previous mmc lines):

create   mmc   mmc:key   unlock   /usr/share/keyutils/ask_password.sh %k %S
create   mmc   mmc:key   assign   /usr/share/keyutils/assign_password.sh %k %S

Using it
--------

1) Unlocking a card:

keyctl request2 mmc mmc:key unlock

2) Assigning a password to an unlocked card:

keyctl request2 mmc mmc:key assign

3) Changing the password (card must be unlocked first):

/usr/share/keyutils/change_password.sh

4) Removing the password (card must be unlocked first):

/usr/share/keyutils/remove_password.sh

5) Force erase card (card must be LOCKED):

/usr/share/keyutils/force_erase.sh

Contact Info
------------

Any comments or suggestions regarding these scripts should be sent to:

Anderson Briglia <anderson.briglia@indt.org.br>
Anderson Lizardo <anderson.lizardo@indt.org.br>
Carlos Eduardo Aguiar <carlos.aguiar@indt.org.br>