From: Tom Rix <trix@redhat.com>
To: linux-kernel@vger.kernel.org,
"linux-fpga@vger.kernel.org" <linux-fpga@vger.kernel.org>
Subject: Re: [PATCH v1 00/12] Intel FPGA Security Manager Class Driver
Date: Sat, 5 Sep 2020 10:16:55 -0700 [thread overview]
Message-ID: <4d554f31-1267-92cc-f717-00992144c41b@redhat.com> (raw)
In-Reply-To: <20200904235305.6254-1-russell.h.weight@intel.com>
resending.
sorry for blowing past 80 chars.
On 9/4/20 4:52 PM, Russ Weight wrote:
> These patches depend on the patchset: "add regmap-spi-avmm & Intel
> Max10 BMC chip support" which is currently under review.
https://marc.info/?l=linux-kernel&m=159782274232229&w=2
regmap-spi-avmm is in linux-next.
max10 is not. however applying it does not resolve resolve
git am conflicts with yesterday's linux-next.
I normally build the larger patchsets as a test.
>
> --------------------------------------------------
>
> This patchset introduces the Intel Security Manager class driver
> for managing secure updates on Intel FPGA Cards. It also provides
> the n3000bmc-secure mfd sub-driver for the MAX10 BMC for the n3000
> Programmable Acceleration Cards (PAC). The n3000bmc-secure driver
> is implemented using the Intel Security Manager class driver.
>
> The Intel Security Manager class driver provides a common API for
> user-space tools to manage updates for Secure FPGA devices. Device
> drivers that instantiate the Intel Security Manager class driver will
> interact with the HW secure update engine in order to transfer
> new FPGA and BMC images to FLASH so that they will be automatically
> loaded when the FPGA card reboots.
>
> The API consists of sysfs nodes and supports the following functions:
>
> (1) Instantiate and monitor a secure update
> (2) Display security information including: Root Entry Hashes (REH),
> Cancelled Code Signing Keys (CSK), and flash update counts for
> both BMC and FPGA images.
>
> Secure updates make use of the request_firmware framework, which
> requires that image files are accessible under /lib/firmware. A request
> for a secure update returns immediately, while the update itself
> proceeds in the context of a kernel worker thread. Sysfs files provide
> a means for monitoring the progress of a secure update and for
> retrieving error information in the event of a failure.
>
> The n3000bmc-secure driver instantiates the Intel Security Manager
> class driver and provides the callback functions required to support
> secure updates on Intel n3000 PAC devices.
This is a good description. Because security manager is a new
interface, there should be a Documentation/fpga/ifpga-sec-mgr.rst
to collect this description.
How will these devices be discovered ? n3000 is a dfl device,
will there be a dfl feature id for it at some point ?
Can you describe if/how the security manager would live outside
of dfl ? I am wondering why this shouldn't be dfl-sec-mgr.
I did not see any version handling. How would this sw adapt
to a newer or older version of the bmc interface?
Tom
>
> Russ Weight (12):
> fpga: fpga security manager class driver
> fpga: create intel max10 bmc security engine
> fpga: expose max10 flash update counts in sysfs
> fpga: expose max10 canceled keys in sysfs
> fpga: enable secure updates
> fpga: add max10 secure update functions
> fpga: expose sec-mgr update status
> fpga: expose sec-mgr update errors
> fpga: expose sec-mgr update size
> fpga: enable sec-mgr update cancel
> fpga: expose hardware error info in sysfs
> fpga: add max10 get_hw_errinfo callback func
>
> .../ABI/testing/sysfs-class-ifpga-sec-mgr | 151 ++++
> MAINTAINERS | 8 +
> drivers/fpga/Kconfig | 20 +
> drivers/fpga/Makefile | 6 +
> drivers/fpga/ifpga-sec-mgr.c | 669 ++++++++++++++++++
> drivers/fpga/intel-m10-bmc-secure.c | 557 +++++++++++++++
> include/linux/fpga/ifpga-sec-mgr.h | 201 ++++++
> include/linux/mfd/intel-m10-bmc.h | 116 +++
> 8 files changed, 1728 insertions(+)
> create mode 100644 Documentation/ABI/testing/sysfs-class-ifpga-sec-mgr
> create mode 100644 drivers/fpga/ifpga-sec-mgr.c
> create mode 100644 drivers/fpga/intel-m10-bmc-secure.c
> create mode 100644 include/linux/fpga/ifpga-sec-mgr.h
>
next prev parent reply other threads:[~2020-09-05 17:17 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-04 23:52 [PATCH v1 00/12] Intel FPGA Security Manager Class Driver Russ Weight
2020-09-04 23:52 ` [PATCH v1 01/12] fpga: fpga security manager class driver Russ Weight
2020-09-04 23:57 ` Randy Dunlap
2020-09-05 0:23 ` Moritz Fischer
2020-09-05 0:44 ` Russ Weight
2020-09-05 13:39 ` Wu, Hao
2020-09-05 19:09 ` Tom Rix
[not found] ` <ebf251a0-5f13-d1a1-6915-e3c940bb19fe@intel.com>
2020-09-10 21:51 ` Tom Rix
2020-09-10 23:05 ` Russ Weight
2020-09-16 20:16 ` Moritz Fischer
2020-09-30 20:54 ` Russ Weight
2020-10-01 0:31 ` Moritz Fischer
2020-10-01 1:07 ` Russ Weight
2020-10-01 19:07 ` Moritz Fischer
2020-09-04 23:52 ` [PATCH v1 02/12] fpga: create intel max10 bmc security engine Russ Weight
2020-09-05 0:01 ` Randy Dunlap
2020-09-05 0:05 ` Russ Weight
2020-09-05 20:22 ` Tom Rix
2020-09-14 19:07 ` Russ Weight
2020-09-14 20:48 ` Tom Rix
2020-09-14 21:40 ` Russ Weight
2020-09-16 20:33 ` Moritz Fischer
2020-09-30 23:14 ` Russ Weight
2020-09-04 23:52 ` [PATCH v1 03/12] fpga: expose max10 flash update counts in sysfs Russ Weight
2020-09-05 20:39 ` Tom Rix
2020-09-16 18:37 ` Russ Weight
2020-09-04 23:52 ` [PATCH v1 04/12] fpga: expose max10 canceled keys " Russ Weight
2020-09-05 20:52 ` Tom Rix
2020-09-04 23:52 ` [PATCH v1 05/12] fpga: enable secure updates Russ Weight
2020-09-05 22:04 ` Tom Rix
[not found] ` <1d90bfb6-417c-55df-9290-991c391158a9@intel.com>
2020-09-20 15:24 ` Tom Rix
2020-09-04 23:52 ` [PATCH v1 06/12] fpga: add max10 secure update functions Russ Weight
2020-09-06 16:10 ` Tom Rix
2020-09-22 1:15 ` Russ Weight
2020-09-08 8:05 ` Lee Jones
2020-09-04 23:53 ` [PATCH v1 07/12] fpga: expose sec-mgr update status Russ Weight
2020-09-06 16:16 ` Tom Rix
2020-09-22 22:31 ` Russ Weight
2020-09-04 23:53 ` [PATCH v1 08/12] fpga: expose sec-mgr update errors Russ Weight
2020-09-06 16:27 ` Tom Rix
2020-09-22 23:42 ` Russ Weight
2020-09-23 12:52 ` Tom Rix
2020-09-04 23:53 ` [PATCH v1 09/12] fpga: expose sec-mgr update size Russ Weight
2020-09-06 16:39 ` Tom Rix
2020-09-04 23:53 ` [PATCH v1 10/12] fpga: enable sec-mgr update cancel Russ Weight
2020-09-06 17:00 ` Tom Rix
[not found] ` <678f8d39-a244-42d0-4c56-91eb859b43f0@intel.com>
2020-09-23 13:02 ` Tom Rix
2020-09-04 23:53 ` [PATCH v1 11/12] fpga: expose hardware error info in sysfs Russ Weight
2020-09-06 17:06 ` Tom Rix
2020-09-04 23:53 ` [PATCH v1 12/12] fpga: add max10 get_hw_errinfo callback func Russ Weight
2020-09-06 17:14 ` Tom Rix
2020-09-24 21:48 ` Russ Weight
2020-09-05 14:13 ` [PATCH v1 00/12] Intel FPGA Security Manager Class Driver Wu, Hao
2020-10-01 20:42 ` Russ Weight
2020-09-05 16:10 ` Tom Rix
2020-09-05 17:16 ` Tom Rix [this message]
2020-10-01 0:19 ` Russ Weight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4d554f31-1267-92cc-f717-00992144c41b@redhat.com \
--to=trix@redhat.com \
--cc=linux-fpga@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).