| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <X7U+BTkW7ZmsMByV@epycbox.lan>
Date: Wed, 18 Nov 2020 07:30:13 -0800
From: Moritz Fischer <mdf@...nel.org>
To: richard.gong@...ux.intel.com
Cc: gregkh@...uxfoundation.org, mdf@...nel.org, trix@...hat.com,
linux-fpga@...r.kernel.org, linux-kernel@...r.kernel.org,
dinguyen@...nel.org, sridhar.rajagopal@...el.com,
richard.gong@...el.com
Subject: Re: [PATCHv2 1/5] firmware: stratix10-svc: add
COMMAND_AUTHENTICATE_BITSTREAM flag
On Wed, Nov 18, 2020 at 08:29:09AM -0600, richard.gong@...ux.intel.com wrote:
> From: Richard Gong <richard.gong@...el.com>
>
> Add COMMAND_AUTHENTICATE_BITSTREAM command flag for new added bitstream
> authentication feature. Authenticating a bistream is to make sure a signed
> bitstream has the valid signatures.
>
> Except for the actual configuration of the device, the bitstream
> authentication works the same way as FPGA configuration does. If the
> authentication passes, the signed bitstream will be programmed into QSPI
> flash memory and will be expected to boot without issues.
>
> Clean up COMMAND_RECONFIG_FLAG_PARTIAL flag by resetting it to 0, which
> aligns with the firmware settings.
Should this be down with the v2: ?
>
> Signed-off-by: Richard Gong <richard.gong@...el.com>
> ---
> v2: new added
> ---
> include/linux/firmware/intel/stratix10-svc-client.h | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
> index a93d859..85463c8 100644
> --- a/include/linux/firmware/intel/stratix10-svc-client.h
> +++ b/include/linux/firmware/intel/stratix10-svc-client.h
> @@ -51,12 +51,17 @@
> #define SVC_STATUS_NO_SUPPORT 6
>
> /**
> - * Flag bit for COMMAND_RECONFIG
> + * Flag bit for COMMAND_RECONFIG, in bit number
> *
> * COMMAND_RECONFIG_FLAG_PARTIAL:
> - * Set to FPGA configuration type (full or partial).
> + * Set for partial FPGA configuration.
> + *
> + * COMMAND_AUTHENTICATE_BITSTREAM:
> + * Set for bitstream authentication, which makes sure a signed bitstream
> + * has valid signatures before committing it to QSPI flash memory.
> */
> -#define COMMAND_RECONFIG_FLAG_PARTIAL 1
> +#define COMMAND_RECONFIG_FLAG_PARTIAL 0
> +#define COMMAND_AUTHENTICATE_BITSTREAM 1
Can you explain how this commit by itself doesn't break things?
Before this change firmware expected BIT(0) to be set for partial
reconfiguration, now BIT(0) suddenly means authentication? How doest his
work? :)
Was there a firmware version change? Did this never work before?
If this is version depenedent for firmware, then this might need a
different compatible string / id / some form of probing?
Entirely possible that I'm missing something, but it doesn't *seem*
right.
>
> /**
> * Timeout settings for service clients:
> --
> 2.7.4
>
Cheers,
Moritz
Powered by blists - more mailing lists