[PATCHv1] Add Intel Stratix10 service layer binding
From: Richard Gong Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard processor system (HPS) and Secure Device Manager (SDM). When the FPGA is configured from HPS, there needs to be a way for HPS to notify SDM the location and size of the configuration data. Then SDM will get the configuration data from that location and perform the FPGA configuration. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3, Exception Layer 3) can interface with SDM. All software entities running on other exception layers must channel through the EL3 software whenever it needs service from SDM. Intel Stratix10 service layer driver, running at privileged exception level (EL1, Exception Layer 1), interfaces with the service providers and provides the services for FPGA configuration, QSPI, Crypto and warm reset. Service layer driver also manages secure monitor call (SMC) to communicate with secure monitor code running in EL3. This patch adds a device tree binding for Intel Stratix10 service layer driver Richard Gong (1): dt-bindings: misc: add Intel Stratix10 service layer binding .../devicetree/bindings/misc/intel-service.txt | 56 ++ 1 file changed, 56 insertions(+) create mode 100644 Documentation/devicetree/bindings/misc/intel-service.txt -- 2.7.4
[PATCHv1] dt-bindings: misc: add Intel Stratix10 service layer binding
From: Richard Gong Add a device tree binding for the Intel Stratix10 service layer driver Signed-off-by: Richard Gong --- .../devicetree/bindings/misc/intel-service.txt | 56 ++ 1 file changed, 56 insertions(+) create mode 100644 Documentation/devicetree/bindings/misc/intel-service.txt diff --git a/Documentation/devicetree/bindings/misc/intel-service.txt b/Documentation/devicetree/bindings/misc/intel-service.txt new file mode 100644 index 000..254e4a1 --- /dev/null +++ b/Documentation/devicetree/bindings/misc/intel-service.txt @@ -0,0 +1,56 @@ +Intel Service Layer Driver for Stratix10 SoC + +Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard +processor system (HPS) and Secure Device Manager (SDM). When the FPGA is +configured from HPS, there needs to be a way for HPS to notify SDM the +location and size of the configuration data. Then SDM will get the +configuration data from that location and perform the FPGA configuration. + +To meet the whole system security needs and support virtual machine requesting +communication with SDM, only the secure world of software (EL3, Exception +Layer 3) can interface with SDM. All software entities running on other +exception layers must channel through the EL3 software whenever it needs +service from SDM. + +Intel Stratix10 service layer driver, running at privileged exception level +(EL1, Exception Layer 1), interfaces with the service providers and provides +the services for FPGA configuration, QSPI, Crypto and warm reset. Service layer +driver also manages secure monitor call (SMC) to communicate with secure monitor +code running in EL3. + +Required properties: + +The following are the mandatory properties: + +- compatible: + "intc,svc-1.0" +- method: + smc or hvc + smc - Secure Monitor Call + hvc - Hypervisor Call +- memory-region: + phandle to the reserved memory node. See + Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt + for details + +Example: + + + reserved-memory { +#address-cells = <2>; +#size-cells = <2>; +ranges; + +service_reserved: svcbuffer@0 { +compatible = "shared-dma-pool"; +reg = <0x0 0x0 0x0 0x100>; +alignment = <0x1000>; +no-map; +}; +}; + + svc { + compatible = "intc,svc-1.0"; + method = "smc"; + memory-region = <&service_reserved> + }; -- 2.7.4
[PATCHv1] Add Intel Stratix10 service layer driver
From: Richard Gong Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard processor system (HPS) and Secure Device Manager (SDM). SDM is the hardware which does the FPGA configuration, QSPI, Crypto and warm reset. When the FPGA is configured from HPS, there needs to be a way for HPS to notify SDM the location and size of the configuration data. Then SDM will get the configuration data from that location and perform the FPGA configuration. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3, Exception Level 3) can interface with SDM. All software entities running on other exception levels must channel through the EL3 software whenever it needs service from SDM. Intel Stratix10 service layer driver is added to provide the service for FPGA configuration. Running at privileged exception level (EL1, Exception Level 1), Intel Stratix10 service layer driver interfaces with the service provider at EL1 (Intel Stratix10 FPGA Manager) and manages secure monitor call (SMC) to communicate with secure monitor software at secure monitor exception level (EL3). Later the Intel Stratix10 service layer driver will be extended to provide services for QSPI, Crypto and warm reset. Richard Gong (1): driver: misc: add Intel Stratix10 service layer driver drivers/misc/Kconfig | 3 +- drivers/misc/Makefile | 3 +- drivers/misc/intel-service/Kconfig | 9 + drivers/misc/intel-service/Makefile| 2 + drivers/misc/intel-service/intel_service.c | 703 + include/linux/intel-service-client.h | 227 ++ include/linux/intel-service.h | 122 + include/linux/intel-smc.h | 246 ++ 8 files changed, 1313 insertions(+), 2 deletions(-) create mode 100644 drivers/misc/intel-service/Kconfig create mode 100644 drivers/misc/intel-service/Makefile create mode 100644 drivers/misc/intel-service/intel_service.c create mode 100644 include/linux/intel-service-client.h create mode 100644 include/linux/intel-service.h create mode 100644 include/linux/intel-smc.h -- 2.7.4
[PATCHv1] driver: misc: add Intel Stratix10 service layer driver
From: Richard Gong Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard processor system (HPS) and Secure Device Manager (SDM). SDM is the hardware which does the FPGA configuration, QSPI, Crypto and warm reset. When the FPGA is configured from HPS, there needs to be a way for HPS to notify SDM the location and size of the configuration data. Then SDM will get the configuration data from that location and perform the FPGA configuration. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3, Exception Level 3) can interface with SDM. All software entities running on other exception levels must channel through the EL3 software whenever it needs service from SDM. Intel Stratix10 service layer driver is added to provide the service for FPGA configuration. Running at privileged exception level (EL1, Exception Level 1), Intel Stratix10 service layer driver interfaces with the service provider at EL1 (Intel Stratix10 FPGA Manager) and manages secure monitor call (SMC) to communicate with secure monitor software at secure monitor exception level (EL3). Signed-off-by: Richard Gong --- drivers/misc/Kconfig | 3 +- drivers/misc/Makefile | 3 +- drivers/misc/intel-service/Kconfig | 9 + drivers/misc/intel-service/Makefile| 2 + drivers/misc/intel-service/intel_service.c | 703 + include/linux/intel-service-client.h | 227 ++ include/linux/intel-service.h | 122 + include/linux/intel-smc.h | 246 ++ 8 files changed, 1313 insertions(+), 2 deletions(-) create mode 100644 drivers/misc/intel-service/Kconfig create mode 100644 drivers/misc/intel-service/Makefile create mode 100644 drivers/misc/intel-service/intel_service.c create mode 100644 include/linux/intel-service-client.h create mode 100644 include/linux/intel-service.h create mode 100644 include/linux/intel-smc.h diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig index 4c842e8..eaca4bb 100644 --- a/drivers/misc/Kconfig +++ b/drivers/misc/Kconfig @@ -1,4 +1,4 @@ -# +# SPDX-License-Identifier: GPL-2.0 # Misc strange devices # @@ -528,6 +528,7 @@ source "drivers/misc/eeprom/Kconfig" source "drivers/misc/cb710/Kconfig" source "drivers/misc/ti-st/Kconfig" source "drivers/misc/lis3lv02d/Kconfig" +source "drivers/misc/intel-service/Kconfig" source "drivers/misc/altera-stapl/Kconfig" source "drivers/misc/mei/Kconfig" source "drivers/misc/vmw_vmci/Kconfig" diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile index e07c116..6ee779d 100644 --- a/drivers/misc/Makefile +++ b/drivers/misc/Makefile @@ -1,4 +1,4 @@ -# +# SPDX-License-Identifier: GPL-2.0 # Makefile for misc devices that really don't fit anywhere else. # @@ -58,6 +58,7 @@ obj-$(CONFIG_CXL_BASE)+= cxl/ obj-$(CONFIG_ASPEED_LPC_CTRL) += aspeed-lpc-ctrl.o obj-$(CONFIG_ASPEED_LPC_SNOOP) += aspeed-lpc-snoop.o obj-$(CONFIG_PCI_ENDPOINT_TEST)+= pci_endpoint_test.o +obj-$(CONFIG_INTEL_SERVICE)+= intel-service/ lkdtm-$(CONFIG_LKDTM) += lkdtm_core.o lkdtm-$(CONFIG_LKDTM) += lkdtm_bugs.o diff --git a/drivers/misc/intel-service/Kconfig b/drivers/misc/intel-service/Kconfig new file mode 100644 index 000..69ce397 --- /dev/null +++ b/drivers/misc/intel-service/Kconfig @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0 +config INTEL_SERVICE + tristate "Intel Service Controller" + default y + depends on ARCH_STRATIX10 + help +An implementation of Intel service controller. It is used to provide service to +FPGA manager on Intel Stratix 10 SOC for FPGA configuration. Say Y here if you +want Intel service controller support diff --git a/drivers/misc/intel-service/Makefile b/drivers/misc/intel-service/Makefile new file mode 100644 index 000..9509b91 --- /dev/null +++ b/drivers/misc/intel-service/Makefile @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0 +obj-y += intel_service.o diff --git a/drivers/misc/intel-service/intel_service.c b/drivers/misc/intel-service/intel_service.c new file mode 100644 index 000..90f883c --- /dev/null +++ b/drivers/misc/intel-service/intel_service.c @@ -0,0 +1,703 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2017-2018, Intel Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +
Re: [PATCHv1] dt-bindings: misc: add Intel Stratix10 service layer binding
On 01/30/2018 10:57 AM, Rob Herring wrote: On Tue, Jan 23, 2018 at 01:25:02PM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Add a device tree binding for the Intel Stratix10 service layer driver Signed-off-by: Richard Gong --- .../devicetree/bindings/misc/intel-service.txt | 56 ++ 1 file changed, 56 insertions(+) create mode 100644 Documentation/devicetree/bindings/misc/intel-service.txt diff --git a/Documentation/devicetree/bindings/misc/intel-service.txt b/Documentation/devicetree/bindings/misc/intel-service.txt new file mode 100644 index 000..254e4a1 --- /dev/null +++ b/Documentation/devicetree/bindings/misc/intel-service.txt @@ -0,0 +1,56 @@ +Intel Service Layer Driver for Stratix10 SoC + +Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard +processor system (HPS) and Secure Device Manager (SDM). When the FPGA is +configured from HPS, there needs to be a way for HPS to notify SDM the +location and size of the configuration data. Then SDM will get the +configuration data from that location and perform the FPGA configuration. + +To meet the whole system security needs and support virtual machine requesting +communication with SDM, only the secure world of software (EL3, Exception +Layer 3) can interface with SDM. All software entities running on other +exception layers must channel through the EL3 software whenever it needs +service from SDM. + +Intel Stratix10 service layer driver, running at privileged exception level +(EL1, Exception Layer 1), interfaces with the service providers and provides +the services for FPGA configuration, QSPI, Crypto and warm reset. Service layer +driver also manages secure monitor call (SMC) to communicate with secure monitor +code running in EL3. + +Required properties: + +The following are the mandatory properties: + +- compatible: + "intc,svc-1.0" +- method: + smc or hvc + smc - Secure Monitor Call + hvc - Hypervisor Call Do you really need to support hvc or you are just copying and pasting from other implementations? Thanks for the review. Yes, We need to support hvc. +- memory-region: + phandle to the reserved memory node. See + Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt + for details Please also put the svc node under the /firmware node and state that in the binding. Sure, I will fix that in the next version. Regards, Richard + +Example: + + + reserved-memory { +#address-cells = <2>; +#size-cells = <2>; +ranges; + +service_reserved: svcbuffer@0 { +compatible = "shared-dma-pool"; +reg = <0x0 0x0 0x0 0x100>; +alignment = <0x1000>; +no-map; +}; +}; + + svc { + compatible = "intc,svc-1.0"; + method = "smc"; + memory-region = <&service_reserved> + }; -- 2.7.4
Re: [PATCHv1] Add Intel Stratix10 service layer driver
Hi Greg, Many thanks for your reviews. On 01/25/2018 10:53 AM, Greg KH wrote: On Thu, Jan 25, 2018 at 10:39:03AM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard processor system (HPS) and Secure Device Manager (SDM). SDM is the hardware which does the FPGA configuration, QSPI, Crypto and warm reset. When the FPGA is configured from HPS, there needs to be a way for HPS to notify SDM the location and size of the configuration data. Then SDM will get the configuration data from that location and perform the FPGA configuration. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3, Exception Level 3) can interface with SDM. All software entities running on other exception levels must channel through the EL3 software whenever it needs service from SDM. Intel Stratix10 service layer driver is added to provide the service for FPGA configuration. Running at privileged exception level (EL1, Exception Level 1), Intel Stratix10 service layer driver interfaces with the service provider at EL1 (Intel Stratix10 FPGA Manager) and manages secure monitor call (SMC) to communicate with secure monitor software at secure monitor exception level (EL3). Later the Intel Stratix10 service layer driver will be extended to provide services for QSPI, Crypto and warm reset. Richard Gong (1): driver: misc: add Intel Stratix10 service layer driver drivers/misc/Kconfig | 3 +- drivers/misc/Makefile | 3 +- drivers/misc/intel-service/Kconfig | 9 + drivers/misc/intel-service/Makefile| 2 + drivers/misc/intel-service/intel_service.c | 703 + include/linux/intel-service-client.h | 227 ++ include/linux/intel-service.h | 122 + include/linux/intel-smc.h | 246 ++ Simple questions first: - why do you have 3 different .h files for a single .c file? This is because service layer driver interface with both the service provider and secure monitor SW. intel-service-client.h is created to define interface between service providers (FPGA manager is one of them) and service layer. Alan Tull's FPGA manager .c file includes this header file intel-smc.h defines the secure monitor call (SMC) message protocols used for service layer driver in normal world (EL1) to communicate with secure monitor SW in secure monitor exception level 3 (EL3). Also this header file is shared with firmware since both (FW, service layer) utilizes the same SMC message protocol. intel-sevice.h is created to define service layer's own data structures (service controller, channel for communicating with service provider, shared memory region, private data etc) - why do you have any public .h files for a single .c file? intel-service-client.h is public .h and should be at include/linux/ intel-service.h and intel-smc.h are private .h files, should be in driver/misc/ (assume I move .c file from driver/misc/intel-service/ to driver/misc/) - use the correct SPDX markers for your file licenses, Intel legal knows all about this, please follow their rules. I will follow those rules. - why is this in a subdirectory for a single .c file? Currently service layer is implemented to support FPGA configuration only. We have the new requirements and need to extend service layer to support additional features such as QSPI, Crypto and warm reset. It is expected that a few new files will be added later. For now I can move the single .c file from driver/misc/intel-service/ to driver/misc/. Regards, Richard thanks, greg k-h
[PATCHv11 0/8] Add Intel Stratix10 FPGA manager and service layer
From: Richard Gong This is the 11th submission of Intel Stratix10 service layer and FPGA manager driver patches. Starting from 10th submission Stratix10 service layer driver .c file is moved to drivers/firmware, header files is moved to include/linux/firmware/intel. And other firmware interface includes Stratix10 service layer document. Stratix10 service layer patches have been reviewed internally by Alan Tull and other colleagues at Intel. Some features of the Intel Stratix10 SoC require a level of privilege higher than the kernel is granted. Such secure features include FPGA programming, remote status update, read and write the secure registers. In terms of the ARMv8 architecture, the kernel runs at Exception Level 1 (EL1), access to the features requires Exception Level 3 (EL3). The Intel Stratix10 service layer provides kernel APIs for drivers to request access to the secure features. The requests are queued and processed one by one. ARM’s SMCCC is used to pass the execution of the requests on to a secure monitor (EL3). Later the Intel Stratix10 service layer driver will be extended to provide services for QSPI, Crypto and warm reset. v2: add patches for FPGA manager, FPGA manager binding, dts and defconfig remove intel-service subdirectory and intel-service.h, move intel-smc.h and intel-service.c to driver/misc subdirectory. remove global variables. change service layer driver be 'default n'. correct SPDX markers. add timeout for do..while() loop. add kernel-doc for the functions and structs, correct multiline comments. replace kfifo_in and kfifo_out with kfifo_in_spinlocked and kfifo_out_spinlocked. rename struct intel_svc_data (at client header) to intel_svc_client_msg. rename struct intel_svc_private_mem to intel_svc_data. other corrections/changes from Intel internal code reviews. v3: change all exported functions with "intel_svc_" as the prefix. increase timeout values for claiming back submitted buffer(s). rename struct intel_command_reconfig_payload to struct intel_svc_command_reconfig_payload. add pr_err() to provide the error return value. change to put fpga_mgr node under firmware/svc node. change to FPGA manager to align the update of service client APIs, and the update of fpga_mgr device node. Other corrections/changes. v4: s/intel/stratix10/ on some variables, structs, functions, and file names intel-service.c -> stratix10-svc.c intel-smc.h -> stratix10-smc.h intel-service-client.h -> stratix10-svc-client.h. remove non-kernel-doc formatting. s/fpga-mgr@0/fpga-mgr/ to remove unit_address at fpga_mgr node. add Rob's Reviewed-by. add Richard's signed-off-by. v5: add a new API statix10_svc_done() which is called by service client when client request is completed or error occurs during request process. Which allows service layer to free its resources. remove dummy client from service layer client header and service layer source file. add Rob's Reviewed-by. add a new file stratix10-svc.rst and add that to driver-api/index.rst. kernel-doc fixes. v6: replace kthread_create_on_cpu() with kthread_create_on_node(). extend stratix_svc_send() to support service client which doesn't use memory allocated by service layer. add S10_RECONFIG_TIMEOUT. rename s/S10_BUF_TIMEOUT/S10_BUFFER_TIMEOUT/. fix service layer and FPGA manager Klocwork errors. v7: add remote status update client support. s/pr_debug/dev_dbg, s/dev_info/dev_dbg. add unlock buffer if s10_svc_send_msg() fails. add release channel if fpga_mgr_create() fails. handle invalid pointer at svc if the client passed an invalid name. v8: move stratix10-smc.h to include/linux from driver/misc. revert version 7 error code & smc function ID value changes at stratix10-smc.h. add a goto and common error handling at the end of fpga driver's. probe function. v9: remove a patch on defconfig for enable service layer and FPGA manager. resolve a issue found at git-bisect test. remove kernel-doc markups that aren't being built. v10:move stratix10-smc.h and stratix10-svc-client.h to include/linux/firmware/intel. move stratix10-svc.c to drivers/firmware. s/STRATIX10_SERVICE/INTEL_STRATIX10_SERVICE, fix a Klocwork error at service layer driver. s/stratix10_svc_command_reconfig_payload/ stratix10_svc_command_config_type. add stratix10 service layer document to other firmware interface. update path for the included header in Stratix10 FPGA manager driver. v11:add Acked-by Moritz Fischer add additional space at Kconfig file's help text fix a type in commit message from patch #8 Alan Tull (3): dt-bindings: fpga: add Stratix10 SoC FPGA manager binding arm64: dts: stratix10: add fpga manager and region fpga: add intel stratix10 soc fpga manager dr
[PATCHv5 5/8] arm64: dts: stratix10: add fpga manager and region
From: Alan Tull Add the Stratix10 FPGA manager and a FPGA region to the device tree. Signed-off-by: Alan Tull Signed-off-by: Richard Gong --- v2: this patch is added in patch set version 2 v3: change to put fpga_mgr node under firmware/svc node v4: s/fpga-mgr@0/fpga-mgr/ to remove unit_address add Richard's signed-off-by v5: no change --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 12 1 file changed, 12 insertions(+) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index c257287..8f8f409 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -106,6 +106,14 @@ interrupt-parent = <&intc>; ranges = <0 0 0 0x>; + base_fpga_region { + #address-cells = <0x1>; + #size-cells = <0x1>; + + compatible = "fpga-region"; + fpga-mgr = <&fpga_mgr>; + }; + clkmgr: clock-controller@ffd1 { compatible = "intel,stratix10-clkmgr"; reg = <0xffd1 0x1000>; @@ -506,6 +514,10 @@ compatible = "intel,stratix10-svc"; method = "smc"; memory-region = <&service_reserved>; + + fpga_mgr: fpga-mgr { + compatible = "intel,stratix10-soc-fpga-mgr"; + }; }; }; }; -- 2.7.4
[PATCHv5 1/8] dt-bindings, firmware: add Intel Stratix10 service layer binding
From: Richard Gong Add a device tree binding for the Intel Stratix10 service layer driver Signed-off-by: Richard Gong Signed-off-by: Alan Tull Reviewed-by: Rob Herring --- v2: Change to put service layer driver node under the firmware node Change compatible to "intel, stratix10-svc" v3: No change v4: Add Rob's Reviewed-by v5: No change --- .../bindings/firmware/intel,stratix10-svc.txt | 57 ++ 1 file changed, 57 insertions(+) create mode 100644 Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt diff --git a/Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt b/Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt new file mode 100644 index 000..1fa6606 --- /dev/null +++ b/Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt @@ -0,0 +1,57 @@ +Intel Service Layer Driver for Stratix10 SoC + +Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard +processor system (HPS) and Secure Device Manager (SDM). When the FPGA is +configured from HPS, there needs to be a way for HPS to notify SDM the +location and size of the configuration data. Then SDM will get the +configuration data from that location and perform the FPGA configuration. + +To meet the whole system security needs and support virtual machine requesting +communication with SDM, only the secure world of software (EL3, Exception +Layer 3) can interface with SDM. All software entities running on other +exception layers must channel through the EL3 software whenever it needs +service from SDM. + +Intel Stratix10 service layer driver, running at privileged exception level +(EL1, Exception Layer 1), interfaces with the service providers and provides +the services for FPGA configuration, QSPI, Crypto and warm reset. Service layer +driver also manages secure monitor call (SMC) to communicate with secure monitor +code running in EL3. + +Required properties: +--- +The svc node has the following mandatory properties, must be located under +the firmware node. + +- compatible: "intel,stratix10-svc" +- method: smc or hvc +smc - Secure Monitor Call +hvc - Hypervisor Call +- memory-region: + phandle to the reserved memory node. See + Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt + for details + +Example: +--- + + reserved-memory { +#address-cells = <2>; +#size-cells = <2>; +ranges; + +service_reserved: svcbuffer@0 { +compatible = "shared-dma-pool"; +reg = <0x0 0x0 0x0 0x100>; +alignment = <0x1000>; +no-map; +}; +}; + + firmware { + svc { + compatible = "intel,stratix10-svc"; + method = "smc"; + memory-region = <&service_reserved>; + }; + }; -- 2.7.4
[PATCHv5 8/8] Documentation: driver-api: add stratix10 service layer
From: Richard Gong Add new file stratix10-svc.rst Add stratix10-svc.rst to driver-api/index.rst Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v5: this patch is added in patch set version 5 --- Documentation/driver-api/index.rst | 1 + Documentation/driver-api/stratix10-svc.rst | 32 ++ 2 files changed, 33 insertions(+) create mode 100644 Documentation/driver-api/stratix10-svc.rst diff --git a/Documentation/driver-api/index.rst b/Documentation/driver-api/index.rst index 6d8352c..4b31109 100644 --- a/Documentation/driver-api/index.rst +++ b/Documentation/driver-api/index.rst @@ -49,6 +49,7 @@ available subsections can be seen below. dmaengine/index slimbus soundwire/index + stratix10-svc .. only:: subproject and html diff --git a/Documentation/driver-api/stratix10-svc.rst b/Documentation/driver-api/stratix10-svc.rst new file mode 100644 index 000..ed361d8 --- /dev/null +++ b/Documentation/driver-api/stratix10-svc.rst @@ -0,0 +1,32 @@ + +Intel Stratix10 SoC Service Layer += + +Some features of the Intel Stratix10 SoC require a level of privilege +higher than the kernel is granted. Such secure features include +FPGA programming. In terms of the ARMv8 architecture, the kernel runs +at Exception Level 1 (EL1), access to the features requires +Exception Level 3 (EL3). + +The Intel Stratix10 SoC service layer provides an in kernel API for +drivers to request access to the secure features. The requests are queued +and processed one by one. ARM’s SMCCC is used to pass the execution +of the requests on to a secure monitor (EL3). + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_command_code + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_client_msg + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_command_reconfig_payload + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_cb_data + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_client + +.. kernel-doc:: drivers/misc/stratix10-svc.c + :export: -- 2.7.4
[PATCHv5 0/8] Add Intel Stratix10 FPGA manager and service layer
From: Richard Gong This is the 5th submission of Intel stratix10 service layer patches. Intel Stratix10 FPGA manager, which is 1st Stratix10 service layer client, is included in this submission. Stratix10 service layer patches have been reviewed internally by Alan Tull and other colleagues at Intel. Some features of the Intel Stratix10 SoC require a level of privilege higher than the kernel is granted. Such secure features include FPGA programming. In terms of the ARMv8 architecture, the kernel runs at Exception Level 1 (EL1), access to the features requires Exception Level 3 (EL3). The Intel Stratix10 service layer provides an in kernel API for drivers to request access to the secure features. The requests are queued and processed one by one. ARM’s SMCCC is used to pass the execution of the requests on to a secure monitor (EL3). Later the Intel Stratix10 service layer driver will be extended to provide services for QSPI, Crypto and warm reset. v2: add patches for FPGA manager, FPGA manager binding, dts and defconfig remove intel-service subdirectory and intel-service.h, move intel-smc.h and intel-service.c to driver/misc subdirectory remove global variables change service layer driver be 'default n' correct SPDX markers add timeout for do..while() loop add kernel-doc for the functions and structs, correct multiline comments replace kfifo_in/kfifo_out with kfifo_in_spinlocked/kfifo_out_spinlocked rename struct intel_svc_data (at client header) to intel_svc_client_msg rename struct intel_svc_private_mem to intel_svc_data other corrections/changes from Intel internal code reviews v3: change all exported functions with "intel_svc_" as the prefix increase timeout values for claiming back submitted buffer(s) rename struct intel_command_reconfig_payload to struct intel_svc_command_reconfig_payload add pr_err() to provide the error return value change to put fpga_mgr node under firmware/svc node change to FPGA manager to align the update of service client APIs, and the update of fpga_mgr device node Other corrections/changes v4: s/intel/stratix10/ on some variables, structs, functions, and file names intel-service.c -> stratix10-svc.c intel-smc.h -> stratix10-smc.h intel-service-client.h -> stratix10-svc-client.h remove non-kernel-doc formatting s/fpga-mgr@0/fpga-mgr/ to remove unit_address at fpga_mgr node add Rob's Reviewed-by add Richard's signed-off-by v5: add a new API statix10_svc_done() which is called by service client when client request is completed or error occurs during request process. Which allows service layer to free its resources. remove dummy client from service layer client header and service layer source file. add Rob's Reviewed-by add a new file stratix10-svc.rst and add that to driver-api/index.rst kernel-doc fixes Alan Tull (3): dt-bindings: fpga: add Stratix10 SoC FPGA manager binding arm64: dts: stratix10: add fpga manager and region fpga: add intel stratix10 soc fpga manager driver Richard Gong (5): dt-bindings, firmware: add Intel Stratix10 service layer binding arm64: dts: stratix10: add stratix10 service driver binding to base dtsi driver, misc: add Intel Stratix10 service layer driver defconfig: enable fpga and service layer Documentation: driver-api: add stratix10 service layer .../bindings/firmware/intel,stratix10-svc.txt | 57 ++ .../bindings/fpga/intel-stratix10-soc-fpga-mgr.txt | 17 + Documentation/driver-api/index.rst | 1 + Documentation/driver-api/stratix10-svc.rst | 32 + arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 33 + arch/arm64/configs/defconfig | 6 + drivers/fpga/Kconfig | 6 + drivers/fpga/Makefile | 1 + drivers/fpga/stratix10-soc.c | 545 drivers/misc/Kconfig | 12 + drivers/misc/Makefile | 1 + drivers/misc/stratix10-smc.h | 205 + drivers/misc/stratix10-svc.c | 984 + include/linux/stratix10-svc-client.h | 199 + 14 files changed, 2099 insertions(+) create mode 100644 Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt create mode 100644 Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt create mode 100644 Documentation/driver-api/stratix10-svc.rst create mode 100644 drivers/fpga/stratix10-soc.c create mode 100644 drivers/misc/stratix10-smc.h create mode 100644 drivers/misc/stratix10-svc.c create mode 100644 include/linux/stratix10-svc-client.h -- 2.7.4
[PATCHv5 6/8] fpga: add intel stratix10 soc fpga manager driver
From: Alan Tull Add driver for reconfiguring Intel Stratix10 SoC FPGA devices. This driver communicates through the Intel Service Driver which does communication with privileged hardware (that does the FPGA programming) through a secure mailbox. Signed-off-by: Alan Tull Signed-off-by: Richard Gong --- v2: this patch is added in patch set version 2 v3: change to align to the update of service client APIs, and the update of fpga_mgr device node v4: changes to align with stratix10-svc-client API updates add Richard's signed-off-by v5: update to align changes at service layer to minimize service layer thread usages --- drivers/fpga/Kconfig | 6 + drivers/fpga/Makefile| 1 + drivers/fpga/stratix10-soc.c | 545 +++ 3 files changed, 552 insertions(+) create mode 100644 drivers/fpga/stratix10-soc.c diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig index f47ef84..1624a73 100644 --- a/drivers/fpga/Kconfig +++ b/drivers/fpga/Kconfig @@ -57,6 +57,12 @@ config FPGA_MGR_ZYNQ_FPGA help FPGA manager driver support for Xilinx Zynq FPGAs. +config FPGA_MGR_STRATIX10_SOC + tristate "Intel Stratix10 SoC FPGA Manager" + depends on (ARCH_STRATIX10 && STRATIX10_SERVICE) + help + FPGA manager driver support for the Intel Stratix10 SoC. + config FPGA_MGR_XILINX_SPI tristate "Xilinx Configuration over Slave Serial (SPI)" depends on SPI diff --git a/drivers/fpga/Makefile b/drivers/fpga/Makefile index 3cb276a..6eef670 100644 --- a/drivers/fpga/Makefile +++ b/drivers/fpga/Makefile @@ -12,6 +12,7 @@ obj-$(CONFIG_FPGA_MGR_ALTERA_PS_SPI) += altera-ps-spi.o obj-$(CONFIG_FPGA_MGR_ICE40_SPI) += ice40-spi.o obj-$(CONFIG_FPGA_MGR_SOCFPGA) += socfpga.o obj-$(CONFIG_FPGA_MGR_SOCFPGA_A10) += socfpga-a10.o +obj-$(CONFIG_FPGA_MGR_STRATIX10_SOC) += stratix10-soc.o obj-$(CONFIG_FPGA_MGR_TS73XX) += ts73xx-fpga.o obj-$(CONFIG_FPGA_MGR_XILINX_SPI) += xilinx-spi.o obj-$(CONFIG_FPGA_MGR_ZYNQ_FPGA) += zynq-fpga.o diff --git a/drivers/fpga/stratix10-soc.c b/drivers/fpga/stratix10-soc.c new file mode 100644 index 000..d645ef7 --- /dev/null +++ b/drivers/fpga/stratix10-soc.c @@ -0,0 +1,545 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * FPGA Manager Driver for Intel Stratix10 SoC + * + * Copyright (C) 2018 Intel Corporation + */ +#include +#include +#include +#include +#include +#include +/* + * FPGA programming requires a higher level of privilege (EL3), per the SoC + * design. + */ +#define NUM_SVC_BUFS 4 +#define SVC_BUF_SIZE SZ_512K + +/* Indicates buffer is in use if set */ +#define SVC_BUF_LOCK 0 + +/** + * struct s10_svc_buf + * @buf: virtual address of buf provided by service layer + * @lock: locked if buffer is in use + */ +struct s10_svc_buf { + char *buf; + unsigned long lock; +}; + +struct s10_priv { + struct stratix10_svc_chan *chan; + struct stratix10_svc_client client; + struct completion status_return_completion; + struct s10_svc_buf svc_bufs[NUM_SVC_BUFS]; + unsigned long status; +}; + +static int s10_svc_send_msg(struct s10_priv *priv, + enum stratix10_svc_command_code command, + void *payload, u32 payload_length) +{ + struct stratix10_svc_chan *chan = priv->chan; + struct stratix10_svc_client_msg msg; + int ret; + + pr_debug("%s cmd=%d payload=%p legnth=%d\n", +__func__, command, payload, payload_length); + + msg.command = command; + msg.payload = payload; + msg.payload_length = payload_length; + + ret = stratix10_svc_send(chan, &msg); + pr_debug("stratix10_svc_send returned status %d\n", ret); + + return ret; +} + +/** + * s10_free_buffers + * Free buffers allocated from the service layer's pool that are not in use. + * @mgr: fpga manager struct + * Free all buffers that are not in use. + * Return true when all buffers are freed. + */ +static bool s10_free_buffers(struct fpga_manager *mgr) +{ + struct s10_priv *priv = mgr->priv; + uint num_free = 0; + uint i; + + for (i = 0; i < NUM_SVC_BUFS; i++) { + if (!priv->svc_bufs[i].buf) { + num_free++; + continue; + } + + if (!test_and_set_bit_lock(SVC_BUF_LOCK, + &priv->svc_bufs[i].lock)) { + stratix10_svc_free_memory(priv->chan, + priv->svc_bufs[i].buf); + priv->svc_bufs[i].buf = NULL; + num_free++; + } + } + + return num_free == NUM_SVC_BUFS; +} + +/** + * s10_free_buffer_count + * Count how many buffers are not in use. + * @mgr: fpga manager s
[PATCHv5 7/8] defconfig: enable fpga and service layer
From: Richard Gong Enable fpga framework, Stratix 10 SoC FPGA manager and Stratix10 Service Layer Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: this patch is added in patch set version 2 v3: no change v4: s/CONFIG_INTEL_SERVICE/CONFIG_STRATIX10_SERVICE/ add CONFIG_OF_FPGA_REGION=y s/Intel/Stratix10/ in subject line v5: no change --- arch/arm64/configs/defconfig | 6 ++ 1 file changed, 6 insertions(+) diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig index ecf6137..5f7a9b7 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig @@ -180,6 +180,7 @@ CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_NBD=m CONFIG_VIRTIO_BLK=y CONFIG_BLK_DEV_NVME=m +CONFIG_STRATIX10_SERVICE=y CONFIG_SRAM=y CONFIG_EEPROM_AT25=m # CONFIG_SCSI_PROC_FS is not set @@ -595,6 +596,11 @@ CONFIG_PHY_TEGRA_XUSB=y CONFIG_QCOM_L2_PMU=y CONFIG_QCOM_L3_PMU=y CONFIG_MESON_EFUSE=m +CONFIG_FPGA=y +CONFIG_FPGA_MGR_STRATIX10_SOC=y +CONFIG_FPGA_REGION=y +CONFIG_FPGA_BRIDGE=y +CONFIG_OF_FPGA_REGION=y CONFIG_QCOM_QFPROM=y CONFIG_UNIPHIER_EFUSE=y CONFIG_TEE=y -- 2.7.4
[PATCHv5 3/8] driver, misc: add Intel Stratix10 service layer driver
From: Richard Gong Some features of the Intel Stratix10 SoC require a level of privilege higher than the kernel is granted. Such secure features include FPGA programming. In terms of the ARMv8 architecture, the kernel runs at Exception Level 1 (EL1), access to the features requires Exception Level 3 (EL3). The Intel Stratix10 SoC service layer provides an in kernel API for drivers to request access to the secure features. The requests are queued and processed one by one. ARM’s SMCCC is used to pass the execution of the requests on to a secure monitor (EL3). The header file stratix10-sve-client.h defines the interface between service providers (FPGA manager is one of them) and service layer. The header file stratix10-smc.h defines the secure monitor call (SMC) message protocols used for service layer driver in normal world (EL1) to communicate with secure monitor SW in secure monitor exception level 3 (EL3). Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: Remove intel-service subdirectory and intel-service.h, move intel-smc.h and intel-service.c to driver/misc subdirectory Correct SPDX markers Change service layer driver be 'default n' Remove global variables Add timeout for do..while() loop Add kernel-doc for the functions and structs, correct multiline comments Replace kfifo_in/kfifo_out with kfifo_in_spinlocked/kfifo_out_spinlocked rename struct intel_svc_data (at client header) to intel_svc_client_msg rename struct intel_svc_private_mem to intel_svc_data Other corrections/changes from Intel internal code reviews v3: Change all exported functions with "intel_svc_" as the prefix Increase timeout values for claiming back submitted buffer(s) Rename struct intel_command_reconfig_payload to struct intel_svc_command_reconfig_payload Add pr_err() to provide the error return value Other corrections/changes v4: s/intel/stratix10/ on some variables, structs, functions, and file names intel-service.c -> stratix10-svc.c intel-smc.h -> stratix10-smc.h intel-service-client.h -> stratix10-svc-client.h Remove non-kernel-doc formatting v5: add a new API statix10_svc_done() which is called by service client when client request is completed or error occurs during request process. Which allows service layer to free its resources. remove dummy client from service layer client header and service layer source file. kernel-doc fixes --- drivers/misc/Kconfig | 12 + drivers/misc/Makefile| 1 + drivers/misc/stratix10-smc.h | 205 drivers/misc/stratix10-svc.c | 984 +++ include/linux/stratix10-svc-client.h | 199 +++ 5 files changed, 1401 insertions(+) create mode 100644 drivers/misc/stratix10-smc.h create mode 100644 drivers/misc/stratix10-svc.c create mode 100644 include/linux/stratix10-svc-client.h diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig index 5d71300..5d5b648 100644 --- a/drivers/misc/Kconfig +++ b/drivers/misc/Kconfig @@ -138,6 +138,18 @@ config INTEL_MID_PTI an Intel Atom (non-netbook) mobile device containing a MIPI P1149.7 standard implementation. +config STRATIX10_SERVICE + tristate "Stratix10 Service Layer" + depends on HAVE_ARM_SMCCC + default n + help +Stratix10 service layer runs at privileged exception level, interfaces with +the service providers (FPGA manager is one of them) and manages secure +monitor call to communicate with secure monitor software at secure monitor +exception level. + +Say Y here if you want Stratix10 service layer support. + config SGI_IOC4 tristate "SGI IOC4 Base IO support" depends on PCI diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile index 20be70c..99fed8b 100644 --- a/drivers/misc/Makefile +++ b/drivers/misc/Makefile @@ -8,6 +8,7 @@ obj-$(CONFIG_AD525X_DPOT) += ad525x_dpot.o obj-$(CONFIG_AD525X_DPOT_I2C) += ad525x_dpot-i2c.o obj-$(CONFIG_AD525X_DPOT_SPI) += ad525x_dpot-spi.o obj-$(CONFIG_INTEL_MID_PTI)+= pti.o +obj-$(CONFIG_STRATIX10_SERVICE) += stratix10-svc.o obj-$(CONFIG_ATMEL_SSC)+= atmel-ssc.o obj-$(CONFIG_ATMEL_TCLIB) += atmel_tclib.o obj-$(CONFIG_DUMMY_IRQ)+= dummy-irq.o diff --git a/drivers/misc/stratix10-smc.h b/drivers/misc/stratix10-smc.h new file mode 100644 index 000..94615f4 --- /dev/null +++ b/drivers/misc/stratix10-smc.h @@ -0,0 +1,205 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2017-2018, Intel Corporation + */ + +#ifndef __STRATIX10_SMC_H +#define __STRATIX10_SMC_H + +#include +#include + +/** + * This file defines the Secure Monitor Call (SMC) message protocol used for + * service layer driver in normal world (EL1) to communicate with secure + * monitor software in Secure Monitor Exception Level
[PATCHv5 4/8] dt-bindings: fpga: add Stratix10 SoC FPGA manager binding
From: Alan Tull Add a Device Tree binding for the Intel Stratix10 SoC FPGA manager. Signed-off-by: Alan Tull Signed-off-by: Richard Gong Reviewed-by: Rob Herring --- v2: this patch is added in patch set version 2 v3: change to put fpga_mgr node under firmware/svc node v4: s/fpga-mgr@0/fpga-mgr/ to remove unit_address add Richard's signed-off-by v5: add Reviewed-by Rob Herring --- .../bindings/fpga/intel-stratix10-soc-fpga-mgr.txt | 17 + 1 file changed, 17 insertions(+) create mode 100644 Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt diff --git a/Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt b/Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt new file mode 100644 index 000..6e03f79 --- /dev/null +++ b/Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt @@ -0,0 +1,17 @@ +Intel Stratix10 SoC FPGA Manager + +Required properties: +The fpga_mgr node has the following mandatory property, must be located under +firmware/svc node. + +- compatible : should contain "intel,stratix10-soc-fpga-mgr" + +Example: + + firmware { + svc { + fpga_mgr: fpga-mgr { + compatible = "intel,stratix10-soc-fpga-mgr"; + }; + }; + }; -- 2.7.4
[PATCHv5 2/8] arm64: dts: stratix10: add stratix10 service driver binding to base dtsi
From: Richard Gong Add Intel Stratix10 service layer to the device tree Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: Change to put service layer driver node under the firmware node Change compatible to "intel, stratix10-svc" v3: No change v4: s/service driver/stratix10 service driver/ in subject line v5: No change --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 21 + 1 file changed, 21 insertions(+) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index d8c94d5..c257287 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -24,6 +24,19 @@ #address-cells = <2>; #size-cells = <2>; + reserved-memory { + #address-cells = <2>; + #size-cells = <2>; + ranges; + + service_reserved: svcbuffer@0 { + compatible = "shared-dma-pool"; + reg = <0x0 0x0 0x0 0x100>; + alignment = <0x1000>; + no-map; + }; + }; + cpus { #address-cells = <1>; #size-cells = <0>; @@ -487,5 +500,13 @@ status = "disabled"; }; + + firmware { + svc { + compatible = "intel,stratix10-svc"; + method = "smc"; + memory-region = <&service_reserved>; + }; + }; }; }; -- 2.7.4
[PATCHv10 0/8] Add Intel Stratix10 FPGA manager and service layer
From: Richard Gong This is the 10th submission of Intel Stratix10 service layer and FPGA manager driver patches. In this submission I have moved Stratix10 service layer driver .c file to drivers/firmware and header files to include/linux/firmware/intel. I have added Stratix10 service layer document to other firmware interface. Stratix10 service layer patches have been reviewed internally by Alan Tull and other colleagues at Intel. Some features of the Intel Stratix10 SoC require a level of privilege higher than the kernel is granted. Such secure features include FPGA programming, remote status update, read and write the secure registers. In terms of the ARMv8 architecture, the kernel runs at Exception Level 1 (EL1), access to the features requires Exception Level 3 (EL3). The Intel Stratix10 service layer provides kernel APIs for drivers to request access to the secure features. The requests are queued and processed one by one. ARM’s SMCCC is used to pass the execution of the requests on to a secure monitor (EL3). Later the Intel Stratix10 service layer driver will be extended to provide services for QSPI, Crypto and warm reset. v2: add patches for FPGA manager, FPGA manager binding, dts and defconfig remove intel-service subdirectory and intel-service.h, move intel-smc.h and intel-service.c to driver/misc subdirectory. remove global variables. change service layer driver be 'default n'. correct SPDX markers. add timeout for do..while() loop. add kernel-doc for the functions and structs, correct multiline comments. replace kfifo_in and kfifo_out with kfifo_in_spinlocked and kfifo_out_spinlocked. rename struct intel_svc_data (at client header) to intel_svc_client_msg. rename struct intel_svc_private_mem to intel_svc_data. other corrections/changes from Intel internal code reviews. v3: change all exported functions with "intel_svc_" as the prefix. increase timeout values for claiming back submitted buffer(s). rename struct intel_command_reconfig_payload to struct intel_svc_command_reconfig_payload. add pr_err() to provide the error return value. change to put fpga_mgr node under firmware/svc node. change to FPGA manager to align the update of service client APIs, and the update of fpga_mgr device node. Other corrections/changes. v4: s/intel/stratix10/ on some variables, structs, functions, and file names intel-service.c -> stratix10-svc.c intel-smc.h -> stratix10-smc.h intel-service-client.h -> stratix10-svc-client.h. remove non-kernel-doc formatting. s/fpga-mgr@0/fpga-mgr/ to remove unit_address at fpga_mgr node. add Rob's Reviewed-by. add Richard's signed-off-by. v5: add a new API statix10_svc_done() which is called by service client when client request is completed or error occurs during request process. Which allows service layer to free its resources. remove dummy client from service layer client header and service layer source file. add Rob's Reviewed-by. add a new file stratix10-svc.rst and add that to driver-api/index.rst. kernel-doc fixes. v6: replace kthread_create_on_cpu() with kthread_create_on_node(). extend stratix_svc_send() to support service client which doesn't use memory allocated by service layer. add S10_RECONFIG_TIMEOUT. rename s/S10_BUF_TIMEOUT/S10_BUFFER_TIMEOUT/. fix service layer and FPGA manager Klocwork errors. v7: add remote status update client support. s/pr_debug/dev_dbg, s/dev_info/dev_dbg. add unlock buffer if s10_svc_send_msg() fails. add release channel if fpga_mgr_create() fails. handle invalid pointer at svc if the client passed an invalid name. v8: move stratix10-smc.h to include/linux from driver/misc. revert version 7 error code & smc function ID value changes at stratix10-smc.h. add a goto and common error handling at the end of fpga driver's. probe function. v9: remove a patch on defconfig for enable service layer and FPGA manager. resolve a issue found at git-bisect test. remove kernel-doc markups that aren't being built. v10:move stratix10-smc.h and stratix10-svc-client.h to include/linux/firmware/intel. move stratix10-svc.c to drivers/firmware. s/STRATIX10_SERVICE/INTEL_STRATIX10_SERVICE, fix a Klocwork error at service layer driver. s/stratix10_svc_command_reconfig_payload/ stratix10_svc_command_config_type. add stratix10 service layer document to other firmware interface. update path for the included header in Stratix10 FPGA manager driver. Alan Tull (3): dt-bindings: fpga: add Stratix10 SoC FPGA manager binding arm64: dts: stratix10: add fpga manager and region fpga: add intel stratix10 soc fpga manager driver Richard Gong (5): dt-bindings, firmware: add Intel Stratix10 service layer binding arm64: dts: stratix10: add stratix10 service driver b
[PATCHv10 2/8] arm64: dts: stratix10: add stratix10 service driver binding to base dtsi
From: Richard Gong Add Intel Stratix10 service layer to the device tree Signed-off-by: Richard Gong Signed-off-by: Alan Tull Acked-by: Moritz Fischer --- v2: change to put service layer driver node under the firmware node change compatible to "intel, stratix10-svc" v3: no change v4: s/service driver/stratix10 service driver/ in subject line v5: no change v6: add Moritz's Acked-by v7: no change v8: no change v9: no change v10: no change --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 21 + 1 file changed, 21 insertions(+) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index 8253a1a..a43ed05 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -24,6 +24,19 @@ #address-cells = <2>; #size-cells = <2>; + reserved-memory { + #address-cells = <2>; + #size-cells = <2>; + ranges; + + service_reserved: svcbuffer@0 { + compatible = "shared-dma-pool"; + reg = <0x0 0x0 0x0 0x100>; + alignment = <0x1000>; + no-map; + }; + }; + cpus { #address-cells = <1>; #size-cells = <0>; @@ -534,5 +547,13 @@ status = "disabled"; }; + + firmware { + svc { + compatible = "intel,stratix10-svc"; + method = "smc"; + memory-region = <&service_reserved>; + }; + }; }; }; -- 2.7.4
[PATCHv7 8/9] Documentation: driver-api: add stratix10 service layer
From: Richard Gong Add new file stratix10-svc.rst Add stratix10-svc.rst to driver-api/index.rst Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v5: this patch is added in patch set version 5 v6: no change v7: no change --- Documentation/driver-api/index.rst | 1 + Documentation/driver-api/stratix10-svc.rst | 32 ++ 2 files changed, 33 insertions(+) create mode 100644 Documentation/driver-api/stratix10-svc.rst diff --git a/Documentation/driver-api/index.rst b/Documentation/driver-api/index.rst index 6d9f2f9..d4d2671 100644 --- a/Documentation/driver-api/index.rst +++ b/Documentation/driver-api/index.rst @@ -53,6 +53,7 @@ available subsections can be seen below. slimbus soundwire/index fpga/index + stratix10-svc .. only:: subproject and html diff --git a/Documentation/driver-api/stratix10-svc.rst b/Documentation/driver-api/stratix10-svc.rst new file mode 100644 index 000..ed361d8 --- /dev/null +++ b/Documentation/driver-api/stratix10-svc.rst @@ -0,0 +1,32 @@ + +Intel Stratix10 SoC Service Layer += + +Some features of the Intel Stratix10 SoC require a level of privilege +higher than the kernel is granted. Such secure features include +FPGA programming. In terms of the ARMv8 architecture, the kernel runs +at Exception Level 1 (EL1), access to the features requires +Exception Level 3 (EL3). + +The Intel Stratix10 SoC service layer provides an in kernel API for +drivers to request access to the secure features. The requests are queued +and processed one by one. ARM’s SMCCC is used to pass the execution +of the requests on to a secure monitor (EL3). + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_command_code + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_client_msg + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_command_reconfig_payload + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_cb_data + +.. kernel-doc:: include/linux/stratix10-svc-client.h + :functions: stratix10_svc_client + +.. kernel-doc:: drivers/misc/stratix10-svc.c + :export: -- 2.7.4
[PATCHv7 6/9] fpga: add intel stratix10 soc fpga manager driver
From: Alan Tull Add driver for reconfiguring Intel Stratix10 SoC FPGA devices. This driver communicates through the Intel Service Driver which does communication with privileged hardware (that does the FPGA programming) through a secure mailbox. Signed-off-by: Alan Tull Signed-off-by: Richard Gong --- v2: this patch is added in patch set version 2 v3: change to align to the update of service client APIs, and the update of fpga_mgr device node v4: changes to align with stratix10-svc-client API updates add Richard's signed-off-by v5: update to align changes at service layer to minimize service layer thread usages v6: add S10_RECONFIG_TIMEOUT rename s/S10_BUF_TIMEOUT/S10_BUFFER_TIMEOUT/ fix klocwork errors v7: s/pr_debug/dev_dbg, s/dev_info/dev_dbg add unlock buffer if s10_svc_send_msg() fails add release channel if fpga_mgr_create() fails --- drivers/fpga/Kconfig | 6 + drivers/fpga/Makefile| 1 + drivers/fpga/stratix10-soc.c | 558 +++ 3 files changed, 565 insertions(+) create mode 100644 drivers/fpga/stratix10-soc.c diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig index ee9c542..7d20743 100644 --- a/drivers/fpga/Kconfig +++ b/drivers/fpga/Kconfig @@ -56,6 +56,12 @@ config FPGA_MGR_ZYNQ_FPGA help FPGA manager driver support for Xilinx Zynq FPGAs. +config FPGA_MGR_STRATIX10_SOC + tristate "Intel Stratix10 SoC FPGA Manager" + depends on (ARCH_STRATIX10 && STRATIX10_SERVICE) + help + FPGA manager driver support for the Intel Stratix10 SoC. + config FPGA_MGR_XILINX_SPI tristate "Xilinx Configuration over Slave Serial (SPI)" depends on SPI diff --git a/drivers/fpga/Makefile b/drivers/fpga/Makefile index f9803da..9f17b7f 100644 --- a/drivers/fpga/Makefile +++ b/drivers/fpga/Makefile @@ -13,6 +13,7 @@ obj-$(CONFIG_FPGA_MGR_ICE40_SPI) += ice40-spi.o obj-$(CONFIG_FPGA_MGR_MACHXO2_SPI) += machxo2-spi.o obj-$(CONFIG_FPGA_MGR_SOCFPGA) += socfpga.o obj-$(CONFIG_FPGA_MGR_SOCFPGA_A10) += socfpga-a10.o +obj-$(CONFIG_FPGA_MGR_STRATIX10_SOC) += stratix10-soc.o obj-$(CONFIG_FPGA_MGR_TS73XX) += ts73xx-fpga.o obj-$(CONFIG_FPGA_MGR_XILINX_SPI) += xilinx-spi.o obj-$(CONFIG_FPGA_MGR_ZYNQ_FPGA) += zynq-fpga.o diff --git a/drivers/fpga/stratix10-soc.c b/drivers/fpga/stratix10-soc.c new file mode 100644 index 000..f34830d --- /dev/null +++ b/drivers/fpga/stratix10-soc.c @@ -0,0 +1,558 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * FPGA Manager Driver for Intel Stratix10 SoC + * + * Copyright (C) 2018 Intel Corporation + */ +#include +#include +#include +#include +#include +#include + +/* + * FPGA programming requires a higher level of privilege (EL3), per the SoC + * design. + */ +#define NUM_SVC_BUFS 4 +#define SVC_BUF_SIZE SZ_512K + +/* Indicates buffer is in use if set */ +#define SVC_BUF_LOCK 0 + +#define S10_BUFFER_TIMEOUT (msecs_to_jiffies(SVC_RECONFIG_BUFFER_TIMEOUT_MS)) +#define S10_RECONFIG_TIMEOUT (msecs_to_jiffies(SVC_RECONFIG_REQUEST_TIMEOUT_MS)) + +/** + * struct s10_svc_buf + * @buf: virtual address of buf provided by service layer + * @lock: locked if buffer is in use + */ +struct s10_svc_buf { + char *buf; + unsigned long lock; +}; + +struct s10_priv { + struct stratix10_svc_chan *chan; + struct stratix10_svc_client client; + struct completion status_return_completion; + struct s10_svc_buf svc_bufs[NUM_SVC_BUFS]; + unsigned long status; +}; + +static int s10_svc_send_msg(struct s10_priv *priv, + enum stratix10_svc_command_code command, + void *payload, u32 payload_length) +{ + struct stratix10_svc_chan *chan = priv->chan; + struct device *dev = priv->client.dev; + struct stratix10_svc_client_msg msg; + int ret; + + dev_dbg(dev, "%s cmd=%d payload=%p length=%d\n", + __func__, command, payload, payload_length); + + msg.command = command; + msg.payload = payload; + msg.payload_length = payload_length; + + ret = stratix10_svc_send(chan, &msg); + dev_dbg(dev, "stratix10_svc_send returned status %d\n", ret); + + return ret; +} + +/** + * s10_free_buffers + * Free buffers allocated from the service layer's pool that are not in use. + * @mgr: fpga manager struct + * Free all buffers that are not in use. + * Return true when all buffers are freed. + */ +static bool s10_free_buffers(struct fpga_manager *mgr) +{ + struct s10_priv *priv = mgr->priv; + uint num_free = 0; + uint i; + + for (i = 0; i < NUM_SVC_BUFS; i++) { + if (!priv->svc_bufs[i].buf) { + num_free++; + continue; + } + + if (!test_and_set_bit_lock(SVC
[PATCHv7 5/9] arm64: dts: stratix10: add fpga manager and region
From: Alan Tull Add the Stratix10 FPGA manager and a FPGA region to the device tree. Signed-off-by: Alan Tull Signed-off-by: Richard Gong --- v2: this patch is added in patch set version 2 v3: change to put fpga_mgr node under firmware/svc node v4: s/fpga-mgr@0/fpga-mgr/ to remove unit_address add Richard's signed-off-by v5: no change v6: no change v7: no change --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 12 1 file changed, 12 insertions(+) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index ee4715a..0b20209 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -106,6 +106,14 @@ interrupt-parent = <&intc>; ranges = <0 0 0 0x>; + base_fpga_region { + #address-cells = <0x1>; + #size-cells = <0x1>; + + compatible = "fpga-region"; + fpga-mgr = <&fpga_mgr>; + }; + clkmgr: clock-controller@ffd1 { compatible = "intel,stratix10-clkmgr"; reg = <0xffd1 0x1000>; @@ -512,6 +520,10 @@ compatible = "intel,stratix10-svc"; method = "smc"; memory-region = <&service_reserved>; + + fpga_mgr: fpga-mgr { + compatible = "intel,stratix10-soc-fpga-mgr"; + }; }; }; }; -- 2.7.4
Re: [PATCHv5 1/7] firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
Hi Tom, On 2/13/21 9:44 AM, Tom Rix wrote: On 2/9/21 2:20 PM, richard.g...@linux.intel.com wrote: From: Richard Gong Clean up COMMAND_RECONFIG_FLAG_PARTIAL flag by resetting it to 0, which aligns with the firmware settings. Fixes: 36847f9e3e56 ("firmware: stratix10-svc: correct reconfig flag and timeout values") Signed-off-by: Richard Gong --- v5: new add, add the missing standalone patch --- include/linux/firmware/intel/stratix10-svc-client.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index a93d859..f843c6a 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -56,7 +56,7 @@ * COMMAND_RECONFIG_FLAG_PARTIAL: * Set to FPGA configuration type (full or partial). */ -#define COMMAND_RECONFIG_FLAG_PARTIAL 1 +#define COMMAND_RECONFIG_FLAG_PARTIAL 0 Is this the stand alone fix split from v3's patch 1 ? https://lore.kernel.org/linux-fpga/ybfw50lpp%2fyeb...@kroah.com/ Yes, it is a stand-alone patch. Tom /** * Timeout settings for service clients: Regards, Richard
[PATCHv2 2/7] arm64: dts: stratix10: add service driver binding to base dtsi
From: Richard Gong Add Intel Stratix10 service layer to the device tree Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: Change to put service layer driver node under the firmware node Change compatible to "intel, stratix10-svc" --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 22 ++ 1 file changed, 22 insertions(+) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index 5a6a699..4395e76 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -24,6 +24,20 @@ #address-cells = <2>; #size-cells = <2>; + reserved-memory { + #address-cells = <2>; + #size-cells = <2>; + ranges; + + service_reserved: svcbuffer@0 { + compatible = "shared-dma-pool"; + reg = <0x0 0x0 0x0 0x100>; + alignment = <0x1000>; + no-map; + }; + }; + + cpus { #address-cells = <1>; #size-cells = <0>; @@ -433,5 +447,13 @@ resets = <&rst WATCHDOG3_RESET>; status = "disabled"; }; + + firmware { + svc { + compatible = "intel,stratix10-svc"; + method = "smc"; + memory-region = <&service_reserved>; + }; + }; }; }; -- 2.7.4
[PATCHv2 5/7] arm64: dts: stratix10: add fpga manager and region
From: Alan Tull Add the Stratix10 FPGA manager and a FPGA region to the device tree. Signed-off-by: Alan Tull --- v2: this patch is added in patch set version 2 --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 12 1 file changed, 12 insertions(+) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index 4395e76..2f0067e 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -107,6 +107,14 @@ interrupt-parent = <&intc>; ranges = <0 0 0 0x>; + base_fpga_region { + #address-cells = <0x1>; + #size-cells = <0x1>; + + compatible = "fpga-region"; + fpga-mgr = <&fpga_mgr>; + }; + clkmgr: clock-controller@ffd1 { compatible = "intel,stratix10-clkmgr"; reg = <0xffd1 0x1000>; @@ -138,6 +146,10 @@ }; }; + fpga_mgr: fpga-mgr@0 { + compatible = "intel,stratix10-soc-fpga-mgr"; + }; + gmac0: ethernet@ff80 { compatible = "altr,socfpga-stmmac", "snps,dwmac-3.74a", "snps,dwmac"; reg = <0xff80 0x2000>; -- 2.7.4
[PATCHv2 6/7] fpga: add intel stratix10 soc fpga manager driver
From: Alan Tull Add driver for reconfiguring Intel Stratix10 SoC FPGA devices. This driver communicates through the Intel Service Driver which does communication with privileged hardware (that does the FPGA programming) through a secure mailbox. Signed-off-by: Alan Tull --- v2: this patch is added in patch set version 2 --- drivers/fpga/Kconfig | 6 + drivers/fpga/Makefile| 1 + drivers/fpga/stratix10-soc.c | 503 +++ 3 files changed, 510 insertions(+) create mode 100644 drivers/fpga/stratix10-soc.c diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig index f47ef84..cbcbced 100644 --- a/drivers/fpga/Kconfig +++ b/drivers/fpga/Kconfig @@ -57,6 +57,12 @@ config FPGA_MGR_ZYNQ_FPGA help FPGA manager driver support for Xilinx Zynq FPGAs. +config FPGA_MGR_STRATIX10_SOC + tristate "Intel Stratix10 SoC FPGA Manager" + depends on (ARCH_STRATIX10 && INTEL_SERVICE) + help + FPGA manager driver support for the Intel Stratix10 SoC. + config FPGA_MGR_XILINX_SPI tristate "Xilinx Configuration over Slave Serial (SPI)" depends on SPI diff --git a/drivers/fpga/Makefile b/drivers/fpga/Makefile index 3cb276a..6eef670 100644 --- a/drivers/fpga/Makefile +++ b/drivers/fpga/Makefile @@ -12,6 +12,7 @@ obj-$(CONFIG_FPGA_MGR_ALTERA_PS_SPI) += altera-ps-spi.o obj-$(CONFIG_FPGA_MGR_ICE40_SPI) += ice40-spi.o obj-$(CONFIG_FPGA_MGR_SOCFPGA) += socfpga.o obj-$(CONFIG_FPGA_MGR_SOCFPGA_A10) += socfpga-a10.o +obj-$(CONFIG_FPGA_MGR_STRATIX10_SOC) += stratix10-soc.o obj-$(CONFIG_FPGA_MGR_TS73XX) += ts73xx-fpga.o obj-$(CONFIG_FPGA_MGR_XILINX_SPI) += xilinx-spi.o obj-$(CONFIG_FPGA_MGR_ZYNQ_FPGA) += zynq-fpga.o diff --git a/drivers/fpga/stratix10-soc.c b/drivers/fpga/stratix10-soc.c new file mode 100644 index 000..e132372 --- /dev/null +++ b/drivers/fpga/stratix10-soc.c @@ -0,0 +1,503 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * FPGA Manager Driver for Intel Stratix10 SoC + * + * Copyright (C) 2018 Intel Corporation + */ +#include +#include +#include +#include +#include + +/* + * FPGA programming requires a higher level of privilege (EL3), per the SoC + * design. + */ +#define NUM_SVC_BUFS 4 +#define SVC_BUF_SIZE SZ_512K + +/* Indicates buffer is in use if set */ +#define SVC_BUF_LOCK 0 + +/** + * struct s10_svc_buf + * @buf: virtual address of buf provided by service layer + * @lock: locked if buffer is in use + */ +struct s10_svc_buf { + char *buf; + unsigned long lock; +}; + +struct s10_priv { + struct intel_svc_chan *chan; + struct intel_svc_client client; + struct completion status_return_completion; + struct s10_svc_buf svc_bufs[NUM_SVC_BUFS]; + unsigned long status; +}; + +static int s10_svc_send_msg(struct s10_priv *priv, + enum intel_svc_command_code command, + void *payload, u32 payload_length) +{ + struct intel_svc_chan *chan = priv->chan; + struct intel_svc_client_msg msg; + int ret; + + pr_debug("%s cmd=%d payload=%p legnth=%d\n", +__func__, command, payload, payload_length); + + msg.command = command; + msg.payload = payload; + msg.payload_length = payload_length; + + ret = intel_svc_send(chan, &msg); + pr_debug("intel_svc_send returned status %d\n", ret); + + return ret; +} + +/** + * s10_free_buffers + * Free buffers allocated from the service layer's pool that are not in use. + * @mgr: fpga manager struct + * Free all buffers that are not in use. + * Return true when all buffers are freed. + */ +static bool s10_free_buffers(struct fpga_manager *mgr) +{ + struct s10_priv *priv = mgr->priv; + uint num_free = 0; + uint i; + + for (i = 0; i < NUM_SVC_BUFS; i++) { + if (!priv->svc_bufs[i].buf) { + num_free++; + continue; + } + + if (!test_and_set_bit_lock(SVC_BUF_LOCK, + &priv->svc_bufs[i].lock)) { + intel_svc_free_memory(priv->chan, + priv->svc_bufs[i].buf); + priv->svc_bufs[i].buf = NULL; + num_free++; + } + } + + return num_free == NUM_SVC_BUFS; +} + +/** + * s10_free_buffer_count + * Count how many buffers are not in use. + * @mgr: fpga manager struct + * Return # of buffers that are not in use. + */ +static uint s10_free_buffer_count(struct fpga_manager *mgr) +{ + struct s10_priv *priv = mgr->priv; + uint num_free = 0; + uint i; + + for (i = 0; i < NUM_SVC_BUFS; i++) + if (!priv->svc_bufs[i].buf) + num_free++; + + return num_free; +} + +/** + * s10_unlock_bufs + * Given the returned buffer address, match that address to
[PATCHv2 1/7] dt-bindings, firmware: add Intel Stratix10 service layer binding
From: Richard Gong Add a device tree binding for the Intel Stratix10 service layer driver Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: Change to put service layer driver node under the firmware node Change compatible to "intel, stratix10-svc" --- .../bindings/firmware/intel,stratix10-svc.txt | 57 ++ 1 file changed, 57 insertions(+) create mode 100644 Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt diff --git a/Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt b/Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt new file mode 100644 index 000..1fa6606 --- /dev/null +++ b/Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt @@ -0,0 +1,57 @@ +Intel Service Layer Driver for Stratix10 SoC + +Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard +processor system (HPS) and Secure Device Manager (SDM). When the FPGA is +configured from HPS, there needs to be a way for HPS to notify SDM the +location and size of the configuration data. Then SDM will get the +configuration data from that location and perform the FPGA configuration. + +To meet the whole system security needs and support virtual machine requesting +communication with SDM, only the secure world of software (EL3, Exception +Layer 3) can interface with SDM. All software entities running on other +exception layers must channel through the EL3 software whenever it needs +service from SDM. + +Intel Stratix10 service layer driver, running at privileged exception level +(EL1, Exception Layer 1), interfaces with the service providers and provides +the services for FPGA configuration, QSPI, Crypto and warm reset. Service layer +driver also manages secure monitor call (SMC) to communicate with secure monitor +code running in EL3. + +Required properties: +--- +The svc node has the following mandatory properties, must be located under +the firmware node. + +- compatible: "intel,stratix10-svc" +- method: smc or hvc +smc - Secure Monitor Call +hvc - Hypervisor Call +- memory-region: + phandle to the reserved memory node. See + Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt + for details + +Example: +--- + + reserved-memory { +#address-cells = <2>; +#size-cells = <2>; +ranges; + +service_reserved: svcbuffer@0 { +compatible = "shared-dma-pool"; +reg = <0x0 0x0 0x0 0x100>; +alignment = <0x1000>; +no-map; +}; +}; + + firmware { + svc { + compatible = "intel,stratix10-svc"; + method = "smc"; + memory-region = <&service_reserved>; + }; + }; -- 2.7.4
[PATCHv2 4/7] dt-bindings: fpga: add Stratix10 SoC FPGA manager binding
From: Alan Tull Add a Device Tree binding for the Intel Stratix10 SoC FPGA manager. Signed-off-by: Alan Tull --- v2: this patch is added in patch set version 2 --- .../devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt | 10 ++ 1 file changed, 10 insertions(+) create mode 100644 Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt diff --git a/Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt b/Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt new file mode 100644 index 000..78de689 --- /dev/null +++ b/Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt @@ -0,0 +1,10 @@ +Intel Stratix10 SoC FPGA Manager + +Required properties: +- compatible : should contain "intel,stratix10-soc-fpga-mgr" + +Example: + + fpga_mgr: fpga-mgr@0 { + compatible = "intel,stratix10-soc-fpga-mgr"; + }; -- 2.7.4
[PATCHv2 7/7] defconfig: enable fpga and service layer
From: Richard Gong Enable fpga framework, Stratix 10 SoC FPGA manager, and Intel Service Layer Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: this patch is added in patch set version 2 --- arch/arm64/configs/defconfig | 5 + 1 file changed, 5 insertions(+) diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig index 634b373..44b226b 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig @@ -169,6 +169,7 @@ CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_NBD=m CONFIG_VIRTIO_BLK=y CONFIG_BLK_DEV_NVME=m +CONFIG_INTEL_SERVICE=y CONFIG_SRAM=y CONFIG_EEPROM_AT25=m # CONFIG_SCSI_PROC_FS is not set @@ -559,6 +560,10 @@ CONFIG_PHY_ROCKCHIP_INNO_USB2=y CONFIG_PHY_ROCKCHIP_EMMC=y CONFIG_PHY_ROCKCHIP_PCIE=m CONFIG_PHY_XGENE=y +CONFIG_FPGA=y +CONFIG_FPGA_REGION=y +CONFIG_FPGA_MGR_STRATIX10_SOC=y +CONFIG_FPGA_BRIDGE=y CONFIG_PHY_TEGRA_XUSB=y CONFIG_QCOM_L2_PMU=y CONFIG_QCOM_L3_PMU=y -- 2.7.4
[PATCHv2 3/7] driver, misc: add Intel Stratix10 service layer driver
From: Richard Gong Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard processor system (HPS) and Secure Device Manager (SDM). SDM is the hardware which does the FPGA configuration, QSPI, Crypto and warm reset. When the FPGA is configured from HPS, there needs to be a way for HPS to notify SDM the location and size of the configuration data. Then SDM will get the configuration data from that location and perform the FPGA configuration. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3, Exception Level 3) can interface with SDM. All software entities running on other exception levels must channel through the EL3 software whenever it needs service from SDM. Intel Stratix10 service layer driver is added to provide the service for FPGA configuration. Running at privileged exception level (EL1, Exception Level 1), Intel Stratix10 service layer driver interfaces with the service provider at EL1 (Intel Stratix10 FPGA Manager) and manages secure monitor call (SMC) to communicate with secure monitor software at secure monitor exception level (EL3). Header file intel-service-client.h defines the interface between service providers (FPGA manager is one of them) and service layer. Header file intel-smc.h defines the secure monitor call (SMC) message protocols used for service layer driver in normal world (EL1) to communicate with secure monitor SW in secure monitor exception level 3 (EL3). This file is shared with secure firmware (FW) which is out of kernel tree. Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: Remove intel-service subdirectory and intel-service.h, move intel-smc.h and intel-service.c to driver/misc subdirectory Correct SPDX markers Change service layer driver be 'default n' Remove global variables Add timeout for do..while() loop Add kernel-doc for the functions and structs, correct multiline comments Replace kfifo_in/kfifo_out with kfifo_in_spinlocked/kfifo_out_spinlocked rename struct intel_svc_data (at client header) to intel_svc_client_msg rename struct intel_svc_private_mem to intel_svc_data Other corrections/changes from Intel internal code reviews --- drivers/misc/Kconfig | 12 + drivers/misc/Makefile| 1 + drivers/misc/intel-service.c | 960 +++ drivers/misc/intel-smc.h | 205 include/linux/intel-service-client.h | 188 +++ 5 files changed, 1366 insertions(+) create mode 100644 drivers/misc/intel-service.c create mode 100644 drivers/misc/intel-smc.h create mode 100644 include/linux/intel-service-client.h diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig index 03605f8..ec225fa7 100644 --- a/drivers/misc/Kconfig +++ b/drivers/misc/Kconfig @@ -139,6 +139,18 @@ config INTEL_MID_PTI an Intel Atom (non-netbook) mobile device containing a MIPI P1149.7 standard implementation. +config INTEL_SERVICE + tristate "Intel Service Layer" + depends on HAVE_ARM_SMCCC + default n + help +Intel service layer runs at privileged exception level, interfaces with +the service providers (FPGA manager is one of them) and manages secure +monitor call to communicate with secure monitor software at secure monitor +exception level. + +Say Y here if you want Intel service layer support. + config SGI_IOC4 tristate "SGI IOC4 Base IO support" depends on PCI diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile index c3c8624..3857fc2 100644 --- a/drivers/misc/Makefile +++ b/drivers/misc/Makefile @@ -8,6 +8,7 @@ obj-$(CONFIG_AD525X_DPOT) += ad525x_dpot.o obj-$(CONFIG_AD525X_DPOT_I2C) += ad525x_dpot-i2c.o obj-$(CONFIG_AD525X_DPOT_SPI) += ad525x_dpot-spi.o obj-$(CONFIG_INTEL_MID_PTI)+= pti.o +obj-$(CONFIG_INTEL_SERVICE) += intel-service.o obj-$(CONFIG_ATMEL_SSC)+= atmel-ssc.o obj-$(CONFIG_ATMEL_TCLIB) += atmel_tclib.o obj-$(CONFIG_DUMMY_IRQ)+= dummy-irq.o diff --git a/drivers/misc/intel-service.c b/drivers/misc/intel-service.c new file mode 100644 index 000..8681c2f --- /dev/null +++ b/drivers/misc/intel-service.c @@ -0,0 +1,960 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2017-2018, Intel Corporation + */ + +/* + * Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard + * processor system (HPS) and Secure Device Manager (SDM). SDM is the + * hardware which does the FPGA configuration, QSPI, Crypto and warm reset. + * + * When the FPGA is configured from HPS, there needs to be a way for HPS to + * notify SDM the location and size of the configuration data. Then SDM will + * get the configuration data from that location and perform the FPGA + * configuration. + * + * To meet the whole system security nee
[PATCHv2 0/7] Add Intel Stratix10 FPGA manager and service layer
From: Richard Gong This is the 2nd submission of Intel service layer patches. Intel Stratix10 FPGA manager, which is 1st service layer client, is included in this submission. Service layer patches have been reviewed internally by Alan Tull and other colleagues at Intel. Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard processor system (HPS) and Secure Device Manager (SDM). SDM is the hardware which does the FPGA configuration, QSPI, Crypto and warm reset. When the FPGA is configured from HPS, there needs to be a way for HPS to notify SDM the location and size of the configuration data. Then SDM will get the configuration data from that location and perform the FPGA configuration. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3, Exception Level 3) can interface with SDM. All software entities running on other exception levels must channel through the EL3 software whenever it needs service from SDM. Intel Stratix10 service layer driver is added to provide the service for FPGA configuration. Running at privileged exception level (EL1, Exception Level 1), Intel Stratix10 service layer driver interfaces with the service provider at EL1 (Intel Stratix10 FPGA Manager) and manages secure monitor call (SMC) to communicate with secure monitor software at secure monitor exception level (EL3). Later the Intel Stratix10 service layer driver will be extended to provide services for QSPI, Crypto and warm reset. v2: add patches for FPGA manager, FPGA manager binding, dts and defconfig remove intel-service subdirectory and intel-service.h, move intel-smc.h and intel-service.c to driver/misc subdirectory remove global variables change service layer driver be 'default n' correct SPDX markers add timeout for do..while() loop add kernel-doc for the functions and structs, correct multiline comments replace kfifo_in/kfifo_out with kfifo_in_spinlocked/kfifo_out_spinlocked rename struct intel_svc_data (at client header) to intel_svc_client_msg rename struct intel_svc_private_mem to intel_svc_data other corrections/changes from Intel internal code reviews Alan Tull (3): dt-bindings: fpga: add Stratix10 SoC FPGA manager binding arm64: dts: stratix10: add fpga manager and region fpga: add intel stratix10 soc fpga manager driver Richard Gong (4): dt-bindings, firmware: add Intel Stratix10 service layer binding arm64: dts: stratix10: add service driver binding to base dtsi driver, misc: add Intel Stratix10 service layer driver defconfig: enable fpga and service layer .../bindings/firmware/intel,stratix10-svc.txt | 57 ++ .../bindings/fpga/intel-stratix10-soc-fpga-mgr.txt | 10 + arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 34 + arch/arm64/configs/defconfig | 5 + drivers/fpga/Kconfig | 6 + drivers/fpga/Makefile | 1 + drivers/fpga/stratix10-soc.c | 503 +++ drivers/misc/Kconfig | 12 + drivers/misc/Makefile | 1 + drivers/misc/intel-service.c | 960 + drivers/misc/intel-smc.h | 205 + include/linux/intel-service-client.h | 188 12 files changed, 1982 insertions(+) create mode 100644 Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt create mode 100644 Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt create mode 100644 drivers/fpga/stratix10-soc.c create mode 100644 drivers/misc/intel-service.c create mode 100644 drivers/misc/intel-smc.h create mode 100644 include/linux/intel-service-client.h -- 2.7.4
[PATCHv3 1/7] dt-bindings, firmware: add Intel Stratix10 service layer binding
From: Richard Gong Add a device tree binding for the Intel Stratix10 service layer driver Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: Change to put service layer driver node under the firmware node Change compatible to "intel, stratix10-svc" v3: No change --- .../bindings/firmware/intel,stratix10-svc.txt | 57 ++ 1 file changed, 57 insertions(+) create mode 100644 Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt diff --git a/Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt b/Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt new file mode 100644 index 000..1fa6606 --- /dev/null +++ b/Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt @@ -0,0 +1,57 @@ +Intel Service Layer Driver for Stratix10 SoC + +Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard +processor system (HPS) and Secure Device Manager (SDM). When the FPGA is +configured from HPS, there needs to be a way for HPS to notify SDM the +location and size of the configuration data. Then SDM will get the +configuration data from that location and perform the FPGA configuration. + +To meet the whole system security needs and support virtual machine requesting +communication with SDM, only the secure world of software (EL3, Exception +Layer 3) can interface with SDM. All software entities running on other +exception layers must channel through the EL3 software whenever it needs +service from SDM. + +Intel Stratix10 service layer driver, running at privileged exception level +(EL1, Exception Layer 1), interfaces with the service providers and provides +the services for FPGA configuration, QSPI, Crypto and warm reset. Service layer +driver also manages secure monitor call (SMC) to communicate with secure monitor +code running in EL3. + +Required properties: +--- +The svc node has the following mandatory properties, must be located under +the firmware node. + +- compatible: "intel,stratix10-svc" +- method: smc or hvc +smc - Secure Monitor Call +hvc - Hypervisor Call +- memory-region: + phandle to the reserved memory node. See + Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt + for details + +Example: +--- + + reserved-memory { +#address-cells = <2>; +#size-cells = <2>; +ranges; + +service_reserved: svcbuffer@0 { +compatible = "shared-dma-pool"; +reg = <0x0 0x0 0x0 0x100>; +alignment = <0x1000>; +no-map; +}; +}; + + firmware { + svc { + compatible = "intel,stratix10-svc"; + method = "smc"; + memory-region = <&service_reserved>; + }; + }; -- 2.7.4
[PATCHv3 0/7] Add Intel Stratix10 FPGA manager and service layer
From: Richard Gong This is the 3rd submission of Intel service layer patches. Intel Stratix10 FPGA manager, which is 1st service layer client, is included in this submission. Service layer patches have been reviewed internally by Alan Tull and other colleagues at Intel. Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard processor system (HPS) and Secure Device Manager (SDM). SDM is the hardware which does the FPGA configuration, QSPI, Crypto and warm reset. In order to configure the FPGA from HPS, there needs to be a way for HPS to notify SDM the location and size of the configuration data. Then SDM will get the configuration data from that location and perform the FPGA configuration. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3, Exception Level 3) can interface with SDM. All software entities running on other exception levels must channel through the EL3 software whenever it needs service from SDM. Intel Stratix10 service layer driver is added to provide the service for FPGA configuration. Running at privileged exception level (EL1, Exception Level 1), Intel Stratix10 service layer driver interfaces with the service provider at EL1 (Intel Stratix10 FPGA Manager) and manages secure monitor call (SMC) to communicate with secure monitor software at secure monitor exception level (EL3). Later the Intel Stratix10 service layer driver will be extended to provide services for QSPI, Crypto and warm reset. v2: add patches for FPGA manager, FPGA manager binding, dts and defconfig remove intel-service subdirectory and intel-service.h, move intel-smc.h and intel-service.c to driver/misc subdirectory remove global variables change service layer driver be 'default n' correct SPDX markers add timeout for do..while() loop add kernel-doc for the functions and structs, correct multiline comments replace kfifo_in/kfifo_out with kfifo_in_spinlocked/kfifo_out_spinlocked rename struct intel_svc_data (at client header) to intel_svc_client_msg rename struct intel_svc_private_mem to intel_svc_data other corrections/changes from Intel internal code reviews v3: change all exported functions with "intel_svc_" as the prefix Increase timeout values for claiming back submitted buffer(s) Rename struct intel_command_reconfig_payload to struct intel_svc_command_reconfig_payload Add pr_err() to provide the error return value change to put fpga_mgr node under firmware/svc node change to FPGA manager to align the update of service client APIs, and the update of fpga_mgr device node Other corrections/changes Alan Tull (3): dt-bindings: fpga: add Stratix10 SoC FPGA manager binding arm64: dts: stratix10: add fpga manager and region fpga: add intel stratix10 soc fpga manager driver Richard Gong (4): dt-bindings, firmware: add Intel Stratix10 service layer binding arm64: dts: stratix10: add service driver binding to base dtsi driver, misc: add Intel Stratix10 service layer driver defconfig: enable fpga and service layer .../bindings/firmware/intel,stratix10-svc.txt | 57 ++ .../bindings/fpga/intel-stratix10-soc-fpga-mgr.txt | 17 + arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 34 + arch/arm64/configs/defconfig | 5 + drivers/fpga/Kconfig | 6 + drivers/fpga/Makefile | 1 + drivers/fpga/stratix10-soc.c | 534 drivers/misc/Kconfig | 12 + drivers/misc/Makefile | 1 + drivers/misc/intel-service.c | 962 + drivers/misc/intel-smc.h | 205 + include/linux/intel-service-client.h | 188 12 files changed, 2022 insertions(+) create mode 100644 Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt create mode 100644 Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt create mode 100644 drivers/fpga/stratix10-soc.c create mode 100644 drivers/misc/intel-service.c create mode 100644 drivers/misc/intel-smc.h create mode 100644 include/linux/intel-service-client.h -- 2.7.4
[PATCHv3 2/7] arm64: dts: stratix10: add service driver binding to base dtsi
From: Richard Gong Add Intel Stratix10 service layer to the device tree Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: Change to put service layer driver node under the firmware node Change compatible to "intel, stratix10-svc" v3: No change --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 22 ++ 1 file changed, 22 insertions(+) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index 5a6a699..4395e76 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -24,6 +24,20 @@ #address-cells = <2>; #size-cells = <2>; + reserved-memory { + #address-cells = <2>; + #size-cells = <2>; + ranges; + + service_reserved: svcbuffer@0 { + compatible = "shared-dma-pool"; + reg = <0x0 0x0 0x0 0x100>; + alignment = <0x1000>; + no-map; + }; + }; + + cpus { #address-cells = <1>; #size-cells = <0>; @@ -433,5 +447,13 @@ resets = <&rst WATCHDOG3_RESET>; status = "disabled"; }; + + firmware { + svc { + compatible = "intel,stratix10-svc"; + method = "smc"; + memory-region = <&service_reserved>; + }; + }; }; }; -- 2.7.4
[PATCHv3 3/7] driver, misc: add Intel Stratix10 service layer driver
From: Richard Gong Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard processor system (HPS) and Secure Device Manager (SDM). SDM is the hardware which does the FPGA configuration, QSPI, Crypto and warm reset. In order to configure the FPGA from HPS, there needs to be a way for HPS to notify SDM the location and size of the configuration data. Then SDM will get the configuration data from that location and perform the FPGA configuration. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3, Exception Level 3) can interface with SDM. All software entities running on other exception levels must channel through the EL3 software whenever it needs service from SDM. Intel Stratix10 service layer driver is added to provide the service for FPGA configuration. Running at privileged exception level (EL1, Exception Level 1), Intel Stratix10 service layer driver interfaces with the service provider at EL1 (Intel Stratix10 FPGA Manager) and manages secure monitor call (SMC) to communicate with secure monitor software at secure monitor exception level (EL3). Header file intel-service-client.h defines the interface between service providers (FPGA manager is one of them) and service layer. Header file intel-smc.h defines the secure monitor call (SMC) message protocols used for service layer driver in normal world (EL1) to communicate with secure monitor SW in secure monitor exception level 3 (EL3). This file is shared with secure firmware (FW) which is out of kernel tree. Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: Remove intel-service subdirectory and intel-service.h, move intel-smc.h and intel-service.c to driver/misc subdirectory Correct SPDX markers Change service layer driver be 'default n' Remove global variables Add timeout for do..while() loop Add kernel-doc for the functions and structs, correct multiline comments Replace kfifo_in/kfifo_out with kfifo_in_spinlocked/kfifo_out_spinlocked rename struct intel_svc_data (at client header) to intel_svc_client_msg rename struct intel_svc_private_mem to intel_svc_data Other corrections/changes from Intel internal code reviews v3: Change all exported functions with "intel_svc_" as the prefix Increase timeout values for claiming back submitted buffer(s) Rename struct intel_command_reconfig_payload to struct intel_svc_command_reconfig_payload Add pr_err() to provide the error return value Other corrections/changes --- drivers/misc/Kconfig | 12 + drivers/misc/Makefile| 1 + drivers/misc/intel-service.c | 962 +++ drivers/misc/intel-smc.h | 205 include/linux/intel-service-client.h | 188 +++ 5 files changed, 1368 insertions(+) create mode 100644 drivers/misc/intel-service.c create mode 100644 drivers/misc/intel-smc.h create mode 100644 include/linux/intel-service-client.h diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig index 03605f8..ec225fa7 100644 --- a/drivers/misc/Kconfig +++ b/drivers/misc/Kconfig @@ -139,6 +139,18 @@ config INTEL_MID_PTI an Intel Atom (non-netbook) mobile device containing a MIPI P1149.7 standard implementation. +config INTEL_SERVICE + tristate "Intel Service Layer" + depends on HAVE_ARM_SMCCC + default n + help +Intel service layer runs at privileged exception level, interfaces with +the service providers (FPGA manager is one of them) and manages secure +monitor call to communicate with secure monitor software at secure monitor +exception level. + +Say Y here if you want Intel service layer support. + config SGI_IOC4 tristate "SGI IOC4 Base IO support" depends on PCI diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile index c3c8624..3857fc2 100644 --- a/drivers/misc/Makefile +++ b/drivers/misc/Makefile @@ -8,6 +8,7 @@ obj-$(CONFIG_AD525X_DPOT) += ad525x_dpot.o obj-$(CONFIG_AD525X_DPOT_I2C) += ad525x_dpot-i2c.o obj-$(CONFIG_AD525X_DPOT_SPI) += ad525x_dpot-spi.o obj-$(CONFIG_INTEL_MID_PTI)+= pti.o +obj-$(CONFIG_INTEL_SERVICE) += intel-service.o obj-$(CONFIG_ATMEL_SSC)+= atmel-ssc.o obj-$(CONFIG_ATMEL_TCLIB) += atmel_tclib.o obj-$(CONFIG_DUMMY_IRQ)+= dummy-irq.o diff --git a/drivers/misc/intel-service.c b/drivers/misc/intel-service.c new file mode 100644 index 000..8cf6f9b --- /dev/null +++ b/drivers/misc/intel-service.c @@ -0,0 +1,962 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2017-2018, Intel Corporation + */ + +/* + * Intel Stratix10 SoC is composed of a 64 bit quad-core ARM Cortex A53 hard + * processor system (HPS) and Secure Device Manager (SDM). SDM is the + * hardware which does the FPGA configuration, QS
[PATCHv3 7/7] defconfig: enable fpga and service layer
From: Richard Gong Enable fpga framework, Stratix 10 SoC FPGA manager, and Intel Service Layer Signed-off-by: Richard Gong Signed-off-by: Alan Tull --- v2: this patch is added in patch set version 2 v3: no change --- arch/arm64/configs/defconfig | 5 + 1 file changed, 5 insertions(+) diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig index 634b373..44b226b 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig @@ -169,6 +169,7 @@ CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_NBD=m CONFIG_VIRTIO_BLK=y CONFIG_BLK_DEV_NVME=m +CONFIG_INTEL_SERVICE=y CONFIG_SRAM=y CONFIG_EEPROM_AT25=m # CONFIG_SCSI_PROC_FS is not set @@ -559,6 +560,10 @@ CONFIG_PHY_ROCKCHIP_INNO_USB2=y CONFIG_PHY_ROCKCHIP_EMMC=y CONFIG_PHY_ROCKCHIP_PCIE=m CONFIG_PHY_XGENE=y +CONFIG_FPGA=y +CONFIG_FPGA_REGION=y +CONFIG_FPGA_MGR_STRATIX10_SOC=y +CONFIG_FPGA_BRIDGE=y CONFIG_PHY_TEGRA_XUSB=y CONFIG_QCOM_L2_PMU=y CONFIG_QCOM_L3_PMU=y -- 2.7.4
[PATCHv3 6/7] fpga: add intel stratix10 soc fpga manager driver
From: Alan Tull Add driver for reconfiguring Intel Stratix10 SoC FPGA devices. This driver communicates through the Intel Service Driver which does communication with privileged hardware (that does the FPGA programming) through a secure mailbox. Signed-off-by: Alan Tull --- v2: this patch is added in patch set version 2 v3: change to align to the update of service client APIs, and the update of fpga_mgr device node --- drivers/fpga/Kconfig | 6 + drivers/fpga/Makefile| 1 + drivers/fpga/stratix10-soc.c | 534 +++ 3 files changed, 541 insertions(+) create mode 100644 drivers/fpga/stratix10-soc.c diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig index f47ef84..cbcbced 100644 --- a/drivers/fpga/Kconfig +++ b/drivers/fpga/Kconfig @@ -57,6 +57,12 @@ config FPGA_MGR_ZYNQ_FPGA help FPGA manager driver support for Xilinx Zynq FPGAs. +config FPGA_MGR_STRATIX10_SOC + tristate "Intel Stratix10 SoC FPGA Manager" + depends on (ARCH_STRATIX10 && INTEL_SERVICE) + help + FPGA manager driver support for the Intel Stratix10 SoC. + config FPGA_MGR_XILINX_SPI tristate "Xilinx Configuration over Slave Serial (SPI)" depends on SPI diff --git a/drivers/fpga/Makefile b/drivers/fpga/Makefile index 3cb276a..6eef670 100644 --- a/drivers/fpga/Makefile +++ b/drivers/fpga/Makefile @@ -12,6 +12,7 @@ obj-$(CONFIG_FPGA_MGR_ALTERA_PS_SPI) += altera-ps-spi.o obj-$(CONFIG_FPGA_MGR_ICE40_SPI) += ice40-spi.o obj-$(CONFIG_FPGA_MGR_SOCFPGA) += socfpga.o obj-$(CONFIG_FPGA_MGR_SOCFPGA_A10) += socfpga-a10.o +obj-$(CONFIG_FPGA_MGR_STRATIX10_SOC) += stratix10-soc.o obj-$(CONFIG_FPGA_MGR_TS73XX) += ts73xx-fpga.o obj-$(CONFIG_FPGA_MGR_XILINX_SPI) += xilinx-spi.o obj-$(CONFIG_FPGA_MGR_ZYNQ_FPGA) += zynq-fpga.o diff --git a/drivers/fpga/stratix10-soc.c b/drivers/fpga/stratix10-soc.c new file mode 100644 index 000..e8fb67e --- /dev/null +++ b/drivers/fpga/stratix10-soc.c @@ -0,0 +1,534 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * FPGA Manager Driver for Intel Stratix10 SoC + * + * Copyright (C) 2018 Intel Corporation + */ +#include +#include +#include +#include +#include +#include +/* + * FPGA programming requires a higher level of privilege (EL3), per the SoC + * design. + */ +#define NUM_SVC_BUFS 4 +#define SVC_BUF_SIZE SZ_512K + +/* Indicates buffer is in use if set */ +#define SVC_BUF_LOCK 0 + +/** + * struct s10_svc_buf + * @buf: virtual address of buf provided by service layer + * @lock: locked if buffer is in use + */ +struct s10_svc_buf { + char *buf; + unsigned long lock; +}; + +struct s10_priv { + struct intel_svc_chan *chan; + struct intel_svc_client client; + struct completion status_return_completion; + struct s10_svc_buf svc_bufs[NUM_SVC_BUFS]; + unsigned long status; +}; + +static int s10_svc_send_msg(struct s10_priv *priv, + enum intel_svc_command_code command, + void *payload, u32 payload_length) +{ + struct intel_svc_chan *chan = priv->chan; + struct intel_svc_client_msg msg; + int ret; + + pr_debug("%s cmd=%d payload=%p legnth=%d\n", +__func__, command, payload, payload_length); + + msg.command = command; + msg.payload = payload; + msg.payload_length = payload_length; + + ret = intel_svc_send(chan, &msg); + pr_debug("intel_svc_send returned status %d\n", ret); + + return ret; +} + +/** + * s10_free_buffers + * Free buffers allocated from the service layer's pool that are not in use. + * @mgr: fpga manager struct + * Free all buffers that are not in use. + * Return true when all buffers are freed. + */ +static bool s10_free_buffers(struct fpga_manager *mgr) +{ + struct s10_priv *priv = mgr->priv; + uint num_free = 0; + uint i; + + for (i = 0; i < NUM_SVC_BUFS; i++) { + if (!priv->svc_bufs[i].buf) { + num_free++; + continue; + } + + if (!test_and_set_bit_lock(SVC_BUF_LOCK, + &priv->svc_bufs[i].lock)) { + intel_svc_free_memory(priv->chan, + priv->svc_bufs[i].buf); + priv->svc_bufs[i].buf = NULL; + num_free++; + } + } + + return num_free == NUM_SVC_BUFS; +} + +/** + * s10_free_buffer_count + * Count how many buffers are not in use. + * @mgr: fpga manager struct + * Return # of buffers that are not in use. + */ +static uint s10_free_buffer_count(struct fpga_manager *mgr) +{ + struct s10_priv *priv = mgr->priv; + uint num_free = 0; + uint i; + + for (i = 0; i < NUM_SVC_BUFS; i++) + if (!priv->svc_bufs[i].buf) + num_free++; + +
[PATCHv3 4/7] dt-bindings: fpga: add Stratix10 SoC FPGA manager binding
From: Alan Tull Add a Device Tree binding for the Intel Stratix10 SoC FPGA manager. Signed-off-by: Alan Tull --- v2: this patch is added in patch set version 2 v3: change to put fpga_mgr node under firmware/svc node --- .../bindings/fpga/intel-stratix10-soc-fpga-mgr.txt | 17 + 1 file changed, 17 insertions(+) create mode 100644 Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt diff --git a/Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt b/Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt new file mode 100644 index 000..be7cd96 --- /dev/null +++ b/Documentation/devicetree/bindings/fpga/intel-stratix10-soc-fpga-mgr.txt @@ -0,0 +1,17 @@ +Intel Stratix10 SoC FPGA Manager + +Required properties: +The fpga_mgr node has the following mandatory property, must be located under +firmware/svc node. + +- compatible : should contain "intel,stratix10-soc-fpga-mgr" + +Example: + + firmware { + svc { + fpga_mgr: fpga-mgr@0 { + compatible = "intel,stratix10-soc-fpga-mgr"; + }; + }; + }; -- 2.7.4
[PATCHv3 5/7] arm64: dts: stratix10: add fpga manager and region
From: Alan Tull Add the Stratix10 FPGA manager and a FPGA region to the device tree. Signed-off-by: Alan Tull --- v2: this patch is added in patch set version 2 v3: change to put fpga_mgr node under firmware/svc node --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 12 1 file changed, 12 insertions(+) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index 4395e76..8c8f66c 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -107,6 +107,14 @@ interrupt-parent = <&intc>; ranges = <0 0 0 0x>; + base_fpga_region { + #address-cells = <0x1>; + #size-cells = <0x1>; + + compatible = "fpga-region"; + fpga-mgr = <&fpga_mgr>; + }; + clkmgr: clock-controller@ffd1 { compatible = "intel,stratix10-clkmgr"; reg = <0xffd1 0x1000>; @@ -453,6 +461,10 @@ compatible = "intel,stratix10-svc"; method = "smc"; memory-region = <&service_reserved>; + + fpga_mgr: fpga-mgr@0 { + compatible = "intel,stratix10-soc-fpga-mgr"; + }; }; }; }; -- 2.7.4
[PATCHv2] arm64: defconfig: enable fpga and service layer
From: Richard Gong Enable FPGA framework, Intel Stratix10 SoC FPGA manager, Stratix10 service layer, and Altera Freeze Bridge drivers. Intel Stratix10 service layer driver was added with commit 7ca5ce896524 ("firmware: add Intel Stratix10 service layer driver"). Intel Stratix10 service layer provides kernel APIs for drivers to request access to the secure features. Such features include FPGA programming, remote status update, and read and write secure registers. While clients of the service layer can be built as modules, the service layer itself has to be configured as built-in. The service layer is dependent on ARCH_STRATIX10. Enabling Altera Freeze Bridge depends on commit 38cd7ad5bd25 ("fpga: altera_freeze_bridge: remove restriction to socfpga"). Signed-off-by: Richard Gong --- v2: add to enable FPGA framework, Intel Stratix10 SoC FPGA manager and Altera freeze bridge drivers. --- arch/arm64/configs/defconfig | 7 +++ 1 file changed, 7 insertions(+) diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig index 931429d9..96c52f4 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig @@ -733,6 +733,13 @@ CONFIG_QCOM_QFPROM=y CONFIG_ROCKCHIP_EFUSE=y CONFIG_UNIPHIER_EFUSE=y CONFIG_MESON_EFUSE=m +CONFIG_INTEL_STRATIX10_SERVICE=y +CONFIG_FPGA=m +CONFIG_FPGA_MGR_STRATIX10_SOC=m +CONFIG_FPGA_BRIDGE=m +CONFIG_ALTERA_FREEZE_BRIDGE=m +CONFIG_FPGA_REGION=m +CONFIG_OF_FPGA_REGION=m CONFIG_TEE=y CONFIG_OPTEE=y CONFIG_EXT2_FS=y -- 2.7.4
[PATCHv1] fpga: mgr: add FPGA configuration log
From: Richard Gong Add a log for user to know FPGA configuration is successful Signed-off-by: Richard Gong --- drivers/fpga/fpga-mgr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/fpga/fpga-mgr.c b/drivers/fpga/fpga-mgr.c index c386681..559e046 100644 --- a/drivers/fpga/fpga-mgr.c +++ b/drivers/fpga/fpga-mgr.c @@ -151,6 +151,7 @@ static int fpga_mgr_write_complete(struct fpga_manager *mgr, } mgr->state = FPGA_MGR_STATE_OPERATING; + dev_info(&mgr->dev, "Successfully programming FPGA\n"); return 0; } -- 2.7.4
Re: [PATCHv1] fpga: mgr: add FPGA configuration log
Hi Moritz, On 4/3/19 9:20 AM, Moritz Fischer wrote: Hi Richard, On Tue, Apr 02, 2019 at 05:25:43PM -0500, richard.g...@linux.intel.com wrote: From: Richard Gong Add a log for user to know FPGA configuration is successful Signed-off-by: Richard Gong --- drivers/fpga/fpga-mgr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/fpga/fpga-mgr.c b/drivers/fpga/fpga-mgr.c index c386681..559e046 100644 --- a/drivers/fpga/fpga-mgr.c +++ b/drivers/fpga/fpga-mgr.c @@ -151,6 +151,7 @@ static int fpga_mgr_write_complete(struct fpga_manager *mgr, } mgr->state = FPGA_MGR_STATE_OPERATING; + dev_info(&mgr->dev, "Successfully programming FPGA\n"); That info is available in FPGA manager's sysfs status entry, if at all I'd make this a dev_dbg(). From my end I don't see how we need this really. We got requests from the field and they want to see a log to get know if FPGA configuration is successfully completed. They don't want use any additional command to get status. This log is useful for the user who performs FPGA configuration. I think we need use dev_info, since dev_dbg is not enabled by fault for most build. Thanks, Moritz
[PATCHv1 2/6] dt-bindings, firmware: add Intel Stratix10 remote system update binding
From: Richard Gong Add a device tree binding for the Intel Stratix10 remote system update (RSU) driver Signed-off-by: Richard Gong Reviewed-by: Alan Tull --- .../bindings/firmware/intel,stratix10-rsu.txt | 31 ++ 1 file changed, 31 insertions(+) create mode 100644 Documentation/devicetree/bindings/firmware/intel,stratix10-rsu.txt diff --git a/Documentation/devicetree/bindings/firmware/intel,stratix10-rsu.txt b/Documentation/devicetree/bindings/firmware/intel,stratix10-rsu.txt new file mode 100644 index 000..b6250eb --- /dev/null +++ b/Documentation/devicetree/bindings/firmware/intel,stratix10-rsu.txt @@ -0,0 +1,31 @@ +Intel Remote System Update Driver for Stratix10 SoC + +The Intel Remote System Update (RSU) driver exposes interfaces +accessed through the Intel Service Layer to user space via sysfs +interface. The RSU interfaces report and control some of the optional +RSU features on Intel Stratix 10 SoC. + +The RSU feature provides a way for customers to update the boot +configuration of a Intel Stratix 10 SoC device with significantly reduced +risk of corrupting the bitstream storage and bricking the system. + +Required properties: +--- +The rsu node has the following mandatory properties, must be located under +the firmware/svc node. + +- compatible: "intel,stratix10-rsu" + +Example: +--- + firmware { + svc { + compatible = "intel,stratix10-svc"; + method = "smc"; + memory-region = <&service_reserved>; + + rsu: rsu { + compatible = "intel,stratix10-rsu"; + }; + }; + }; -- 2.7.4
[PATCHv1 0/6] add Intel Stratix10 remote system update driver
From: Richard Gong This is the 1st submission of Intel Stratix10 remote system update (RSU) driver, which includes 6 patches below: patch #1 - extend Intel Stratix10 service layer to support RSU notify feature. patch #2 - add Intel Stratix10 remote system update binding patch #3 - add Intel Stratix10 remote system update to the device tree patch #4 - add Intel Stratix10 remote system update driver patch #5 - RSU document sysfs interface patch #6 - add maintainer for Intel Stratix10 firmware drivers Intel Stratix10 remote system update driver patches have been reviewed by Alan Tull and other colleagues at Intel. The Intel Stratix10 Remote System Update (RSU) driver exposes interfaces access through the Intel Stratix10 Service Layer to user space via sysfs interface. The RSU interfaces report and control some of the optional RSU features on Intel Stratix 10 SoC. The RSU feature provides a way for customers to update the boot configuration of a Intel Stratix 10 SoC device with significantly reduced risk of corrupting the bitstream storage and bricking the system. Richard Gong (6): firmware: stratix10-svc: add to support RSU notify dt-bindings, firmware: add Intel Stratix10 remote system update binding arm64: dts: stratix10: add remote system update firmware: add Intel Stratix10 remote system update driver firmware: rsu: document sysfs interface MAINTAINERS: add maintainer for Intel Stratix10 FW drivers .../testing/sysfs-devices-platform-stratix10-rsu | 78 .../bindings/firmware/intel,stratix10-rsu.txt | 31 ++ MAINTAINERS| 10 + arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 4 + drivers/firmware/Kconfig | 18 + drivers/firmware/Makefile | 1 + drivers/firmware/stratix10-rsu.c | 428 + drivers/firmware/stratix10-svc.c | 43 ++- include/linux/firmware/intel/stratix10-smc.h | 17 + .../linux/firmware/intel/stratix10-svc-client.h| 6 +- 10 files changed, 622 insertions(+), 14 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu create mode 100644 Documentation/devicetree/bindings/firmware/intel,stratix10-rsu.txt create mode 100644 drivers/firmware/stratix10-rsu.c -- 2.7.4
[PATCHv1 1/6] firmware: stratix10-svc: add to support RSU notify
From: Richard Gong Extend Intel Stratix10 service layer to support RSU notify feature. RSU is used to provide our customers with protection against loading bad bitstream onto their devices when those devices are booting from flash RSU notify provides users with an API to notify the firmware of the state of hard processor system. Signed-off-by: Richard Gong Reviewed-by: Alan Tull --- drivers/firmware/stratix10-svc.c | 43 +++--- include/linux/firmware/intel/stratix10-smc.h | 17 + .../linux/firmware/intel/stratix10-svc-client.h| 6 ++- 3 files changed, 52 insertions(+), 14 deletions(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c index 6e65148..1426900 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -295,7 +295,12 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data, case COMMAND_RECONFIG_STATUS: cb_data->status = BIT(SVC_STATUS_RECONFIG_COMPLETED); break; + case COMMAND_RSU_STATUS: + cb_data->kaddr1 = &res; + cb_data->status = BIT(SVC_STATUS_RSU_OK); + break; case COMMAND_RSU_UPDATE: + case COMMAND_RSU_NOTIFY: cb_data->status = BIT(SVC_STATUS_RSU_OK); break; default: @@ -386,6 +391,11 @@ static int svc_normal_to_secure_thread(void *data) a1 = pdata->arg[0]; a2 = 0; break; + case COMMAND_RSU_NOTIFY: + a0 = INTEL_SIP_SMC_RSU_NOTIFY; + a1 = pdata->arg[0]; + a2 = 0; + break; default: pr_warn("it shouldn't happen\n"); break; @@ -402,19 +412,6 @@ static int svc_normal_to_secure_thread(void *data) (unsigned int)res.a1, (unsigned int)res.a2); pr_debug(" res.a3=0x%016x\n", (unsigned int)res.a3); - if (pdata->command == COMMAND_RSU_STATUS) { - if (res.a0 == INTEL_SIP_SMC_RSU_ERROR) - cbdata->status = BIT(SVC_STATUS_RSU_ERROR); - else - cbdata->status = BIT(SVC_STATUS_RSU_OK); - - cbdata->kaddr1 = &res; - cbdata->kaddr2 = NULL; - cbdata->kaddr3 = NULL; - pdata->chan->scl->receive_cb(pdata->chan->scl, cbdata); - continue; - } - switch (res.a0) { case INTEL_SIP_SMC_STATUS_OK: svc_thread_recv_status_ok(pdata, cbdata, res); @@ -438,7 +435,27 @@ static int svc_normal_to_secure_thread(void *data) pr_debug("%s: STATUS_REJECTED\n", __func__); break; case INTEL_SIP_SMC_FPGA_CONFIG_STATUS_ERROR: + case INTEL_SIP_SMC_RSU_ERROR: pr_err("%s: STATUS_ERROR\n", __func__); + switch (pdata->command) { + /* for FPGA mgr */ + case COMMAND_RECONFIG_DATA_CLAIM: + case COMMAND_RECONFIG: + case COMMAND_RECONFIG_DATA_SUBMIT: + case COMMAND_RECONFIG_STATUS: + cbdata->status = + BIT(SVC_STATUS_RECONFIG_ERROR); + break; + + /* for RSU */ + case COMMAND_RSU_STATUS: + case COMMAND_RSU_UPDATE: + case COMMAND_RSU_NOTIFY: + cbdata->status = + BIT(SVC_STATUS_RSU_ERROR); + break; + } + cbdata->status = BIT(SVC_STATUS_RECONFIG_ERROR); cbdata->kaddr1 = NULL; cbdata->kaddr2 = NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h index 01684d9..372f275 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -329,3 +329,20 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECC_DBE) #endif + +/* + * Request INTEL_SIP_SMC_RSU_NOTIFY + * + * Sync call used by service driver at EL1 to report HPS sw state is RSU_NOTIFY + * + * Call register usage: + * a0 INTEL_SIP_SMC_RSU_NOTIFY + * a1 32bit value representing HPS software status + * a2-7 not used + * + * Retur
[PATCHv1 3/6] arm64: dts: stratix10: add remote system update
From: Richard Gong Add Intel Stratix10 remote system update to the device tree Signed-off-by: Richard Gong Reviewed-by: Alan Tull --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 4 1 file changed, 4 insertions(+) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index 7c649f6..79ae522 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -596,6 +596,10 @@ fpga_mgr: fpga-mgr { compatible = "intel,stratix10-soc-fpga-mgr"; }; + + rsu: rsu { + compatible = "intel,stratix10-rsu"; + }; }; }; }; -- 2.7.4
[PATCHv1 4/6] firmware: add Intel Stratix10 remote system update driver
From: Richard Gong The Intel Remote System Update (RSU) driver exposes interfaces access through the Intel Service Layer to user space via sysfs interface. The RSU interfaces report and control some of the optional RSU features on Intel Stratix 10 SoC. The RSU feature provides a way for customers to update the boot configuration of a Intel Stratix 10 SoC device with significantly reduced risk of corrupting the bitstream storage and bricking the system. Signed-off-by: Richard Gong Reviewed-by: Alan Tull --- drivers/firmware/Kconfig | 18 ++ drivers/firmware/Makefile| 1 + drivers/firmware/stratix10-rsu.c | 428 +++ 3 files changed, 447 insertions(+) create mode 100644 drivers/firmware/stratix10-rsu.c diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig index cac16c4..9e61d2f 100644 --- a/drivers/firmware/Kconfig +++ b/drivers/firmware/Kconfig @@ -228,6 +228,24 @@ config INTEL_STRATIX10_SERVICE Say Y here if you want Stratix10 service layer support. +config INTEL_STRATIX10_RSU +tristate "Intel Stratix10 Remote System Update" +depends on INTEL_STRATIX10_SERVICE +help + The Intel Remote System Update (RSU) driver exposes interfaces + access through the Intel Service Layer to user space via Sysfs + device attribute nodes. The RSU interfaces report/control some of + the optional RSU features of the Stratix 10 SoC FPGA. + + The RSU feature provides a way for customers to update the boot + configuration of a Stratix 10 SoC device with significantly reduced + risk of corrupting the bitstream storage and bricking the system. + + Enable RSU support if you are using an Intel SoC FPGA with the RSU + feature enabled and you want Linux user space control. + + Say Y here if you want Intel RSU support. + config QCOM_SCM bool depends on ARM || ARM64 diff --git a/drivers/firmware/Makefile b/drivers/firmware/Makefile index 80feb63..41b6fa3 100644 --- a/drivers/firmware/Makefile +++ b/drivers/firmware/Makefile @@ -13,6 +13,7 @@ obj-$(CONFIG_EDD) += edd.o obj-$(CONFIG_EFI_PCDP) += pcdp.o obj-$(CONFIG_DMIID)+= dmi-id.o obj-$(CONFIG_INTEL_STRATIX10_SERVICE) += stratix10-svc.o +obj-$(CONFIG_INTEL_STRATIX10_RSU) += stratix10-rsu.o obj-$(CONFIG_ISCSI_IBFT_FIND) += iscsi_ibft_find.o obj-$(CONFIG_ISCSI_IBFT) += iscsi_ibft.o obj-$(CONFIG_FIRMWARE_MEMMAP) += memmap.o diff --git a/drivers/firmware/stratix10-rsu.c b/drivers/firmware/stratix10-rsu.c new file mode 100644 index 000..bf410f86 --- /dev/null +++ b/drivers/firmware/stratix10-rsu.c @@ -0,0 +1,428 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2018-2019, Intel Corporation + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define RSU_VERSION_MASK GENMASK_ULL(31, 0) +#define RSU_STATE_MASK GENMASK_ULL(63, 32) +#define RSU_ERROR_DETAIL_MASK GENMASK_ULL(31, 0) +#define RSU_ERROR_LOCATION_MASKGENMASK_ULL(63, 32) + +#define RSU_REQUEST_TIMEOUT(msecs_to_jiffies(SVC_RSU_REQUEST_TIMEOUT_MS)) + +/** + * struct stratix10_rsu_priv - rsu data structure + * @chan: pointer to the allocated service channel + * @client: active service client + * @completion: state for callback completion + * @status.current_image: address of image currently running in flash + * @status.fail_image: address of failed image in flash + * @status.version: the version number of RSU firmware + * @status.state: the state of RSU system + * @status.error_details: error code + * @status.error_location: the error offset inside the image that failed + */ +struct stratix10_rsu_priv { + struct stratix10_svc_chan *chan; + struct stratix10_svc_client client; + struct completion completion; + struct mutex lock; + struct { + unsigned long current_image; + unsigned long fail_image; + unsigned int version; + unsigned int state; + unsigned int error_details; + unsigned int error_location; + } status; +}; + +/** + * rsu_status_callback() - Status callback from Intel service layer + * @client: pointer to service client + * @data: pointer to callback data structure + * + * Callback from Intel service layer for RSU status request. Status is + * only updated after a system reboot, so a get updated status call is + * made during driver probe. + */ +static void rsu_status_callback(struct stratix10_svc_client *client, + struct stratix10_svc_cb_data *data) +{ + struct stratix10_rsu_priv *priv = client->priv; + struct arm_smccc_res *res = (struct arm_smccc_res *)data->kaddr1; + + if (data->status == BIT(SVC_STATUS_RSU_OK)) { +
[PATCHv1 6/6] MAINTAINERS: add maintainer for Intel Stratix10 FW drivers
From: Richard Gong Add myself as maintainer for the newly created Intel Stratix10 firmware drivers. Signed-off-by: Richard Gong Reviewed-by: Alan Tull --- MAINTAINERS | 10 ++ 1 file changed, 10 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 4cf3cbf..d7054f5 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -8039,6 +8039,16 @@ S: Supported F: drivers/infiniband/hw/i40iw/ F: include/uapi/rdma/i40iw-abi.h +INTEL STRATIX10 FIRMWARE DRIVERS +M: Richard Gong +L: linux-kernel@vger.kernel.org +S: Maintained +F: drivers/firmware/stratix10* +F: include/linux/firmware/intel/ +F: Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu +F: Documentation/devicetree/bindings/firmware/intel,stratix10-rsu.txt +F: Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt + INTEL TELEMETRY DRIVER M: Rajneesh Bhardwaj M: "David E. Box" -- 2.7.4
[PATCHv1 5/6] firmware: rsu: document sysfs interface
From: Richard Gong Describe Intel Stratix10 Remote System Update (RSU) device attributes Signed-off-by: Richard Gong Reviewed-by: Alan Tull --- .../testing/sysfs-devices-platform-stratix10-rsu | 78 ++ 1 file changed, 78 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu diff --git a/Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu b/Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu new file mode 100644 index 000..cb461ee --- /dev/null +++ b/Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu @@ -0,0 +1,78 @@ + Intel Stratix10 Remote System Update (RSU) device attributes + +What: /sys/devices/platform/soc:firmware:svc/soc:firmware:svc:rsu/current_image +Date: April 2019 +KernelVersion: 5.2 +Contact: Richard Gong +Description: + (RO) the address of image currently running in flash. + +What: /sys/devices/platform/soc:firmware:svc/soc:firmware:svc:rsu/fail_image +Date: April 2019 +KernelVersion: 5.2 +Contact:Richard Gong +Description: + (RO) the address of failed image in flash. + +What: /sys/devices/platform/soc:firmware:svc/soc:firmware:svc:rsu/state +Date: April 2019 +KernelVersion: 5.2 +Contact:Richard Gong +Description: + (RO) the state of RSU system. + The state field has two parts: major error code in upper 16 bits and minor error code + in lower 16 bits. + 1. Major error code + 0xF001 -- bitstream error + 0xF002 -- hardware access failure + 0xF003 -- bitstream corruption + 0xF004 -- internal error + 0xF005 -- device error + 0xF006 -- HPS watchdog timeout + 0xF007 -- internal unknown error + 2: Minor error code + Currently used only when major error is 0xF006 (HPS watchdog timeout), in which + case the minor error code is the value reported by HPS to firmware through the RSU notify + command before the watchdog timeout occurs. + +What: /sys/devices/platform/soc:firmware:svc/soc:firmware:svc:rsu/version +Date: April 2019 +KernelVersion: 5.2 +Contact:Richard Gong +Description: + (RO) the version number of RSU firmware. + +What: /sys/devices/platform/soc:firmware:svc/soc:firmware:svc:rsu/error_location +Date: April 2019 +KernelVersion: 5.2 +Contact:Richard Gong +Description: + (RO) the error offset inside the image that failed. + +What: /sys/devices/platform/soc:firmware:svc/soc:firmware:svc:rsu/error_details +Date: April 2019 +KernelVersion: 5.2 +Contact:Richard Gong +Description: + (RO) error code. + +What: /sys/devices/platform/soc:firmware:svc/soc:firmware:svc:rsu/reboot_image +Date: April 2019 +KernelVersion: 5.2 +Contact:Richard Gong +Description: + (WO) the address of image to be loaded on next reboot command. + +What: /sys/devices/platform/soc:firmware:svc/soc:firmware:svc:rsu/notify +Date: April 2019 +KernelVersion: 5.2 +Contact:Richard Gong +Description: + (WO) inform firmware that the current software state as a 16-bit + numerical value below: + 0 -- the first stage bootloader didn't run or didn't reach the +point of launching second stage bootloader + 1 -- failed in second bootloader or didn't get to the point of +launching the operating system + 2 -- both first and second stage bootloader ran and the operating +system launch was attempted. -- 2.7.4
[PATCHv3] firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
From: Richard Gong Clean up COMMAND_RECONFIG_FLAG_PARTIAL flag by resetting it to 0, which aligns with the firmware settings. Cc: # 5.9+ Fixes: 36847f9e3e56 ("firmware: stratix10-svc: correct reconfig flag and timeout values") Signed-off-by: Richard Gong --- v3: correct the missing item in the Fixes subject line v2: add tag Cc: # 5.9+ add 'Fixes: ... ' line in the comment --- include/linux/firmware/intel/stratix10-svc-client.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index a93d859..f843c6a 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -56,7 +56,7 @@ * COMMAND_RECONFIG_FLAG_PARTIAL: * Set to FPGA configuration type (full or partial). */ -#define COMMAND_RECONFIG_FLAG_PARTIAL 1 +#define COMMAND_RECONFIG_FLAG_PARTIAL 0 /** * Timeout settings for service clients: -- 2.7.4
Re: [PATCHv4 5/6] dt-bindings: fpga: add authenticate-fpga-config property
Hi Moritz, On 2/1/21 10:27 PM, Moritz Fischer wrote: On Mon, Feb 01, 2021 at 09:21:58AM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Add authenticate-fpga-config property for FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v4: explain authenticate-fpga-config flag further v3: no change v2: put authenticate-fpga-config above partial-fpga-config update commit messages --- Documentation/devicetree/bindings/fpga/fpga-region.txt | 4 1 file changed, 4 insertions(+) diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt index e811cf8..e2740b6 100644 --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt @@ -182,6 +182,10 @@ Optional properties: This property is optional if the FPGA Manager handles the bridges. If the fpga-region is the child of a fpga-bridge, the list should not contain the parent bridge. +- authenticate-fpga-config : boolean, set if do bitstream authentication only. + flag authenticate-fpga-config is used to first check the integrity of + the bitstream. If the authentication is passed, the user can perform + other operations. From the other commits it looks like it *also* writes to QSPI? If so please document that. If not, feel free to ignore :) Maybe I would highlight two things: a) If you add 'authenticate-fpga-config' you are not allowed to add new nodes b) If you add 'authenticate-fpga-config' you are not alllowed to add other operations How about the descriptions below? - authenticate-fpga-config : boolean, set if do bitstream authentication only. If 'authenticate-fpga-config' is added then adding a new node or another operation is not allowed. Flag authenticate-fpga-config is used to check the integrity of the bitstream. Except for the actual configuration of the device, the authentication works in the same way as FPGA configuration. If the authentication passes, other operations such as full or partial reconfiguration can be performed. When the bitstream into QSPI flash memory at device is programmed, it is expected that there will be no issue when starting the device. - partial-fpga-config : boolean, set if partial reconfiguration is to be done, otherwise full reconfiguration is done. - external-fpga-config : boolean, set if the FPGA has already been configured -- 2.7.4 Thanks, Moritz Regards, Richard
[PATCHv4 2/6] firmware: stratix10-svc: extend SVC driver to get the firmware version
From: Richard Gong Extend Intel service layer driver to get the firmware version running at FPGA device. Therefore FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. Signed-off-by: Richard Gong --- v4: no change v3: new added, changes for getting firmware version --- drivers/firmware/stratix10-svc.c| 12 ++-- include/linux/firmware/intel/stratix10-smc.h| 21 +++-- include/linux/firmware/intel/stratix10-svc-client.h | 4 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c index 3aa489d..1443bbd 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -306,6 +306,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data, break; case COMMAND_RSU_RETRY: case COMMAND_RSU_MAX_RETRY: + case COMMAND_FIRMWARE_VERSION: cb_data->status = BIT(SVC_STATUS_OK); cb_data->kaddr1 = &res.a1; break; @@ -422,6 +423,11 @@ static int svc_normal_to_secure_thread(void *data) a1 = 0; a2 = 0; break; + case COMMAND_FIRMWARE_VERSION: + a0 = INTEL_SIP_SMC_FIRMWARE_VERSION; + a1 = 0; + a2 = 0; + break; default: pr_warn("it shouldn't happen\n"); break; @@ -487,11 +493,13 @@ static int svc_normal_to_secure_thread(void *data) /* * be compatible with older version firmware which -* doesn't support RSU notify or retry +* doesn't support RSU notify, retry or bitstream +* authentication. */ if ((pdata->command == COMMAND_RSU_RETRY) || (pdata->command == COMMAND_RSU_MAX_RETRY) || - (pdata->command == COMMAND_RSU_NOTIFY)) { + (pdata->command == COMMAND_RSU_NOTIFY) || + (pdata->command == COMMAND_FIRMWARE_VERSION)) { cbdata->status = BIT(SVC_STATUS_NO_SUPPORT); cbdata->kaddr1 = NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h index c3e5ab0..505fcca 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -321,8 +321,6 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_ECC_DBE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECC_DBE) -#endif - /** * Request INTEL_SIP_SMC_RSU_NOTIFY * @@ -404,3 +402,22 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY 18 #define INTEL_SIP_SMC_RSU_MAX_RETRY \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY) + +/** + * Request INTEL_SIP_SMC_FIRMWARE_VERSION + * + * Sync call used to query the version of running firmware + * + * Call register usage: + * a0 INTEL_SIP_SMC_FIRMWARE_VERSION + * a1-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK or INTEL_SIP_SMC_STATUS_ERROR + * a1 running firmware version + */ +#define INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION 31 +#define INTEL_SIP_SMC_FIRMWARE_VERSION \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION) + +#endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index fa9581d..193a2cf 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -109,6 +109,9 @@ struct stratix10_svc_chan; * * @COMMAND_RSU_DCMF_VERSION: query firmware for the DCMF version, return status * is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FIRMWARE_VERSION: query running firmware version, return status + * is SVC_STATUS_OK or SVC_STATUS_ERROR */ enum stratix10_svc_command_code { COMMAND_NOOP = 0, @@ -122,6 +125,7 @@ enum stratix10_svc_command_code { COMMAND_RSU_RETRY, COMMAND_RSU_MAX_RETRY, COMMAND_RSU_DCMF_VERSION, + COMMAND_FIRMWARE_VERSION, }; /** -- 2.7.4
[PATCHv4 4/6] fpga: of-fpga-region: add authenticate-fpga-config property
From: Richard Gong Add authenticate-fpga-config property to support FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v4: add additional checks to make sure *only* authenticate v3: no change v2: changed in alphabetical order --- drivers/fpga/of-fpga-region.c | 24 +--- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/drivers/fpga/of-fpga-region.c b/drivers/fpga/of-fpga-region.c index e405309..5074479 100644 --- a/drivers/fpga/of-fpga-region.c +++ b/drivers/fpga/of-fpga-region.c @@ -218,15 +218,25 @@ static struct fpga_image_info *of_fpga_region_parse_ov( info->overlay = overlay; - /* Read FPGA region properties from the overlay */ - if (of_property_read_bool(overlay, "partial-fpga-config")) - info->flags |= FPGA_MGR_PARTIAL_RECONFIG; + /* +* Read FPGA region properties from the overlay. +* +* First check the integrity of the bitstream. If the +* authentication is passed, the user can perform other +* operations. +*/ + if (of_property_read_bool(overlay, "authenticate-fpga-config")) { + info->flags |= FPGA_MGR_BITSTREAM_AUTHENTICATE; + } else { + if (of_property_read_bool(overlay, "partial-fpga-config")) + info->flags |= FPGA_MGR_PARTIAL_RECONFIG; - if (of_property_read_bool(overlay, "external-fpga-config")) - info->flags |= FPGA_MGR_EXTERNAL_CONFIG; + if (of_property_read_bool(overlay, "external-fpga-config")) + info->flags |= FPGA_MGR_EXTERNAL_CONFIG; - if (of_property_read_bool(overlay, "encrypted-fpga-config")) - info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM; + if (of_property_read_bool(overlay, "encrypted-fpga-config")) + info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM; + } if (!of_property_read_string(overlay, "firmware-name", &firmware_name)) { -- 2.7.4
[PATCHv4 5/6] dt-bindings: fpga: add authenticate-fpga-config property
From: Richard Gong Add authenticate-fpga-config property for FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v4: explain authenticate-fpga-config flag further v3: no change v2: put authenticate-fpga-config above partial-fpga-config update commit messages --- Documentation/devicetree/bindings/fpga/fpga-region.txt | 4 1 file changed, 4 insertions(+) diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt index e811cf8..e2740b6 100644 --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt @@ -182,6 +182,10 @@ Optional properties: This property is optional if the FPGA Manager handles the bridges. If the fpga-region is the child of a fpga-bridge, the list should not contain the parent bridge. +- authenticate-fpga-config : boolean, set if do bitstream authentication only. + flag authenticate-fpga-config is used to first check the integrity of + the bitstream. If the authentication is passed, the user can perform + other operations. - partial-fpga-config : boolean, set if partial reconfiguration is to be done, otherwise full reconfiguration is done. - external-fpga-config : boolean, set if the FPGA has already been configured -- 2.7.4
[PATCHv4 1/6] firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
From: Richard Gong Add COMMAND_AUTHENTICATE_BITSTREAM command flag for new added bitstream authentication feature. Authenticating a bitstream is to make sure a signed bitstream has the valid signatures. Except for the actual configuration of the device, the bitstream authentication works the same way as FPGA configuration does. If the authentication passes, the signed bitstream will be programmed into QSPI flash memory and will be expected to boot without issues. Signed-off-by: Richard Gong --- v4: remove change at COMMAND_RECONFIG_FLAG_PARTIAL flag & add that to a separate commit 27ad5309c247b6bde8a098e17e9bd9b1576b7f71. v3: no change v2: new added --- include/linux/firmware/intel/stratix10-svc-client.h | 5 + 1 file changed, 5 insertions(+) diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index f843c6a..fa9581d 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -55,8 +55,13 @@ * * COMMAND_RECONFIG_FLAG_PARTIAL: * Set to FPGA configuration type (full or partial). + * + * COMMAND_AUTHENTICATE_BITSTREAM: + * Set for bitstream authentication, which makes sure a signed bitstream + * has valid signatures before committing it to device. */ #define COMMAND_RECONFIG_FLAG_PARTIAL 0 +#define COMMAND_AUTHENTICATE_BITSTREAM 1 /** * Timeout settings for service clients: -- 2.7.4
[PATCHv4 6/6] fpga: stratix10-soc: extend driver for bitstream authentication
From: Richard Gong Extend FPGA manager driver to support FPGA bitstream authentication on Intel SocFPGA platforms. Signed-off-by: Richard Gong --- v4: s/FPGA_MGR_BITSTREM_AUTHENTICATION/FPGA_MGR_BITSTREAM_AUTHENTICATE v3: add handle to retriev the firmware version to keep driver back compatible v2: use flag defined in stratix10-svc driver --- drivers/fpga/stratix10-soc.c | 62 +++- 1 file changed, 56 insertions(+), 6 deletions(-) diff --git a/drivers/fpga/stratix10-soc.c b/drivers/fpga/stratix10-soc.c index 657a70c..9ab7afd 100644 --- a/drivers/fpga/stratix10-soc.c +++ b/drivers/fpga/stratix10-soc.c @@ -24,6 +24,10 @@ #define S10_BUFFER_TIMEOUT (msecs_to_jiffies(SVC_RECONFIG_BUFFER_TIMEOUT_MS)) #define S10_RECONFIG_TIMEOUT (msecs_to_jiffies(SVC_RECONFIG_REQUEST_TIMEOUT_MS)) +#define INVALID_FIRMWARE_VERSION 0x +typedef void (*s10_callback)(struct stratix10_svc_client *client, +struct stratix10_svc_cb_data *data); + /* * struct s10_svc_buf * buf: virtual address of buf provided by service layer @@ -40,11 +44,13 @@ struct s10_priv { struct completion status_return_completion; struct s10_svc_buf svc_bufs[NUM_SVC_BUFS]; unsigned long status; + unsigned int fw_version; }; static int s10_svc_send_msg(struct s10_priv *priv, enum stratix10_svc_command_code command, - void *payload, u32 payload_length) + void *payload, u32 payload_length, + s10_callback callback) { struct stratix10_svc_chan *chan = priv->chan; struct device *dev = priv->client.dev; @@ -57,6 +63,7 @@ static int s10_svc_send_msg(struct s10_priv *priv, msg.command = command; msg.payload = payload; msg.payload_length = payload_length; + priv->client.receive_cb = callback; ret = stratix10_svc_send(chan, &msg); dev_dbg(dev, "stratix10_svc_send returned status %d\n", ret); @@ -134,6 +141,29 @@ static void s10_unlock_bufs(struct s10_priv *priv, void *kaddr) } /* + * s10_fw_version_callback - callback for the version of running firmware + * @client: service layer client struct + * @data: message from service layer + */ +static void s10_fw_version_callback(struct stratix10_svc_client *client, + struct stratix10_svc_cb_data *data) +{ + struct s10_priv *priv = client->priv; + unsigned int *version = (unsigned int *)data->kaddr1; + + if (data->status == BIT(SVC_STATUS_OK)) + priv->fw_version = *version; + else if (data->status == BIT(SVC_STATUS_NO_SUPPORT)) + dev_warn(client->dev, +"FW doesn't support bitstream authentication\n"); + else + dev_err(client->dev, "Failed to get FW version %lu\n", + BIT(data->status)); + + complete(&priv->status_return_completion); +} + +/* * s10_receive_callback - callback for service layer to use to provide client * (this driver) messages received through the mailbox. * client: service layer client struct @@ -186,13 +216,22 @@ static int s10_ops_write_init(struct fpga_manager *mgr, if (info->flags & FPGA_MGR_PARTIAL_RECONFIG) { dev_dbg(dev, "Requesting partial reconfiguration.\n"); ctype.flags |= BIT(COMMAND_RECONFIG_FLAG_PARTIAL); + } else if (info->flags & FPGA_MGR_BITSTREAM_AUTHENTICATE) { + if (priv->fw_version == INVALID_FIRMWARE_VERSION) { + dev_err(dev, "FW doesn't support\n"); + return -EINVAL; + } + + dev_dbg(dev, "Requesting bitstream authentication.\n"); + ctype.flags |= BIT(COMMAND_AUTHENTICATE_BITSTREAM); } else { dev_dbg(dev, "Requesting full reconfiguration.\n"); } reinit_completion(&priv->status_return_completion); ret = s10_svc_send_msg(priv, COMMAND_RECONFIG, - &ctype, sizeof(ctype)); + &ctype, sizeof(ctype), + s10_receive_callback); if (ret < 0) goto init_done; @@ -259,7 +298,7 @@ static int s10_send_buf(struct fpga_manager *mgr, const char *buf, size_t count) svc_buf = priv->svc_bufs[i].buf; memcpy(svc_buf, buf, xfer_sz); ret = s10_svc_send_msg(priv, COMMAND_RECONFIG_DATA_SUBMIT, - svc_buf, xfer_sz); + svc_buf, xfer_sz, s10_receive_callback); if (ret < 0) { dev_err(dev, "Error while sending data to service layer (%d)", ret);
[PATCHv4 3/6] fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
From: Richard Gong Add FPGA_MGR_BITSTREAM_AUTHENTICATE flag for FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Except for the actual configuration of the device, the authentication works the same way as FPGA configuration does. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Signed-off-by: Richard Gong --- v4: s/FPGA_MGR_BITSTREM_AUTHENTICATION/FPGA_MGR_BITSTREAM_AUTHENTICATE v3: no change v2: align all FPGA_MGR_* flags update the commit messages --- include/linux/fpga/fpga-mgr.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/fpga/fpga-mgr.h b/include/linux/fpga/fpga-mgr.h index 2bc3030..a81b3a7 100644 --- a/include/linux/fpga/fpga-mgr.h +++ b/include/linux/fpga/fpga-mgr.h @@ -67,12 +67,15 @@ enum fpga_mgr_states { * %FPGA_MGR_BITSTREAM_LSB_FIRST: SPI bitstream bit order is LSB first * * %FPGA_MGR_COMPRESSED_BITSTREAM: FPGA bitstream is compressed + * + * %FPGA_MGR_BITSTREAM_AUTHENTICATE: do FPGA bitstream authentication only */ #define FPGA_MGR_PARTIAL_RECONFIG BIT(0) #define FPGA_MGR_EXTERNAL_CONFIG BIT(1) #define FPGA_MGR_ENCRYPTED_BITSTREAM BIT(2) #define FPGA_MGR_BITSTREAM_LSB_FIRST BIT(3) #define FPGA_MGR_COMPRESSED_BITSTREAM BIT(4) +#define FPGA_MGR_BITSTREAM_AUTHENTICATEBIT(5) /** * struct fpga_image_info - information specific to a FPGA image -- 2.7.4
[PATCHv4 0/6] Extend Intel service layer, FPGA manager and region
From: Richard Gong This is 4th submission of Intel service layer and FPGA patches. This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible. Bitstream authentication makes sure a signed bitstream has valid signatures. The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. Richard Gong (6): firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag firmware: stratix10-svc: extend SVC driver to get the firmware version fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag fpga: of-fpga-region: add authenticate-fpga-config property dt-bindings: fpga: add authenticate-fpga-config property fpga: stratix10-soc: extend driver for bitstream authentication .../devicetree/bindings/fpga/fpga-region.txt | 4 ++ drivers/firmware/stratix10-svc.c | 12 - drivers/fpga/of-fpga-region.c | 24 ++--- drivers/fpga/stratix10-soc.c | 62 +++--- include/linux/firmware/intel/stratix10-smc.h | 21 +++- .../linux/firmware/intel/stratix10-svc-client.h| 9 include/linux/fpga/fpga-mgr.h | 3 ++ 7 files changed, 118 insertions(+), 17 deletions(-) -- 2.7.4
[PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
From: Richard Gong This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission. This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible. Bitstream authentication makes sure a signed bitstream has valid signatures. The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. Richard Gong (7): firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag firmware: stratix10-svc: extend SVC driver to get the firmware version fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag fpga: of-fpga-region: add authenticate-fpga-config property dt-bindings: fpga: add authenticate-fpga-config property fpga: stratix10-soc: extend driver for bitstream authentication .../devicetree/bindings/fpga/fpga-region.txt | 10 drivers/firmware/stratix10-svc.c | 12 - drivers/fpga/of-fpga-region.c | 24 ++--- drivers/fpga/stratix10-soc.c | 62 +++--- include/linux/firmware/intel/stratix10-smc.h | 21 +++- .../linux/firmware/intel/stratix10-svc-client.h| 11 +++- include/linux/fpga/fpga-mgr.h | 3 ++ 7 files changed, 125 insertions(+), 18 deletions(-) -- 2.7.4
[PATCHv5 6/7] dt-bindings: fpga: add authenticate-fpga-config property
From: Richard Gong Add authenticate-fpga-config property for FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v5: rewrite the description to highlight two things with authenticate-fpga-config flag v4: explain authenticate-fpga-config flag further v3: no change v2: put authenticate-fpga-config above partial-fpga-config update commit messages --- Documentation/devicetree/bindings/fpga/fpga-region.txt | 10 ++ 1 file changed, 10 insertions(+) diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt index e811cf8..dca0e37 100644 --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt @@ -182,6 +182,16 @@ Optional properties: This property is optional if the FPGA Manager handles the bridges. If the fpga-region is the child of a fpga-bridge, the list should not contain the parent bridge. +- authenticate-fpga-config : boolean, set if do bitstream authentication only. + If 'authenticate-fpga-config' is added then adding a new node or another + operation is not allowed. + Flag authenticate-fpga-config is used to check the integrity of the + bitstream. + Except for the actual configuration of the device, the authentication + works in the same way as FPGA configuration. If the authentication passes, + other operations such as full or partial reconfiguration can be performed. + When the bitstream into QSPI flash memory at device is programmed, it is + expected that there will be no issue when starting the device. - partial-fpga-config : boolean, set if partial reconfiguration is to be done, otherwise full reconfiguration is done. - external-fpga-config : boolean, set if the FPGA has already been configured -- 2.7.4
[PATCHv5 1/7] firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
From: Richard Gong Clean up COMMAND_RECONFIG_FLAG_PARTIAL flag by resetting it to 0, which aligns with the firmware settings. Fixes: 36847f9e3e56 ("firmware: stratix10-svc: correct reconfig flag and timeout values") Signed-off-by: Richard Gong --- v5: new add, add the missing standalone patch --- include/linux/firmware/intel/stratix10-svc-client.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index a93d859..f843c6a 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -56,7 +56,7 @@ * COMMAND_RECONFIG_FLAG_PARTIAL: * Set to FPGA configuration type (full or partial). */ -#define COMMAND_RECONFIG_FLAG_PARTIAL 1 +#define COMMAND_RECONFIG_FLAG_PARTIAL 0 /** * Timeout settings for service clients: -- 2.7.4
[PATCHv5 2/7] firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
From: Richard Gong Add COMMAND_AUTHENTICATE_BITSTREAM command flag for new added bitstream authentication feature. Authenticating a bitstream is to make sure a signed bitstream has the valid signatures. Except for the actual configuration of the device, the bitstream authentication works the same way as FPGA configuration does. If the authentication passes, the signed bitstream will be programmed into QSPI flash memory and will be expected to boot without issues. Signed-off-by: Richard Gong --- v5: no change v4: remove change at COMMAND_RECONFIG_FLAG_PARTIAL flag & add that to a separate commit 27ad5309c247b6bde8a098e17e9bd9b1576b7f71. v3: no change v2: new added --- include/linux/firmware/intel/stratix10-svc-client.h | 5 + 1 file changed, 5 insertions(+) diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index f843c6a..fa9581d 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -55,8 +55,13 @@ * * COMMAND_RECONFIG_FLAG_PARTIAL: * Set to FPGA configuration type (full or partial). + * + * COMMAND_AUTHENTICATE_BITSTREAM: + * Set for bitstream authentication, which makes sure a signed bitstream + * has valid signatures before committing it to device. */ #define COMMAND_RECONFIG_FLAG_PARTIAL 0 +#define COMMAND_AUTHENTICATE_BITSTREAM 1 /** * Timeout settings for service clients: -- 2.7.4
[PATCHv5 3/7] firmware: stratix10-svc: extend SVC driver to get the firmware version
From: Richard Gong Extend Intel service layer driver to get the firmware version running at FPGA device. Therefore FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. Signed-off-by: Richard Gong --- v5: no change v4: no change v3: new added, changes for getting firmware version --- drivers/firmware/stratix10-svc.c| 12 ++-- include/linux/firmware/intel/stratix10-smc.h| 21 +++-- include/linux/firmware/intel/stratix10-svc-client.h | 4 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c index 3aa489d..1443bbd 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -306,6 +306,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data, break; case COMMAND_RSU_RETRY: case COMMAND_RSU_MAX_RETRY: + case COMMAND_FIRMWARE_VERSION: cb_data->status = BIT(SVC_STATUS_OK); cb_data->kaddr1 = &res.a1; break; @@ -422,6 +423,11 @@ static int svc_normal_to_secure_thread(void *data) a1 = 0; a2 = 0; break; + case COMMAND_FIRMWARE_VERSION: + a0 = INTEL_SIP_SMC_FIRMWARE_VERSION; + a1 = 0; + a2 = 0; + break; default: pr_warn("it shouldn't happen\n"); break; @@ -487,11 +493,13 @@ static int svc_normal_to_secure_thread(void *data) /* * be compatible with older version firmware which -* doesn't support RSU notify or retry +* doesn't support RSU notify, retry or bitstream +* authentication. */ if ((pdata->command == COMMAND_RSU_RETRY) || (pdata->command == COMMAND_RSU_MAX_RETRY) || - (pdata->command == COMMAND_RSU_NOTIFY)) { + (pdata->command == COMMAND_RSU_NOTIFY) || + (pdata->command == COMMAND_FIRMWARE_VERSION)) { cbdata->status = BIT(SVC_STATUS_NO_SUPPORT); cbdata->kaddr1 = NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h index c3e5ab0..505fcca 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -321,8 +321,6 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_ECC_DBE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECC_DBE) -#endif - /** * Request INTEL_SIP_SMC_RSU_NOTIFY * @@ -404,3 +402,22 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY 18 #define INTEL_SIP_SMC_RSU_MAX_RETRY \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY) + +/** + * Request INTEL_SIP_SMC_FIRMWARE_VERSION + * + * Sync call used to query the version of running firmware + * + * Call register usage: + * a0 INTEL_SIP_SMC_FIRMWARE_VERSION + * a1-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK or INTEL_SIP_SMC_STATUS_ERROR + * a1 running firmware version + */ +#define INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION 31 +#define INTEL_SIP_SMC_FIRMWARE_VERSION \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION) + +#endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index fa9581d..193a2cf 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -109,6 +109,9 @@ struct stratix10_svc_chan; * * @COMMAND_RSU_DCMF_VERSION: query firmware for the DCMF version, return status * is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FIRMWARE_VERSION: query running firmware version, return status + * is SVC_STATUS_OK or SVC_STATUS_ERROR */ enum stratix10_svc_command_code { COMMAND_NOOP = 0, @@ -122,6 +125,7 @@ enum stratix10_svc_command_code { COMMAND_RSU_RETRY, COMMAND_RSU_MAX_RETRY, COMMAND_RSU_DCMF_VERSION, + COMMAND_FIRMWARE_VERSION, }; /** -- 2.7.4
[PATCHv5 7/7] fpga: stratix10-soc: extend driver for bitstream authentication
From: Richard Gong Extend FPGA manager driver to support FPGA bitstream authentication on Intel SocFPGA platforms. Signed-off-by: Richard Gong --- v5: no change v4: s/FPGA_MGR_BITSTREM_AUTHENTICATION/FPGA_MGR_BITSTREAM_AUTHENTICATE v3: add handle to retriev the firmware version to keep driver back compatible v2: use flag defined in stratix10-svc driver --- drivers/fpga/stratix10-soc.c | 62 +++- 1 file changed, 56 insertions(+), 6 deletions(-) diff --git a/drivers/fpga/stratix10-soc.c b/drivers/fpga/stratix10-soc.c index 657a70c..9ab7afd 100644 --- a/drivers/fpga/stratix10-soc.c +++ b/drivers/fpga/stratix10-soc.c @@ -24,6 +24,10 @@ #define S10_BUFFER_TIMEOUT (msecs_to_jiffies(SVC_RECONFIG_BUFFER_TIMEOUT_MS)) #define S10_RECONFIG_TIMEOUT (msecs_to_jiffies(SVC_RECONFIG_REQUEST_TIMEOUT_MS)) +#define INVALID_FIRMWARE_VERSION 0x +typedef void (*s10_callback)(struct stratix10_svc_client *client, +struct stratix10_svc_cb_data *data); + /* * struct s10_svc_buf * buf: virtual address of buf provided by service layer @@ -40,11 +44,13 @@ struct s10_priv { struct completion status_return_completion; struct s10_svc_buf svc_bufs[NUM_SVC_BUFS]; unsigned long status; + unsigned int fw_version; }; static int s10_svc_send_msg(struct s10_priv *priv, enum stratix10_svc_command_code command, - void *payload, u32 payload_length) + void *payload, u32 payload_length, + s10_callback callback) { struct stratix10_svc_chan *chan = priv->chan; struct device *dev = priv->client.dev; @@ -57,6 +63,7 @@ static int s10_svc_send_msg(struct s10_priv *priv, msg.command = command; msg.payload = payload; msg.payload_length = payload_length; + priv->client.receive_cb = callback; ret = stratix10_svc_send(chan, &msg); dev_dbg(dev, "stratix10_svc_send returned status %d\n", ret); @@ -134,6 +141,29 @@ static void s10_unlock_bufs(struct s10_priv *priv, void *kaddr) } /* + * s10_fw_version_callback - callback for the version of running firmware + * @client: service layer client struct + * @data: message from service layer + */ +static void s10_fw_version_callback(struct stratix10_svc_client *client, + struct stratix10_svc_cb_data *data) +{ + struct s10_priv *priv = client->priv; + unsigned int *version = (unsigned int *)data->kaddr1; + + if (data->status == BIT(SVC_STATUS_OK)) + priv->fw_version = *version; + else if (data->status == BIT(SVC_STATUS_NO_SUPPORT)) + dev_warn(client->dev, +"FW doesn't support bitstream authentication\n"); + else + dev_err(client->dev, "Failed to get FW version %lu\n", + BIT(data->status)); + + complete(&priv->status_return_completion); +} + +/* * s10_receive_callback - callback for service layer to use to provide client * (this driver) messages received through the mailbox. * client: service layer client struct @@ -186,13 +216,22 @@ static int s10_ops_write_init(struct fpga_manager *mgr, if (info->flags & FPGA_MGR_PARTIAL_RECONFIG) { dev_dbg(dev, "Requesting partial reconfiguration.\n"); ctype.flags |= BIT(COMMAND_RECONFIG_FLAG_PARTIAL); + } else if (info->flags & FPGA_MGR_BITSTREAM_AUTHENTICATE) { + if (priv->fw_version == INVALID_FIRMWARE_VERSION) { + dev_err(dev, "FW doesn't support\n"); + return -EINVAL; + } + + dev_dbg(dev, "Requesting bitstream authentication.\n"); + ctype.flags |= BIT(COMMAND_AUTHENTICATE_BITSTREAM); } else { dev_dbg(dev, "Requesting full reconfiguration.\n"); } reinit_completion(&priv->status_return_completion); ret = s10_svc_send_msg(priv, COMMAND_RECONFIG, - &ctype, sizeof(ctype)); + &ctype, sizeof(ctype), + s10_receive_callback); if (ret < 0) goto init_done; @@ -259,7 +298,7 @@ static int s10_send_buf(struct fpga_manager *mgr, const char *buf, size_t count) svc_buf = priv->svc_bufs[i].buf; memcpy(svc_buf, buf, xfer_sz); ret = s10_svc_send_msg(priv, COMMAND_RECONFIG_DATA_SUBMIT, - svc_buf, xfer_sz); + svc_buf, xfer_sz, s10_receive_callback); if (ret < 0) { dev_err(dev, "Error while sending data to service layer (%d)", ret);
[PATCHv5 4/7] fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
From: Richard Gong Add FPGA_MGR_BITSTREAM_AUTHENTICATE flag for FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Except for the actual configuration of the device, the authentication works the same way as FPGA configuration does. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Signed-off-by: Richard Gong --- v5: no change v4: s/FPGA_MGR_BITSTREM_AUTHENTICATION/FPGA_MGR_BITSTREAM_AUTHENTICATE v3: no change v2: align all FPGA_MGR_* flags update the commit messages --- include/linux/fpga/fpga-mgr.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/fpga/fpga-mgr.h b/include/linux/fpga/fpga-mgr.h index 2bc3030..a81b3a7 100644 --- a/include/linux/fpga/fpga-mgr.h +++ b/include/linux/fpga/fpga-mgr.h @@ -67,12 +67,15 @@ enum fpga_mgr_states { * %FPGA_MGR_BITSTREAM_LSB_FIRST: SPI bitstream bit order is LSB first * * %FPGA_MGR_COMPRESSED_BITSTREAM: FPGA bitstream is compressed + * + * %FPGA_MGR_BITSTREAM_AUTHENTICATE: do FPGA bitstream authentication only */ #define FPGA_MGR_PARTIAL_RECONFIG BIT(0) #define FPGA_MGR_EXTERNAL_CONFIG BIT(1) #define FPGA_MGR_ENCRYPTED_BITSTREAM BIT(2) #define FPGA_MGR_BITSTREAM_LSB_FIRST BIT(3) #define FPGA_MGR_COMPRESSED_BITSTREAM BIT(4) +#define FPGA_MGR_BITSTREAM_AUTHENTICATEBIT(5) /** * struct fpga_image_info - information specific to a FPGA image -- 2.7.4
[PATCHv5 5/7] fpga: of-fpga-region: add authenticate-fpga-config property
From: Richard Gong Add authenticate-fpga-config property to support FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v5: no change v4: add additional checks to make sure *only* authenticate v3: no change v2: changed in alphabetical order --- drivers/fpga/of-fpga-region.c | 24 +--- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/drivers/fpga/of-fpga-region.c b/drivers/fpga/of-fpga-region.c index e405309..5074479 100644 --- a/drivers/fpga/of-fpga-region.c +++ b/drivers/fpga/of-fpga-region.c @@ -218,15 +218,25 @@ static struct fpga_image_info *of_fpga_region_parse_ov( info->overlay = overlay; - /* Read FPGA region properties from the overlay */ - if (of_property_read_bool(overlay, "partial-fpga-config")) - info->flags |= FPGA_MGR_PARTIAL_RECONFIG; + /* +* Read FPGA region properties from the overlay. +* +* First check the integrity of the bitstream. If the +* authentication is passed, the user can perform other +* operations. +*/ + if (of_property_read_bool(overlay, "authenticate-fpga-config")) { + info->flags |= FPGA_MGR_BITSTREAM_AUTHENTICATE; + } else { + if (of_property_read_bool(overlay, "partial-fpga-config")) + info->flags |= FPGA_MGR_PARTIAL_RECONFIG; - if (of_property_read_bool(overlay, "external-fpga-config")) - info->flags |= FPGA_MGR_EXTERNAL_CONFIG; + if (of_property_read_bool(overlay, "external-fpga-config")) + info->flags |= FPGA_MGR_EXTERNAL_CONFIG; - if (of_property_read_bool(overlay, "encrypted-fpga-config")) - info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM; + if (of_property_read_bool(overlay, "encrypted-fpga-config")) + info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM; + } if (!of_property_read_string(overlay, "firmware-name", &firmware_name)) { -- 2.7.4
Re: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
The first patch of the version 5 patch set is a fix for the mainline, I submitted a separate patch for a fix at the stable. Regards, Richard On 2/25/21 7:28 AM, Tom Rix wrote: The first patch is a fix that is targeted for stable. Tom On 2/25/21 5:07 AM, Gong, Richard wrote: Hi Moritz, Sorry for asking. When you have chance, can you help review the version 5 patchset submitted on 02/09/21? Regards, Richard -Original Message- From: richard.g...@linux.intel.com Sent: Tuesday, February 9, 2021 4:20 PM To: m...@kernel.org; t...@redhat.com; gre...@linuxfoundation.org; linux-f...@vger.kernel.org; linux-kernel@vger.kernel.org Cc: Gong, Richard Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region From: Richard Gong This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission. This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible. Bitstream authentication makes sure a signed bitstream has valid signatures. The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. Richard Gong (7): firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag firmware: stratix10-svc: extend SVC driver to get the firmware version fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag fpga: of-fpga-region: add authenticate-fpga-config property dt-bindings: fpga: add authenticate-fpga-config property fpga: stratix10-soc: extend driver for bitstream authentication .../devicetree/bindings/fpga/fpga-region.txt | 10 drivers/firmware/stratix10-svc.c | 12 - drivers/fpga/of-fpga-region.c | 24 ++--- drivers/fpga/stratix10-soc.c | 62 +++--- include/linux/firmware/intel/stratix10-smc.h | 21 +++- .../linux/firmware/intel/stratix10-svc-client.h| 11 +++- include/linux/fpga/fpga-mgr.h | 3 ++ 7 files changed, 125 insertions(+), 18 deletions(-) -- 2.7.4
Re: [PATCHv2] fpga: stratix10-soc: remove the pre-set reconfiguration condition
Hi Moritz, On 5/31/20 2:49 PM, Moritz Fischer wrote: On Fri, May 29, 2020 at 08:15:15AM -0500, Richard Gong wrote: Hi Moritz, Sorry for asking. When you get chance, can you review my version 2 patch submitted on 05/15/20? Regards, Richard On 5/15/20 9:35 AM, richard.g...@linux.intel.com wrote: From: Richard Gong The reconfiguration mode is pre-set by driver as the full reconfiguration. As a result, user have to change code and recompile the drivers if he or she wants to perform a partial reconfiguration. Removing the pre-set reconfiguration condition so that user can select full or partial reconfiguration via overlay device tree without recompiling the drivers. Can you help me understand? See comment below, I'm not sure how this change changes the behavior. Flag COMMAND_RECONFIG_FLAG_PARTIAL is defined in Intel service layer driver (include/linux/firmware/intel/stratix10-svc-client.h) and the default value is zero. It is obvious that COMMAND_RECONFIG_FLAG_PARTIAL should be set to 1 to support partial reconfiguration. Please discard this FPGA patch, I will submit a patch on Intel service layer driver. Regards, Richard Also add an error message if the configuration request is failure. Signed-off-by: Richard Gong --- v2: define and use constant values --- drivers/fpga/stratix10-soc.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/fpga/stratix10-soc.c b/drivers/fpga/stratix10-soc.c index 44b7c56..4d52a80 100644 --- a/drivers/fpga/stratix10-soc.c +++ b/drivers/fpga/stratix10-soc.c @@ -14,9 +14,13 @@ /* * FPGA programming requires a higher level of privilege (EL3), per the SoC * design. + * SoC firmware supports full and partial reconfiguration. Consider: "The SoC firmware supports full and partial reconfiguration." */ #define NUM_SVC_BUFS 4 #define SVC_BUF_SIZE SZ_512K +#define FULL_RECONFIG_FLAG 0 +#define PARTIAL_RECONFIG_FLAG 1 + /* Indicates buffer is in use if set */ #define SVC_BUF_LOCK 0 @@ -182,12 +186,12 @@ static int s10_ops_write_init(struct fpga_manager *mgr, uint i; int ret; - ctype.flags = 0; if (info->flags & FPGA_MGR_PARTIAL_RECONFIG) { dev_dbg(dev, "Requesting partial reconfiguration.\n"); - ctype.flags |= BIT(COMMAND_RECONFIG_FLAG_PARTIAL); + ctype.flags = PARTIAL_RECONFIG_FLAG; } else { dev_dbg(dev, "Requesting full reconfiguration.\n"); + ctype.flags = FULL_RECONFIG_FLAG; } Am I missing something here: Doesn't this do the same as before? Before: If info->flags & FPGA_MGR_PARTIAL_RECONFIG -> ctype.flags = 0 | BIT(COMMAND_RECONFIG_FLAG_PARTIAL) -> 1 and ctype->flags = FULL_RECONFIG -> 0 else. Now: If info->flags & FPGA_MGR_PARTIAL_RECONFIG -> ctype.flags = PARTIAL_RECONFIG_FLAG -> 1 ctype->flags = FULL_REECONFIG_FLAG -> 0 else. Am I missing something here? If I don't set the flag for partial reconfig I'd end up with full reconfiguration in both cases? If I do set the flag, I get partial reconfiguration in both cases? reinit_completion(&priv->status_return_completion); @@ -210,6 +214,7 @@ static int s10_ops_write_init(struct fpga_manager *mgr, ret = 0; if (!test_and_clear_bit(SVC_STATUS_OK, &priv->status)) { + dev_err(dev, "RECONFIG_REQUEST failed\n"); ret = -ETIMEDOUT; goto init_done; } Thanks, Moritz
[PATCHv1 0/2] add Intel SoCFPGA crypto service driver
From: Richard Gong I followed the process to register or request a valid IOCTL number/letter, but I got the delivery failure status notification. Cypto service driver and service layer driver patches have been reviewed internally by colleagues at Intel. Intel SoCFPGA is composed of a 64 bit quad-core ARM Cortex A53 hard processor system (HPS) and Secure Device Manager (SDM). SDM is the hardware which does the FPGA configuration, QSPI, remote system update, crypto and warm reset. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3, Exception Level 3) can interface with SDM. All software entities running on other exception levels must channel through the EL3 software whenever it needs service from SDM. Intel Stratix10 service layer driver is added to provide the service for FPGA configuration, Remote System Update and FPGA crypto service (FCS). Running at privileged exception level (EL1, Exception Level 1), Intel Stratix10 service layer driver interfaces with the service clients at EL1 and manages secure monitor call (SMC) to communicate with secure monitor software at secure monitor exception level (EL3). The crypto services include security certificate, image boot validation, security key cancellation, get provision data, random number generation, advance encryption standard (AES) encryption and decryption services. To perform supporting crypto features on Intel SoCFPGA platforms, Linux user-space application interacts with FPGA crypto service (FCS) driver via structures defined in include/uapi/linux/intel_fcs-ioctl.h. The application allocates spaces for IOCTL structure to hold the contents or points to the data that FCS driver needs, uses IOCTL calls to passes data to kernel FCS driver for processing at low level firmware and get processed data or status back form the low level firmware via FCS driver. The user-space application named as fcs_client is at https://github.com/altera-opensource/fcs_apps/tree/fcs_client. Richard Gong (2): firmware: stratix10-svc: extend svc to support new crypto features crypto: add Intel SoCFPGA crypto service driver drivers/crypto/Kconfig | 11 + drivers/crypto/Makefile| 1 + drivers/crypto/intel_fcs.c | 709 + drivers/firmware/stratix10-svc.c | 178 +- include/linux/firmware/intel/stratix10-smc.h | 147 - .../linux/firmware/intel/stratix10-svc-client.h| 42 ++ include/uapi/linux/intel_fcs-ioctl.h | 222 +++ 7 files changed, 1291 insertions(+), 19 deletions(-) create mode 100644 drivers/crypto/intel_fcs.c create mode 100644 include/uapi/linux/intel_fcs-ioctl.h -- 2.7.4
[PATCHv1 1/2] firmware: stratix10-svc: extend svc to support new crypto features
From: Richard Gong Extend Intel service layer driver to support new crypto services on Intel SoCFPGA platforms. The crypto services include security certificate, image boot validation, security key cancellation, get provision data, random number generation, advance encrtption standard (AES) encryption and decryption services. Signed-off-by: Richard Gong --- drivers/firmware/stratix10-svc.c | 178 +++-- include/linux/firmware/intel/stratix10-smc.h | 147 - .../linux/firmware/intel/stratix10-svc-client.h| 42 + 3 files changed, 348 insertions(+), 19 deletions(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c index 3aa489d..994d0a1 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -34,12 +34,13 @@ * timeout is set to 30 seconds (30 * 1000) at Intel Stratix10 SoC. */ #define SVC_NUM_DATA_IN_FIFO 32 -#define SVC_NUM_CHANNEL2 +#define SVC_NUM_CHANNEL3 #define FPGA_CONFIG_DATA_CLAIM_TIMEOUT_MS 200 #define FPGA_CONFIG_STATUS_TIMEOUT_SEC 30 /* stratix10 service layer clients */ #define STRATIX10_RSU "stratix10-rsu" +#define INTEL_FCS "intel-fcs" typedef void (svc_invoke_fn)(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, @@ -53,6 +54,7 @@ struct stratix10_svc_chan; */ struct stratix10_svc { struct platform_device *stratix10_svc_rsu; + struct platform_device *intel_svc_fcs; }; /** @@ -97,8 +99,10 @@ struct stratix10_svc_data_mem { /** * struct stratix10_svc_data - service data structure * @chan: service channel - * @paddr: playload physical address - * @size: playload size + * @paddr: physical address of to be processed payload + * @size: to be processed playload size + * @paddr_output: physical address of the processed payload + * @size_output: the processed payload size * @command: service command requested by client * @flag: configuration type (full or partial) * @arg: args to be passed via registers and not physically mapped buffers @@ -109,6 +113,8 @@ struct stratix10_svc_data { struct stratix10_svc_chan *chan; phys_addr_t paddr; size_t size; + phys_addr_t paddr_output; + size_t size_output; u32 command; u32 flag; u64 arg[3]; @@ -246,32 +252,54 @@ static void svc_thread_cmd_config_status(struct stratix10_svc_controller *ctrl, { struct arm_smccc_res res; int count_in_sec; + unsigned long a0, a1, a2; cb_data->kaddr1 = NULL; cb_data->kaddr2 = NULL; cb_data->kaddr3 = NULL; cb_data->status = BIT(SVC_STATUS_ERROR); - pr_debug("%s: polling config status\n", __func__); + pr_debug("%s: polling completed status\n", __func__); + + a0 = INTEL_SIP_SMC_FPGA_CONFIG_ISDONE; + a1 = (unsigned long)p_data->paddr; + a2 = (unsigned long)p_data->size; + + if (p_data->command == COMMAND_POLL_SERVICE_STATUS) + a0 = INTEL_SIP_SMC_SERVICE_COMPLETED; count_in_sec = FPGA_CONFIG_STATUS_TIMEOUT_SEC; while (count_in_sec) { - ctrl->invoke_fn(INTEL_SIP_SMC_FPGA_CONFIG_ISDONE, - 0, 0, 0, 0, 0, 0, 0, &res); + ctrl->invoke_fn(a0, a1, a2, 0, 0, 0, 0, 0, &res); if ((res.a0 == INTEL_SIP_SMC_STATUS_OK) || - (res.a0 == INTEL_SIP_SMC_STATUS_ERROR)) + (res.a0 == INTEL_SIP_SMC_STATUS_ERROR) || + (res.a0 == INTEL_SIP_SMC_STATUS_REJECTED)) break; /* -* configuration is still in progress, wait one second then +* request is still in progress, wait one second then * poll again */ msleep(1000); count_in_sec--; - } + }; - if (res.a0 == INTEL_SIP_SMC_STATUS_OK && count_in_sec) + if (!count_in_sec) { + pr_err("%s: poll status timeout\n", __func__); + cb_data->status = BIT(SVC_STATUS_BUSY); + } else if (res.a0 == INTEL_SIP_SMC_STATUS_OK) { cb_data->status = BIT(SVC_STATUS_COMPLETED); + cb_data->kaddr2 = (res.a2) ? + svc_pa_to_va(res.a2) : NULL; + cb_data->kaddr3 = (res.a3) ? &res.a3 : NULL; + } else { + pr_err("%s: poll status error\n", __func__); + cb_data->kaddr1 = &res.a1; + cb_data->kaddr2 = (res.a2) ? + svc_pa_to_va(res.a2) : NULL; + cb_data->kaddr3 = (
[PATCHv1 2/2] crypto: add Intel SoCFPGA crypto service driver
From: Richard Gong Add Intel FPGA crypto service (FCS) driver to support new crypto services on Intel SoCFPGA platforms. The crypto services include security certificate, image boot validation, security key cancellation, get provision data, random number generation, advance encrtption standard (AES) encryption and decryption services. To perform supporting crypto features on Intel SoCFPGA platforms, Linux user-space application interacts with FPGA crypto service (FCS) driver via structures defined in include/uapi/linux/intel_fcs-ioctl.h. The application allocates spaces for IOCTL structure to hold the contents or points to the data that FCS driver needs, uses IOCTL calls to passes data to kernel FCS driver for processing at low level firmware and get processed data or status back form the low level firmware via FCS driver. The user-space application named as fcs_client is at https://github.com/altera-opensource/fcs_apps/tree/fcs_client. Signed-off-by: Richard Gong --- drivers/crypto/Kconfig | 11 + drivers/crypto/Makefile | 1 + drivers/crypto/intel_fcs.c | 709 +++ include/uapi/linux/intel_fcs-ioctl.h | 222 +++ 4 files changed, 943 insertions(+) create mode 100644 drivers/crypto/intel_fcs.c create mode 100644 include/uapi/linux/intel_fcs-ioctl.h diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index aa3a4ed..3e4f36f 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -306,6 +306,17 @@ config CRYPTO_DEV_TALITOS2 Say 'Y' here to use the Freescale Security Engine (SEC) version 2 and following as found on MPC83xx, MPC85xx, etc ... +config CRYPTO_DEV_INTEL_FCS + tristate "Intel FPGA Crypto Service support" + depends on INTEL_STRATIX10_SERVICE + help +Support crypto services on Intel SoCFPGA platforms. The crypto +services include security certificate, image boot validation, +security key cancellation, get provision data, random number +generation and secure data object storage services. + +Say Y here if you want Intel FCS support + config CRYPTO_DEV_IXP4XX tristate "Driver for IXP4xx crypto hardware acceleration" depends on ARCH_IXP4XX && IXP4XX_QMGR && IXP4XX_NPE diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index 53fc115..4c485c5 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -17,6 +17,7 @@ obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_COMMON) += caam/ obj-$(CONFIG_CRYPTO_DEV_GEODE) += geode-aes.o obj-$(CONFIG_CRYPTO_DEV_HIFN_795X) += hifn_795x.o obj-$(CONFIG_CRYPTO_DEV_IMGTEC_HASH) += img-hash.o +obj-$(CONFIG_CRYPTO_DEV_INTEL_FCS) += intel_fcs.o obj-$(CONFIG_CRYPTO_DEV_IXP4XX) += ixp4xx_crypto.o obj-$(CONFIG_CRYPTO_DEV_MARVELL) += marvell/ obj-$(CONFIG_CRYPTO_DEV_MEDIATEK) += mediatek/ diff --git a/drivers/crypto/intel_fcs.c b/drivers/crypto/intel_fcs.c new file mode 100644 index ..2362b28 --- /dev/null +++ b/drivers/crypto/intel_fcs.c @@ -0,0 +1,709 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2020, Intel Corporation + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#define RANDOM_NUMBER_SIZE 32 +#define FILE_NAME_SIZE 32 +#define PS_BUF_SIZE64 +#define INVALID_STATUS 0xff + +#define MIN_SDOS_BUF_SZ16 +#define MAX_SDOS_BUF_SZ32768 + +#define FCS_REQUEST_TIMEOUT (msecs_to_jiffies(SVC_FCS_REQUEST_TIMEOUT_MS)) +#define FCS_COMPLETED_TIMEOUT (msecs_to_jiffies(SVC_COMPLETED_TIMEOUT_MS)) + +typedef void (*fcs_callback)(struct stratix10_svc_client *client, +struct stratix10_svc_cb_data *data); + +struct intel_fcs_priv { + struct stratix10_svc_chan *chan; + struct stratix10_svc_client client; + struct completion completion; + struct mutex lock; + struct miscdevice miscdev; + unsigned int status; + void *kbuf; + unsigned int size; +}; + +static void fcs_data_callback(struct stratix10_svc_client *client, + struct stratix10_svc_cb_data *data) +{ + struct intel_fcs_priv *priv = client->priv; + + if ((data->status == BIT(SVC_STATUS_OK)) || + (data->status == BIT(SVC_STATUS_COMPLETED))) { + priv->status = 0; + priv->kbuf = data->kaddr2; + priv->size = *((unsigned int *)data->kaddr3); + } else if (data->status == BIT(SVC_STATUS_ERROR)) { + priv->status = *((unsigned int *)data->kaddr1); + dev_err(client->dev, "error, mbox_error=0x%x\n", priv->status); + priv->kbuf = data->kaddr2; + priv
Re: [PATCHv1 2/2] crypto: add Intel SoCFPGA crypto service driver
I will move them to drivers/misc. Regards, Richard On 8/11/20 7:34 PM, Herbert Xu wrote: On Tue, Aug 11, 2020 at 08:56:22AM -0500, richard.g...@linux.intel.com wrote: From: Richard Gong Add Intel FPGA crypto service (FCS) driver to support new crypto services on Intel SoCFPGA platforms. The crypto services include security certificate, image boot validation, security key cancellation, get provision data, random number generation, advance encrtption standard (AES) encryption and decryption services. To perform supporting crypto features on Intel SoCFPGA platforms, Linux user-space application interacts with FPGA crypto service (FCS) driver via structures defined in include/uapi/linux/intel_fcs-ioctl.h. The application allocates spaces for IOCTL structure to hold the contents or points to the data that FCS driver needs, uses IOCTL calls to passes data to kernel FCS driver for processing at low level firmware and get processed data or status back form the low level firmware via FCS driver. The user-space application named as fcs_client is at https://github.com/altera-opensource/fcs_apps/tree/fcs_client. Signed-off-by: Richard Gong Nack. This driver has nothing to do with the Crypto API.
Re: [PATCH] firmware: stratix10-svc: build only on 64-bit ARM
On 3/21/21 1:46 PM, Krzysztof Kozlowski wrote: The Stratix10 service layer and RCU drivers are useful only on Stratix10, so on ARMv8. Compile testing the RCU driver on 32-bit ARM fails: drivers/firmware/stratix10-rsu.c: In function 'rsu_status_callback': include/linux/compiler_types.h:320:38: error: call to '__compiletime_assert_179' declared with attribute error: FIELD_GET: type of reg too small for mask _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ... drivers/firmware/stratix10-rsu.c:96:26: note: in expansion of macro 'FIELD_GET' priv->status.version = FIELD_GET(RSU_VERSION_MASK, Signed-off-by: Krzysztof Kozlowski Reported-by: kernel test robot --- Fix for commit in: https://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux.git --- drivers/firmware/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig index 6a4e882e448d..08bd4d01fb04 100644 --- a/drivers/firmware/Kconfig +++ b/drivers/firmware/Kconfig @@ -206,7 +206,7 @@ config FW_CFG_SYSFS_CMDLINE config INTEL_STRATIX10_SERVICE tristate "Intel Stratix10 Service Layer" - depends on ARCH_INTEL_SOCFPGA && HAVE_ARM_SMCCC + depends on ARCH_INTEL_SOCFPGA && ARM64 && HAVE_ARM_SMCCC default n help Intel Stratix10 service layer runs at privileged exception level, Acked-by: Richard Gong Regards, Richard
Re: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
Hi Moritz, Thanks for approving the 1st patch of my version 5 patchest, which submitted on 02/09/21. Can you help review the remaining 6 patches from the same version 5 patchset? I need your ACKs to move forward, or please let me know if additional work is need. Many thanks for your time again! Regards, Richard On 2/25/21 7:07 AM, Gong, Richard wrote: Hi Moritz, Sorry for asking. When you have chance, can you help review the version 5 patchset submitted on 02/09/21? Regards, Richard -Original Message- From: richard.g...@linux.intel.com Sent: Tuesday, February 9, 2021 4:20 PM To: m...@kernel.org; t...@redhat.com; gre...@linuxfoundation.org; linux-f...@vger.kernel.org; linux-kernel@vger.kernel.org Cc: Gong, Richard Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region From: Richard Gong This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission. This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible. Bitstream authentication makes sure a signed bitstream has valid signatures. The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. Richard Gong (7): firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag firmware: stratix10-svc: extend SVC driver to get the firmware version fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag fpga: of-fpga-region: add authenticate-fpga-config property dt-bindings: fpga: add authenticate-fpga-config property fpga: stratix10-soc: extend driver for bitstream authentication .../devicetree/bindings/fpga/fpga-region.txt | 10 drivers/firmware/stratix10-svc.c | 12 - drivers/fpga/of-fpga-region.c | 24 ++--- drivers/fpga/stratix10-soc.c | 62 +++--- include/linux/firmware/intel/stratix10-smc.h | 21 +++- .../linux/firmware/intel/stratix10-svc-client.h| 11 +++- include/linux/fpga/fpga-mgr.h | 3 ++ 7 files changed, 125 insertions(+), 18 deletions(-) -- 2.7.4
[PATCH] A patch for Intel service layer driver
From: Richard Gong Hi Greg, Please take this stratix10-svc patch, which has been reviewed on the mailing list and applied cleanly on current linux-next and char-misc-testing. Thanks, Richard Richard Gong (1): firmware: stratix10-svc: extend SVC driver to get the firmware version drivers/firmware/stratix10-svc.c| 12 ++-- include/linux/firmware/intel/stratix10-smc.h| 21 +++-- include/linux/firmware/intel/stratix10-svc-client.h | 4 3 files changed, 33 insertions(+), 4 deletions(-) -- 2.7.4
[PATCH] firmware: stratix10-svc: extend SVC driver to get the firmware version
From: Richard Gong Extend Intel service layer driver to get the firmware version running at FPGA device. Therefore FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. Signed-off-by: Richard Gong Acked-by: Moritz Fischr --- drivers/firmware/stratix10-svc.c| 12 ++-- include/linux/firmware/intel/stratix10-smc.h| 21 +++-- include/linux/firmware/intel/stratix10-svc-client.h | 4 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c index 3aa489d..1443bbd 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -306,6 +306,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data, break; case COMMAND_RSU_RETRY: case COMMAND_RSU_MAX_RETRY: + case COMMAND_FIRMWARE_VERSION: cb_data->status = BIT(SVC_STATUS_OK); cb_data->kaddr1 = &res.a1; break; @@ -422,6 +423,11 @@ static int svc_normal_to_secure_thread(void *data) a1 = 0; a2 = 0; break; + case COMMAND_FIRMWARE_VERSION: + a0 = INTEL_SIP_SMC_FIRMWARE_VERSION; + a1 = 0; + a2 = 0; + break; default: pr_warn("it shouldn't happen\n"); break; @@ -487,11 +493,13 @@ static int svc_normal_to_secure_thread(void *data) /* * be compatible with older version firmware which -* doesn't support RSU notify or retry +* doesn't support RSU notify, retry or bitstream +* authentication. */ if ((pdata->command == COMMAND_RSU_RETRY) || (pdata->command == COMMAND_RSU_MAX_RETRY) || - (pdata->command == COMMAND_RSU_NOTIFY)) { + (pdata->command == COMMAND_RSU_NOTIFY) || + (pdata->command == COMMAND_FIRMWARE_VERSION)) { cbdata->status = BIT(SVC_STATUS_NO_SUPPORT); cbdata->kaddr1 = NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h index c3e5ab0..505fcca 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -321,8 +321,6 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_ECC_DBE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECC_DBE) -#endif - /** * Request INTEL_SIP_SMC_RSU_NOTIFY * @@ -404,3 +402,22 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY 18 #define INTEL_SIP_SMC_RSU_MAX_RETRY \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY) + +/** + * Request INTEL_SIP_SMC_FIRMWARE_VERSION + * + * Sync call used to query the version of running firmware + * + * Call register usage: + * a0 INTEL_SIP_SMC_FIRMWARE_VERSION + * a1-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK or INTEL_SIP_SMC_STATUS_ERROR + * a1 running firmware version + */ +#define INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION 31 +#define INTEL_SIP_SMC_FIRMWARE_VERSION \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION) + +#endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index 19781b0f..18c1841 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -104,6 +104,9 @@ struct stratix10_svc_chan; * * @COMMAND_RSU_DCMF_VERSION: query firmware for the DCMF version, return status * is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FIRMWARE_VERSION: query running firmware version, return status + * is SVC_STATUS_OK or SVC_STATUS_ERROR */ enum stratix10_svc_command_code { COMMAND_NOOP = 0, @@ -117,6 +120,7 @@ enum stratix10_svc_command_code { COMMAND_RSU_RETRY, COMMAND_RSU_MAX_RETRY, COMMAND_RSU_DCMF_VERSION, + COMMAND_FIRMWARE_VERSION, }; /** -- 2.7.4
Re: [PATCH] firmware: stratix10-svc: extend SVC driver to get the firmware version
Hi David, On 3/30/21 9:19 AM, David Laight wrote: From: richard.g...@linux.intel.com Sent: 30 March 2021 15:33 Extend Intel service layer driver to get the firmware version running at FPGA device. Therefore FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. Using the version number to detect features is just plain wrong. You should use something like a bitmap of supported features. Firmware, which runs at EL3, returns the version to Intel service layer driver in a 64-bit value at the register. Intel service layer driver runs at EL1. Regards, Richard David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Re: [PATCH] firmware: stratix10-svc: extend SVC driver to get the firmware version
Hi Moritz, On 3/30/21 11:15 AM, Moritz Fischer wrote: Hi Richard, On Tue, Mar 30, 2021 at 09:33:05AM -0500, richard.g...@linux.intel.com wrote: From: Richard Gong Extend Intel service layer driver to get the firmware version running at FPGA device. Therefore FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. Signed-off-by: Richard Gong Acked-by: Moritz Fischr --- drivers/firmware/stratix10-svc.c| 12 ++-- include/linux/firmware/intel/stratix10-smc.h| 21 +++-- include/linux/firmware/intel/stratix10-svc-client.h | 4 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c index 3aa489d..1443bbd 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -306,6 +306,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data, break; case COMMAND_RSU_RETRY: case COMMAND_RSU_MAX_RETRY: + case COMMAND_FIRMWARE_VERSION: cb_data->status = BIT(SVC_STATUS_OK); cb_data->kaddr1 = &res.a1; break; @@ -422,6 +423,11 @@ static int svc_normal_to_secure_thread(void *data) a1 = 0; a2 = 0; break; + case COMMAND_FIRMWARE_VERSION: + a0 = INTEL_SIP_SMC_FIRMWARE_VERSION; + a1 = 0; + a2 = 0; + break; default: pr_warn("it shouldn't happen\n"); break; @@ -487,11 +493,13 @@ static int svc_normal_to_secure_thread(void *data) /* * be compatible with older version firmware which -* doesn't support RSU notify or retry +* doesn't support RSU notify, retry or bitstream +* authentication. */ if ((pdata->command == COMMAND_RSU_RETRY) || (pdata->command == COMMAND_RSU_MAX_RETRY) || - (pdata->command == COMMAND_RSU_NOTIFY)) { + (pdata->command == COMMAND_RSU_NOTIFY) || + (pdata->command == COMMAND_FIRMWARE_VERSION)) { cbdata->status = BIT(SVC_STATUS_NO_SUPPORT); cbdata->kaddr1 = NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h index c3e5ab0..505fcca 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -321,8 +321,6 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_ECC_DBE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECC_DBE) -#endif - /** * Request INTEL_SIP_SMC_RSU_NOTIFY * @@ -404,3 +402,22 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY 18 #define INTEL_SIP_SMC_RSU_MAX_RETRY \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY) + +/** + * Request INTEL_SIP_SMC_FIRMWARE_VERSION + * + * Sync call used to query the version of running firmware + * + * Call register usage: + * a0 INTEL_SIP_SMC_FIRMWARE_VERSION + * a1-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK or INTEL_SIP_SMC_STATUS_ERROR + * a1 running firmware version + */ +#define INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION 31 +#define INTEL_SIP_SMC_FIRMWARE_VERSION \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION) + +#endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index 19781b0f..18c1841 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -104,6 +104,9 @@ struct stratix10_svc_chan; * * @COMMAND_RSU_DCMF_VERSION: query firmware for the DCMF version, return status * is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FIRMWARE_VERSION: query running firmware version, return status + * is SVC_STATUS_OK or SVC_STATUS_ERROR */ enum stratix10_svc_command_code { COMMAND_NOOP = 0, @@ -117,6 +120,7 @@ enum stratix10_svc_command_code { COMMAND_RSU_RETRY, COMMAND_RSU_MAX_RETRY, COMMAND_RSU_DCMF_VERSION, + COMMAND_FIRMWARE_VERSION, }; /** -- 2.7.4 Let's hold off on this patch until we have sorted the rest of this patch series out. As it stands it doesn't have a in-tree user. OK, Regards, Richard Thanks, Moritz
Re: FW: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
Hi Tom, On 3/19/21 4:22 PM, Richard Gong wrote: Hi Moritz, Thanks for approving the 1st patch of my version 5 patchest, which submitted on 02/09/21. This change e23bd83368af ("firmware: stratix10-svc: fix kernel-doc markups") This patch e23bd83368af is not from my version 5 patch set. Makes a lot of formatting changes in the same files as this patchset, including the first patch. It would be good to try applying this patchset to char-misc-next and resubmit if there are conflicts. Can you help review the remaining 6 patches from the same version 5 patchset? I need your ACKs to move forward, or please let me know if additional work is need. These changes look good to me. I was looking at the patchset again seeing if the firmware/ parts could be split out. No, we can't split out the firmware parts. Even though stratix10 is a fpga, from the MAINTAINERS file it is not clear to me if linux-fpga owns them and they come in on Moritz's branch. I think this change is needed to the MAINTAINERS file to make that clearer. diff --git a/MAINTAINERS b/MAINTAINERS index aa84121c5611..1f68e9ff76de 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -9193,7 +9193,8 @@ F: tools/power/x86/intel-speed-select/ INTEL STRATIX10 FIRMWARE DRIVERS M: Richard Gong -L: linux-kernel@vger.kernel.org +R: Tom Rix +L: linux-f...@vger.kernel.org S: Maintained F: Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu F: Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt I also added myself as a reviewer because I want to help out. Tom Regards, Richard Many thanks for your time again! Regards, Richard On 2/25/21 7:07 AM, Gong, Richard wrote: Hi Moritz, Sorry for asking. When you have chance, can you help review the version 5 patchset submitted on 02/09/21? Regards, Richard -Original Message- From: richard.g...@linux.intel.com Sent: Tuesday, February 9, 2021 4:20 PM To: m...@kernel.org; t...@redhat.com; gre...@linuxfoundation.org; linux-f...@vger.kernel.org; linux-kernel@vger.kernel.org Cc: Gong, Richard Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region From: Richard Gong This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission. This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible. Bitstream authentication makes sure a signed bitstream has valid signatures. The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. Richard Gong (7): firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag firmware: stratix10-svc: extend SVC driver to get the firmware version fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag fpga: of-fpga-region: add authenticate-fpga-config property dt-bindings: fpga: add authenticate-fpga-config property fpga: stratix10-soc: extend driver for bitstream authentication .../devicetree/bindings/fpga/fpga-region.txt | 10 drivers/firmware/stratix10-svc.c | 12 - drivers/fpga/of-fpga-region.c | 24 ++--- drivers/fpga/stratix10-soc.c | 62 +++--- include/linux/firmware/intel/stratix10-smc.h | 21 +++- .../linux/firmware/intel/stratix10-svc-client.h | 11 +++- include/linux/fpga/fpga-mgr.h | 3 ++ 7 files changed, 125 insertions(+), 18 deletions(-) -- 2.7.4
Re: [PATCH] firmware: stratix10-svc: build only on 64-bit ARM
On 3/22/21 3:26 AM, Krzysztof Kozlowski wrote: On 21/03/2021 22:09, Arnd Bergmann wrote: On Sun, Mar 21, 2021 at 7:46 PM Krzysztof Kozlowski wrote: The Stratix10 service layer and RCU drivers are useful only on Stratix10, so on ARMv8. Compile testing the RCU driver on 32-bit ARM fails: drivers/firmware/stratix10-rsu.c: In function 'rsu_status_callback': include/linux/compiler_types.h:320:38: error: call to '__compiletime_assert_179' declared with attribute error: FIELD_GET: type of reg too small for mask _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ... drivers/firmware/stratix10-rsu.c:96:26: note: in expansion of macro 'FIELD_GET' priv->status.version = FIELD_GET(RSU_VERSION_MASK, Signed-off-by: Krzysztof Kozlowski Reported-by: kernel test robot While I agree that one shouldn't run 32-bit kernels on this, we should also try to write drivers portably, and in theory any SoC that can run a 64-bit Arm kernel should also be able to run a 32-bit kernel if you include the same drivers. It seems that the problem here is in the smccc definition struct arm_smccc_res { unsigned long a0; unsigned long a1; unsigned long a2; unsigned long a3; }; so the result of #define RSU_VERSION_MASKGENMASK_ULL(63, 32) priv->status.version = FIELD_GET(RSU_VERSION_MASK, res->a2); tries to access bits that are just not returned by the firmware here, which indicates that it probably won't work in this case. What I'm not entirely sure about is whether this is a problem in the Intel firmware implementation requiring the smccc caller to run in a 64-bit context, or if it's a mistake in the way the driver extracts the information if the firmware can actually pass it down correctly. The SMC has two calling conventions - SMC32/HVC32 and SMC64/HVC64. The Stratix 10 driver uses the 64-bit calling convention (see INTEL_SIP_SMC_FAST_CALL_VAL in include/linux/firmware/intel/stratix10-smc.h), so it should not run in aarch32 (regardless of type of hardware). I think that my patch limiting the support to 64-bit makes sense. The stratix10 service layer and RSU driver are only used in Intel 64-bit SoCFPGA platforms. Best regards, Krzysztof
Re: [PATCH] firmware: stratix10-svc: build only on 64-bit ARM
On 3/22/21 7:41 AM, Krzysztof Kozlowski wrote: On 22/03/2021 13:58, Richard Gong wrote: On 3/22/21 3:26 AM, Krzysztof Kozlowski wrote: On 21/03/2021 22:09, Arnd Bergmann wrote: On Sun, Mar 21, 2021 at 7:46 PM Krzysztof Kozlowski wrote: The Stratix10 service layer and RCU drivers are useful only on Stratix10, so on ARMv8. Compile testing the RCU driver on 32-bit ARM fails: drivers/firmware/stratix10-rsu.c: In function 'rsu_status_callback': include/linux/compiler_types.h:320:38: error: call to '__compiletime_assert_179' declared with attribute error: FIELD_GET: type of reg too small for mask _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ... drivers/firmware/stratix10-rsu.c:96:26: note: in expansion of macro 'FIELD_GET' priv->status.version = FIELD_GET(RSU_VERSION_MASK, Signed-off-by: Krzysztof Kozlowski Reported-by: kernel test robot While I agree that one shouldn't run 32-bit kernels on this, we should also try to write drivers portably, and in theory any SoC that can run a 64-bit Arm kernel should also be able to run a 32-bit kernel if you include the same drivers. It seems that the problem here is in the smccc definition struct arm_smccc_res { unsigned long a0; unsigned long a1; unsigned long a2; unsigned long a3; }; so the result of #define RSU_VERSION_MASKGENMASK_ULL(63, 32) priv->status.version = FIELD_GET(RSU_VERSION_MASK, res->a2); tries to access bits that are just not returned by the firmware here, which indicates that it probably won't work in this case. What I'm not entirely sure about is whether this is a problem in the Intel firmware implementation requiring the smccc caller to run in a 64-bit context, or if it's a mistake in the way the driver extracts the information if the firmware can actually pass it down correctly. The SMC has two calling conventions - SMC32/HVC32 and SMC64/HVC64. The Stratix 10 driver uses the 64-bit calling convention (see INTEL_SIP_SMC_FAST_CALL_VAL in include/linux/firmware/intel/stratix10-smc.h), so it should not run in aarch32 (regardless of type of hardware). I think that my patch limiting the support to 64-bit makes sense. The stratix10 service layer and RSU driver are only used in Intel 64-bit SoCFPGA platforms. This we know, however the questions were: 1. Why the driver cannot be made portable? Why it cannot be developed in a way it allows building on different platforms? The drivers was originally developed for Intel Stratix10 SoCFPGA platform, which is ARM 64-bit architecture. The same drivers can be used for other Intel ARM 64-bit SoCFPGA platforms (Agilex, eASIC N5X as example), which have the same SDM architecture as Stratix10 has. SDM = Secure Device Manager So far Intel 32-bit SoCFPGA platform doesn't support SDM architecture. 2. Does the actual firmware support 32-bit SMC convention call? No. Best regards, Krzysztof Regards, Richard
Re: FW: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
Hi Tom, On 3/22/21 8:53 AM, Tom Rix wrote: On 3/21/21 2:05 PM, Richard Gong wrote: Hi Tom >> On 3/19/21 4:22 PM, Richard Gong wrote: Hi Moritz, Thanks for approving the 1st patch of my version 5 patchest, which submitted on 02/09/21. This change e23bd83368af ("firmware: stratix10-svc: fix kernel-doc markups") This patch e23bd83368af is not from my version 5 patch set. Correct. But since it is already in char-misc-next, your version 5 patchset will conflict with it. I could not apply this patchset to my unoffical fpga-testing. I am suggesting you do a test application of your patchset against char-misc-next. And if you find there are issues, rebase your patchset. I tried to apply my patchset to the top of char-misc-next, but I didn't see any conflicts. c7582d1 fpga: stratix10-soc: extend driver for bitstream authentication 2c9ecd3 dt-bindings: fpga: add authenticate-fpga-config property 6244115 fpga: of-fpga-region: add authenticate-fpga-config property da274c9 fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag 9f93cad firmware: stratix10-svc: extend SVC driver to get the firmware version eda6b51 firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag 91aff09 firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 83be46e Merge v5.12-rc3 into char-misc-next Regards, Richard Makes a lot of formatting changes in the same files as this patchset, including the first patch. It would be good to try applying this patchset to char-misc-next and resubmit if there are conflicts. Can you help review the remaining 6 patches from the same version 5 patchset? I need your ACKs to move forward, or please let me know if additional work is need. These changes look good to me. I was looking at the patchset again seeing if the firmware/ parts could be split out. No, we can't split out the firmware parts. ok Tom Even though stratix10 is a fpga, from the MAINTAINERS file it is not clear to me if linux-fpga owns them and they come in on Moritz's branch. I think this change is needed to the MAINTAINERS file to make that clearer. diff --git a/MAINTAINERS b/MAINTAINERS index aa84121c5611..1f68e9ff76de 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -9193,7 +9193,8 @@ F: tools/power/x86/intel-speed-select/ INTEL STRATIX10 FIRMWARE DRIVERS M: Richard Gong -L: linux-kernel@vger.kernel.org +R: Tom Rix +L: linux-f...@vger.kernel.org S: Maintained F: Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu F: Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt I also added myself as a reviewer because I want to help out. Tom Regards, Richard Many thanks for your time again! Regards, Richard On 2/25/21 7:07 AM, Gong, Richard wrote: Hi Moritz, Sorry for asking. When you have chance, can you help review the version 5 patchset submitted on 02/09/21? Regards, Richard -Original Message- From: richard.g...@linux.intel.com Sent: Tuesday, February 9, 2021 4:20 PM To: m...@kernel.org; t...@redhat.com; gre...@linuxfoundation.org; linux-f...@vger.kernel.org; linux-kernel@vger.kernel.org Cc: Gong, Richard Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region From: Richard Gong This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission. This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible. Bitstream authentication makes sure a signed bitstream has valid signatures. The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. Richard Gong (7): firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag firmware: stratix10-svc: extend SVC driver to get the firmware version fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag fpga: of-fpga-region: add authenticate-fpga-config property dt-bindings: fpga: add authenticate-fpga-config property fpga: stratix10-soc: extend driver for bitstream authentication .../devicetree/bindings/fpga/fpga-region.txt | 10 drivers/firmware/stratix10-svc.c | 12 - drivers/fpga/of-fpga-region.c
Re: [PATCH] MAINTAINERS: add self as reviewer to INTEL STRATIX10 FIRMWARE DRIVERS
Hi Tom, On 3/27/21 10:19 AM, t...@redhat.com wrote: From: Tom Rix The Intel stratix 10 is a fpga. I review fpga's. So I want to help in this related subsystem. Intel Stratix10 service layer driver is not a FPGA. Intel FPGA SoC is composed of ARM Cortex hard processor system (HPS) and Secure Device Manager (SDM). SDM is the hardware which does FPGA configuration, remote system update (RSU), crypto service (FCS), warm reset and other features. To meet the whole system security needs and support virtual machine requesting communication with SDM, only the secure world of software (EL3) can interfaces with SDM. All software entities running on the other exception level must channel through the EL3 software whenever it needs service from SDM. Intel Stratix 10 service layer driver, added into Opensource kernel mainlines since version 5.0, interfaces with the service provides at EL1 (FPGA manager, RSU and FPGA crypto service drivers as today) and managers secure monitor call (SMC) to communicate with the secure monitor software at the secure world (EL3). Regards, Richard Signed-off-by: Tom Rix --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index 67b104202602..00828de0a7bc 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -9266,6 +9266,7 @@ F:tools/power/x86/intel-speed-select/ INTEL STRATIX10 FIRMWARE DRIVERS M:Richard Gong +R: Tom RixL: linux-kernel@vger.kernel.org S:Maintained F:Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu
Re: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
Hi Moritz, On 3/28/21 12:20 PM, Moritz Fischer wrote: Tom, On Sun, Mar 28, 2021 at 08:40:24AM -0700, Tom Rix wrote: On 3/27/21 11:09 AM, Moritz Fischer wrote: Hi Richard, Russ, On Thu, Feb 25, 2021 at 01:07:14PM +, Gong, Richard wrote: Hi Moritz, Sorry for asking. When you have chance, can you help review the version 5 patchset submitted on 02/09/21? Regards, Richard -Original Message- From: richard.g...@linux.intel.com Sent: Tuesday, February 9, 2021 4:20 PM To: m...@kernel.org; t...@redhat.com; gre...@linuxfoundation.org; linux-f...@vger.kernel.org; linux-kernel@vger.kernel.org Cc: Gong, Richard Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region From: Richard Gong This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission. This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible. Bitstream authentication makes sure a signed bitstream has valid signatures. The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. Richard Gong (7): firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag firmware: stratix10-svc: extend SVC driver to get the firmware version fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag fpga: of-fpga-region: add authenticate-fpga-config property dt-bindings: fpga: add authenticate-fpga-config property fpga: stratix10-soc: extend driver for bitstream authentication .../devicetree/bindings/fpga/fpga-region.txt | 10 drivers/firmware/stratix10-svc.c | 12 - drivers/fpga/of-fpga-region.c | 24 ++--- drivers/fpga/stratix10-soc.c | 62 +++--- include/linux/firmware/intel/stratix10-smc.h | 21 +++- .../linux/firmware/intel/stratix10-svc-client.h| 11 +++- include/linux/fpga/fpga-mgr.h | 3 ++ 7 files changed, 125 insertions(+), 18 deletions(-) -- 2.7.4 Apologies for the epic delay in getting back to this, I took another look at this patchset and Russ' patchset. TL;DR I'm not really a fan of using device-tree overlays for this (and again, apologies, I should've voiced this earlier ...). Anyways, let's find a common API for this and Russ' work, they're trying to achieve the same / similar thing, they should use the same API. I'd like to re-invetigate the possiblity to extend FPGA Manager with 'secure update' ops that work for both these use-cases (and I susspect hte XRT patchset will follow with a similar requirement, right after). The xrt patchset makes heavy use of device trees. What is the general guidance for device tree usage ? I'm not generally against using device tree, it has its place. To describe hardware (and hardware *changes* with overlays) :) What I don't like about this particular implementation w.r.t device-tree usage is that it uses DT overlays as a mechanism to program the flash -- in place of having an API to do so. One could add device-nodes during the DT overlay application, while the FPGA doesn't actually get programmed with a new runtime image -- meaning live DT and actual hardware state diverged -- worst case it'd crash. So when roughly at the same time (from the same company even) we have two patchsets that do similar things with radically different APIs I think we should pause, and reflect on whether we can come up with something that works for both :) I discussed with Russ and studies his patches, came to realize that the work we had to accomplish was not same or similar. What I want to achieve is to verify the identity of the bitstream, which is like doing a "dry-run" to FPGA configuration. Performing FPGA configuration (full or partial) through the device tree overlay is a method widely used by our customers. Russ's approach utilizes a different user API which is a set of sysfs files. If we depart from device tree overlay, then the end-user must utilize 2 different mechanism or APIs (device tree overlay is used for full/partial configuration, and sysfs is used for bitstream authentication). Similarly low-level FPGA manager driver
Re: [PATCHv1 3/4] dt-bindings: fpga: add authenticate-fpga-config property
On 11/16/20 8:24 PM, Xu Yilun wrote: On Mon, Nov 16, 2020 at 08:14:52AM -0600, Richard Gong wrote: Hi Yilun, On 11/15/20 8:47 PM, Xu Yilun wrote: On Sun, Nov 15, 2020 at 11:21:06AM -0800, Moritz Fischer wrote: Hi Richard, On Thu, Nov 12, 2020 at 12:06:42PM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Add authenticate-fpga-config property for FPGA bitstream authentication. Signed-off-by: Richard Gong --- Documentation/devicetree/bindings/fpga/fpga-region.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt index e811cf8..7a512bc 100644 --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt @@ -187,6 +187,7 @@ Optional properties: - external-fpga-config : boolean, set if the FPGA has already been configured prior to OS boot up. - encrypted-fpga-config : boolean, set if the bitstream is encrypted +- authenticate-fpga-config : boolean, set if do bitstream authentication It is unclear to me from the description whether this entails authentication + reconfiguration or just authentication. If the latter is the case this should probably be described as such. If it is just authentication, do we still need to disable bridges in fpga_region_program_fpga? Yes. Except for the actual configuration of the device, the authentication feature is the same as FPGA configuration. FPGA Bridges gate bus signals between a host and FPGA. So the FPGA region could not be accessed by host when doing configuration. But for this authentication, we are just writing the flash, we don't actually touch the FPGA soft logic. The host should still be able to operate on the old logic before reboot, is it? Yes, it's feasible in theory but doesn't make much sense in practice. I prefer to keep fpga_region_program_fpga() unchanged. Regards, Richard Thanks, Yilun Regards, Richard I'm wondering if the FPGA functionalities could still be working when the authenticating is ongoing, or when the authenticating is failed. Thanks, Yilun - region-unfreeze-timeout-us : The maximum time in microseconds to wait for bridges to successfully become enabled after the region has been programmed. -- 2.7.4 Thanks
Re: [PATCHv1 3/4] dt-bindings: fpga: add authenticate-fpga-config property
On 11/17/20 11:47 PM, Xu Yilun wrote: On Tue, Nov 17, 2020 at 09:39:55AM -0600, Richard Gong wrote: On 11/16/20 8:24 PM, Xu Yilun wrote: On Mon, Nov 16, 2020 at 08:14:52AM -0600, Richard Gong wrote: Hi Yilun, On 11/15/20 8:47 PM, Xu Yilun wrote: On Sun, Nov 15, 2020 at 11:21:06AM -0800, Moritz Fischer wrote: Hi Richard, On Thu, Nov 12, 2020 at 12:06:42PM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Add authenticate-fpga-config property for FPGA bitstream authentication. Signed-off-by: Richard Gong --- Documentation/devicetree/bindings/fpga/fpga-region.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt index e811cf8..7a512bc 100644 --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt @@ -187,6 +187,7 @@ Optional properties: - external-fpga-config : boolean, set if the FPGA has already been configured prior to OS boot up. - encrypted-fpga-config : boolean, set if the bitstream is encrypted +- authenticate-fpga-config : boolean, set if do bitstream authentication It is unclear to me from the description whether this entails authentication + reconfiguration or just authentication. If the latter is the case this should probably be described as such. If it is just authentication, do we still need to disable bridges in fpga_region_program_fpga? Yes. Except for the actual configuration of the device, the authentication feature is the same as FPGA configuration. FPGA Bridges gate bus signals between a host and FPGA. So the FPGA region could not be accessed by host when doing configuration. But for this authentication, we are just writing the flash, we don't actually touch the FPGA soft logic. The host should still be able to operate on the old logic before reboot, is it? Yes, it's feasible in theory but doesn't make much sense in practice. I prefer to keep fpga_region_program_fpga() unchanged. I'm thinking of the case of inband reprograming, that the QSPI flash controller itself is embedded in FPGA soft logic, then maybe host still need to access FPGA on authentication. We can decide whether we should update fpga_region_program_fpga() function when you update for inband reprogramming case. Regards, Richard Thanks, Yilun I'm wondering if the FPGA functionalities could still be working when the authenticating is ongoing, or when the authenticating is failed. Thanks, Yilun - region-unfreeze-timeout-us : The maximum time in microseconds to wait for bridges to successfully become enabled after the region has been programmed. -- 2.7.4 Thanks
[PATCHv2 2/5] fpga: fpga-mgr: add FPGA_MGR_BITSTREM_AUTHENTICATION flag
From: Richard Gong Add FPGA_MGR_BITSTREM_AUTHENTICATION flag for FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Except for the actual configuration of the device, the authentication works the same way as FPGA configuration does. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Signed-off-by: Richard Gong --- v2: align all FPGA_MGR_* flags update the commit messages --- include/linux/fpga/fpga-mgr.h | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/include/linux/fpga/fpga-mgr.h b/include/linux/fpga/fpga-mgr.h index 2bc3030..4fb3400 100644 --- a/include/linux/fpga/fpga-mgr.h +++ b/include/linux/fpga/fpga-mgr.h @@ -67,12 +67,15 @@ enum fpga_mgr_states { * %FPGA_MGR_BITSTREAM_LSB_FIRST: SPI bitstream bit order is LSB first * * %FPGA_MGR_COMPRESSED_BITSTREAM: FPGA bitstream is compressed + * + * %FPGA_MGR_BITSTREM_AUTHENTICATION: do FPGA bitstream authentication only */ -#define FPGA_MGR_PARTIAL_RECONFIG BIT(0) -#define FPGA_MGR_EXTERNAL_CONFIG BIT(1) -#define FPGA_MGR_ENCRYPTED_BITSTREAM BIT(2) -#define FPGA_MGR_BITSTREAM_LSB_FIRST BIT(3) -#define FPGA_MGR_COMPRESSED_BITSTREAM BIT(4) +#define FPGA_MGR_PARTIAL_RECONFIG BIT(0) +#define FPGA_MGR_EXTERNAL_CONFIG BIT(1) +#define FPGA_MGR_ENCRYPTED_BITSTREAM BIT(2) +#define FPGA_MGR_BITSTREAM_LSB_FIRST BIT(3) +#define FPGA_MGR_COMPRESSED_BITSTREAM BIT(4) +#define FPGA_MGR_BITSTREM_AUTHENTICATION BIT(5) /** * struct fpga_image_info - information specific to a FPGA image -- 2.7.4
[PATCHv2 1/5] firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
From: Richard Gong Add COMMAND_AUTHENTICATE_BITSTREAM command flag for new added bitstream authentication feature. Authenticating a bistream is to make sure a signed bitstream has the valid signatures. Except for the actual configuration of the device, the bitstream authentication works the same way as FPGA configuration does. If the authentication passes, the signed bitstream will be programmed into QSPI flash memory and will be expected to boot without issues. Clean up COMMAND_RECONFIG_FLAG_PARTIAL flag by resetting it to 0, which aligns with the firmware settings. Signed-off-by: Richard Gong --- v2: new added --- include/linux/firmware/intel/stratix10-svc-client.h | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index a93d859..85463c8 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -51,12 +51,17 @@ #define SVC_STATUS_NO_SUPPORT 6 /** - * Flag bit for COMMAND_RECONFIG + * Flag bit for COMMAND_RECONFIG, in bit number * * COMMAND_RECONFIG_FLAG_PARTIAL: - * Set to FPGA configuration type (full or partial). + * Set for partial FPGA configuration. + * + * COMMAND_AUTHENTICATE_BITSTREAM: + * Set for bitstream authentication, which makes sure a signed bitstream + * has valid signatures before committing it to QSPI flash memory. */ -#define COMMAND_RECONFIG_FLAG_PARTIAL 1 +#define COMMAND_RECONFIG_FLAG_PARTIAL 0 +#define COMMAND_AUTHENTICATE_BITSTREAM 1 /** * Timeout settings for service clients: -- 2.7.4
[PATCHv2 3/5] fpga: of-fpga-region: add authenticate-fpga-config property
From: Richard Gong Add authenticate-fpga-config property to support FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v2: changed in alphabetical order --- drivers/fpga/of-fpga-region.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/fpga/of-fpga-region.c b/drivers/fpga/of-fpga-region.c index e405309..3840883 100644 --- a/drivers/fpga/of-fpga-region.c +++ b/drivers/fpga/of-fpga-region.c @@ -219,6 +219,9 @@ static struct fpga_image_info *of_fpga_region_parse_ov( info->overlay = overlay; /* Read FPGA region properties from the overlay */ + if (of_property_read_bool(overlay, "authenticate-fpga-config")) + info->flags |= FPGA_MGR_BITSTREM_AUTHENTICATION; + if (of_property_read_bool(overlay, "partial-fpga-config")) info->flags |= FPGA_MGR_PARTIAL_RECONFIG; -- 2.7.4
[PATCHv2 4/5] dt-bindings: fpga: add authenticate-fpga-config property
From: Richard Gong Add authenticate-fpga-config property for FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v2: put authenticate-fpga-config above partial-fpga-config update commit messages --- Documentation/devicetree/bindings/fpga/fpga-region.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt index e811cf8..d0d3234 100644 --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt @@ -182,6 +182,7 @@ Optional properties: This property is optional if the FPGA Manager handles the bridges. If the fpga-region is the child of a fpga-bridge, the list should not contain the parent bridge. +- authenticate-fpga-config : boolean, set if do bitstream authentication only. - partial-fpga-config : boolean, set if partial reconfiguration is to be done, otherwise full reconfiguration is done. - external-fpga-config : boolean, set if the FPGA has already been configured -- 2.7.4
[PATCHv2 5/5] fpga: stratix10-soc: extend driver for bitstream authentication
From: Richard Gong Extend FPGA manager driver to support FPGA bitstream authentication on Intel SocFPGA platforms. Signed-off-by: Richard Gong --- v2: use flag defined in stratix10-svc driver --- drivers/fpga/stratix10-soc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/fpga/stratix10-soc.c b/drivers/fpga/stratix10-soc.c index 657a70c..b77067e 100644 --- a/drivers/fpga/stratix10-soc.c +++ b/drivers/fpga/stratix10-soc.c @@ -186,6 +186,9 @@ static int s10_ops_write_init(struct fpga_manager *mgr, if (info->flags & FPGA_MGR_PARTIAL_RECONFIG) { dev_dbg(dev, "Requesting partial reconfiguration.\n"); ctype.flags |= BIT(COMMAND_RECONFIG_FLAG_PARTIAL); + } else if (info->flags & FPGA_MGR_BITSTREM_AUTHENTICATION) { + dev_dbg(dev, "Requesting bitstream authentication.\n"); + ctype.flags |= BIT(COMMAND_AUTHENTICATE_BITSTREAM); } else { dev_dbg(dev, "Requesting full reconfiguration.\n"); } -- 2.7.4
[PATCHv2 0/5] Extend Intel service layer, FPGA manager and region
From: Richard Gong This is 2nd submission of Intel service layer and FPGA patches. The customer wants to verify that a FPGA bitstream can be started properly before saving the bitstream to the QSPI flash memory. Bitstream authentication makes sure a signed bitstream has valid signatures. The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. Richard Gong (5): firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag fpga: fpga-mgr: add FPGA_MGR_BITSTREM_AUTHENTICATION flag fpga: of-fpga-region: add authenticate-fpga-config property dt-bindings: fpga: add authenticate-fpga-config property fpga: stratix10-soc: entend driver for bitstream authentication Documentation/devicetree/bindings/fpga/fpga-region.txt | 1 + drivers/fpga/of-fpga-region.c | 3 +++ drivers/fpga/stratix10-soc.c | 3 +++ include/linux/firmware/intel/stratix10-svc-client.h| 11 --- include/linux/fpga/fpga-mgr.h | 13 - 5 files changed, 23 insertions(+), 8 deletions(-) -- 2.7.4
Re: [PATCHv2 1/5] firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
Hi Moritz, On 11/18/20 9:30 AM, Moritz Fischer wrote: On Wed, Nov 18, 2020 at 08:29:09AM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Add COMMAND_AUTHENTICATE_BITSTREAM command flag for new added bitstream authentication feature. Authenticating a bistream is to make sure a signed bitstream has the valid signatures. Except for the actual configuration of the device, the bitstream authentication works the same way as FPGA configuration does. If the authentication passes, the signed bitstream will be programmed into QSPI flash memory and will be expected to boot without issues. Clean up COMMAND_RECONFIG_FLAG_PARTIAL flag by resetting it to 0, which aligns with the firmware settings. Should this be down with the v2: ? I think the commit message should describe all the changes made in the patch, is it? Signed-off-by: Richard Gong --- v2: new added --- include/linux/firmware/intel/stratix10-svc-client.h | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index a93d859..85463c8 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -51,12 +51,17 @@ #define SVC_STATUS_NO_SUPPORT 6 /** - * Flag bit for COMMAND_RECONFIG + * Flag bit for COMMAND_RECONFIG, in bit number * * COMMAND_RECONFIG_FLAG_PARTIAL: - * Set to FPGA configuration type (full or partial). + * Set for partial FPGA configuration. + * + * COMMAND_AUTHENTICATE_BITSTREAM: + * Set for bitstream authentication, which makes sure a signed bitstream + * has valid signatures before committing it to QSPI flash memory. */ -#define COMMAND_RECONFIG_FLAG_PARTIAL 1 +#define COMMAND_RECONFIG_FLAG_PARTIAL 0 +#define COMMAND_AUTHENTICATE_BITSTREAM 1 Can you explain how this commit by itself doesn't break things? Before this change firmware expected BIT(0) to be set for partial reconfiguration, now BIT(0) suddenly means authentication? How doest his work? :) > Was there a firmware version change? Did this never work before? If this is version depenedent for firmware, then this might need a different compatible string / id / some form of probing? Entirely possible that I'm missing something, but it doesn't *seem* right. It did work before. Before this change, firmware only checks if the received flag value is zero. If the value is zero, it preforms full reconfiguration. Otherwise it does partial reconfiguration. To support bitstream authentication feature, firmware is updated to check the received flag value as below: 0 --- full reconfiguration BIT(0) --- partial reconfiguration BIT(1) --- bitstream authentication Therefore I have updated the command flag setting at Intel service layer driver to align with firmware. Regards, Richard /** * Timeout settings for service clients: -- 2.7.4 Cheers, Moritz
Re: [PATCHv2 1/5] firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
Hi Moritz, Sorry for late reply, I was out last week. On 11/21/20 7:10 PM, Moritz Fischer wrote: Richard, On Wed, Nov 18, 2020 at 12:16:09PM -0600, Richard Gong wrote: -#define COMMAND_RECONFIG_FLAG_PARTIAL 1 +#define COMMAND_RECONFIG_FLAG_PARTIAL 0 +#define COMMAND_AUTHENTICATE_BITSTREAM 1 Can you explain how this commit by itself doesn't break things? Before this change firmware expected BIT(0) to be set for partial reconfiguration, now BIT(0) suddenly means authentication? How doest his work? :) > Was there a firmware version change? Did this never work before? If this is version depenedent for firmware, then this might need a different compatible string / id / some form of probing? Entirely possible that I'm missing something, but it doesn't *seem* right. It did work before. Before this change, firmware only checks if the received flag value is zero. If the value is zero, it preforms full reconfiguration. Otherwise it does partial reconfiguration. To support bitstream authentication feature, firmware is updated to check the received flag value as below: 0 --- full reconfiguration BIT(0) --- partial reconfiguration BIT(1) --- bitstream authentication So there are two different versions of firmware involved that behave differently? Old firmware: - ctype.flags = 0x0 -> Full reconfig - ctype.flags != 0 -> Partial reconfig New firmware: - ctype.flags = 0x0 -> Full reconfig - ctype.flags = 0x1 -> Partial reconfig - ctype.flags = 0x2 -> Authenticate Old software: - Send 0x0 for Full - Send 0x1 for Partial New software: - Send 0x0 for Full - Send 0x1 for Partial - Send 0x2 for Auth If I send request for authentication BIT(1) (new software) to old firmware it'd try and attempt a partial reconfiguration with the data I send? Is that safe? Yes, it is possible and it is not safe. But we will inform our customers they should update to the latest firmware (SDM firmware and ATF) if they want to have authentication feature. We are migrating boot loader boot flow to the new ATF boot flow, which is SDM firmware -> SPL -> ATF -> U-boot proper -> Linux. The new authentication feature is supported only in the new ATF boot flow. ATF communicates with SDM firmware via mailbox, and SDM firmware performs the actual full/partial reconfiguration and bitstream authentication. ATF sets up EL3 environment and initializes PSCI services. The old boot flow is SDM firmware -> SPL -> U-boot proper -> Linux, which SPL/U-boot handles PSCI services and communicates with SDM firmware via mailbox. SDM firmware performs the actual full/partial reconfiguration. ATF = Arm Trust Firmware, SDM = Secure Device Manager Is there a way for software to figure out the firmware version and do the right thing? It is not feasible for kernel driver to get the firmware version per current designs and implementations. I don't think there is other way around this. Therefore I have updated the command flag setting at Intel service layer driver to align with firmware. Regards, Richard /** * Timeout settings for service clients: -- 2.7.4 Cheers, Moritz Thanks, Moritz Regards, Richard
Re: [PATCHv2 1/5] firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
Hi Moritz, On 11/30/20 10:31 PM, Moritz Fischer wrote: Hi Richard, On Mon, Nov 30, 2020 at 12:55:44PM -0600, Richard Gong wrote: Hi Moritz, Sorry for late reply, I was out last week. No worries, usually I'm late with replies ;-) On 11/21/20 7:10 PM, Moritz Fischer wrote: Richard, On Wed, Nov 18, 2020 at 12:16:09PM -0600, Richard Gong wrote: -#define COMMAND_RECONFIG_FLAG_PARTIAL 1 +#define COMMAND_RECONFIG_FLAG_PARTIAL 0 +#define COMMAND_AUTHENTICATE_BITSTREAM 1 Can you explain how this commit by itself doesn't break things? Before this change firmware expected BIT(0) to be set for partial reconfiguration, now BIT(0) suddenly means authentication? How doest his work? :) > Was there a firmware version change? Did this never work before? If this is version depenedent for firmware, then this might need a different compatible string / id / some form of probing? Entirely possible that I'm missing something, but it doesn't *seem* right. It did work before. Before this change, firmware only checks if the received flag value is zero. If the value is zero, it preforms full reconfiguration. Otherwise it does partial reconfiguration. To support bitstream authentication feature, firmware is updated to check the received flag value as below: 0 --- full reconfiguration BIT(0) --- partial reconfiguration BIT(1) --- bitstream authentication So there are two different versions of firmware involved that behave differently? Old firmware: - ctype.flags = 0x0 -> Full reconfig - ctype.flags != 0 -> Partial reconfig New firmware: - ctype.flags = 0x0 -> Full reconfig - ctype.flags = 0x1 -> Partial reconfig - ctype.flags = 0x2 -> Authenticate Old software: - Send 0x0 for Full - Send 0x1 for Partial New software: - Send 0x0 for Full - Send 0x1 for Partial - Send 0x2 for Auth If I send request for authentication BIT(1) (new software) to old firmware it'd try and attempt a partial reconfiguration with the data I send? Is that safe? Yes, it is possible and it is not safe. But we will inform our customers they should update to the latest firmware (SDM firmware and ATF) if they want to have authentication feature. We are migrating boot loader boot flow to the new ATF boot flow, which is SDM firmware -> SPL -> ATF -> U-boot proper -> Linux. The new authentication feature is supported only in the new ATF boot flow. ATF communicates with SDM firmware via mailbox, and SDM firmware performs the actual full/partial reconfiguration and bitstream authentication. ATF sets up EL3 environment and initializes PSCI services. Can U-Boot determine whether it's the new or old flow? Can you set a different compatible value in your device-tree, to disambiguate behaviors? The boot flow is determined by defconfig during compilation, which means each boot flow will have its own defconfig. SDM firmware loads SPL into OCRAM, then SPL will load the apporiate ATF or U-boot into the DRAM according to the setting of CONFIG_SPL_ATF. If CONFIG_SPL_ATF=y, SPL loads ATF and then jumps to ATF. ATF setups EL3 environment and initialize the PSCI services. CONFIG_SPL_ATF is not set for the old boot flow. The old boot flow is SDM firmware -> SPL -> U-boot proper -> Linux, which SPL/U-boot handles PSCI services and communicates with SDM firmware via mailbox. SDM firmware performs the actual full/partial reconfiguration. ATF = Arm Trust Firmware, SDM = Secure Device Manager Is there a way for software to figure out the firmware version and do the right thing? It is not feasible for kernel driver to get the firmware version per current designs and implementations. I don't think there is other way around this. Therefore I have updated the command flag setting at Intel service layer driver to align with firmware. Regards, Richard /** * Timeout settings for service clients: -- 2.7.4 Cheers, Moritz Thanks, Moritz Regards, Richard Thanks, Moritz Regards, Richard
Re: [PATCHv2 1/5] firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
Hi Moritz, On 12/1/20 1:19 PM, Moritz Fischer wrote: Hi Richard, On Tue, Dec 01, 2020 at 01:30:16PM -0600, Richard Gong wrote: Can U-Boot determine whether it's the new or old flow? Can you set a different compatible value in your device-tree, to disambiguate behaviors? The boot flow is determined by defconfig during compilation, which means each boot flow will have its own defconfig. SDM firmware loads SPL into OCRAM, then SPL will load the apporiate ATF or U-boot into the DRAM according to the setting of CONFIG_SPL_ATF. If CONFIG_SPL_ATF=y, SPL loads ATF and then jumps to ATF. ATF setups EL3 environment and initialize the PSCI services. CONFIG_SPL_ATF is not set for the old boot flow. So you know at (U-Boot) build time? Can you just pass a different DT to the kernel in that case? Yes, we have decided the boot flow at build time. Starting from the next release, our U-boot will use the ATF boot flow. Per my limited knowledge in U-boot, I don't think we can follow your suggestion. Or it will take a lot of efforts to achieve. I think that back compatibility is your main concern, correct? the issue does exist with the old boot flow and old firmware, whenever the customers try to use authentication. Unfortunately we can't update U-boot or firmware that has been released. The authentication feature is supported only at the ATF boot flow, updated kernel and firmware. We will have a well-documented document to inform our customers that if they want to have authentication feature, they need to upgrade the latest U-boot, kernel and firmware. We always encourage our customers to take the latest U-boot, kernel and firmware releases in their developments. - Moritz Regards, Richard
Re: [PATCHv3 1/6] firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
Hi Tom, On 1/25/21 4:56 PM, Tom Rix wrote: On 1/25/21 12:56 PM, richard.g...@linux.intel.com wrote: From: Richard Gong Add COMMAND_AUTHENTICATE_BITSTREAM command flag for new added bitstream authentication feature. Authenticating a bitstream is to make sure a signed bitstream has the valid signatures. Except for the actual configuration of the device, the bitstream authentication works the same way as FPGA configuration does. If the authentication passes, the signed bitstream will be programmed into QSPI flash memory and will be expected to boot without issues. Clean up COMMAND_RECONFIG_FLAG_PARTIAL flag by resetting it to 0, which aligns with the firmware settings. Signed-off-by: Richard Gong --- v3: no change v2: new added --- include/linux/firmware/intel/stratix10-svc-client.h | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index ebc2956..7ada1f2 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -51,12 +51,17 @@ #define SVC_STATUS_NO_SUPPORT 6 /* This patch fails to apply, i believe the conflict is because in mainline this is '/**' not '/*' Please check or point me at the branch/tag you are using. I am using next-20210125 tag. I am using char-misc-next. Tom Tom Regards, Richard
Re: [PATCHv3 2/6] firmware: stratix10-svc: extend SVC driver to get the firmware version
Hi Moritz, Thanks for your reviews! On 1/25/21 11:01 PM, Moritz Fischer wrote: Hi Richard, On Mon, Jan 25, 2021 at 02:56:24PM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Extend Intel service layer driver to get the firmware version running at FPGA device. Therefore FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. Signed-off-by: Richard Gong --- v3: new added, changes for getting firmware version Thanks for doing that. --- drivers/firmware/stratix10-svc.c| 12 ++-- include/linux/firmware/intel/stratix10-smc.h| 21 +++-- include/linux/firmware/intel/stratix10-svc-client.h | 4 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c index 3aa489d..1443bbd 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -306,6 +306,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data, break; case COMMAND_RSU_RETRY: case COMMAND_RSU_MAX_RETRY: + case COMMAND_FIRMWARE_VERSION: cb_data->status = BIT(SVC_STATUS_OK); cb_data->kaddr1 = &res.a1; break; @@ -422,6 +423,11 @@ static int svc_normal_to_secure_thread(void *data) a1 = 0; a2 = 0; break; + case COMMAND_FIRMWARE_VERSION: + a0 = INTEL_SIP_SMC_FIRMWARE_VERSION; + a1 = 0; + a2 = 0; + break; default: pr_warn("it shouldn't happen\n"); break; @@ -487,11 +493,13 @@ static int svc_normal_to_secure_thread(void *data) /* * be compatible with older version firmware which -* doesn't support RSU notify or retry +* doesn't support RSU notify, retry or bitstream +* authentication. */ if ((pdata->command == COMMAND_RSU_RETRY) || (pdata->command == COMMAND_RSU_MAX_RETRY) || - (pdata->command == COMMAND_RSU_NOTIFY)) { + (pdata->command == COMMAND_RSU_NOTIFY) || + (pdata->command == COMMAND_FIRMWARE_VERSION)) { cbdata->status = BIT(SVC_STATUS_NO_SUPPORT); cbdata->kaddr1 = NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h index c3e5ab0..505fcca 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -321,8 +321,6 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_ECC_DBE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECC_DBE) -#endif - /** * Request INTEL_SIP_SMC_RSU_NOTIFY * @@ -404,3 +402,22 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY 18 #define INTEL_SIP_SMC_RSU_MAX_RETRY \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_RSU_MAX_RETRY) + +/** + * Request INTEL_SIP_SMC_FIRMWARE_VERSION + * + * Sync call used to query the version of running firmware + * + * Call register usage: + * a0 INTEL_SIP_SMC_FIRMWARE_VERSION + * a1-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK or INTEL_SIP_SMC_STATUS_ERROR + * a1 running firmware version + */ +#define INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION 31 +#define INTEL_SIP_SMC_FIRMWARE_VERSION \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION) + +#endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h index 7ada1f2..15e5477 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -109,6 +109,9 @@ struct stratix10_svc_chan; * * @COMMAND_RSU_DCMF_VERSION: query firmware for the DCMF version, return status * is SVC_STATUS_OK or SVC_STATUS_ERROR Is DCMF explaines somewhere? Maybe I missed it. Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu. RSU (Remote System Update) allows user to reliably update the QSPI configuration bitstream of an Intel Stratix10 SoC device. When the user enables RSU function on the device, he/she need to use the Intel Quartus tools to build RSU flash image. The flash content should include DCMF and other components to make it have RSU function.
Re: [PATCHv3 3/6] fpga: fpga-mgr: add FPGA_MGR_BITSTREM_AUTHENTICATION flag
Hi Moritz, On 1/25/21 11:04 PM, Moritz Fischer wrote: On Mon, Jan 25, 2021 at 02:56:25PM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Add FPGA_MGR_BITSTREM_AUTHENTICATION flag for FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Except for the actual configuration of the device, the authentication works the same way as FPGA configuration does. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues. Signed-off-by: Richard Gong --- v3: no change v2: align all FPGA_MGR_* flags update the commit messages --- include/linux/fpga/fpga-mgr.h | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/include/linux/fpga/fpga-mgr.h b/include/linux/fpga/fpga-mgr.h index 2bc3030..4fb3400 100644 --- a/include/linux/fpga/fpga-mgr.h +++ b/include/linux/fpga/fpga-mgr.h @@ -67,12 +67,15 @@ enum fpga_mgr_states { * %FPGA_MGR_BITSTREAM_LSB_FIRST: SPI bitstream bit order is LSB first * * %FPGA_MGR_COMPRESSED_BITSTREAM: FPGA bitstream is compressed + * + * %FPGA_MGR_BITSTREM_AUTHENTICATION: do FPGA bitstream authentication only */ -#define FPGA_MGR_PARTIAL_RECONFIG BIT(0) -#define FPGA_MGR_EXTERNAL_CONFIG BIT(1) -#define FPGA_MGR_ENCRYPTED_BITSTREAM BIT(2) -#define FPGA_MGR_BITSTREAM_LSB_FIRST BIT(3) -#define FPGA_MGR_COMPRESSED_BITSTREAM BIT(4) +#define FPGA_MGR_PARTIAL_RECONFIG BIT(0) +#define FPGA_MGR_EXTERNAL_CONFIG BIT(1) +#define FPGA_MGR_ENCRYPTED_BITSTREAM BIT(2) +#define FPGA_MGR_BITSTREAM_LSB_FIRST BIT(3) +#define FPGA_MGR_COMPRESSED_BITSTREAM BIT(4) +#define FPGA_MGR_BITSTREM_AUTHENTICATION BIT(5) Consider FPGA_MGR_BITSTREAM_AUTHENTICATE (and fix typo) Thanks, I will correct that in next submission. /** * struct fpga_image_info - information specific to a FPGA image -- 2.7.4 Thanks, Moritz Regards, Richard
Re: [PATCHv3 5/6] dt-bindings: fpga: add authenticate-fpga-config property
On 1/25/21 11:05 PM, Moritz Fischer wrote: On Mon, Jan 25, 2021 at 02:56:27PM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Add authenticate-fpga-config property for FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v3: no change v2: put authenticate-fpga-config above partial-fpga-config update commit messages --- Documentation/devicetree/bindings/fpga/fpga-region.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt index e811cf8..d0d3234 100644 --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt @@ -182,6 +182,7 @@ Optional properties: This property is optional if the FPGA Manager handles the bridges. If the fpga-region is the child of a fpga-bridge, the list should not contain the parent bridge. +- authenticate-fpga-config : boolean, set if do bitstream authentication only. I don't understand. Can I do authenticate-fpga-config AND partial-fpga-config? Yes, but not simultaneously. Flag authenticate-fpga-config is used to first check the integrity of the bitstream. If the authentication passes, the user can perform a full or partial configuration to actually configure the bistream to device. - partial-fpga-config : boolean, set if partial reconfiguration is to be done, otherwise full reconfiguration is done. - external-fpga-config : boolean, set if the FPGA has already been configured -- 2.7.4 Please clarify, Moritz Regards, Richard
Re: [PATCHv3 4/6] fpga: of-fpga-region: add authenticate-fpga-config property
Hi Moritz, On 1/25/21 11:10 PM, Moritz Fischer wrote: On Mon, Jan 25, 2021 at 02:56:26PM -0600, richard.g...@linux.intel.com wrote: From: Richard Gong Add authenticate-fpga-config property to support FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v3: no change v2: changed in alphabetical order --- drivers/fpga/of-fpga-region.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/fpga/of-fpga-region.c b/drivers/fpga/of-fpga-region.c index e405309..3840883 100644 --- a/drivers/fpga/of-fpga-region.c +++ b/drivers/fpga/of-fpga-region.c @@ -219,6 +219,9 @@ static struct fpga_image_info *of_fpga_region_parse_ov( info->overlay = overlay; /* Read FPGA region properties from the overlay */ + if (of_property_read_bool(overlay, "authenticate-fpga-config")) + info->flags |= FPGA_MGR_BITSTREM_AUTHENTICATION; + Should you check here that no new nodes are being added as you *only* authenticate? Sure, I will add additional checks in next submission. if (of_property_read_bool(overlay, "partial-fpga-config")) info->flags |= FPGA_MGR_PARTIAL_RECONFIG; -- 2.7.4 Thanks, Moritz Regards, Richard