| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Apr 2022 13:02:13 -0700
From: Tony Luck <tony.luck@...el.com>
To: hdegoede@...hat.com, markgross@...nel.org
Cc: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
corbet@....net, gregkh@...uxfoundation.org,
andriy.shevchenko@...ux.intel.com, jithu.joseph@...el.com,
ashok.raj@...el.com, tony.luck@...el.com, rostedt@...dmis.org,
dan.j.williams@...el.com, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, platform-driver-x86@...r.kernel.org,
patches@...ts.linux.dev, ravi.v.shankar@...el.com
Subject: [PATCH v4 04/10] platform/x86/intel/ifs: Read IFS firmware image
From: Jithu Joseph <jithu.joseph@...el.com>
Driver probe routine allocates structure to communicate status
and parameters between functions in the driver. Also call
load_ifs_binary() to load the scan image file.
There is a separate scan image file for each processor family,
model, stepping combination. This is read from the static path:
/lib/firmware/intel/ifs/{ff-mm-ss}.scan
Step 1 in loading is to generate the correct path and use
request_firmware_direct() to load into memory.
Subsequent patches will use the IFS MSR interfaces to copy
the image to BIOS reserved memory and validate the SHA256
checksums.
Signed-off-by: Jithu Joseph <jithu.joseph@...el.com>
Co-developed-by: Tony Luck <tony.luck@...el.com>
Signed-off-by: Tony Luck <tony.luck@...el.com>
---
drivers/platform/x86/intel/ifs/Makefile | 2 +-
drivers/platform/x86/intel/ifs/core.c | 36 ++++++++++++++++++++++++-
drivers/platform/x86/intel/ifs/ifs.h | 25 +++++++++++++++++
drivers/platform/x86/intel/ifs/load.c | 28 +++++++++++++++++++
4 files changed, 89 insertions(+), 2 deletions(-)
create mode 100644 drivers/platform/x86/intel/ifs/ifs.h
create mode 100644 drivers/platform/x86/intel/ifs/load.c
diff --git a/drivers/platform/x86/intel/ifs/Makefile b/drivers/platform/x86/intel/ifs/Makefile
index af904880e959..98b6fde15689 100644
--- a/drivers/platform/x86/intel/ifs/Makefile
+++ b/drivers/platform/x86/intel/ifs/Makefile
@@ -1,3 +1,3 @@
obj-$(CONFIG_INTEL_IFS) += intel_ifs.o
-intel_ifs-objs := core.o
+intel_ifs-objs := core.o load.o
diff --git a/drivers/platform/x86/intel/ifs/core.c b/drivers/platform/x86/intel/ifs/core.c
index 5713e6ee90f0..ed4ded6755b2 100644
--- a/drivers/platform/x86/intel/ifs/core.c
+++ b/drivers/platform/x86/intel/ifs/core.c
@@ -6,6 +6,8 @@
#include <asm/cpu_device_id.h>
+#include "ifs.h"
+
enum test_types {
IFS_SAF,
};
@@ -20,10 +22,27 @@ static const struct x86_cpu_id ifs_cpu_ids[] __initconst = {
};
MODULE_DEVICE_TABLE(x86cpu, ifs_cpu_ids);
+static struct ifs_device ifs_devices[] = {
+ [IFS_SAF] = {
+ .data = {
+ .integrity_cap_bit = MSR_INTEGRITY_CAPS_PERIODIC_BIST_BIT,
+ },
+ .misc = {
+ .name = "intel_ifs_0",
+ .nodename = "intel_ifs/0",
+ .minor = MISC_DYNAMIC_MINOR,
+ },
+ },
+};
+
+#define IFS_NUMTESTS ARRAY_SIZE(ifs_devices)
+
static int __init ifs_init(void)
{
const struct x86_cpu_id *m;
+ int ndevices = 0;
u64 msrval;
+ int i;
m = x86_match_cpu(ifs_cpu_ids);
if (!m)
@@ -38,11 +57,26 @@ static int __init ifs_init(void)
if (rdmsrl_safe(MSR_INTEGRITY_CAPS, &msrval))
return -ENODEV;
- return 0;
+ for (i = 0; i < IFS_NUMTESTS; i++) {
+ if (!(msrval & BIT(ifs_devices[i].data.integrity_cap_bit)))
+ continue;
+
+ if (!misc_register(&ifs_devices[i].misc)) {
+ ndevices++;
+ ifs_load_firmware(ifs_devices[i].misc.this_device);
+ }
+ }
+
+ return ndevices ? 0 : -ENODEV;
}
static void __exit ifs_exit(void)
{
+ int i;
+
+ for (i = 0; i < IFS_NUMTESTS; i++)
+ if (ifs_devices[i].misc.this_device)
+ misc_deregister(&ifs_devices[i].misc);
}
module_init(ifs_init);
diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h
new file mode 100644
index 000000000000..9a0f8e2077e2
--- /dev/null
+++ b/drivers/platform/x86/intel/ifs/ifs.h
@@ -0,0 +1,25 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* Copyright(c) 2022 Intel Corporation. */
+
+#ifndef _IFS_H_
+#define _IFS_H_
+
+#include <linux/device.h>
+#include <linux/miscdevice.h>
+
+/**
+ * struct ifs_data - attributes related to intel IFS driver
+ * @integrity_cap_bit - MSR_INTEGRITY_CAPS bit enumerating this test
+ */
+struct ifs_data {
+ int integrity_cap_bit;
+};
+
+struct ifs_device {
+ struct ifs_data data;
+ struct miscdevice misc;
+};
+
+void ifs_load_firmware(struct device *dev);
+
+#endif
diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
new file mode 100644
index 000000000000..9fb71d38c819
--- /dev/null
+++ b/drivers/platform/x86/intel/ifs/load.c
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright(c) 2022 Intel Corporation. */
+
+#include <linux/firmware.h>
+
+#include "ifs.h"
+
+/*
+ * Load ifs image. Before loading ifs module, the ifs image must be located
+ * in /lib/firmware/intel/ifs and named as {family/model/stepping}.{testname}.
+ */
+void ifs_load_firmware(struct device *dev)
+{
+ const struct firmware *fw;
+ char scan_path[32];
+ int ret;
+
+ snprintf(scan_path, sizeof(scan_path), "intel/ifs/%02x-%02x-%02x.scan",
+ boot_cpu_data.x86, boot_cpu_data.x86_model, boot_cpu_data.x86_stepping);
+
+ ret = request_firmware_direct(&fw, scan_path, dev);
+ if (ret) {
+ dev_err(dev, "ifs file %s load failed\n", scan_path);
+ return;
+ }
+
+ release_firmware(fw);
+}
--
2.35.1
Powered by blists - more mailing lists