From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
To: <linux-cxl@vger.kernel.org>, <linux-pci@vger.kernel.org>
Cc: <linuxarm@huawei.com>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>,
Chris Browy <cbrowy@avery-design.com>, <keyrings@vger.kernel.org>,
"Bjorn Helgaas" <bjorn@helgaas.com>,
"David E . Box" <david.e.box@linux.intel.com>,
<dan.j.williams@intel.com>
Subject: [RFC PATCH v2 14/14] cxl/pci: Add really basic CMA authentication support.
Date: Thu, 3 Mar 2022 13:59:05 +0000 [thread overview]
Message-ID: <20220303135905.10420-15-Jonathan.Cameron@huawei.com> (raw)
In-Reply-To: <20220303135905.10420-1-Jonathan.Cameron@huawei.com>
This is just for purposes of poking the CMA / SPDM code.
What exactly the model in the driver looks like is still to
be worked out.
Note the PROBE_FORCE_SYNCHRONOUS is a workaround to avoid warnings
about trying to load an additional crypto module whilst doing an
asychronous probe.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
---
drivers/cxl/Kconfig | 1 +
drivers/cxl/cxlmem.h | 2 ++
drivers/cxl/pci.c | 40 +++++++++++++++++++++++++++++++++++++++-
lib/spdm.c | 2 +-
4 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/drivers/cxl/Kconfig b/drivers/cxl/Kconfig
index 9d53720bea07..4dfd2c19b285 100644
--- a/drivers/cxl/Kconfig
+++ b/drivers/cxl/Kconfig
@@ -17,6 +17,7 @@ config CXL_MEM
tristate "CXL.mem: Memory Devices"
default CXL_BUS
select PCI_DOE_DRIVER
+ select PCI_CMA
help
The CXL.mem protocol allows a device to act as a provider of
"System RAM" and/or "Persistent Memory" that is fully coherent
diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h
index b4209170f4ac..b69328118632 100644
--- a/drivers/cxl/cxlmem.h
+++ b/drivers/cxl/cxlmem.h
@@ -100,6 +100,7 @@ struct cxl_mbox_cmd {
*
* @dev: The device associated with this CXL state
* @cdat_doe: Auxiliary DOE device capabile of reading CDAT
+ * @cma_doe: Component measurement and authentication mailbox
* @regs: Parsed register blocks
* @payload_size: Size of space for payload
* (CXL 2.0 8.2.8.4.3 Mailbox Capabilities Register)
@@ -132,6 +133,7 @@ struct cxl_dev_state {
struct device *dev;
struct pci_doe_dev *cdat_doe;
+ struct pci_doe_dev *cma_doe;
struct cxl_regs regs;
size_t payload_size;
diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c
index ed94a6bef2de..ad823eeaafd9 100644
--- a/drivers/cxl/pci.c
+++ b/drivers/cxl/pci.c
@@ -1,9 +1,14 @@
// SPDX-License-Identifier: GPL-2.0-only
/* Copyright(c) 2020 Intel Corporation. All rights reserved. */
#include <linux/io-64-nonatomic-lo-hi.h>
+//#include <uapi/linux/cxl_mem.h>
+#include <linux/security.h>
+#include <linux/pci-cma.h>
+//#include <linux/debugfs.h>
#include <linux/module.h>
#include <linux/sizes.h>
#include <linux/mutex.h>
+#include <linux/spdm.h>
#include <linux/list.h>
#include <linux/pci.h>
#include <linux/pci-doe.h>
@@ -494,6 +499,26 @@ static int cxl_match_cdat_doe_device(struct device *dev, const void *data)
return 0;
}
+static int cxl_match_cma_doe_device(struct device *dev, const void *data)
+{
+ const struct cxl_dev_state *cxlds = data;
+ struct auxiliary_device *adev;
+ struct pci_doe_dev *doe_dev;
+
+ /* First determine if this auxiliary device belongs to the cxlds */
+ if (cxlds->dev != dev->parent)
+ return 0;
+
+ adev = to_auxiliary_dev(dev);
+ doe_dev = container_of(adev, struct pci_doe_dev, adev);
+
+ /* If it is one of ours check for the CMA protocol */
+ if (pci_doe_supports_prot(doe_dev, PCI_VENDOR_ID_PCI_SIG, 1)) //hack
+ return 1;
+
+ return 0;
+}
+
static int cxl_setup_doe_devices(struct cxl_dev_state *cxlds)
{
struct device *dev = cxlds->dev;
@@ -519,6 +544,10 @@ static int cxl_setup_doe_devices(struct cxl_dev_state *cxlds)
cxlds->cdat_doe = doe_dev;
}
+ adev = auxiliary_find_device(NULL, cxlds, &cxl_match_cma_doe_device);
+ if (adev)
+ cxlds->cma_doe = container_of(adev, struct pci_doe_dev, adev);
+
return 0;
}
@@ -643,6 +672,7 @@ static int cxl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
struct cxl_register_map map;
struct cxl_memdev *cxlmd;
struct cxl_dev_state *cxlds;
+ struct spdm_state spdm_state;
int rc;
/*
@@ -670,6 +700,14 @@ static int cxl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
cxl_initialize_cdat_callbacks(cxlds);
+ /* CMA is optional - policy control will be needed */
+ if (cxlds->cma_doe) {
+ pci_cma_init(cxlds->cma_doe, &spdm_state);
+ rc = pci_cma_authenticate(&spdm_state);
+ if (rc)
+ return rc;
+ }
+
rc = cxl_map_regs(cxlds, &map);
if (rc)
return rc;
@@ -712,7 +750,7 @@ static struct pci_driver cxl_pci_driver = {
.id_table = cxl_mem_pci_tbl,
.probe = cxl_pci_probe,
.driver = {
- .probe_type = PROBE_PREFER_ASYNCHRONOUS,
+ .probe_type = PROBE_FORCE_SYNCHRONOUS,
},
};
diff --git a/lib/spdm.c b/lib/spdm.c
index 3ce2341647f8..84a2d7f3989e 100644
--- a/lib/spdm.c
+++ b/lib/spdm.c
@@ -921,7 +921,7 @@ static int spdm_get_certificate(struct spdm_state *spdm_state)
key_ref_to_ptr(key2)->payload.data[asym_auth];
key = find_asymmetric_key(spdm_state->root_keyring, sig->auth_ids[0],
- sig->auth_ids[1], false);
+ sig->auth_ids[1], NULL, false);
if (IS_ERR(key)) {
dev_err(spdm_state->dev,
"Unable to retrieve signing certificate from _cma keyring\n");
--
2.32.0
prev parent reply other threads:[~2022-03-03 14:06 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-03 13:58 [RFC PATCH v2 00/14] PCI/CMA and SPDM Library Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 01/14] PCI: Add vendor ID for the PCI SIG Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 02/14] PCI: Replace magic constant for PCI Sig Vendor ID Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 03/14] PCI/DOE: Add Data Object Exchange Aux Driver Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 04/14] PCI/DOE: Introduce pci_doe_create_doe_devices Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 05/14] cxl/pci: Create DOE auxiliary devices Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 06/14] cxl/pci: Find the DOE mailbox which supports CDAT Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 07/14] cxl/mem: Read CDAT table Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 08/14] cxl/cdat: Introduce cdat_hdr_valid() Jonathan Cameron
2022-03-03 13:59 ` [RFC PATCH v2 09/14] cxl/mem: Retry reading CDAT on failure Jonathan Cameron
2022-03-03 13:59 ` [RFC PATCH v2 10/14] cxl/cdat: Parse out DSMAS data from CDAT table Jonathan Cameron
2022-03-03 13:59 ` [RFC PATCH v2 11/14] lib/asn1_encoder: Add a function to encode many byte integer values Jonathan Cameron
2022-03-03 13:59 ` [RFC PATCH v2 12/14] spdm: Introduce a library for DMTF SPDM Jonathan Cameron
2022-05-09 18:07 ` Lukas Wunner
2022-03-03 13:59 ` [RFC PATCH v2 13/14] PCI/CMA: Initial support for Component Measurement and Authentication ECN Jonathan Cameron
2022-03-03 13:59 ` Jonathan Cameron [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220303135905.10420-15-Jonathan.Cameron@huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=bjorn@helgaas.com \
--cc=cbrowy@avery-design.com \
--cc=dan.j.williams@intel.com \
--cc=david.e.box@linux.intel.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=lorenzo.pieralisi@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).