Re: [PATCH v3 00/27] Thunderbolt security levels and NVM firmware upgrade

From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Mika Westerberg <mika.westerberg@linux.intel.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Andreas Noever <andreas.noever@gmail.com>,
	Michael Jamet <michael.jamet@intel.com>,
	Yehezkel Bernat <yehezkel.bernat@intel.com>,
	Lukas Wunner <lukas@wunner.de>,
	Amir Levy <amir.jer.levy@intel.com>,
	Andy Lutomirski <luto@kernel.org>,
	Mario.Limonciello@dell.com, Jared.Dominguez@dell.com,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 00/27] Thunderbolt security levels and NVM firmware upgrade
Date: Fri, 02 Jun 2017 20:58:59 +0300	[thread overview]
Message-ID: <1496426339.28981.65.camel@linux.intel.com> (raw)
In-Reply-To: <20170602140524.23367-1-mika.westerberg@linux.intel.com>

On Fri, 2017-06-02 at 17:04 +0300, Mika Westerberg wrote:
> Hi,
> 
> This is a third version of the patch series adding support for
> Thunderbolt
> security levels and NVM firmware upgrade. PCs running Intel Falcon
> Ridge or
> newer need these in order to connect devices if the security level is
> set
> to "user(SL1) or secure(SL2)" from BIOS.
> 
> The security levels were added to to prevent DMA attacks when PCIe is
> tunneled over Thunderbolt fabric where IOMMU is not available or
> cannot be
> enabled for different reasons.
> 
> This series converts the Thunderbolt driver to a Linux bus and makes
> each
> Thunderbolt device (aka Thunderbolt switch or router or endpoint) a
> Linux
> device which is connected to that bus addressed by their routing
> string
> (this is the addressing Thunderbolt uses).
> 
> With these patches the user can authorize devices using sysfs
> attributes
> like (following USB):
> 
>   # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized
> 
> If the BIOS security level is set to "secure" and the device supports
> secure connect on the first connect the device is uploaded a random
> key:
> 
>   # key=$(openssl rand -hex 32)
>   # echo $key > /sys/bus/thunderbolt/devices/0-1/key
>   # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized
> 
> Next time the device is plugged in the user can verify (challenge) the
> device using the same key:
> 
>   # echo $key > /sys/bus/thunderbolt/devices/0-1/key
>   # echo 2 > /sys/bus/thunderbolt/devices/0-1/authorized
> 
> The device identification information is found below each device sysfs
> node and includes following attributes:
> 
>   device	- Device ID
>   device_name	- Name of the device
>   vendor	- Vendor ID
>   vendor_name	- Name of the vendor
>   unique_id	- Unique ID string identifying this particular
> device
> 
> In addition these patches add support for upgrading NVM firmware
> running on
> a host or device by running something like:
> 
>   # dd if=KYK_TBT_FW_0018.bin of=/sys/bus/thunderbolt/devices/0-
> 0/nvm_non_active0/nvmem
>   # echo 1 > /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
> 
> More information how to use the Thunderbolt bus can be found in patch
> [26/27].
> 
> Where Internal Connection Manager (ICM) firmware is available and
> usable,
> we use it in the driver. This also includes newer Apple Macbooks with
> Alpine Ridge. For older Macbooks the driver works as before but in
> addition
> the Thunderbolt bus is available there as well (including possibility
> to
> upgrade NVM firmware of connected devices).
> 
> Note for Macs the Linux native PCIe hotplug support does not work well
> with
> the Thunderbolt PCIe topologies where there is need to put all
> available
> resources to the PCIe downstream port where the PCIe chain is
> extended.
> This is something we need to fix. In the mean time is a way to work it
> around by passing "pci=hpbussize=10,hpmemsize=2M" or so to the kernel
> command line.
> 
> Regarding Christoph's UUID series here [1], they now include the
> existing
> types for backwards compatibility so this series compiles and works
> fine
> with them. We will convert the Thunderbolt driver to use these new
> types
> once that series hits mainline.
> 
> Andreas and Lukas, do you have any comments or concerns regarding this
> series?
> 
> We are currently porting Amir's network driver on top of the
> Thunderbolt
> bus.
> 
> The previous version (v2) can be found in [2].
> 
> [1] http://git.infradead.org/users/hch/misc.git/shortlog/refs/heads/uu
> id-types
> [2] https://lwn.net/Articles/723935/
> 

Awesome work, Mika!

Have no more to comment.

> Changes from the previos version (v2):
> 
> [PATCH v2 03/27] thunderbolt: Do not try to read UID if DROM offset is
> read as 0
>   - Add Suggested-by Andreas
> 
> [PATCH v2 07/27] thunderbolt: Allow passing NULL to tb_ctl_free()
>   - Add Suggested-by Andy
> 
> [PATCH v2 09/27] thunderbolt: Convert switch to a device
>   - Rework comment regarding UUID to mention that it is not strictly
>     following rules of UUID format.
>   - Update Documentation/ABI/testing/sysfs-bus-thunderbolt unique_id
>     attribute description accordingly.
> 
> [PATCH v2 12/27] thunderbolt: Refactor and fix parsing of port drom
> entries
>   - Add Reviewed-by Andy
> 
> [PATCH v2 13/27] thunderbolt: Read vendor and device name from DROM
>   - Use ksrtndup() instead and drop parse_name()
> 
> [PATCH v2 21/27] thunderbolt: Store Thunderbolt generation in the
> switch structure
>   - Make the unknown switch defaulting to generation 1 more explicit
>   - Add Reviewed-by Andy
> 
> [PATCH v2 24/27] thunderbolt: Add support for Internal Connection
> Manager (ICM)
>   - Allow secure connect only when BIOS setting is in "secure
>     connect/SL2" to follow what Windows does.
> 
> [PATCH v2 25/27] thunderbolt: Add support for host and device NVM
> firmware upgrade
>   - Add check for sw->nvm in nvm_authenticate_store() to prevent NULL
>     pointer dereference when NVMem devices are not yet added.
> 
> [PATCH v2 26/27] thunderbolt: Add documentation how Thunderbolt bus
> can be used
>   - Update documentation to mention that secure connect is only
>     available when the BIOS setting is in "secure connect/SL2".
> 
> Lukas Wunner (1):
>   thunderbolt: Refactor and fix parsing of port drom entries
> 
> Mika Westerberg (26):
>   thunderbolt: Use const buffer pointer in write operations
>   thunderbolt: No need to read UID of the root switch on resume
>   thunderbolt: Do not try to read UID if DROM offset is read as 0
>   thunderbolt: Do not warn about newer DROM versions
>   thunderbolt: Add MSI-X support
>   thunderbolt: Rework capability handling
>   thunderbolt: Allow passing NULL to tb_ctl_free()
>   thunderbolt: Introduce thunderbolt bus and connection manager
>   thunderbolt: Convert switch to a device
>   thunderbolt: Fail switch adding operation if reading DROM fails
>   thunderbolt: Do not fail if DROM data CRC32 is invalid
>   thunderbolt: Read vendor and device name from DROM
>   thunderbolt: Move control channel messages to tb_msgs.h
>   thunderbolt: Expose get_route() to other files
>   thunderbolt: Expose make_header() to other files
>   thunderbolt: Let the connection manager handle all notifications
>   thunderbolt: Rework control channel to be more reliable
>   thunderbolt: Add new Thunderbolt PCI IDs
>   thunderbolt: Add support for NHI mailbox
>   thunderbolt: Store Thunderbolt generation in the switch structure
>   thunderbolt: Add support for DMA configuration based mailbox
>   thunderbolt: Do not touch the hardware if the NHI is gone on resume
>   thunderbolt: Add support for Internal Connection Manager (ICM)
>   thunderbolt: Add support for host and device NVM firmware upgrade
>   thunderbolt: Add documentation how Thunderbolt bus can be used
>   MAINTAINERS: Add maintainers for Thunderbolt driver
> 
>  Documentation/ABI/testing/sysfs-bus-thunderbolt |  110 +++
>  Documentation/admin-guide/index.rst             |    1 +
>  Documentation/admin-guide/thunderbolt.rst       |  199 ++++
>  MAINTAINERS                                     |    3 +
>  drivers/thunderbolt/Kconfig                     |   13 +-
>  drivers/thunderbolt/Makefile                    |    2 +-
>  drivers/thunderbolt/cap.c                       |  169 ++--
>  drivers/thunderbolt/ctl.c                       |  665 +++++++++----
>  drivers/thunderbolt/ctl.h                       |  105 +-
>  drivers/thunderbolt/dma_port.c                  |  524 ++++++++++
>  drivers/thunderbolt/dma_port.h                  |   34 +
>  drivers/thunderbolt/domain.c                    |  455 +++++++++
>  drivers/thunderbolt/eeprom.c                    |  119 ++-
>  drivers/thunderbolt/icm.c                       | 1089
> +++++++++++++++++++++
>  drivers/thunderbolt/nhi.c                       |  306 +++++-
>  drivers/thunderbolt/nhi.h                       |   93 +-
>  drivers/thunderbolt/nhi_regs.h                  |   27 +
>  drivers/thunderbolt/switch.c                    | 1178
> +++++++++++++++++++++--
>  drivers/thunderbolt/tb.c                        |  237 +++--
>  drivers/thunderbolt/tb.h                        |  251 ++++-
>  drivers/thunderbolt/tb_msgs.h                   |  260 +++++
>  drivers/thunderbolt/tb_regs.h                   |   50 +-
>  drivers/thunderbolt/tunnel_pci.c                |   17 +-
>  23 files changed, 5323 insertions(+), 584 deletions(-)
>  create mode 100644 Documentation/ABI/testing/sysfs-bus-thunderbolt
>  create mode 100644 Documentation/admin-guide/thunderbolt.rst
>  create mode 100644 drivers/thunderbolt/dma_port.c
>  create mode 100644 drivers/thunderbolt/dma_port.h
>  create mode 100644 drivers/thunderbolt/domain.c
>  create mode 100644 drivers/thunderbolt/icm.c
>  create mode 100644 drivers/thunderbolt/tb_msgs.h
> 

-- 
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Intel Finland Oy