Extend the Intel Security Manager class driver to
include an update/status sysfs node that can be polled
and read to monitor the progress of an ongoing secure
update. Sysfs_notify() is used to signal transitions
between different phases of the update process.
Signed-off-by: Russ Weight
Reviewed
Extend Intel Security Manager class driver to include
an update/error sysfs node that can be read for error
information when a secure update fails.
Signed-off-by: Russ Weight
Reviewed-by: Wu Hao
---
.../ABI/testing/sysfs-class-ifpga-sec-mgr | 17 ++
drivers/fpga/ifpga-sec-mgr.c
Extend the MAX10 BMC Security Engine driver to include
the functions that enable secure updates of BMC images,
FPGA images, etc.
Signed-off-by: Russ Weight
Reviewed-by: Wu Hao
---
drivers/fpga/intel-m10-bmc-secure.c | 272 +++-
include/linux/mfd/intel-m10-bmc.h | 101
.
Signed-off-by: Russ Weight
---
.../ABI/testing/sysfs-class-ifpga-sec-mgr | 10
drivers/fpga/ifpga-sec-mgr.c | 59 +--
include/linux/fpga/ifpga-sec-mgr.h| 1 +
3 files changed, 66 insertions(+), 4 deletions(-)
diff --git a/Documentation/ABI
feature. This data is treated as
opaque by the class driver. It is left to user-space software
or support personnel to interpret this data.
Signed-off-by: Russ Weight
Reviewed-by: Wu Hao
---
.../ABI/testing/sysfs-class-ifpga-sec-mgr | 14 +++
drivers/fpga/ifpga-sec-mgr.c
Extend the MAX10 BMC Security Engine driver to include
a function that returns 64 bits of additional HW specific
data for errors that require additional information.
This callback function enables the hw_errinfo sysfs
node in the Intel Security Manager class driver.
Signed-off-by: Russ Weight
it will be signaled by sysfs_notify() on each
state change.
+What: /sys/class/ifpga_sec_mgr/ifpga_secX/update/remaining_size
+Date: Sep 2020
+KernelVersion: 5.10
+Contact: Russ Weight
+Description: Read-only. Returns the size of data that remains to
+
provides sysfs
interfaces for displaying root entry hashes, canceled code
signing keys and flash counts.
Signed-off-by: Russ Weight
Signed-off-by: Xu Yilun
---
.../ABI/testing/sysfs-class-ifpga-sec-mgr | 75
MAINTAINERS | 8 +
drivers/fpga/Kconfig
Extend the MAX10 BMC Security Engine driver to provide a
handler to expose the canceled code signing key (CSK) bit
vectors. These use the standard bitmap list format
(e.g. 1,2-6,9).
Signed-off-by: Russ Weight
Reviewed-by: Wu Hao
---
drivers/fpga/intel-m10-bmc-secure.c | 60
Extend the MAX10 BMC Security Engine driver to provide a
handler to expose the flash update count for the FPGA user
image.
Signed-off-by: Russ Weight
Reviewed-by: Wu Hao
---
drivers/fpga/intel-m10-bmc-secure.c | 32 +
1 file changed, 32 insertions(+)
diff --git a
On 9/4/20 5:01 PM, Randy Dunlap wrote:
On 9/4/20 4:52 PM, Russ Weight wrote:
diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig
index 97c0a6cc2ba7..0f0bed68e618 100644
--- a/drivers/fpga/Kconfig
+++ b/drivers/fpga/Kconfig
@@ -244,4 +244,15 @@ config IFPGA_SEC_MGR
region and
On 9/4/20 5:23 PM, Moritz Fischer wrote:
Hi Russ,
On Fri, Sep 04, 2020 at 04:52:54PM -0700, Russ Weight wrote:
Create the Intel Security Manager class driver. The security
manager provides interfaces to manage secure updates for the
FPGA and BMC images that are stored in FLASH. The driver
GA and BMC images that are stored in FLASH. The driver can
>> also be used to update root entry hashes and to cancel code
>> signing keys.
>>
>> This patch creates the class driver and provides sysfs
>> interfaces for displaying root entry hashes, canceled code
cause a secure update to occur.
The write of the filename will return immediately, and the
update will begin in the context of a kernel worker thread.
This tool utilizes the request_firmware framework, which
requires that the image file reside under /lib/firmware.
Signed-off-by: Russ Weight
.
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v5:
- No change
v4:
- Changed from "Intel FPGA Security Manager" to FPGA Security Manager"
and removed unnecessary references to "Intel".
- Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, if
provides sysfs
interfaces for displaying root entry hashes, canceled code
signing keys and flash counts.
Signed-off-by: Russ Weight
Signed-off-by: Xu Yilun
Reviewed-by: Tom Rix
---
v5:
- Added the devm_fpga_sec_mgr_unregister() function, following recent
changes to the fpga_manager
feature. This data is treated as
opaque by the class driver. It is left to user-space software
or support personnel to interpret this data.
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v5:
v4:
- Changed from "Intel FPGA Security Manager" to FPGA Security Manager"
Extend the FPGA Security Manager class driver to include
an update/error sysfs node that can be read for error
information when a secure update fails.
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v5:
- Use new function sysfs_emit() in the error_show() function
v4:
- Changed from
ing the
current
as it will be signaled by sysfs_notify() on each
state change.
+What: /sys/class/fpga_sec_mgr/fpga_secX/update/remaining_size
+Date: Oct 2020
+KernelVersion: 5.11
+Contact: Russ Weight
+Description: Read-only. Re
Extend the FPGA Security Manager class driver to
include an update/status sysfs node that can be polled
and read to monitor the progress of an ongoing secure
update. Sysfs_notify() is used to signal transitions
between different phases of the update process.
Signed-off-by: Russ Weight
Reviewed
ng"
- Added sec_error() function (similar to sec_progress())
- Removed references to bmc_flash_count & smbus_flash_count (not supported)
- Removed typedefs for imgr ops
- Removed explicit value assignments in enums
- Other minor code cleanup per review comments
Russ Weight (7):
fpg
I see that I need to remove "intel" from the subject line on this patch.
I'll take care of that.
I still have an outstanding question about treating a class-driver as a
managed resource of the parent device. I'm reposting the question inline.
On 10/20/20 5:16 PM, Russ Weight
patch creates the class driver and provides sysfs
>>>> interfaces for displaying root entry hashes, canceled code
>>>> signing keys and flash counts.
>>>>
>>>> Signed-off-by: Russ Weight
>>>> Signed-off-by: Xu Yilun
>>>> Re
On 10/25/20 12:12 PM, Moritz Fischer wrote:
> Hi Russ,
>
> On Tue, Oct 20, 2020 at 05:31:12PM -0700, Russ Weight wrote:
>> I see that I need to remove "intel" from the subject line on this patch.
>> I'll take care of that.
>>
>> I still have an ou
Extend the MAX10 BMC Secure Update driver to provide sysfs
files to expose the canceled code signing key (CSK) bit
vectors. These use the standard bitmap list format
(e.g. 1,2-6,9).
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v5:
- No change
v4:
- Moved sysfs files for displaying
Extend the MAX10 BMC Secure Update driver to provide a
sysfs file to expose the flash update count for the FPGA
user image.
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v5:
- Renamed sysfs node user_flash_count to flash_count and updated the
sysfs documentation accordingly.
v4
Extend the MAX10 BMC Secure Update driver to include
the functions that enable secure updates of BMC images,
FPGA images, etc.
Signed-off-by: Russ Weight
---
v5:
- No change
v4:
- No change
v3:
- Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_
- Changed &
images.
This patch creates the MAX10 BMC Secure Update driver and
provides sysfs files for displaying the current root entry hashes
for the FPGA static region, the FPGA PR region, and the MAX10
BMC.
Signed-off-by: Russ Weight
---
v5:
- No change
v4:
- Moved sysfs files for displaying the root
Add macros and definitions required by the MAX10 BMC
Secure Update driver.
Signed-off-by: Russ Weight
Acked-by: Lee Jones
---
v5:
- Renamed USER_FLASH_COUNT to STAGING_FLASH_COUNT
v4:
- No change
v3:
- Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure
Extend the MAX10 BMC Secure Update driver to include
a function that returns 64 bits of additional HW specific
data for errors that require additional information.
This callback function enables the hw_errinfo sysfs
node in the Intel Security Manager class driver.
Signed-off-by: Russ Weight
ucture
- Implemented HW_ERRINFO_POISON for m10bmc_sec_hw_errinfo() to
ensure that corresponding bits are set to 1 if we are unable
to read the doorbell or auth_result registers.
- Added comments and additional code cleanup per V1 review.
Russ Weight (6):
mfd: intel-m10-bmc: support for
le" to "reading"
- Added sec_error() function (similar to sec_progress())
- Removed references to bmc_flash_count & smbus_flash_count (not supported)
- Removed typedefs for imgr ops
- Removed explicit value assignments in enums
- Other minor code cleanup per review comm
file
and is decoded by the HW/FW secure update engine.
Signed-off-by: Russ Weight
Signed-off-by: Xu Yilun
Reviewed-by: Tom Rix
---
v6:
- Removed sysfs support and documentation for the display of the
flash count, root entry hashes, and code-signing-key cancelation
vectors.
v5:
- Added
.
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v6:
- No change
v5:
- No change
v4:
- Changed from "Intel FPGA Security Manager" to FPGA Security Manager"
and removed unnecessary references to "Intel".
- Changed: iops -> sops, imgr -> smgr, IFPG
cause a secure update to occur.
The write of the filename will return immediately, and the
update will begin in the context of a kernel worker thread.
This tool utilizes the request_firmware framework, which
requires that the image file reside under /lib/firmware.
Signed-off-by: Russ Weight
turns a string describing the
current
as it will be signaled by sysfs_notify() on each
state change.
+What: /sys/class/fpga_sec_mgr/fpga_secX/update/remaining_size
+Date: Oct 2020
+KernelVersion: 5.11
+Contact: Russ Weight
+Description: Re
Extend the FPGA Security Manager class driver to
include an update/status sysfs node that can be polled
and read to monitor the progress of an ongoing secure
update. Sysfs_notify() is used to signal transitions
between different phases of the update process.
Signed-off-by: Russ Weight
Reviewed
feature. This data is treated as
opaque by the class driver. It is left to user-space software
or support personnel to interpret this data.
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v6:
- No change
v5:
- No change
v4:
- Changed from "Intel FPGA Security Manager" to FPG
Extend the FPGA Security Manager class driver to include
an update/error sysfs node that can be read for error
information when a secure update fails.
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v6:
- No change
v5:
- Use new function sysfs_emit() in the error_show() function
v4
Extend the MAX10 BMC Secure Update driver to provide a
sysfs file to expose the flash update count for the FPGA
user image.
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v4:
- Moved the sysfs file for displaying the flash count from the
FPGA Security Manager class driver to here
Extend the MAX10 BMC Secure Update driver to include
the functions that enable secure updates of BMC images,
FPGA images, etc.
Signed-off-by: Russ Weight
---
v4:
- No change
v3:
- Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_
- Changed "MAX10 BMC
images.
This patch creates the MAX10 BMC Secure Update driver and
provides sysfs files for displaying the current root entry hashes
for the FPGA static region, the FPGA PR region, and the MAX10
BMC.
Signed-off-by: Russ Weight
---
v4:
- Moved sysfs files for displaying the root entry hashes (REH
stride variable in calls to m10bmc_raw_bulk_read().
- Added m10bmc_ prefix to functions in m10bmc_iops structure
- Implemented HW_ERRINFO_POISON for m10bmc_sec_hw_errinfo() to
ensure that corresponding bits are set to 1 if we are unable
to read the doorbell or auth_result registers.
-
Extend the MAX10 BMC Secure Update driver to include
a function that returns 64 bits of additional HW specific
data for errors that require additional information.
This callback function enables the hw_errinfo sysfs
node in the Intel Security Manager class driver.
Signed-off-by: Russ Weight
Add macros and definitions required by the MAX10 BMC
Secure Update driver.
Signed-off-by: Russ Weight
Acked-by: Lee Jones
---
v4:
- No change
v3:
- Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure
Update driver"
- Removed wrapper functions (m10bm
Extend the MAX10 BMC Secure Update driver to provide sysfs
files to expose the canceled code signing key (CSK) bit
vectors. These use the standard bitmap list format
(e.g. 1,2-6,9).
Signed-off-by: Russ Weight
Reviewed-by: Tom Rix
---
v4:
- Moved sysfs files for displaying the code-signing-key
On 11/5/20 6:23 PM, Russ Weight wrote:
> Create a platform driver that can be invoked as a sub
> driver for the Intel MAX10 BMC in order to support
> secure updates. This sub-driver will invoke an
> instance of the FPGA Security Manager class driver
> in order to expose sysfs
On 11/5/20 6:23 PM, Russ Weight wrote:
> Extend the MAX10 BMC Secure Update driver to provide sysfs
> files to expose the canceled code signing key (CSK) bit
> vectors. These use the standard bitmap list format
> (e.g. 1,2-6,9).
>
> Signed-off-by: Russ Weight
> Reviewed-by
ext submission.
>
> On 9/4/20 4:52 PM, Russ Weight wrote:
>> Extend the MAX10 BMC Security Engine driver to include
>> the functions that enable secure updates of BMC images,
>> FPGA images, etc.
>>
>> Signed-off-by: Russ Weight
>> Reviewed-by: Wu H
On 9/10/20 2:51 PM, Tom Rix wrote:
> On 9/10/20 1:22 PM, Russ Weight wrote:
>>
>>
>> On 9/5/20 12:09 PM, Tom Rix wrote:
>>
>>
>>
>>>
>>> On 9/4/20 4:52 PM, Russ Weight wrote:
>>>
>>>>
On 9/5/20 1:22 PM, Tom Rix wrote:
> On 9/4/20 4:52 PM, Russ Weight wrote:
>> Create a platform driver that can be invoked as a sub
>> driver for the Intel MAX10 BMC in order to support
>> secure updates. This sub-driver will invoke an
>> instance of the Intel FPGA Se
On 9/14/20 1:48 PM, Tom Rix wrote:
> On 9/14/20 12:07 PM, Russ Weight wrote:
>> On 9/5/20 1:22 PM, Tom Rix wrote:
>>> On 9/4/20 4:52 PM, Russ Weight wrote:
>>>> Create a platform driver that can be invoked as a sub
>>>> driver for the Intel MAX10 B
On 9/6/20 10:14 AM, Tom Rix wrote:
> On 9/4/20 4:53 PM, Russ Weight wrote:
>> Extend the MAX10 BMC Security Engine driver to include
>> a function that returns 64 bits of additional HW specific
>> data for errors that require additional information.
>> This ca
Port enable is not complete until ACK = 0. Change
__afu_port_enable() to guarantee that the enable process
is complete by polling for ACK == 0.
Signed-off-by: Russ Weight
---
drivers/fpga/dfl-afu-error.c | 2 +-
drivers/fpga/dfl-afu-main.c | 29 +
drivers/fpga/dfl
Port enable is not complete until ACK = 0. Change
__afu_port_enable() guarantee that the enable process
is complete by polling for ACK == 0.
Signed-off-by: Russ Weight
---
drivers/fpga/dfl-afu-error.c | 2 +-
drivers/fpga/dfl-afu-main.c | 29 +
drivers/fpga/dfl
On 9/6/20 9:16 AM, Tom Rix wrote:
> On 9/4/20 4:53 PM, Russ Weight wrote:
>> Extend the Intel Security Manager class driver to
>> include an update/status sysfs node that can be polled
>> and read to monitor the progress of an ongoing secure
>> update. Sysfs
On 9/6/20 9:27 AM, Tom Rix wrote:
> On 9/4/20 4:53 PM, Russ Weight wrote:
>> Extend Intel Security Manager class driver to include
>> an update/error sysfs node that can be read for error
>> information when a secure update fails.
>>
>> Signed-off-by: Ru
On 9/5/20 1:39 PM, Tom Rix wrote:
> On 9/4/20 4:52 PM, Russ Weight wrote:
>> Extend the MAX10 BMC Security Engine driver to provide a
>> handler to expose the flash update count for the FPGA user
>> image.
>>
>> Signed-off-by: Russ Weight
>> Reviewed-by
201 - 258 of 258 matches
Mail list logo
