From: Moritz Fischer <mdf@kernel.org>
To: gregkh@linuxfoundation.org
Cc: linux-fpga@vger.kernel.org, moritzf@google.com,
Moritz Fischer <mdf@kernel.org>,
Russ Weight <russell.h.weight@intel.com>,
Tom Rix <trix@redhat.com>
Subject: [PATCH 08/12] fpga: m10bmc-sec: create max10 bmc secure update driver
Date: Sun, 16 May 2021 19:31:56 -0700 [thread overview]
Message-ID: <20210517023200.52707-9-mdf@kernel.org> (raw)
In-Reply-To: <20210517023200.52707-1-mdf@kernel.org>
From: Russ Weight <russell.h.weight@intel.com>
Create a platform driver that can be invoked as a sub
driver for the Intel MAX10 BMC in order to support
secure updates. This sub-driver will invoke an
instance of the FPGA Security Manager class driver
in order to expose sysfs interfaces for managing and
monitoring secure updates to FPGA and BMC images.
This patch creates the MAX10 BMC Secure Update driver and
provides sysfs files for displaying the current root entry hashes
for the FPGA static region, the FPGA PR region, and the MAX10
BMC.
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Reviewed-by: Tom Rix <trix@redhat.com>
Signed-off-by: Moritz Fischer <mdf@kernel.org>
---
.../testing/sysfs-driver-intel-m10-bmc-secure | 29 ++++
MAINTAINERS | 2 +
drivers/fpga/Kconfig | 11 ++
drivers/fpga/Makefile | 3 +
drivers/fpga/intel-m10-bmc-secure.c | 135 ++++++++++++++++++
5 files changed, 180 insertions(+)
create mode 100644 Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure
create mode 100644 drivers/fpga/intel-m10-bmc-secure.c
diff --git a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure
new file mode 100644
index 000000000000..9a0abb147b28
--- /dev/null
+++ b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure
@@ -0,0 +1,29 @@
+What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/sr_root_entry_hash
+Date: June 2021
+KernelVersion: 5.14
+Contact: Russ Weight <russell.h.weight@intel.com>
+Description: Read only. Returns the root entry hash for the static
+ region if one is programmed, else it returns the
+ string: "hash not programmed". This file is only
+ visible if the underlying device supports it.
+ Format: "0x%x".
+
+What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/pr_root_entry_hash
+Date: June 2021
+KernelVersion: 5.14
+Contact: Russ Weight <russell.h.weight@intel.com>
+Description: Read only. Returns the root entry hash for the partial
+ reconfiguration region if one is programmed, else it
+ returns the string: "hash not programmed". This file
+ is only visible if the underlying device supports it.
+ Format: "0x%x".
+
+What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/bmc_root_entry_hash
+Date: June 2021
+KernelVersion: 5.14
+Contact: Russ Weight <russell.h.weight@intel.com>
+Description: Read only. Returns the root entry hash for the BMC image
+ if one is programmed, else it returns the string:
+ "hash not programmed". This file is only visible if the
+ underlying device supports it.
+ Format: "0x%x".
diff --git a/MAINTAINERS b/MAINTAINERS
index ac81adcd8579..864ba65478bc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -7141,8 +7141,10 @@ M: Russ Weight <russell.h.weight@intel.com>
L: linux-fpga@vger.kernel.org
S: Maintained
F: Documentation/ABI/testing/sysfs-class-fpga-sec-mgr
+F: Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure
F: Documentation/fpga/fpga-sec-mgr.rst
F: drivers/fpga/fpga-sec-mgr.c
+F: drivers/fpga/intel-m10-bmc-secure.c
F: include/linux/fpga/fpga-sec-mgr.h
FPU EMULATOR
diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig
index 09a8d915db26..0f3bbebd8b08 100644
--- a/drivers/fpga/Kconfig
+++ b/drivers/fpga/Kconfig
@@ -243,4 +243,15 @@ config FPGA_SEC_MGR
region and for the BMC. Select this option to enable
updates for secure FPGA devices.
+config IFPGA_M10_BMC_SECURE
+ tristate "Intel MAX10 BMC Secure Update driver"
+ depends on MFD_INTEL_M10_BMC && FPGA_SEC_MGR
+ help
+ Secure update support for the Intel MAX10 board management
+ controller.
+
+ This is a subdriver of the Intel MAX10 board management controller
+ (BMC) and provides support for secure updates for the BMC image,
+ the FPGA image, the Root Entry Hashes, etc.
+
endif # FPGA
diff --git a/drivers/fpga/Makefile b/drivers/fpga/Makefile
index 22576d1a3996..7259f1ab2531 100644
--- a/drivers/fpga/Makefile
+++ b/drivers/fpga/Makefile
@@ -24,6 +24,9 @@ obj-$(CONFIG_ALTERA_PR_IP_CORE_PLAT) += altera-pr-ip-core-plat.o
# FPGA Security Manager Framework
obj-$(CONFIG_FPGA_SEC_MGR) += fpga-sec-mgr.o
+# FPGA Secure Update Drivers
+obj-$(CONFIG_IFPGA_M10_BMC_SECURE) += intel-m10-bmc-secure.o
+
# FPGA Bridge Drivers
obj-$(CONFIG_FPGA_BRIDGE) += fpga-bridge.o
obj-$(CONFIG_SOCFPGA_FPGA_BRIDGE) += altera-hps2fpga.o altera-fpga2sdram.o
diff --git a/drivers/fpga/intel-m10-bmc-secure.c b/drivers/fpga/intel-m10-bmc-secure.c
new file mode 100644
index 000000000000..5ac5f59b5731
--- /dev/null
+++ b/drivers/fpga/intel-m10-bmc-secure.c
@@ -0,0 +1,135 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Intel Max10 Board Management Controller Secure Update Driver
+ *
+ * Copyright (C) 2019-2020 Intel Corporation. All rights reserved.
+ *
+ */
+#include <linux/bitfield.h>
+#include <linux/device.h>
+#include <linux/fpga/fpga-sec-mgr.h>
+#include <linux/mfd/intel-m10-bmc.h>
+#include <linux/module.h>
+#include <linux/platform_device.h>
+
+struct m10bmc_sec {
+ struct device *dev;
+ struct intel_m10bmc *m10bmc;
+};
+
+/* Root Entry Hash (REH) support */
+#define REH_SHA256_SIZE 32
+#define REH_SHA384_SIZE 48
+#define REH_MAGIC GENMASK(15, 0)
+#define REH_SHA_NUM_BYTES GENMASK(31, 16)
+
+static ssize_t
+show_root_entry_hash(struct device *dev, u32 exp_magic,
+ u32 prog_addr, u32 reh_addr, char *buf)
+{
+ struct m10bmc_sec *sec = dev_get_drvdata(dev);
+ unsigned int stride = regmap_get_reg_stride(sec->m10bmc->regmap);
+ int sha_num_bytes, i, cnt, ret;
+ u8 hash[REH_SHA384_SIZE];
+ u32 magic;
+
+ ret = m10bmc_raw_read(sec->m10bmc, prog_addr, &magic);
+ if (ret)
+ return ret;
+
+ dev_dbg(dev, "%s magic 0x%08x\n", __func__, magic);
+
+ if (FIELD_GET(REH_MAGIC, magic) != exp_magic)
+ return sysfs_emit(buf, "hash not programmed\n");
+
+ sha_num_bytes = FIELD_GET(REH_SHA_NUM_BYTES, magic) / 8;
+ if (sha_num_bytes != REH_SHA256_SIZE &&
+ sha_num_bytes != REH_SHA384_SIZE) {
+ dev_err(sec->dev, "%s bad sha num bytes %d\n", __func__,
+ sha_num_bytes);
+ return -EINVAL;
+ }
+
+ WARN_ON(sha_num_bytes % stride);
+ ret = regmap_bulk_read(sec->m10bmc->regmap, reh_addr,
+ hash, sha_num_bytes / stride);
+ if (ret) {
+ dev_err(dev, "failed to read root entry hash: %x cnt %x: %d\n",
+ reh_addr, sha_num_bytes / stride, ret);
+ return ret;
+ }
+
+ cnt = sprintf(buf, "0x");
+ for (i = 0; i < sha_num_bytes; i++)
+ cnt += sprintf(buf + cnt, "%02x", hash[i]);
+ cnt += sprintf(buf + cnt, "\n");
+
+ return cnt;
+}
+
+#define DEVICE_ATTR_SEC_REH_RO(_name, _magic, _prog_addr, _reh_addr) \
+static ssize_t _name##_root_entry_hash_show(struct device *dev, \
+ struct device_attribute *attr, \
+ char *buf) \
+{ return show_root_entry_hash(dev, _magic, _prog_addr, _reh_addr, buf); } \
+static DEVICE_ATTR_RO(_name##_root_entry_hash)
+
+DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR);
+DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR);
+DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR);
+
+static struct attribute *m10bmc_security_attrs[] = {
+ &dev_attr_bmc_root_entry_hash.attr,
+ &dev_attr_sr_root_entry_hash.attr,
+ &dev_attr_pr_root_entry_hash.attr,
+ NULL,
+};
+
+static struct attribute_group m10bmc_security_attr_group = {
+ .name = "security",
+ .attrs = m10bmc_security_attrs,
+};
+
+static const struct attribute_group *m10bmc_sec_attr_groups[] = {
+ &m10bmc_security_attr_group,
+ NULL,
+};
+
+static const struct fpga_sec_mgr_ops m10bmc_sops = { };
+
+static int m10bmc_secure_probe(struct platform_device *pdev)
+{
+ struct fpga_sec_mgr *smgr;
+ struct m10bmc_sec *sec;
+
+ sec = devm_kzalloc(&pdev->dev, sizeof(*sec), GFP_KERNEL);
+ if (!sec)
+ return -ENOMEM;
+
+ sec->dev = &pdev->dev;
+ sec->m10bmc = dev_get_drvdata(pdev->dev.parent);
+ dev_set_drvdata(&pdev->dev, sec);
+
+ smgr = devm_fpga_sec_mgr_create(sec->dev, "Max10 BMC Secure Update",
+ &m10bmc_sops, sec);
+ if (!smgr) {
+ dev_err(sec->dev, "Security manager failed to start\n");
+ return -ENOMEM;
+ }
+
+ return devm_fpga_sec_mgr_register(sec->dev, smgr);
+}
+
+static struct platform_driver intel_m10bmc_secure_driver = {
+ .probe = m10bmc_secure_probe,
+ .driver = {
+ .name = "n3000bmc-secure",
+ .dev_groups = m10bmc_sec_attr_groups,
+ },
+};
+module_platform_driver(intel_m10bmc_secure_driver);
+
+MODULE_ALIAS("platform:n3000bmc-secure");
+MODULE_AUTHOR("Intel Corporation");
+MODULE_DESCRIPTION("Intel MAX10 BMC Secure Update");
+MODULE_LICENSE("GPL v2");
--
2.31.1
next prev parent reply other threads:[~2021-05-17 2:32 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-17 2:31 [PATCH 00/12] FPGA Security Manager for 5.14 Moritz Fischer
2021-05-17 2:31 ` [PATCH 01/12] fpga: sec-mgr: fpga security manager class driver Moritz Fischer
2021-05-17 5:18 ` Greg KH
2021-05-17 17:45 ` Russ Weight
2021-05-17 17:55 ` Greg KH
2021-05-17 18:25 ` Russ Weight
2021-05-19 20:42 ` Tom Rix
2021-05-21 1:10 ` Russ Weight
2021-05-21 4:58 ` Greg KH
2021-05-21 15:15 ` Russ Weight
2021-05-17 2:31 ` [PATCH 02/12] fpga: sec-mgr: enable secure updates Moritz Fischer
2021-05-17 5:32 ` Greg KH
2021-05-17 19:37 ` Russ Weight
2021-07-30 1:23 ` Russ Weight
2021-07-30 11:18 ` Greg KH
2021-08-02 18:31 ` Russ Weight
2021-08-03 5:49 ` Greg KH
2021-08-03 19:02 ` Russ Weight
2021-08-04 7:37 ` Greg KH
2021-08-04 14:58 ` Moritz Fischer
2021-08-04 15:12 ` Greg KH
2021-08-04 19:47 ` Moritz Fischer
2021-11-02 16:25 ` Russ Weight
2021-11-02 17:06 ` Greg KH
2021-05-17 2:31 ` [PATCH 03/12] fpga: sec-mgr: expose sec-mgr update status Moritz Fischer
2021-05-17 2:31 ` [PATCH 04/12] fpga: sec-mgr: expose sec-mgr update errors Moritz Fischer
2021-05-17 2:31 ` [PATCH 05/12] fpga: sec-mgr: expose sec-mgr update size Moritz Fischer
2021-05-17 2:31 ` [PATCH 06/12] fpga: sec-mgr: enable cancel of secure update Moritz Fischer
2021-05-17 2:31 ` [PATCH 07/12] fpga: sec-mgr: expose hardware error info Moritz Fischer
2021-05-17 7:10 ` Greg KH
2021-05-17 19:49 ` Russ Weight
2021-05-17 2:31 ` Moritz Fischer [this message]
2021-05-17 5:30 ` [PATCH 08/12] fpga: m10bmc-sec: create max10 bmc secure update driver Greg KH
2021-05-17 20:09 ` Russ Weight
2021-05-17 2:31 ` [PATCH 09/12] fpga: m10bmc-sec: expose max10 flash update count Moritz Fischer
2021-05-17 2:31 ` [PATCH 10/12] fpga: m10bmc-sec: expose max10 canceled keys in sysfs Moritz Fischer
2021-05-17 2:31 ` [PATCH 11/12] fpga: m10bmc-sec: add max10 secure update functions Moritz Fischer
2021-05-17 2:32 ` [PATCH 12/12] fpga: m10bmc-sec: add max10 get_hw_errinfo callback func Moritz Fischer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210517023200.52707-9-mdf@kernel.org \
--to=mdf@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-fpga@vger.kernel.org \
--cc=moritzf@google.com \
--cc=russell.h.weight@intel.com \
--cc=trix@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.