lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 8 Dec 2021 19:12:03 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     "David E. Box" <david.e.box@...ux.intel.com>
Cc:     lee.jones@...aro.org, hdegoede@...hat.com, bhelgaas@...gle.com,
        andriy.shevchenko@...ux.intel.com, srinivas.pandruvada@...el.com,
        mgross@...ux.intel.com, linux-kernel@...r.kernel.org,
        platform-driver-x86@...r.kernel.org, linux-pci@...r.kernel.org,
        Mark Gross <markgross@...nel.org>
Subject: Re: [PATCH RESEND V2 4/6] platform/x86: Add Intel Software Defined
 Silicon driver

On Wed, Dec 08, 2021 at 09:49:36AM -0800, David E. Box wrote:
> On Wed, 2021-12-08 at 17:24 +0100, Greg KH wrote:
> > On Tue, Dec 07, 2021 at 05:50:13PM -0800, David E. Box wrote:
> > > Intel Software Defined Silicon (SDSi) is a post manufacturing mechanism for
> > > activating additional silicon features. Features are enabled through a
> > > license activation process.  The SDSi driver provides a per socket, sysfs
> > > attribute interface for applications to perform 3 main provisioning
> > > functions:
> > > 
> > > 1. Provision an Authentication Key Certificate (AKC), a key written to
> > >    internal NVRAM that is used to authenticate a capability specific
> > >    activation payload.
> > > 
> > > 2. Provision a Capability Activation Payload (CAP), a token authenticated
> > >    using the AKC and applied to the CPU configuration to activate a new
> > >    feature.
> > > 
> > > 3. Read the SDSi State Certificate, containing the CPU configuration
> > >    state.
> > > 
> > > The operations perform function specific mailbox commands that forward the
> > > requests to SDSi hardware to perform authentication of the payloads and
> > > enable the silicon configuration (to be made available after power
> > > cycling).
> > > 
> > > The SDSi device itself is enumerated as an auxiliary device from the
> > > intel_vsec driver and as such has a build dependency on CONFIG_INTEL_VSEC.
> > > 
> > > Link: https://github.com/intel/intel-sdsi
> > 
> > There is no code at this link :(
> > 
> 
> Not yet. It's currently just documentation. But sample code was added to this patch series.

Is the sample code "real" and what you are going to use for this api?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ