From: Russ Weight <russell.h.weight@intel.com>
To: mdf@kernel.org, lee.jones@linaro.org, linux-fpga@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: trix@redhat.com, lgoncalv@redhat.com, yilun.xu@intel.com,
hao.wu@intel.com, matthew.gerlach@intel.com,
Russ Weight <russell.h.weight@intel.com>
Subject: [PATCH v2 0/6] Intel MAX10 BMC Security Engine Driver
Date: Fri, 2 Oct 2020 18:24:06 -0700 [thread overview]
Message-ID: <20201003012412.16831-1-russell.h.weight@intel.com> (raw)
These patches were previously submitted as part of a larger V1
patch set under the title "FPGA Security Manager Class Driver".
The Intel MAX10 BMC Security Engine driver instantiates the Intel
Security Manager class driver and provides the callback functions
required to support secure updates on Intel n3000 PAC devices.
This driver is implemented as a sub-driver of the Intel MAX10 BMC
mfd driver. Future instances of the MAX10 BMC will support other
devices as well (e.g. d5005) and this same MAX10 BMC Security
Engine driver will receive modifications to support that device.
This driver interacts with the HW secure update engine of the
BMC in order to transfer new FPGA and BMC images to FLASH so
that they will be automatically loaded when the FPGA card reboots.
Security is enforced by hardware and firmware. The MAX10 BMC
Security Engine driver interacts with the firmware to initiate
an update, pass in the necessary data, and collect status on
the update.
This driver passes operation call-back functions to the Intel
FPGA Security Manager Class Driver to support the following
functions:
(1) Instantiate and monitor a secure update
(2) Display security information including: Root Entry Hashes (REH),
Cancelled Code Signing Keys (CSK), and flash update counts for
both BMC and FPGA images.
These patches are dependent on other patches that are under
review. If you want to apply these patches on linux-next,
please apply these patches first, in the following order:
(1 patch) https://marc.info/?l=linux-fpga&m=159782339732362&w=2
(4 patches) https://marc.info/?l=linux-fpga&m=160014074806950&w=2
(7 patches) https://marc.info/?l=linux-fpga&m=160167824311379&w=2
Changelog v1 -> v2:
- These patches were previously submitted as part of a larger V1
patch set under the title "Intel FPGA Security Manager Class Driver".
- Grouped all changes to include/linux/mfd/intel-m10-bmc.h into a
single patch: "mfd: intel-m10-bmc: support for MAX10 BMC Security
Engine".
- Removed ifpga_sec_mgr_init() and ifpga_sec_mgr_uinit() functions.
- Adapted to changes in the Intel FPGA Security Manager by splitting
the single call to ifpga_sec_mgr_register() into two function
calls: devm_ifpga_sec_mgr_create() and ifpga_sec_mgr_register().
- Replaced small function-creation macros for explicit function
declarations.
- Bug fix for the get_csk_vector() function to properly apply the
stride variable in calls to m10bmc_raw_bulk_read().
- Added m10bmc_ prefix to functions in m10bmc_iops structure
- Implemented HW_ERRINFO_POISON for m10bmc_sec_hw_errinfo() to
ensure that corresponding bits are set to 1 if we are unable
to read the doorbell or auth_result registers.
- Added comments and additional code cleanup per V1 review.
Russ Weight (6):
mfd: intel-m10-bmc: support for MAX10 BMC Security Engine
fpga: m10bmc-sec: create max10 bmc security engine
fpga: m10bmc-sec: expose max10 flash update counts
fpga: m10bmc-sec: expose max10 canceled keys in sysfs
fpga: m10bmc-sec: add max10 secure update functions
fpga: m10bmc-sec: add max10 get_hw_errinfo callback func
MAINTAINERS | 1 +
drivers/fpga/Kconfig | 11 +
drivers/fpga/Makefile | 3 +
drivers/fpga/intel-m10-bmc-secure.c | 591 ++++++++++++++++++++++++++++
include/linux/mfd/intel-m10-bmc.h | 134 +++++++
5 files changed, 740 insertions(+)
create mode 100644 drivers/fpga/intel-m10-bmc-secure.c
--
2.17.1
next reply other threads:[~2020-10-03 1:24 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-03 1:24 Russ Weight [this message]
2020-10-03 1:24 ` [PATCH v2 1/6] mfd: intel-m10-bmc: support for MAX10 BMC Security Engine Russ Weight
2020-10-06 16:34 ` Tom Rix
2020-10-08 0:52 ` Russ Weight
2020-10-08 23:03 ` Russ Weight
2020-10-09 20:04 ` Tom Rix
2020-10-07 7:00 ` Lee Jones
2020-10-08 0:49 ` Russ Weight
2020-10-08 7:23 ` Lee Jones
2020-10-03 1:24 ` [PATCH v2 2/6] fpga: m10bmc-sec: create max10 bmc security engine Russ Weight
2020-10-03 3:15 ` Randy Dunlap
2020-10-04 18:01 ` Russ Weight
2020-10-04 18:07 ` Randy Dunlap
2020-10-06 17:31 ` Tom Rix
2020-10-08 21:12 ` Russ Weight
2020-10-03 1:24 ` [PATCH v2 3/6] fpga: m10bmc-sec: expose max10 flash update counts Russ Weight
2020-10-06 17:35 ` Tom Rix
2020-10-03 1:24 ` [PATCH v2 4/6] fpga: m10bmc-sec: expose max10 canceled keys in sysfs Russ Weight
2020-10-06 17:41 ` Tom Rix
2020-10-03 1:24 ` [PATCH v2 5/6] fpga: m10bmc-sec: add max10 secure update functions Russ Weight
2020-10-06 19:08 ` Tom Rix
2020-10-08 23:06 ` Russ Weight
2020-10-09 20:15 ` Tom Rix
2020-10-03 1:24 ` [PATCH v2 6/6] fpga: m10bmc-sec: add max10 get_hw_errinfo callback func Russ Weight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201003012412.16831-1-russell.h.weight@intel.com \
--to=russell.h.weight@intel.com \
--cc=hao.wu@intel.com \
--cc=lee.jones@linaro.org \
--cc=lgoncalv@redhat.com \
--cc=linux-fpga@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matthew.gerlach@intel.com \
--cc=mdf@kernel.org \
--cc=trix@redhat.com \
--cc=yilun.xu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.