[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201003012412.16831-1-russell.h.weight@intel.com>
Date: Fri, 2 Oct 2020 18:24:06 -0700
From: Russ Weight <russell.h.weight@...el.com>
To: mdf@...nel.org, lee.jones@...aro.org, linux-fpga@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: trix@...hat.com, lgoncalv@...hat.com, yilun.xu@...el.com,
hao.wu@...el.com, matthew.gerlach@...el.com,
Russ Weight <russell.h.weight@...el.com>
Subject: [PATCH v2 0/6] Intel MAX10 BMC Security Engine Driver
These patches were previously submitted as part of a larger V1
patch set under the title "FPGA Security Manager Class Driver".
The Intel MAX10 BMC Security Engine driver instantiates the Intel
Security Manager class driver and provides the callback functions
required to support secure updates on Intel n3000 PAC devices.
This driver is implemented as a sub-driver of the Intel MAX10 BMC
mfd driver. Future instances of the MAX10 BMC will support other
devices as well (e.g. d5005) and this same MAX10 BMC Security
Engine driver will receive modifications to support that device.
This driver interacts with the HW secure update engine of the
BMC in order to transfer new FPGA and BMC images to FLASH so
that they will be automatically loaded when the FPGA card reboots.
Security is enforced by hardware and firmware. The MAX10 BMC
Security Engine driver interacts with the firmware to initiate
an update, pass in the necessary data, and collect status on
the update.
This driver passes operation call-back functions to the Intel
FPGA Security Manager Class Driver to support the following
functions:
(1) Instantiate and monitor a secure update
(2) Display security information including: Root Entry Hashes (REH),
Cancelled Code Signing Keys (CSK), and flash update counts for
both BMC and FPGA images.
These patches are dependent on other patches that are under
review. If you want to apply these patches on linux-next,
please apply these patches first, in the following order:
(1 patch) https://marc.info/?l=linux-fpga&m=159782339732362&w=2
(4 patches) https://marc.info/?l=linux-fpga&m=160014074806950&w=2
(7 patches) https://marc.info/?l=linux-fpga&m=160167824311379&w=2
Changelog v1 -> v2:
- These patches were previously submitted as part of a larger V1
patch set under the title "Intel FPGA Security Manager Class Driver".
- Grouped all changes to include/linux/mfd/intel-m10-bmc.h into a
single patch: "mfd: intel-m10-bmc: support for MAX10 BMC Security
Engine".
- Removed ifpga_sec_mgr_init() and ifpga_sec_mgr_uinit() functions.
- Adapted to changes in the Intel FPGA Security Manager by splitting
the single call to ifpga_sec_mgr_register() into two function
calls: devm_ifpga_sec_mgr_create() and ifpga_sec_mgr_register().
- Replaced small function-creation macros for explicit function
declarations.
- Bug fix for the get_csk_vector() function to properly apply the
stride variable in calls to m10bmc_raw_bulk_read().
- Added m10bmc_ prefix to functions in m10bmc_iops structure
- Implemented HW_ERRINFO_POISON for m10bmc_sec_hw_errinfo() to
ensure that corresponding bits are set to 1 if we are unable
to read the doorbell or auth_result registers.
- Added comments and additional code cleanup per V1 review.
Russ Weight (6):
mfd: intel-m10-bmc: support for MAX10 BMC Security Engine
fpga: m10bmc-sec: create max10 bmc security engine
fpga: m10bmc-sec: expose max10 flash update counts
fpga: m10bmc-sec: expose max10 canceled keys in sysfs
fpga: m10bmc-sec: add max10 secure update functions
fpga: m10bmc-sec: add max10 get_hw_errinfo callback func
MAINTAINERS | 1 +
drivers/fpga/Kconfig | 11 +
drivers/fpga/Makefile | 3 +
drivers/fpga/intel-m10-bmc-secure.c | 591 ++++++++++++++++++++++++++++
include/linux/mfd/intel-m10-bmc.h | 134 +++++++
5 files changed, 740 insertions(+)
create mode 100644 drivers/fpga/intel-m10-bmc-secure.c
--
2.17.1
Powered by blists - more mailing lists