| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Sep 2020 16:52:53 -0700
From: Russ Weight <russell.h.weight@...el.com>
To: mdf@...nel.org, lee.jones@...aro.org, linux-fpga@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: trix@...hat.com, lgoncalv@...hat.com, yilun.xu@...el.com,
hao.wu@...el.com, matthew.gerlach@...el.com,
Russ Weight <russell.h.weight@...el.com>
Subject: [PATCH v1 00/12] Intel FPGA Security Manager Class Driver
These patches depend on the patchset: "add regmap-spi-avmm & Intel
Max10 BMC chip support" which is currently under review.
--------------------------------------------------
This patchset introduces the Intel Security Manager class driver
for managing secure updates on Intel FPGA Cards. It also provides
the n3000bmc-secure mfd sub-driver for the MAX10 BMC for the n3000
Programmable Acceleration Cards (PAC). The n3000bmc-secure driver
is implemented using the Intel Security Manager class driver.
The Intel Security Manager class driver provides a common API for
user-space tools to manage updates for Secure FPGA devices. Device
drivers that instantiate the Intel Security Manager class driver will
interact with the HW secure update engine in order to transfer
new FPGA and BMC images to FLASH so that they will be automatically
loaded when the FPGA card reboots.
The API consists of sysfs nodes and supports the following functions:
(1) Instantiate and monitor a secure update
(2) Display security information including: Root Entry Hashes (REH),
Cancelled Code Signing Keys (CSK), and flash update counts for
both BMC and FPGA images.
Secure updates make use of the request_firmware framework, which
requires that image files are accessible under /lib/firmware. A request
for a secure update returns immediately, while the update itself
proceeds in the context of a kernel worker thread. Sysfs files provide
a means for monitoring the progress of a secure update and for
retrieving error information in the event of a failure.
The n3000bmc-secure driver instantiates the Intel Security Manager
class driver and provides the callback functions required to support
secure updates on Intel n3000 PAC devices.
Russ Weight (12):
fpga: fpga security manager class driver
fpga: create intel max10 bmc security engine
fpga: expose max10 flash update counts in sysfs
fpga: expose max10 canceled keys in sysfs
fpga: enable secure updates
fpga: add max10 secure update functions
fpga: expose sec-mgr update status
fpga: expose sec-mgr update errors
fpga: expose sec-mgr update size
fpga: enable sec-mgr update cancel
fpga: expose hardware error info in sysfs
fpga: add max10 get_hw_errinfo callback func
.../ABI/testing/sysfs-class-ifpga-sec-mgr | 151 ++++
MAINTAINERS | 8 +
drivers/fpga/Kconfig | 20 +
drivers/fpga/Makefile | 6 +
drivers/fpga/ifpga-sec-mgr.c | 669 ++++++++++++++++++
drivers/fpga/intel-m10-bmc-secure.c | 557 +++++++++++++++
include/linux/fpga/ifpga-sec-mgr.h | 201 ++++++
include/linux/mfd/intel-m10-bmc.h | 116 +++
8 files changed, 1728 insertions(+)
create mode 100644 Documentation/ABI/testing/sysfs-class-ifpga-sec-mgr
create mode 100644 drivers/fpga/ifpga-sec-mgr.c
create mode 100644 drivers/fpga/intel-m10-bmc-secure.c
create mode 100644 include/linux/fpga/ifpga-sec-mgr.h
--
2.17.1
Powered by blists - more mailing lists