From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
To: <linux-cxl@vger.kernel.org>, <linux-pci@vger.kernel.org>
Cc: <linuxarm@huawei.com>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>,
Chris Browy <cbrowy@avery-design.com>, <keyrings@vger.kernel.org>,
"Bjorn Helgaas" <bjorn@helgaas.com>,
"David E . Box" <david.e.box@linux.intel.com>,
<dan.j.williams@intel.com>
Subject: [RFC PATCH v2 14/14] cxl/pci: Add really basic CMA authentication support.
Date: Thu, 3 Mar 2022 13:59:05 +0000 [thread overview]
Message-ID: <20220303135905.10420-15-Jonathan.Cameron@huawei.com> (raw)
In-Reply-To: <20220303135905.10420-1-Jonathan.Cameron@huawei.com>
This is just for purposes of poking the CMA / SPDM code.
What exactly the model in the driver looks like is still to
be worked out.
Note the PROBE_FORCE_SYNCHRONOUS is a workaround to avoid warnings
about trying to load an additional crypto module whilst doing an
asychronous probe.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
---
drivers/cxl/Kconfig | 1 +
drivers/cxl/cxlmem.h | 2 ++
drivers/cxl/pci.c | 40 +++++++++++++++++++++++++++++++++++++++-
lib/spdm.c | 2 +-
4 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/drivers/cxl/Kconfig b/drivers/cxl/Kconfig
index 9d53720bea07..4dfd2c19b285 100644
--- a/drivers/cxl/Kconfig
+++ b/drivers/cxl/Kconfig
@@ -17,6 +17,7 @@ config CXL_MEM
tristate "CXL.mem: Memory Devices"
default CXL_BUS
select PCI_DOE_DRIVER
+ select PCI_CMA
help
The CXL.mem protocol allows a device to act as a provider of
"System RAM" and/or "Persistent Memory" that is fully coherent
diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h
index b4209170f4ac..b69328118632 100644
--- a/drivers/cxl/cxlmem.h
+++ b/drivers/cxl/cxlmem.h
@@ -100,6 +100,7 @@ struct cxl_mbox_cmd {
*
* @dev: The device associated with this CXL state
* @cdat_doe: Auxiliary DOE device capabile of reading CDAT
+ * @cma_doe: Component measurement and authentication mailbox
* @regs: Parsed register blocks
* @payload_size: Size of space for payload
* (CXL 2.0 8.2.8.4.3 Mailbox Capabilities Register)
@@ -132,6 +133,7 @@ struct cxl_dev_state {
struct device *dev;
struct pci_doe_dev *cdat_doe;
+ struct pci_doe_dev *cma_doe;
struct cxl_regs regs;
size_t payload_size;
diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c
index ed94a6bef2de..ad823eeaafd9 100644
--- a/drivers/cxl/pci.c
+++ b/drivers/cxl/pci.c
@@ -1,9 +1,14 @@
// SPDX-License-Identifier: GPL-2.0-only
/* Copyright(c) 2020 Intel Corporation. All rights reserved. */
#include <linux/io-64-nonatomic-lo-hi.h>
+//#include <uapi/linux/cxl_mem.h>
+#include <linux/security.h>
+#include <linux/pci-cma.h>
+//#include <linux/debugfs.h>
#include <linux/module.h>
#include <linux/sizes.h>
#include <linux/mutex.h>
+#include <linux/spdm.h>
#include <linux/list.h>
#include <linux/pci.h>
#include <linux/pci-doe.h>
@@ -494,6 +499,26 @@ static int cxl_match_cdat_doe_device(struct device *dev, const void *data)
return 0;
}
+static int cxl_match_cma_doe_device(struct device *dev, const void *data)
+{
+ const struct cxl_dev_state *cxlds = data;
+ struct auxiliary_device *adev;
+ struct pci_doe_dev *doe_dev;
+
+ /* First determine if this auxiliary device belongs to the cxlds */
+ if (cxlds->dev != dev->parent)
+ return 0;
+
+ adev = to_auxiliary_dev(dev);
+ doe_dev = container_of(adev, struct pci_doe_dev, adev);
+
+ /* If it is one of ours check for the CMA protocol */
+ if (pci_doe_supports_prot(doe_dev, PCI_VENDOR_ID_PCI_SIG, 1)) //hack
+ return 1;
+
+ return 0;
+}
+
static int cxl_setup_doe_devices(struct cxl_dev_state *cxlds)
{
struct device *dev = cxlds->dev;
@@ -519,6 +544,10 @@ static int cxl_setup_doe_devices(struct cxl_dev_state *cxlds)
cxlds->cdat_doe = doe_dev;
}
+ adev = auxiliary_find_device(NULL, cxlds, &cxl_match_cma_doe_device);
+ if (adev)
+ cxlds->cma_doe = container_of(adev, struct pci_doe_dev, adev);
+
return 0;
}
@@ -643,6 +672,7 @@ static int cxl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
struct cxl_register_map map;
struct cxl_memdev *cxlmd;
struct cxl_dev_state *cxlds;
+ struct spdm_state spdm_state;
int rc;
/*
@@ -670,6 +700,14 @@ static int cxl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
cxl_initialize_cdat_callbacks(cxlds);
+ /* CMA is optional - policy control will be needed */
+ if (cxlds->cma_doe) {
+ pci_cma_init(cxlds->cma_doe, &spdm_state);
+ rc = pci_cma_authenticate(&spdm_state);
+ if (rc)
+ return rc;
+ }
+
rc = cxl_map_regs(cxlds, &map);
if (rc)
return rc;
@@ -712,7 +750,7 @@ static struct pci_driver cxl_pci_driver = {
.id_table = cxl_mem_pci_tbl,
.probe = cxl_pci_probe,
.driver = {
- .probe_type = PROBE_PREFER_ASYNCHRONOUS,
+ .probe_type = PROBE_FORCE_SYNCHRONOUS,
},
};
diff --git a/lib/spdm.c b/lib/spdm.c
index 3ce2341647f8..84a2d7f3989e 100644
--- a/lib/spdm.c
+++ b/lib/spdm.c
@@ -921,7 +921,7 @@ static int spdm_get_certificate(struct spdm_state *spdm_state)
key_ref_to_ptr(key2)->payload.data[asym_auth];
key = find_asymmetric_key(spdm_state->root_keyring, sig->auth_ids[0],
- sig->auth_ids[1], false);
+ sig->auth_ids[1], NULL, false);
if (IS_ERR(key)) {
dev_err(spdm_state->dev,
"Unable to retrieve signing certificate from _cma keyring\n");
--
2.32.0
prev parent reply other threads:[~2022-03-03 14:06 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-03 13:58 [RFC PATCH v2 00/14] PCI/CMA and SPDM Library Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 01/14] PCI: Add vendor ID for the PCI SIG Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 02/14] PCI: Replace magic constant for PCI Sig Vendor ID Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 03/14] PCI/DOE: Add Data Object Exchange Aux Driver Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 04/14] PCI/DOE: Introduce pci_doe_create_doe_devices Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 05/14] cxl/pci: Create DOE auxiliary devices Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 06/14] cxl/pci: Find the DOE mailbox which supports CDAT Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 07/14] cxl/mem: Read CDAT table Jonathan Cameron
2022-03-03 13:58 ` [RFC PATCH v2 08/14] cxl/cdat: Introduce cdat_hdr_valid() Jonathan Cameron
2022-03-03 13:59 ` [RFC PATCH v2 09/14] cxl/mem: Retry reading CDAT on failure Jonathan Cameron
2022-03-03 13:59 ` [RFC PATCH v2 10/14] cxl/cdat: Parse out DSMAS data from CDAT table Jonathan Cameron
2022-03-03 13:59 ` [RFC PATCH v2 11/14] lib/asn1_encoder: Add a function to encode many byte integer values Jonathan Cameron
2022-03-03 13:59 ` [RFC PATCH v2 12/14] spdm: Introduce a library for DMTF SPDM Jonathan Cameron
2022-05-09 18:07 ` Lukas Wunner
2022-03-03 13:59 ` [RFC PATCH v2 13/14] PCI/CMA: Initial support for Component Measurement and Authentication ECN Jonathan Cameron
2022-03-03 13:59 ` Jonathan Cameron [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220303135905.10420-15-Jonathan.Cameron@huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=bjorn@helgaas.com \
--cc=cbrowy@avery-design.com \
--cc=dan.j.williams@intel.com \
--cc=david.e.box@linux.intel.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=lorenzo.pieralisi@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.