From: Russ Weight <russell.h.weight@intel.com>
To: mdf@kernel.org, lee.jones@linaro.org, linux-fpga@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: trix@redhat.com, lgoncalv@redhat.com, yilun.xu@intel.com,
hao.wu@intel.com, matthew.gerlach@intel.com,
Russ Weight <russell.h.weight@intel.com>
Subject: [PATCH v4 4/6] fpga: m10bmc-sec: expose max10 canceled keys in sysfs
Date: Thu, 5 Nov 2020 18:23:17 -0800 [thread overview]
Message-ID: <20201106022319.13991-5-russell.h.weight@intel.com> (raw)
In-Reply-To: <20201106022319.13991-1-russell.h.weight@intel.com>
Extend the MAX10 BMC Secure Update driver to provide sysfs
files to expose the canceled code signing key (CSK) bit
vectors. These use the standard bitmap list format
(e.g. 1,2-6,9).
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Reviewed-by: Tom Rix <trix@redhat.com>
---
v4:
- Moved sysfs files for displaying the code-signing-key (CSK)
cancellation vectors from the FPGA Security Manger class driver
to here. The m10bmc_csk_vector() and m10bmc_csk_cancel_nbits()
functions are removed and the functionality from these functions
is moved into a show_canceled_csk() function for for displaying
the CSK vectors.
- Added ABI documentation for new sysfs entries
v3:
- Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_
- Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update
driver"
- Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The
underlying functions are now called directly.
- Renamed get_csk_vector() to m10bmc_csk_vector()
v2:
- Replaced small function-creation macros for explicit function
declarations.
- Fixed get_csk_vector() function to properly apply the stride
variable in calls to m10bmc_raw_bulk_read()
- Added m10bmc_ prefix to functions in m10bmc_iops structure
---
.../testing/sysfs-driver-intel-m10-bmc-secure | 24 ++++++++++
drivers/fpga/intel-m10-bmc-secure.c | 46 +++++++++++++++++++
2 files changed, 70 insertions(+)
diff --git a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure
index 14025b72e5ee..1517bd0400d5 100644
--- a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure
+++ b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure
@@ -28,6 +28,30 @@ Description: Read only. Returns the root entry hash for the BMC image
underlying device supports it.
Format: "0x%x".
+What: /sys/bus/platform/devices/n3000bmc-secure.*.auto/security/sr_canceled_csks
+Date: Oct 2020
+KernelVersion: 5.11
+Contact: Russ Weight <russell.h.weight@intel.com>
+Description: Read only. Returns a list of indices for canceled code
+ signing keys for the static region. The standard bitmap
+ list format is used (e.g. "1,2-6,9").
+
+What: /sys/bus/platform/devices/n3000bmc-secure.*.auto/security/pr_canceled_csks
+Date: Oct 2020
+KernelVersion: 5.11
+Contact: Russ Weight <russell.h.weight@intel.com>
+Description: Read only. Returns a list of indices for canceled code
+ signing keys for the partial reconfiguration region. The
+ standard bitmap list format is used (e.g. "1,2-6,9").
+
+What: /sys/bus/platform/devices/n3000bmc-secure.*.auto/security/bmc_canceled_csks
+Date: Oct 2020
+KernelVersion: 5.11
+Contact: Russ Weight <russell.h.weight@intel.com>
+Description: Read only. Returns a list of indices for canceled code
+ signing keys for the BMC. The standard bitmap list format
+ is used (e.g. "1,2-6,9").
+
What: /sys/bus/platform/devices/n3000bmc-secure.*.auto/security/user_flash_count
Date: Oct 2020
KernelVersion: 5.11
diff --git a/drivers/fpga/intel-m10-bmc-secure.c b/drivers/fpga/intel-m10-bmc-secure.c
index a6747735798e..806ef93b027d 100644
--- a/drivers/fpga/intel-m10-bmc-secure.c
+++ b/drivers/fpga/intel-m10-bmc-secure.c
@@ -78,6 +78,49 @@ DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR);
DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR);
DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR);
+#define CSK_BIT_LEN 128U
+#define CSK_32ARRAY_SIZE DIV_ROUND_UP(CSK_BIT_LEN, 32)
+
+static ssize_t
+show_canceled_csk(struct device *dev, u32 addr, char *buf)
+{
+ unsigned int i, stride, size = CSK_32ARRAY_SIZE * sizeof(u32);
+ struct m10bmc_sec *sec = dev_get_drvdata(dev);
+ DECLARE_BITMAP(csk_map, CSK_BIT_LEN);
+ __le32 csk_le32[CSK_32ARRAY_SIZE];
+ u32 csk32[CSK_32ARRAY_SIZE];
+ int ret;
+
+ stride = regmap_get_reg_stride(sec->m10bmc->regmap);
+
+ ret = regmap_bulk_read(sec->m10bmc->regmap, addr, csk_le32, size / stride);
+ if (ret) {
+ dev_err(sec->dev, "failed to read CSK vector: %x cnt %x: %d\n",
+ addr, size / stride, ret);
+ return ret;
+ }
+
+ for (i = 0; i < CSK_32ARRAY_SIZE; i++)
+ csk32[i] = le32_to_cpu(((csk_le32[i])));
+
+ bitmap_from_arr32(csk_map, csk32, CSK_BIT_LEN);
+ bitmap_complement(csk_map, csk_map, CSK_BIT_LEN);
+ return bitmap_print_to_pagebuf(1, buf, csk_map, CSK_BIT_LEN);
+}
+
+#define DEVICE_ATTR_SEC_CSK_RO(_name, _addr) \
+static ssize_t _name##_canceled_csks_show(struct device *dev, \
+ struct device_attribute *attr, \
+ char *buf) \
+{ return show_canceled_csk(dev, _addr, buf); } \
+static DEVICE_ATTR_RO(_name##_canceled_csks)
+
+#define CSK_VEC_OFFSET 0x34
+
+DEVICE_ATTR_SEC_CSK_RO(bmc, BMC_PROG_ADDR + CSK_VEC_OFFSET);
+DEVICE_ATTR_SEC_CSK_RO(sr, SR_PROG_ADDR + CSK_VEC_OFFSET);
+DEVICE_ATTR_SEC_CSK_RO(pr, PR_PROG_ADDR + CSK_VEC_OFFSET);
+
#define FLASH_COUNT_SIZE 4096 /* count stored in inverted bit vector */
static ssize_t user_flash_count_show(struct device *dev,
@@ -115,6 +158,9 @@ static struct attribute *m10bmc_security_attrs[] = {
&dev_attr_bmc_root_entry_hash.attr,
&dev_attr_sr_root_entry_hash.attr,
&dev_attr_pr_root_entry_hash.attr,
+ &dev_attr_sr_canceled_csks.attr,
+ &dev_attr_pr_canceled_csks.attr,
+ &dev_attr_bmc_canceled_csks.attr,
NULL,
};
--
2.25.1
next prev parent reply other threads:[~2020-11-06 2:23 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-06 2:23 [PATCH v4 0/6] Intel MAX10 BMC Secure Update Driver Russ Weight
2020-11-06 2:23 ` [PATCH v4 1/6] mfd: intel-m10-bmc: support for MAX10 BMC Secure Updates Russ Weight
2020-11-06 2:23 ` [PATCH v4 2/6] fpga: m10bmc-sec: create max10 bmc secure update driver Russ Weight
2020-11-06 17:12 ` Russ Weight
2020-11-06 2:23 ` [PATCH v4 3/6] fpga: m10bmc-sec: expose max10 flash update count Russ Weight
2020-11-06 2:23 ` Russ Weight [this message]
2020-11-06 17:16 ` [PATCH v4 4/6] fpga: m10bmc-sec: expose max10 canceled keys in sysfs Russ Weight
2020-11-06 2:23 ` [PATCH v4 5/6] fpga: m10bmc-sec: add max10 secure update functions Russ Weight
2020-11-06 2:23 ` [PATCH v4 6/6] fpga: m10bmc-sec: add max10 get_hw_errinfo callback func Russ Weight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201106022319.13991-5-russell.h.weight@intel.com \
--to=russell.h.weight@intel.com \
--cc=hao.wu@intel.com \
--cc=lee.jones@linaro.org \
--cc=lgoncalv@redhat.com \
--cc=linux-fpga@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matthew.gerlach@intel.com \
--cc=mdf@kernel.org \
--cc=trix@redhat.com \
--cc=yilun.xu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.