From: Jithu Joseph <jithu.joseph@intel.com>
To: hdegoede@redhat.com, markgross@kernel.org
Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
gregkh@linuxfoundation.org, jithu.joseph@intel.com,
ashok.raj@intel.com, tony.luck@intel.com,
linux-kernel@vger.kernel.org,
platform-driver-x86@vger.kernel.org, patches@lists.linux.dev,
ravi.v.shankar@intel.com, thiago.macieira@intel.com,
athenas.jimenez.gonzalez@intel.com
Subject: [PATCH 10/14] platform/x86/intel/ifs: Add metadata validation
Date: Fri, 21 Oct 2022 13:34:09 -0700 [thread overview]
Message-ID: <20221021203413.1220137-11-jithu.joseph@intel.com> (raw)
In-Reply-To: <20221021203413.1220137-1-jithu.joseph@intel.com>
The data portion of IFS test image file contains a meta-data
structure in addition to test data and hashes.
Introduce the layout of this meta_data structure and validate
the sanity of certain fields of the new-image before loading.
Tweak references to IFS test image chunks to reflect the updated
layout of the test image.
Reviewed-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
---
drivers/platform/x86/intel/ifs/ifs.h | 2 +
drivers/platform/x86/intel/ifs/load.c | 54 +++++++++++++++++++++++++++
2 files changed, 56 insertions(+)
diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h
index be37512535f2..bb43fd65d2d2 100644
--- a/drivers/platform/x86/intel/ifs/ifs.h
+++ b/drivers/platform/x86/intel/ifs/ifs.h
@@ -196,6 +196,7 @@ union ifs_status {
* @valid_chunks: number of chunks which could be validated.
* @status: it holds simple status pass/fail/untested
* @scan_details: opaque scan status code from h/w
+ * @cur_batch: suffix indicating the currently loaded test file
*/
struct ifs_data {
int integrity_cap_bit;
@@ -205,6 +206,7 @@ struct ifs_data {
int valid_chunks;
int status;
u64 scan_details;
+ int cur_batch;
};
struct ifs_work {
diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
index 3cb13a7aa74b..d300cf3ce5bd 100644
--- a/drivers/platform/x86/intel/ifs/load.c
+++ b/drivers/platform/x86/intel/ifs/load.c
@@ -8,8 +8,24 @@
#include "ifs.h"
+struct meta_data {
+ unsigned int meta_type; // metadata type
+ unsigned int meta_size; // size of this entire struct including hdrs.
+ unsigned int test_type; // IFS test type
+ unsigned int fusa_info; // Fusa info
+ unsigned int total_images; // Total number of images
+ unsigned int current_image; // Current Image #
+ unsigned int total_chunks; // Total number of chunks in this image
+ unsigned int starting_chunk; // Starting chunk number in this image
+ unsigned int size_per_chunk; // size of each chunk
+ unsigned int chunks_per_stride; // number of chunks in a stride
+ unsigned int reserved[54]; // Align to 256 bytes for chunk alignment.
+};
+
#define IFS_HEADER_SIZE (sizeof(struct microcode_header_intel))
#define IFS_HEADER_VER 2
+#define META_TYPE_IFS 1
+#define IFS_CHUNK_ALIGNMENT 256
static struct microcode_header_intel *ifs_header_ptr; /* pointer to the ifs image header */
static u64 ifs_hash_ptr; /* Address of ifs metadata (hash) */
static u64 ifs_test_image_ptr; /* 256B aligned address of test pattern */
@@ -98,6 +114,41 @@ static void copy_hashes_authenticate_chunks(struct work_struct *work)
complete(&ifs_done);
}
+static int validate_ifs_metadata(struct device *dev)
+{
+ struct ifs_data *ifsd = ifs_get_data(dev);
+ struct meta_data *ifs_meta;
+ char test_file[64];
+ int ret = -EINVAL;
+
+ snprintf(test_file, sizeof(test_file), "%02x-%02x-%02x-%02x.scan",
+ boot_cpu_data.x86, boot_cpu_data.x86_model,
+ boot_cpu_data.x86_stepping, ifsd->cur_batch);
+
+ ifs_meta = (struct meta_data *)microcode_intel_find_meta_data(ifs_header_ptr,
+ META_TYPE_IFS);
+ if (!ifs_meta) {
+ dev_err(dev, "IFS Metadata missing in file %s\n", test_file);
+ return ret;
+ }
+
+ ifs_test_image_ptr = (u64)ifs_meta + sizeof(struct meta_data);
+
+ /* Scan chunk start must be 256 byte aligned */
+ if (!IS_ALIGNED(ifs_test_image_ptr, IFS_CHUNK_ALIGNMENT)) {
+ dev_err(dev, "Scan pattern offset is not 256 byte aligned in %s\n", test_file);
+ return ret;
+ }
+
+ if (ifs_meta->current_image != ifsd->cur_batch) {
+ dev_warn(dev, "Suffix metadata is not matching with filename %s(0x%02x)\n",
+ test_file, ifs_meta->current_image);
+ return ret;
+ }
+
+ return 0;
+}
+
/*
* IFS requires scan chunks authenticated per each socket in the platform.
* Once the test chunk is authenticated, it is automatically copied to secured memory
@@ -114,6 +165,9 @@ static int scan_chunks_sanity_check(struct device *dev)
if (!package_authenticated)
return ret;
+ ret = validate_ifs_metadata(dev);
+ if (ret)
+ return ret;
ifsd->loading_error = false;
ifsd->loaded_version = ifs_header_ptr->rev;
--
2.25.1
next prev parent reply other threads:[~2022-10-21 20:35 UTC|newest]
Thread overview: 193+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-21 20:33 [PATCH 00/14] IFS multi test image support and misc changes Jithu Joseph
2022-10-21 20:34 ` [PATCH 01/14] platform/x86/intel/ifs: Remove unused selection Jithu Joseph
2022-10-21 20:34 ` [PATCH 02/14] platform/x86/intel/ifs: Propagate load failure error code Jithu Joseph
2022-10-24 22:52 ` Sohil Mehta
2022-10-24 23:17 ` Joseph, Jithu
2022-10-21 20:34 ` [PATCH 03/14] platform/x86/intel/ifs: return a more appropriate Error code Jithu Joseph
2022-10-24 22:57 ` Sohil Mehta
2022-10-24 23:01 ` Luck, Tony
2022-10-21 20:34 ` [PATCH 04/14] platform/x86/intel/ifs: Remove image loading during init Jithu Joseph
2022-10-24 23:50 ` Sohil Mehta
2022-10-25 0:41 ` Joseph, Jithu
2022-10-25 6:06 ` Sohil Mehta
2022-10-26 23:53 ` Joseph, Jithu
2022-11-01 7:00 ` Sohil Mehta
2022-10-21 20:34 ` [PATCH 05/14] x86/microcode/intel: Expose find_matching_signature() for IFS Jithu Joseph
2022-11-02 19:03 ` Borislav Petkov
2022-11-02 21:32 ` Joseph, Jithu
2022-10-21 20:34 ` [PATCH 06/14] x86/microcode/intel: Use appropriate type in microcode_sanity_check() Jithu Joseph
2022-10-21 20:34 ` [PATCH 07/14] x86/microcode/intel: Expose microcode_sanity_check() Jithu Joseph
2022-11-01 7:28 ` Sohil Mehta
2022-11-01 19:06 ` Joseph, Jithu
2022-11-03 11:33 ` Borislav Petkov
2022-11-03 19:25 ` Ashok Raj
2022-11-03 23:32 ` Borislav Petkov
2022-11-04 6:15 ` Joseph, Jithu
2022-11-04 10:50 ` Borislav Petkov
2022-11-04 22:02 ` Joseph, Jithu
2022-11-04 22:14 ` Borislav Petkov
2022-10-21 20:34 ` [PATCH 08/14] x86/microcode/intel: Meta-data support in microcode file Jithu Joseph
2022-11-01 8:51 ` Sohil Mehta
2022-11-01 18:05 ` Joseph, Jithu
2022-11-03 11:35 ` Borislav Petkov
2022-10-21 20:34 ` [PATCH 09/14] platform/x86/intel/ifs: Use generic microcode headers and functions Jithu Joseph
2022-11-01 18:37 ` Sohil Mehta
2022-11-01 21:07 ` Joseph, Jithu
2022-10-21 20:34 ` Jithu Joseph [this message]
2022-11-01 20:28 ` [PATCH 10/14] platform/x86/intel/ifs: Add metadata validation Sohil Mehta
2022-11-09 23:10 ` Sohil Mehta
2022-10-21 20:34 ` [PATCH 11/14] platform/x86/intel/ifs: Remove reload sysfs entry Jithu Joseph
2022-10-21 20:34 ` [PATCH 12/14] platform/x86/intel/ifs: Add current_batch " Jithu Joseph
2022-11-01 22:26 ` Sohil Mehta
2022-11-01 23:27 ` Joseph, Jithu
2022-11-03 8:03 ` Sohil Mehta
2022-10-21 20:34 ` [PATCH 13/14] Documentation/ABI: Update IFS ABI doc Jithu Joseph
2022-11-01 22:34 ` Sohil Mehta
2022-11-01 22:48 ` Joseph, Jithu
2022-11-01 22:59 ` Sohil Mehta
2022-11-02 22:10 ` Joseph, Jithu
2022-11-03 7:49 ` Sohil Mehta
2022-10-21 20:34 ` [PATCH 14/14] Revert "platform/x86/intel/ifs: Mark as BROKEN" Jithu Joseph
2022-11-03 8:21 ` [PATCH 00/14] IFS multi test image support and misc changes Sohil Mehta
2022-11-07 9:24 ` Hans de Goede
2022-11-07 23:01 ` Joseph, Jithu
2022-11-07 22:53 ` [PATCH v2 " Jithu Joseph
2022-11-07 22:53 ` [PATCH v2 01/14] platform/x86/intel/ifs: Remove unused selection Jithu Joseph
2022-11-09 1:52 ` Sohil Mehta
2022-11-10 21:03 ` Hans de Goede
2022-11-07 22:53 ` [PATCH v2 02/14] platform/x86/intel/ifs: return a more appropriate Error code Jithu Joseph
2022-11-09 1:57 ` Sohil Mehta
2022-11-10 21:04 ` Hans de Goede
2022-11-07 22:53 ` [PATCH v2 03/14] platform/x86/intel/ifs: Remove image loading during init Jithu Joseph
2022-11-09 1:59 ` Sohil Mehta
2022-11-10 21:06 ` Hans de Goede
2022-11-07 22:53 ` [PATCH v2 04/14] x86/microcode/intel: Expose find_matching_signature() for IFS Jithu Joseph
2022-11-09 2:06 ` Sohil Mehta
2022-11-11 13:44 ` Borislav Petkov
2022-11-07 22:53 ` [PATCH v2 05/14] x86/microcode/intel: Use appropriate type in microcode_sanity_check() Jithu Joseph
2022-11-09 2:47 ` Sohil Mehta
2022-11-11 13:46 ` Borislav Petkov
2022-11-07 22:53 ` [PATCH v2 06/14] x86/microcode/intel: Expose microcode_sanity_check() Jithu Joseph
2022-11-09 3:03 ` Sohil Mehta
2022-11-09 3:29 ` Joseph, Jithu
2022-11-11 14:33 ` Borislav Petkov
2022-11-11 21:39 ` Joseph, Jithu
2022-11-07 22:53 ` [PATCH v2 07/14] x86/microcode/intel: Use a reserved field for metasize Jithu Joseph
2022-11-09 3:06 ` Sohil Mehta
2022-11-11 14:37 ` Borislav Petkov
2022-11-07 22:53 ` [PATCH v2 08/14] platform/x86/intel/ifs: Add metadata support Jithu Joseph
2022-11-09 3:25 ` Sohil Mehta
2022-11-10 21:08 ` Hans de Goede
2022-11-11 16:16 ` Borislav Petkov
2022-11-07 22:53 ` [PATCH v2 09/14] platform/x86/intel/ifs: Use generic microcode headers and functions Jithu Joseph
2022-11-09 3:29 ` Sohil Mehta
2022-11-10 21:11 ` Hans de Goede
2022-11-11 16:23 ` Borislav Petkov
2022-11-11 20:41 ` Joseph, Jithu
2022-11-16 17:26 ` Tony Luck
2022-11-16 18:53 ` Borislav Petkov
2022-11-16 19:02 ` Luck, Tony
2022-11-07 22:53 ` [PATCH v2 10/14] platform/x86/intel/ifs: Add metadata validation Jithu Joseph
2022-11-09 23:15 ` Sohil Mehta
2022-11-10 1:22 ` Joseph, Jithu
2022-11-10 9:40 ` Sohil Mehta
2022-11-10 21:18 ` Hans de Goede
2022-11-11 18:39 ` Borislav Petkov
2022-11-11 18:48 ` Dave Hansen
2022-11-11 20:30 ` Joseph, Jithu
2022-11-11 21:29 ` Ashok Raj
2022-11-07 22:53 ` [PATCH v2 11/14] platform/x86/intel/ifs: Remove reload sysfs entry Jithu Joseph
2022-11-09 23:16 ` Sohil Mehta
2022-11-10 21:19 ` Hans de Goede
2022-11-07 22:53 ` [PATCH v2 12/14] platform/x86/intel/ifs: Add current_batch " Jithu Joseph
2022-11-09 23:46 ` Sohil Mehta
2022-11-10 21:22 ` Hans de Goede
2022-11-12 16:26 ` Borislav Petkov
2022-11-12 18:21 ` Thiago Macieira
2022-11-12 19:20 ` Borislav Petkov
2022-11-12 19:58 ` Ashok Raj
2022-11-13 2:06 ` Thiago Macieira
2022-11-12 18:33 ` Luck, Tony
2022-11-12 19:28 ` Borislav Petkov
2022-11-12 23:32 ` Luck, Tony
2022-11-13 2:35 ` Thiago Macieira
2022-11-13 7:37 ` gregkh
2022-11-13 11:48 ` Borislav Petkov
2022-11-13 15:15 ` Ashok Raj
2022-11-13 15:58 ` Borislav Petkov
2022-11-13 17:01 ` Ashok Raj
2022-11-13 18:41 ` Borislav Petkov
2022-11-13 21:40 ` Thiago Macieira
2022-11-13 22:59 ` Borislav Petkov
2022-11-14 18:13 ` Dave Hansen
2022-11-14 18:25 ` Luck, Tony
2022-11-14 19:03 ` Borislav Petkov
2022-11-14 19:07 ` Luck, Tony
2022-11-14 19:17 ` Borislav Petkov
2022-11-14 19:38 ` Luck, Tony
2022-11-14 19:51 ` Borislav Petkov
2022-11-13 16:41 ` Joseph, Jithu
2022-11-13 16:58 ` Borislav Petkov
2022-11-13 17:55 ` Joseph, Jithu
2022-11-13 18:27 ` Borislav Petkov
2022-11-13 21:33 ` Tony Luck
2022-11-13 22:55 ` Borislav Petkov
2022-11-13 21:21 ` Thiago Macieira
2022-11-13 22:40 ` Borislav Petkov
2022-11-13 21:51 ` Thiago Macieira
2022-11-13 23:05 ` Borislav Petkov
2022-11-14 8:28 ` Hans de Goede
2022-11-14 7:15 ` gregkh
2022-11-14 15:33 ` Tony Luck
2022-11-14 15:47 ` Borislav Petkov
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-07 22:53 ` [PATCH v2 13/14] Documentation/ABI: Update IFS ABI doc Jithu Joseph
2022-11-09 23:55 ` Sohil Mehta
2022-11-10 1:16 ` Joseph, Jithu
2022-11-10 21:33 ` Hans de Goede
2022-11-07 22:53 ` [PATCH v2 14/14] Revert "platform/x86/intel/ifs: Mark as BROKEN" Jithu Joseph
2022-11-09 23:57 ` Sohil Mehta
2022-11-10 21:34 ` Hans de Goede
2022-11-10 9:59 ` [PATCH v2 00/14] IFS multi test image support and misc changes Borislav Petkov
2022-11-10 21:37 ` Hans de Goede
2022-11-10 21:58 ` Joseph, Jithu
2022-11-17 3:59 ` [PATCH v3 00/16] " Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 01/16] platform/x86/intel/ifs: Remove unused selection Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 02/16] platform/x86/intel/ifs: Return a more appropriate Error code Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] platform/x86/intel/ifs: Return a more appropriate error code tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 03/16] platform/x86/intel/ifs: Remove image loading during init Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 04/16] platform/x86/intel/ifs: Remove memory allocation from load path Jithu Joseph
2022-11-17 8:51 ` Hans de Goede
2022-11-17 17:29 ` Jithu Joseph
2022-11-17 18:01 ` Hans de Goede
2022-11-17 19:59 ` Jithu Joseph
2022-11-17 21:13 ` Hans de Goede
2022-11-17 22:44 ` Joseph, Jithu
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 05/16] x86/microcode/intel: Reuse find_matching_signature() Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 06/16] x86/microcode/intel: Use appropriate type in microcode_sanity_check() Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 07/16] x86/microcode/intel: Reuse microcode_sanity_check() Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 08/16] x86/microcode/intel: Add hdr_type to intel_microcode_sanity_check() Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 09/16] x86/microcode/intel: Use a reserved field for metasize Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 10/16] platform/x86/intel/ifs: Add metadata support Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Ashok Raj
2022-11-17 3:59 ` [PATCH v3 11/16] platform/x86/intel/ifs: Use generic microcode headers and functions Jithu Joseph
2022-11-17 22:50 ` Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 12/16] platform/x86/intel/ifs: Add metadata validation Jithu Joseph
2022-11-17 23:04 ` Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 13/16] platform/x86/intel/ifs: Remove reload sysfs entry Jithu Joseph
2022-11-19 16:24 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 14/16] platform/x86/intel/ifs: Add current_batch " Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 15/16] Documentation/ABI: Update IFS ABI doc Jithu Joseph
2022-11-19 16:23 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17 3:59 ` [PATCH v3 16/16] Revert "platform/x86/intel/ifs: Mark as BROKEN" Jithu Joseph
2022-11-19 16:23 ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221021203413.1220137-11-jithu.joseph@intel.com \
--to=jithu.joseph@intel.com \
--cc=ashok.raj@intel.com \
--cc=athenas.jimenez.gonzalez@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdegoede@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=markgross@kernel.org \
--cc=mingo@redhat.com \
--cc=patches@lists.linux.dev \
--cc=platform-driver-x86@vger.kernel.org \
--cc=ravi.v.shankar@intel.com \
--cc=tglx@linutronix.de \
--cc=thiago.macieira@intel.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.