mbox series

[PATCHv5,0/7] Extend Intel service layer, FPGA manager and region

Message ID 1612909233-13867-1-git-send-email-richard.gong@linux.intel.com (mailing list archive)
Headers show
Series Extend Intel service layer, FPGA manager and region | expand

Message

Richard Gong Feb. 9, 2021, 10:20 p.m. UTC
From: Richard Gong <richard.gong@intel.com>

This is 5th submission of Intel service layer and FPGA patches, which
includes the missing standalone patch in the 4th submission.

This submission includes additional changes for Intel service layer driver
to get the firmware version running at FPGA SoC device. Then FPGA manager
driver, one of Intel service layer driver's client, can decide whether to
handle the newly added bitstream authentication function based on the
retrieved firmware version. So that we can maintain FPGA manager driver
the back compatible.

Bitstream authentication makes sure a signed bitstream has valid
signatures.

The customer sends the bitstream via FPGA framework and overlay, the
firmware will authenticate the bitstream but not program the bitstream to
device. If the authentication passes, the bitstream will be programmed into
QSPI flash and will be expected to boot without issues.

Extend Intel service layer, FPGA manager and region drivers to support the
bitstream authentication feature. 

Richard Gong (7):
  firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
  firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
  firmware: stratix10-svc: extend SVC driver to get the firmware version
  fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
  fpga: of-fpga-region: add authenticate-fpga-config property
  dt-bindings: fpga: add authenticate-fpga-config property
  fpga: stratix10-soc: extend driver for bitstream authentication

 .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
 drivers/firmware/stratix10-svc.c                   | 12 ++++-
 drivers/fpga/of-fpga-region.c                      | 24 ++++++---
 drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
 include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
 .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
 include/linux/fpga/fpga-mgr.h                      |  3 ++
 7 files changed, 125 insertions(+), 18 deletions(-)

Comments

Gong, Richard Feb. 25, 2021, 1:07 p.m. UTC | #1
Hi Moritz,

Sorry for asking.

When you have chance, can you help review the version 5 patchset submitted on 02/09/21?

Regards,
Richard

-----Original Message-----
From: richard.gong@linux.intel.com <richard.gong@linux.intel.com> 
Sent: Tuesday, February 9, 2021 4:20 PM
To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
Cc: Gong, Richard <richard.gong@intel.com>
Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region

From: Richard Gong <richard.gong@intel.com>

This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.

This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.

Bitstream authentication makes sure a signed bitstream has valid signatures.

The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.

Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. 

Richard Gong (7):
  firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
  firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
  firmware: stratix10-svc: extend SVC driver to get the firmware version
  fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
  fpga: of-fpga-region: add authenticate-fpga-config property
  dt-bindings: fpga: add authenticate-fpga-config property
  fpga: stratix10-soc: extend driver for bitstream authentication

 .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
 drivers/firmware/stratix10-svc.c                   | 12 ++++-
 drivers/fpga/of-fpga-region.c                      | 24 ++++++---
 drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
 include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
 .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
 include/linux/fpga/fpga-mgr.h                      |  3 ++
 7 files changed, 125 insertions(+), 18 deletions(-)

--
2.7.4
Tom Rix Feb. 25, 2021, 1:28 p.m. UTC | #2
The first patch is a fix that is targeted for stable.

Tom

On 2/25/21 5:07 AM, Gong, Richard wrote:
> Hi Moritz,
>
> Sorry for asking.
>
> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>
> Regards,
> Richard
>
> -----Original Message-----
> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com> 
> Sent: Tuesday, February 9, 2021 4:20 PM
> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
> Cc: Gong, Richard <richard.gong@intel.com>
> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>
> From: Richard Gong <richard.gong@intel.com>
>
> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>
> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>
> Bitstream authentication makes sure a signed bitstream has valid signatures.
>
> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>
> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. 
>
> Richard Gong (7):
>   firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>   firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>   firmware: stratix10-svc: extend SVC driver to get the firmware version
>   fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>   fpga: of-fpga-region: add authenticate-fpga-config property
>   dt-bindings: fpga: add authenticate-fpga-config property
>   fpga: stratix10-soc: extend driver for bitstream authentication
>
>  .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>  drivers/firmware/stratix10-svc.c                   | 12 ++++-
>  drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>  drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>  include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>  .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>  include/linux/fpga/fpga-mgr.h                      |  3 ++
>  7 files changed, 125 insertions(+), 18 deletions(-)
>
> --
> 2.7.4
>
Richard Gong Feb. 25, 2021, 4:58 p.m. UTC | #3
The first patch of the version 5 patch set is a fix for the mainline, I 
submitted a separate patch for a fix at the stable.

Regards,
Richard


On 2/25/21 7:28 AM, Tom Rix wrote:
> The first patch is a fix that is targeted for stable.
> 
> Tom
> 
> On 2/25/21 5:07 AM, Gong, Richard wrote:
>> Hi Moritz,
>>
>> Sorry for asking.
>>
>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>>
>> Regards,
>> Richard
>>
>> -----Original Message-----
>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com>
>> Sent: Tuesday, February 9, 2021 4:20 PM
>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>> Cc: Gong, Richard <richard.gong@intel.com>
>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>>
>> From: Richard Gong <richard.gong@intel.com>
>>
>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>>
>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>>
>> Bitstream authentication makes sure a signed bitstream has valid signatures.
>>
>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>>
>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature.
>>
>> Richard Gong (7):
>>    firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>    firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>    firmware: stratix10-svc: extend SVC driver to get the firmware version
>>    fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>    fpga: of-fpga-region: add authenticate-fpga-config property
>>    dt-bindings: fpga: add authenticate-fpga-config property
>>    fpga: stratix10-soc: extend driver for bitstream authentication
>>
>>   .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>   drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>   drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>   drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>>   include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>   .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>   include/linux/fpga/fpga-mgr.h                      |  3 ++
>>   7 files changed, 125 insertions(+), 18 deletions(-)
>>
>> --
>> 2.7.4
>>
>
Richard Gong March 19, 2021, 11:22 p.m. UTC | #4
Hi Moritz,

Thanks for approving the 1st patch of my version 5 patchest, which 
submitted on 02/09/21.

Can you help review the remaining 6 patches from the same version 5 
patchset? I need your ACKs to move forward, or please let me know if 
additional work is need.

Many thanks for your time again!

Regards,
Richard


On 2/25/21 7:07 AM, Gong, Richard wrote:
> Hi Moritz,
> 
> Sorry for asking.
> 
> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
> 
> Regards,
> Richard
> 
> -----Original Message-----
> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com>
> Sent: Tuesday, February 9, 2021 4:20 PM
> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
> Cc: Gong, Richard <richard.gong@intel.com>
> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
> 
> From: Richard Gong <richard.gong@intel.com>
> 
> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
> 
> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
> 
> Bitstream authentication makes sure a signed bitstream has valid signatures.
> 
> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
> 
> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature.
> 
> Richard Gong (7):
>    firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>    firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>    firmware: stratix10-svc: extend SVC driver to get the firmware version
>    fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>    fpga: of-fpga-region: add authenticate-fpga-config property
>    dt-bindings: fpga: add authenticate-fpga-config property
>    fpga: stratix10-soc: extend driver for bitstream authentication
> 
>   .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>   drivers/firmware/stratix10-svc.c                   | 12 ++++-
>   drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>   drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>   include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>   .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>   include/linux/fpga/fpga-mgr.h                      |  3 ++
>   7 files changed, 125 insertions(+), 18 deletions(-)
> 
> --
> 2.7.4
>
Tom Rix March 20, 2021, 2:35 p.m. UTC | #5
On 3/19/21 4:22 PM, Richard Gong wrote:
>
> Hi Moritz,
>
> Thanks for approving the 1st patch of my version 5 patchest, which submitted on 02/09/21.

This change

e23bd83368af ("firmware: stratix10-svc: fix kernel-doc markups")

Makes a lot of formatting changes in the same files as this patchset, including the first patch.

It would be good to try applying this patchset to char-misc-next and resubmit if there are conflicts.

>
> Can you help review the remaining 6 patches from the same version 5 patchset? I need your ACKs to move forward, or please let me know if additional work is need.

These changes look good to me.

I was looking at the patchset again seeing if the firmware/ parts could be split out.

Even though stratix10 is a fpga, from the MAINTAINERS file it is not clear to me if linux-fpga owns them and they come in on Moritz's branch.  I think this change is needed to the MAINTAINERS file to make that clearer.

diff --git a/MAINTAINERS b/MAINTAINERS
index aa84121c5611..1f68e9ff76de 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9193,7 +9193,8 @@ F:    tools/power/x86/intel-speed-select/
 
 INTEL STRATIX10 FIRMWARE DRIVERS
 M:    Richard Gong <richard.gong@linux.intel.com>
-L:    linux-kernel@vger.kernel.org
+R:    Tom Rix <trix@redhat.com>
+L:    linux-fpga@vger.kernel.org
 S:    Maintained
 F:    Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu
 F:    Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt

I also added myself as a reviewer because I want to help out.

Tom


>
> Many thanks for your time again!
>
> Regards,
> Richard
>
>
> On 2/25/21 7:07 AM, Gong, Richard wrote:
>> Hi Moritz,
>>
>> Sorry for asking.
>>
>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>>
>> Regards,
>> Richard
>>
>> -----Original Message-----
>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com>
>> Sent: Tuesday, February 9, 2021 4:20 PM
>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>> Cc: Gong, Richard <richard.gong@intel.com>
>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>>
>> From: Richard Gong <richard.gong@intel.com>
>>
>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>>
>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>>
>> Bitstream authentication makes sure a signed bitstream has valid signatures.
>>
>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>>
>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature.
>>
>> Richard Gong (7):
>>    firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>    firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>    firmware: stratix10-svc: extend SVC driver to get the firmware version
>>    fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>    fpga: of-fpga-region: add authenticate-fpga-config property
>>    dt-bindings: fpga: add authenticate-fpga-config property
>>    fpga: stratix10-soc: extend driver for bitstream authentication
>>
>>   .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>   drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>   drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>   drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>>   include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>   .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>   include/linux/fpga/fpga-mgr.h                      |  3 ++
>>   7 files changed, 125 insertions(+), 18 deletions(-)
>>
>> -- 
>> 2.7.4
>>
>
Richard Gong March 21, 2021, 9:05 p.m. UTC | #6
Hi Tom,

> 
> 
> On 3/19/21 4:22 PM, Richard Gong wrote:
>>
>> Hi Moritz,
>>
>> Thanks for approving the 1st patch of my version 5 patchest, which submitted on 02/09/21.
> 
> This change
> 
> e23bd83368af ("firmware: stratix10-svc: fix kernel-doc markups")

This patch e23bd83368af is not from my version 5 patch set.
> 
> Makes a lot of formatting changes in the same files as this patchset, including the first patch.
> 
> It would be good to try applying this patchset to char-misc-next and resubmit if there are conflicts.
> 
>>
>> Can you help review the remaining 6 patches from the same version 5 patchset? I need your ACKs to move forward, or please let me know if additional work is need.
> 
> These changes look good to me.
> 
> I was looking at the patchset again seeing if the firmware/ parts could be split out.

No, we can't split out the firmware parts.
> 
> Even though stratix10 is a fpga, from the MAINTAINERS file it is not clear to me if linux-fpga owns them and they come in on Moritz's branch.  I think this change is needed to the MAINTAINERS file to make that clearer.
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index aa84121c5611..1f68e9ff76de 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -9193,7 +9193,8 @@ F:    tools/power/x86/intel-speed-select/
>   
>   INTEL STRATIX10 FIRMWARE DRIVERS
>   M:    Richard Gong <richard.gong@linux.intel.com>
> -L:    linux-kernel@vger.kernel.org
> +R:    Tom Rix <trix@redhat.com>
> +L:    linux-fpga@vger.kernel.org
>   S:    Maintained
>   F:    Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu
>   F:    Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt
> 
> I also added myself as a reviewer because I want to help out.
> 
> Tom
> 

Regards,
Richard

> 
>>
>> Many thanks for your time again!
>>
>> Regards,
>> Richard
>>
>>
>> On 2/25/21 7:07 AM, Gong, Richard wrote:
>>> Hi Moritz,
>>>
>>> Sorry for asking.
>>>
>>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>>>
>>> Regards,
>>> Richard
>>>
>>> -----Original Message-----
>>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com>
>>> Sent: Tuesday, February 9, 2021 4:20 PM
>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>>> Cc: Gong, Richard <richard.gong@intel.com>
>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>>>
>>> From: Richard Gong <richard.gong@intel.com>
>>>
>>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>>>
>>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>>>
>>> Bitstream authentication makes sure a signed bitstream has valid signatures.
>>>
>>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>>>
>>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature.
>>>
>>> Richard Gong (7):
>>>     firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>>     firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>>     firmware: stratix10-svc: extend SVC driver to get the firmware version
>>>     fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>>     fpga: of-fpga-region: add authenticate-fpga-config property
>>>     dt-bindings: fpga: add authenticate-fpga-config property
>>>     fpga: stratix10-soc: extend driver for bitstream authentication
>>>
>>>    .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>>    drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>>    drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>>    drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>>>    include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>>    .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>>    include/linux/fpga/fpga-mgr.h                      |  3 ++
>>>    7 files changed, 125 insertions(+), 18 deletions(-)
>>>
>>> -- 
>>> 2.7.4
>>>
>>
>
Tom Rix March 22, 2021, 1:53 p.m. UTC | #7
On 3/21/21 2:05 PM, Richard Gong wrote:
>
> Hi Tom,
>
>>
>>
>> On 3/19/21 4:22 PM, Richard Gong wrote:
>>>
>>> Hi Moritz,
>>>
>>> Thanks for approving the 1st patch of my version 5 patchest, which submitted on 02/09/21.
>>
>> This change
>>
>> e23bd83368af ("firmware: stratix10-svc: fix kernel-doc markups")
>
> This patch e23bd83368af is not from my version 5 patch set.

Correct.

But since it is already in char-misc-next, your version 5 patchset will conflict with it.

I could not apply this patchset to my unoffical fpga-testing.

I am suggesting you do a test application of your patchset against char-misc-next.

And if you find there are issues, rebase your patchset. 

>>
>> Makes a lot of formatting changes in the same files as this patchset, including the first patch.
>>
>> It would be good to try applying this patchset to char-misc-next and resubmit if there are conflicts.
>>
>>>
>>> Can you help review the remaining 6 patches from the same version 5 patchset? I need your ACKs to move forward, or please let me know if additional work is need.
>>
>> These changes look good to me.
>>
>> I was looking at the patchset again seeing if the firmware/ parts could be split out.
>
> No, we can't split out the firmware parts.

ok

Tom

>>
>> Even though stratix10 is a fpga, from the MAINTAINERS file it is not clear to me if linux-fpga owns them and they come in on Moritz's branch.  I think this change is needed to the MAINTAINERS file to make that clearer.
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index aa84121c5611..1f68e9ff76de 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -9193,7 +9193,8 @@ F:    tools/power/x86/intel-speed-select/
>>     INTEL STRATIX10 FIRMWARE DRIVERS
>>   M:    Richard Gong <richard.gong@linux.intel.com>
>> -L:    linux-kernel@vger.kernel.org
>> +R:    Tom Rix <trix@redhat.com>
>> +L:    linux-fpga@vger.kernel.org
>>   S:    Maintained
>>   F:    Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu
>>   F:    Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt
>>
>> I also added myself as a reviewer because I want to help out.
>>
>> Tom
>>
>
> Regards,
> Richard
>
>>
>>>
>>> Many thanks for your time again!
>>>
>>> Regards,
>>> Richard
>>>
>>>
>>> On 2/25/21 7:07 AM, Gong, Richard wrote:
>>>> Hi Moritz,
>>>>
>>>> Sorry for asking.
>>>>
>>>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>>>>
>>>> Regards,
>>>> Richard
>>>>
>>>> -----Original Message-----
>>>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com>
>>>> Sent: Tuesday, February 9, 2021 4:20 PM
>>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>>>> Cc: Gong, Richard <richard.gong@intel.com>
>>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>>>>
>>>> From: Richard Gong <richard.gong@intel.com>
>>>>
>>>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>>>>
>>>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>>>>
>>>> Bitstream authentication makes sure a signed bitstream has valid signatures.
>>>>
>>>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>>>>
>>>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature.
>>>>
>>>> Richard Gong (7):
>>>>     firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>>>     firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>>>     firmware: stratix10-svc: extend SVC driver to get the firmware version
>>>>     fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>>>     fpga: of-fpga-region: add authenticate-fpga-config property
>>>>     dt-bindings: fpga: add authenticate-fpga-config property
>>>>     fpga: stratix10-soc: extend driver for bitstream authentication
>>>>
>>>>    .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>>>    drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>>>    drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>>>    drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>>>>    include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>>>    .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>>>    include/linux/fpga/fpga-mgr.h                      |  3 ++
>>>>    7 files changed, 125 insertions(+), 18 deletions(-)
>>>>
>>>> -- 
>>>> 2.7.4
>>>>
>>>
>>
>
Richard Gong March 22, 2021, 3:53 p.m. UTC | #8
Hi Tom,

On 3/22/21 8:53 AM, Tom Rix wrote:
> 
> On 3/21/21 2:05 PM, Richard Gong wrote:
>>
>> Hi Tom >>
>>>
>>>
>>> On 3/19/21 4:22 PM, Richard Gong wrote:
>>>>
>>>> Hi Moritz,
>>>>
>>>> Thanks for approving the 1st patch of my version 5 patchest, which submitted on 02/09/21.
>>>
>>> This change
>>>
>>> e23bd83368af ("firmware: stratix10-svc: fix kernel-doc markups")
>>
>> This patch e23bd83368af is not from my version 5 patch set.
> 
> Correct.
> 
> But since it is already in char-misc-next, your version 5 patchset will conflict with it.
> 
> I could not apply this patchset to my unoffical fpga-testing.
> 
> I am suggesting you do a test application of your patchset against char-misc-next.
> 
> And if you find there are issues, rebase your patchset.
> 

I tried to apply my patchset to the top of char-misc-next, but I didn't 
see any conflicts.

c7582d1 fpga: stratix10-soc: extend driver for bitstream authentication
2c9ecd3 dt-bindings: fpga: add authenticate-fpga-config property
6244115 fpga: of-fpga-region: add authenticate-fpga-config property
da274c9 fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
9f93cad firmware: stratix10-svc: extend SVC driver to get the firmware 
version
eda6b51 firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
91aff09 firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
83be46e Merge v5.12-rc3 into char-misc-next

Regards,
Richard

>>>
>>> Makes a lot of formatting changes in the same files as this patchset, including the first patch.
>>>
>>> It would be good to try applying this patchset to char-misc-next and resubmit if there are conflicts.
>>>
>>>>
>>>> Can you help review the remaining 6 patches from the same version 5 patchset? I need your ACKs to move forward, or please let me know if additional work is need.
>>>
>>> These changes look good to me.
>>>
>>> I was looking at the patchset again seeing if the firmware/ parts could be split out.
>>
>> No, we can't split out the firmware parts.
> 
> ok
> 
> Tom
> 
>>>
>>> Even though stratix10 is a fpga, from the MAINTAINERS file it is not clear to me if linux-fpga owns them and they come in on Moritz's branch.  I think this change is needed to the MAINTAINERS file to make that clearer.
>>>
>>> diff --git a/MAINTAINERS b/MAINTAINERS
>>> index aa84121c5611..1f68e9ff76de 100644
>>> --- a/MAINTAINERS
>>> +++ b/MAINTAINERS
>>> @@ -9193,7 +9193,8 @@ F:    tools/power/x86/intel-speed-select/
>>>      INTEL STRATIX10 FIRMWARE DRIVERS
>>>    M:    Richard Gong <richard.gong@linux.intel.com>
>>> -L:    linux-kernel@vger.kernel.org
>>> +R:    Tom Rix <trix@redhat.com>
>>> +L:    linux-fpga@vger.kernel.org
>>>    S:    Maintained
>>>    F:    Documentation/ABI/testing/sysfs-devices-platform-stratix10-rsu
>>>    F:    Documentation/devicetree/bindings/firmware/intel,stratix10-svc.txt
>>>
>>> I also added myself as a reviewer because I want to help out.
>>>
>>> Tom
>>>
>>
>> Regards,
>> Richard
>>
>>>
>>>>
>>>> Many thanks for your time again!
>>>>
>>>> Regards,
>>>> Richard
>>>>
>>>>
>>>> On 2/25/21 7:07 AM, Gong, Richard wrote:
>>>>> Hi Moritz,
>>>>>
>>>>> Sorry for asking.
>>>>>
>>>>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>>>>>
>>>>> Regards,
>>>>> Richard
>>>>>
>>>>> -----Original Message-----
>>>>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com>
>>>>> Sent: Tuesday, February 9, 2021 4:20 PM
>>>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>>>>> Cc: Gong, Richard <richard.gong@intel.com>
>>>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>>>>>
>>>>> From: Richard Gong <richard.gong@intel.com>
>>>>>
>>>>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>>>>>
>>>>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>>>>>
>>>>> Bitstream authentication makes sure a signed bitstream has valid signatures.
>>>>>
>>>>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>>>>>
>>>>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature.
>>>>>
>>>>> Richard Gong (7):
>>>>>      firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>>>>      firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>>>>      firmware: stratix10-svc: extend SVC driver to get the firmware version
>>>>>      fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>>>>      fpga: of-fpga-region: add authenticate-fpga-config property
>>>>>      dt-bindings: fpga: add authenticate-fpga-config property
>>>>>      fpga: stratix10-soc: extend driver for bitstream authentication
>>>>>
>>>>>     .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>>>>     drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>>>>     drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>>>>     drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>>>>>     include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>>>>     .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>>>>     include/linux/fpga/fpga-mgr.h                      |  3 ++
>>>>>     7 files changed, 125 insertions(+), 18 deletions(-)
>>>>>
>>>>> -- 
>>>>> 2.7.4
>>>>>
>>>>
>>>
>>
>
Moritz Fischer March 27, 2021, 6:09 p.m. UTC | #9
Hi Richard, Russ,

On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote:
> Hi Moritz,
> 
> Sorry for asking.
> 
> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
> 
> Regards,
> Richard
> 
> -----Original Message-----
> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com> 
> Sent: Tuesday, February 9, 2021 4:20 PM
> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
> Cc: Gong, Richard <richard.gong@intel.com>
> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
> 
> From: Richard Gong <richard.gong@intel.com>
> 
> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
> 
> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
> 
> Bitstream authentication makes sure a signed bitstream has valid signatures.
> 
> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
> 
> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. 
> 
> Richard Gong (7):
>   firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>   firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>   firmware: stratix10-svc: extend SVC driver to get the firmware version
>   fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>   fpga: of-fpga-region: add authenticate-fpga-config property
>   dt-bindings: fpga: add authenticate-fpga-config property
>   fpga: stratix10-soc: extend driver for bitstream authentication
> 
>  .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>  drivers/firmware/stratix10-svc.c                   | 12 ++++-
>  drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>  drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>  include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>  .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>  include/linux/fpga/fpga-mgr.h                      |  3 ++
>  7 files changed, 125 insertions(+), 18 deletions(-)
> 
> --
> 2.7.4
> 

Apologies for the epic delay in getting back to this, I took another
look at this patchset and Russ' patchset.

TL;DR I'm not really a fan of using device-tree overlays for this (and
again, apologies, I should've voiced this earlier ...).

Anyways, let's find a common API for this and Russ' work, they're trying
to achieve the same / similar thing, they should use the same API.

I'd like to re-invetigate the possiblity to extend FPGA Manager with
'secure update' ops that work for both these use-cases (and I susspect
hte XRT patchset will follow with a similar requirement, right after).

- Moritz
Tom Rix March 28, 2021, 3:40 p.m. UTC | #10
On 3/27/21 11:09 AM, Moritz Fischer wrote:
> Hi Richard, Russ,
>
> On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote:
>> Hi Moritz,
>>
>> Sorry for asking.
>>
>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>>
>> Regards,
>> Richard
>>
>> -----Original Message-----
>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com> 
>> Sent: Tuesday, February 9, 2021 4:20 PM
>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>> Cc: Gong, Richard <richard.gong@intel.com>
>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>>
>> From: Richard Gong <richard.gong@intel.com>
>>
>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>>
>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>>
>> Bitstream authentication makes sure a signed bitstream has valid signatures.
>>
>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>>
>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. 
>>
>> Richard Gong (7):
>>   firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>   firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>   firmware: stratix10-svc: extend SVC driver to get the firmware version
>>   fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>   fpga: of-fpga-region: add authenticate-fpga-config property
>>   dt-bindings: fpga: add authenticate-fpga-config property
>>   fpga: stratix10-soc: extend driver for bitstream authentication
>>
>>  .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>  drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>  drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>  drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>>  include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>  .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>  include/linux/fpga/fpga-mgr.h                      |  3 ++
>>  7 files changed, 125 insertions(+), 18 deletions(-)
>>
>> --
>> 2.7.4
>>
> Apologies for the epic delay in getting back to this, I took another
> look at this patchset and Russ' patchset.
>
> TL;DR I'm not really a fan of using device-tree overlays for this (and
> again, apologies, I should've voiced this earlier ...).
>
> Anyways, let's find a common API for this and Russ' work, they're trying
> to achieve the same / similar thing, they should use the same API.
>
> I'd like to re-invetigate the possiblity to extend FPGA Manager with
> 'secure update' ops that work for both these use-cases (and I susspect
> hte XRT patchset will follow with a similar requirement, right after).

The xrt patchset makes heavy use of device trees.

What is the general guidance for device tree usage ?

Tom

>
> - Moritz
>
Moritz Fischer March 28, 2021, 5:20 p.m. UTC | #11
Tom,

On Sun, Mar 28, 2021 at 08:40:24AM -0700, Tom Rix wrote:
> 
> On 3/27/21 11:09 AM, Moritz Fischer wrote:
> > Hi Richard, Russ,
> >
> > On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote:
> >> Hi Moritz,
> >>
> >> Sorry for asking.
> >>
> >> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
> >>
> >> Regards,
> >> Richard
> >>
> >> -----Original Message-----
> >> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com> 
> >> Sent: Tuesday, February 9, 2021 4:20 PM
> >> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
> >> Cc: Gong, Richard <richard.gong@intel.com>
> >> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
> >>
> >> From: Richard Gong <richard.gong@intel.com>
> >>
> >> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
> >>
> >> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
> >>
> >> Bitstream authentication makes sure a signed bitstream has valid signatures.
> >>
> >> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
> >>
> >> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. 
> >>
> >> Richard Gong (7):
> >>   firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
> >>   firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
> >>   firmware: stratix10-svc: extend SVC driver to get the firmware version
> >>   fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
> >>   fpga: of-fpga-region: add authenticate-fpga-config property
> >>   dt-bindings: fpga: add authenticate-fpga-config property
> >>   fpga: stratix10-soc: extend driver for bitstream authentication
> >>
> >>  .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
> >>  drivers/firmware/stratix10-svc.c                   | 12 ++++-
> >>  drivers/fpga/of-fpga-region.c                      | 24 ++++++---
> >>  drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
> >>  include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
> >>  .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
> >>  include/linux/fpga/fpga-mgr.h                      |  3 ++
> >>  7 files changed, 125 insertions(+), 18 deletions(-)
> >>
> >> --
> >> 2.7.4
> >>
> > Apologies for the epic delay in getting back to this, I took another
> > look at this patchset and Russ' patchset.
> >
> > TL;DR I'm not really a fan of using device-tree overlays for this (and
> > again, apologies, I should've voiced this earlier ...).
> >
> > Anyways, let's find a common API for this and Russ' work, they're trying
> > to achieve the same / similar thing, they should use the same API.
> >
> > I'd like to re-invetigate the possiblity to extend FPGA Manager with
> > 'secure update' ops that work for both these use-cases (and I susspect
> > hte XRT patchset will follow with a similar requirement, right after).
> 
> The xrt patchset makes heavy use of device trees.
> 
> What is the general guidance for device tree usage ?

I'm not generally against using device tree, it has its place. To
describe hardware (and hardware *changes* with overlays) :)

What I don't like about this particular implementation w.r.t device-tree
usage is that it uses DT overlays as a mechanism to program the flash --
in place of having an API to do so.

One could add device-nodes during the DT overlay application, while the
FPGA doesn't actually get programmed with a new runtime image -- meaning
live DT and actual hardware state diverged -- worst case it'd crash.

So when roughly at the same time (from the same company even) we have two
patchsets that do similar things with radically different APIs I think
we should pause, and reflect on whether we can come up with something
that works for both :)

TL;DR the firmware parts to authenticate the bitstream look fine to me, the
way we tie it into the FPGA region I'm not a fan of.

- Moritz
Russ Weight March 31, 2021, 6:47 p.m. UTC | #12
Moritz,

On 3/28/21 10:20 AM, Moritz Fischer wrote:
> Tom,
>
> On Sun, Mar 28, 2021 at 08:40:24AM -0700, Tom Rix wrote:
>> On 3/27/21 11:09 AM, Moritz Fischer wrote:
>>> Hi Richard, Russ,
>>>
>>> On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote:
>>>> Hi Moritz,
>>>>
>>>> Sorry for asking.
>>>>
>>>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>>>>
>>>> Regards,
>>>> Richard
>>>>
>>>> -----Original Message-----
>>>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com> 
>>>> Sent: Tuesday, February 9, 2021 4:20 PM
>>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>>>> Cc: Gong, Richard <richard.gong@intel.com>
>>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>>>>
>>>> From: Richard Gong <richard.gong@intel.com>
>>>>
>>>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>>>>
>>>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>>>>
>>>> Bitstream authentication makes sure a signed bitstream has valid signatures.
>>>>
>>>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>>>>
>>>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. 
>>>>
>>>> Richard Gong (7):
>>>>   firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>>>   firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>>>   firmware: stratix10-svc: extend SVC driver to get the firmware version
>>>>   fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>>>   fpga: of-fpga-region: add authenticate-fpga-config property
>>>>   dt-bindings: fpga: add authenticate-fpga-config property
>>>>   fpga: stratix10-soc: extend driver for bitstream authentication
>>>>
>>>>  .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>>>  drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>>>  drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>>>  drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>>>>  include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>>>  .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>>>  include/linux/fpga/fpga-mgr.h                      |  3 ++
>>>>  7 files changed, 125 insertions(+), 18 deletions(-)
>>>>
>>>> --
>>>> 2.7.4
>>>>
>>> Apologies for the epic delay in getting back to this, I took another
>>> look at this patchset and Russ' patchset.
>>>
>>> TL;DR I'm not really a fan of using device-tree overlays for this (and
>>> again, apologies, I should've voiced this earlier ...).
>>>
>>> Anyways, let's find a common API for this and Russ' work, they're trying
>>> to achieve the same / similar thing, they should use the same API.
>>>
>>> I'd like to re-invetigate the possiblity to extend FPGA Manager with
>>> 'secure update' ops that work for both these use-cases (and I susspect
>>> hte XRT patchset will follow with a similar requirement, right after).

Richard and I had an initial conversation today. I'll start looking at how secure operations can be integrated into the fpga manager.

More to come...

Thanks,
- Russ

>> The xrt patchset makes heavy use of device trees.
>>
>> What is the general guidance for device tree usage ?
> I'm not generally against using device tree, it has its place. To
> describe hardware (and hardware *changes* with overlays) :)
>
> What I don't like about this particular implementation w.r.t device-tree
> usage is that it uses DT overlays as a mechanism to program the flash --
> in place of having an API to do so.
>
> One could add device-nodes during the DT overlay application, while the
> FPGA doesn't actually get programmed with a new runtime image -- meaning
> live DT and actual hardware state diverged -- worst case it'd crash.
>
> So when roughly at the same time (from the same company even) we have two
> patchsets that do similar things with radically different APIs I think
> we should pause, and reflect on whether we can come up with something
> that works for both :)
>
> TL;DR the firmware parts to authenticate the bitstream look fine to me, the
> way we tie it into the FPGA region I'm not a fan of.
>
> - Moritz
Moritz Fischer March 31, 2021, 10:16 p.m. UTC | #13
Hi Russ,
On Wed, Mar 31, 2021 at 11:47:26AM -0700, Russ Weight wrote:
> Moritz,
> 
> On 3/28/21 10:20 AM, Moritz Fischer wrote:
> > Tom,
> >
> > On Sun, Mar 28, 2021 at 08:40:24AM -0700, Tom Rix wrote:
> >> On 3/27/21 11:09 AM, Moritz Fischer wrote:
> >>> Hi Richard, Russ,
> >>>
> >>> On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote:
> >>>> Hi Moritz,
> >>>>
> >>>> Sorry for asking.
> >>>>
> >>>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
> >>>>
> >>>> Regards,
> >>>> Richard
> >>>>
> >>>> -----Original Message-----
> >>>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com> 
> >>>> Sent: Tuesday, February 9, 2021 4:20 PM
> >>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
> >>>> Cc: Gong, Richard <richard.gong@intel.com>
> >>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
> >>>>
> >>>> From: Richard Gong <richard.gong@intel.com>
> >>>>
> >>>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
> >>>>
> >>>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
> >>>>
> >>>> Bitstream authentication makes sure a signed bitstream has valid signatures.
> >>>>
> >>>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
> >>>>
> >>>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. 
> >>>>
> >>>> Richard Gong (7):
> >>>>   firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
> >>>>   firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
> >>>>   firmware: stratix10-svc: extend SVC driver to get the firmware version
> >>>>   fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
> >>>>   fpga: of-fpga-region: add authenticate-fpga-config property
> >>>>   dt-bindings: fpga: add authenticate-fpga-config property
> >>>>   fpga: stratix10-soc: extend driver for bitstream authentication
> >>>>
> >>>>  .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
> >>>>  drivers/firmware/stratix10-svc.c                   | 12 ++++-
> >>>>  drivers/fpga/of-fpga-region.c                      | 24 ++++++---
> >>>>  drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
> >>>>  include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
> >>>>  .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
> >>>>  include/linux/fpga/fpga-mgr.h                      |  3 ++
> >>>>  7 files changed, 125 insertions(+), 18 deletions(-)
> >>>>
> >>>> --
> >>>> 2.7.4
> >>>>
> >>> Apologies for the epic delay in getting back to this, I took another
> >>> look at this patchset and Russ' patchset.
> >>>
> >>> TL;DR I'm not really a fan of using device-tree overlays for this (and
> >>> again, apologies, I should've voiced this earlier ...).
> >>>
> >>> Anyways, let's find a common API for this and Russ' work, they're trying
> >>> to achieve the same / similar thing, they should use the same API.
> >>>
> >>> I'd like to re-invetigate the possiblity to extend FPGA Manager with
> >>> 'secure update' ops that work for both these use-cases (and I susspect
> >>> hte XRT patchset will follow with a similar requirement, right after).
> 
> Richard and I had an initial conversation today. I'll start looking at how secure operations can be integrated into the fpga manager.
> 
> More to come...

Great, feel free to send RFCs ahead.

Cheers,
Moritz
Russ Weight April 7, 2021, 11:27 p.m. UTC | #14
Hi Moritz,

On 3/31/21 3:16 PM, Moritz Fischer wrote:
> Hi Russ,
> On Wed, Mar 31, 2021 at 11:47:26AM -0700, Russ Weight wrote:
>> Moritz,
>>
>> On 3/28/21 10:20 AM, Moritz Fischer wrote:
>>> Tom,
>>>
>>> On Sun, Mar 28, 2021 at 08:40:24AM -0700, Tom Rix wrote:
>>>> On 3/27/21 11:09 AM, Moritz Fischer wrote:
>>>>> Hi Richard, Russ,
>>>>>
>>>>> On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote:
>>>>>> Hi Moritz,
>>>>>>
>>>>>> Sorry for asking.
>>>>>>
>>>>>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>>>>>>
>>>>>> Regards,
>>>>>> Richard
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com> 
>>>>>> Sent: Tuesday, February 9, 2021 4:20 PM
>>>>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>>>>>> Cc: Gong, Richard <richard.gong@intel.com>
>>>>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>>>>>>
>>>>>> From: Richard Gong <richard.gong@intel.com>
>>>>>>
>>>>>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>>>>>>
>>>>>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>>>>>>
>>>>>> Bitstream authentication makes sure a signed bitstream has valid signatures.
>>>>>>
>>>>>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>>>>>>
>>>>>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. 
>>>>>>
>>>>>> Richard Gong (7):
>>>>>>   firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>>>>>   firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>>>>>   firmware: stratix10-svc: extend SVC driver to get the firmware version
>>>>>>   fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>>>>>   fpga: of-fpga-region: add authenticate-fpga-config property
>>>>>>   dt-bindings: fpga: add authenticate-fpga-config property
>>>>>>   fpga: stratix10-soc: extend driver for bitstream authentication
>>>>>>
>>>>>>  .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>>>>>  drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>>>>>  drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>>>>>  drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>>>>>>  include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>>>>>  .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>>>>>  include/linux/fpga/fpga-mgr.h                      |  3 ++
>>>>>>  7 files changed, 125 insertions(+), 18 deletions(-)
>>>>>>
>>>>>> --
>>>>>> 2.7.4
>>>>>>
>>>>> Apologies for the epic delay in getting back to this, I took another
>>>>> look at this patchset and Russ' patchset.
>>>>>
>>>>> TL;DR I'm not really a fan of using device-tree overlays for this (and
>>>>> again, apologies, I should've voiced this earlier ...).
>>>>>
>>>>> Anyways, let's find a common API for this and Russ' work, they're trying
>>>>> to achieve the same / similar thing, they should use the same API.
>>>>>
>>>>> I'd like to re-invetigate the possiblity to extend FPGA Manager with
>>>>> 'secure update' ops that work for both these use-cases (and I susspect
>>>>> hte XRT patchset will follow with a similar requirement, right after).
>> Richard and I had an initial conversation today. I'll start looking at how secure operations can be integrated into the fpga manager.
>>
>> More to come...
> Great, feel free to send RFCs ahead.
>
> Cheers,
> Moritz
I have completed a comparison of the security manager and the FPGA manager
to see how the secure update functions can be integrated into the FPGA
manager. I'll send that out separately as an RFC document (it is about 150
lines).

FYI: In my conversations with Richard, we have learned that what we are
trying to accomplish is not as similar as it seemed. Richard is effectively
wanting to do a "dry-run" of an existing FPGA Manager function to verify
authentication of an image. Based on the results, higher-level code may
choose to write the image to flash.

The security manager is all about providing a common user API (sysfs
interface) for tranferring an image to an FPGA card while managing a
completion time (including authentication and FLASH) of up to 40 minutes.

- Russ
Richard Gong April 13, 2021, 1:41 a.m. UTC | #15
Hi Moritz,

On 3/28/21 12:20 PM, Moritz Fischer wrote:
> Tom,
> 
> On Sun, Mar 28, 2021 at 08:40:24AM -0700, Tom Rix wrote:
>>
>> On 3/27/21 11:09 AM, Moritz Fischer wrote:
>>> Hi Richard, Russ,
>>>
>>> On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote:
>>>> Hi Moritz,
>>>>
>>>> Sorry for asking.
>>>>
>>>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
>>>>
>>>> Regards,
>>>> Richard
>>>>
>>>> -----Original Message-----
>>>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com>
>>>> Sent: Tuesday, February 9, 2021 4:20 PM
>>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>>>> Cc: Gong, Richard <richard.gong@intel.com>
>>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
>>>>
>>>> From: Richard Gong <richard.gong@intel.com>
>>>>
>>>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
>>>>
>>>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
>>>>
>>>> Bitstream authentication makes sure a signed bitstream has valid signatures.
>>>>
>>>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
>>>>
>>>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature.
>>>>
>>>> Richard Gong (7):
>>>>    firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>>>    firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>>>    firmware: stratix10-svc: extend SVC driver to get the firmware version
>>>>    fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>>>    fpga: of-fpga-region: add authenticate-fpga-config property
>>>>    dt-bindings: fpga: add authenticate-fpga-config property
>>>>    fpga: stratix10-soc: extend driver for bitstream authentication
>>>>
>>>>   .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>>>   drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>>>   drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>>>   drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
>>>>   include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>>>   .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>>>   include/linux/fpga/fpga-mgr.h                      |  3 ++
>>>>   7 files changed, 125 insertions(+), 18 deletions(-)
>>>>
>>>> --
>>>> 2.7.4
>>>>
>>> Apologies for the epic delay in getting back to this, I took another
>>> look at this patchset and Russ' patchset.
>>>
>>> TL;DR I'm not really a fan of using device-tree overlays for this (and
>>> again, apologies, I should've voiced this earlier ...).
>>>
>>> Anyways, let's find a common API for this and Russ' work, they're trying
>>> to achieve the same / similar thing, they should use the same API.
>>>
>>> I'd like to re-invetigate the possiblity to extend FPGA Manager with
>>> 'secure update' ops that work for both these use-cases (and I susspect
>>> hte XRT patchset will follow with a similar requirement, right after).
>>
>> The xrt patchset makes heavy use of device trees.
>>
>> What is the general guidance for device tree usage ?
> 
> I'm not generally against using device tree, it has its place. To
> describe hardware (and hardware *changes* with overlays) :)
> 
> What I don't like about this particular implementation w.r.t device-tree
> usage is that it uses DT overlays as a mechanism to program the flash --
> in place of having an API to do so.
> 
> One could add device-nodes during the DT overlay application, while the
> FPGA doesn't actually get programmed with a new runtime image -- meaning
> live DT and actual hardware state diverged -- worst case it'd crash.
> 
> So when roughly at the same time (from the same company even) we have two
> patchsets that do similar things with radically different APIs I think
> we should pause, and reflect on whether we can come up with something
> that works for both :)
>

I discussed with Russ and studies his patches, came to realize that the 
work we had to accomplish was not same or similar. What I want to 
achieve is to verify the identity of the bitstream, which is like doing 
a "dry-run" to FPGA configuration.

Performing FPGA configuration (full or partial) through the device tree 
overlay is a method widely used by our customers.

Russ's approach utilizes a different user API which is a set of sysfs files.

If we depart from device tree overlay, then the end-user must utilize 2 
different mechanism or APIs (device tree overlay is used for 
full/partial configuration, and sysfs is used for bitstream 
authentication). Similarly low-level FPGA manager driver also needs to 
add additional codes. For the end-user the single and simple mechanism 
is always better choice, device tree overlay should be a better way to 
achieve that goal.

Regards,
Richard

> TL;DR the firmware parts to authenticate the bitstream look fine to me, the
> way we tie it into the FPGA region I'm not a fan of.
> 
> - Moritz
>
Richard Gong April 29, 2021, 2:56 p.m. UTC | #16
Hi Moritz,

Not sure if you have chance to view Russ's comments and my comments. 
Pleas let us know what you think so I can act accordingly.

I had a few discussions with Russ, and we all realized that the goals we 
were trying to achieve were not as similar as they seemed.

Regards,
Richard

On 4/12/21 8:41 PM, Richard Gong wrote:
> 
> Hi Moritz,
> 
> On 3/28/21 12:20 PM, Moritz Fischer wrote:
>> Tom,
>>
>> On Sun, Mar 28, 2021 at 08:40:24AM -0700, Tom Rix wrote:
>>>
>>> On 3/27/21 11:09 AM, Moritz Fischer wrote:
>>>> Hi Richard, Russ,
>>>>
>>>> On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote:
>>>>> Hi Moritz,
>>>>>
>>>>> Sorry for asking.
>>>>>
>>>>> When you have chance, can you help review the version 5 patchset 
>>>>> submitted on 02/09/21?
>>>>>
>>>>> Regards,
>>>>> Richard
>>>>>
>>>>> -----Original Message-----
>>>>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com>
>>>>> Sent: Tuesday, February 9, 2021 4:20 PM
>>>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; 
>>>>> linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
>>>>> Cc: Gong, Richard <richard.gong@intel.com>
>>>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and 
>>>>> region
>>>>>
>>>>> From: Richard Gong <richard.gong@intel.com>
>>>>>
>>>>> This is 5th submission of Intel service layer and FPGA patches, 
>>>>> which includes the missing standalone patch in the 4th submission.
>>>>>
>>>>> This submission includes additional changes for Intel service layer 
>>>>> driver to get the firmware version running at FPGA SoC device. Then 
>>>>> FPGA manager driver, one of Intel service layer driver's client, 
>>>>> can decide whether to handle the newly added bitstream 
>>>>> authentication function based on the retrieved firmware version. So 
>>>>> that we can maintain FPGA manager driver the back compatible.
>>>>>
>>>>> Bitstream authentication makes sure a signed bitstream has valid 
>>>>> signatures.
>>>>>
>>>>> The customer sends the bitstream via FPGA framework and overlay, 
>>>>> the firmware will authenticate the bitstream but not program the 
>>>>> bitstream to device. If the authentication passes, the bitstream 
>>>>> will be programmed into QSPI flash and will be expected to boot 
>>>>> without issues.
>>>>>
>>>>> Extend Intel service layer, FPGA manager and region drivers to 
>>>>> support the bitstream authentication feature.
>>>>>
>>>>> Richard Gong (7):
>>>>>    firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
>>>>>    firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
>>>>>    firmware: stratix10-svc: extend SVC driver to get the firmware 
>>>>> version
>>>>>    fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
>>>>>    fpga: of-fpga-region: add authenticate-fpga-config property
>>>>>    dt-bindings: fpga: add authenticate-fpga-config property
>>>>>    fpga: stratix10-soc: extend driver for bitstream authentication
>>>>>
>>>>>   .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
>>>>>   drivers/firmware/stratix10-svc.c                   | 12 ++++-
>>>>>   drivers/fpga/of-fpga-region.c                      | 24 ++++++---
>>>>>   drivers/fpga/stratix10-soc.c                       | 62 
>>>>> +++++++++++++++++++---
>>>>>   include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
>>>>>   .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
>>>>>   include/linux/fpga/fpga-mgr.h                      |  3 ++
>>>>>   7 files changed, 125 insertions(+), 18 deletions(-)
>>>>>
>>>>> -- 
>>>>> 2.7.4
>>>>>
>>>> Apologies for the epic delay in getting back to this, I took another
>>>> look at this patchset and Russ' patchset.
>>>>
>>>> TL;DR I'm not really a fan of using device-tree overlays for this (and
>>>> again, apologies, I should've voiced this earlier ...).
>>>>
>>>> Anyways, let's find a common API for this and Russ' work, they're 
>>>> trying
>>>> to achieve the same / similar thing, they should use the same API.
>>>>
>>>> I'd like to re-invetigate the possiblity to extend FPGA Manager with
>>>> 'secure update' ops that work for both these use-cases (and I susspect
>>>> hte XRT patchset will follow with a similar requirement, right after).
>>>
>>> The xrt patchset makes heavy use of device trees.
>>>
>>> What is the general guidance for device tree usage ?
>>
>> I'm not generally against using device tree, it has its place. To
>> describe hardware (and hardware *changes* with overlays) :)
>>
>> What I don't like about this particular implementation w.r.t device-tree
>> usage is that it uses DT overlays as a mechanism to program the flash --
>> in place of having an API to do so.
>>
>> One could add device-nodes during the DT overlay application, while the
>> FPGA doesn't actually get programmed with a new runtime image -- meaning
>> live DT and actual hardware state diverged -- worst case it'd crash.
>>
>> So when roughly at the same time (from the same company even) we have two
>> patchsets that do similar things with radically different APIs I think
>> we should pause, and reflect on whether we can come up with something
>> that works for both :)
>>
> 
> I discussed with Russ and studies his patches, came to realize that the 
> work we had to accomplish was not same or similar. What I want to 
> achieve is to verify the identity of the bitstream, which is like doing 
> a "dry-run" to FPGA configuration.
> 
> Performing FPGA configuration (full or partial) through the device tree 
> overlay is a method widely used by our customers.
> 
> Russ's approach utilizes a different user API which is a set of sysfs 
> files.
> 
> If we depart from device tree overlay, then the end-user must utilize 2 
> different mechanism or APIs (device tree overlay is used for 
> full/partial configuration, and sysfs is used for bitstream 
> authentication). Similarly low-level FPGA manager driver also needs to 
> add additional codes. For the end-user the single and simple mechanism 
> is always better choice, device tree overlay should be a better way to 
> achieve that goal.
> 
> Regards,
> Richard
> 
>> TL;DR the firmware parts to authenticate the bitstream look fine to 
>> me, the
>> way we tie it into the FPGA region I'm not a fan of.
>>
>> - Moritz
>>
Moritz Fischer May 2, 2021, 6:43 p.m. UTC | #17
On Wed, Apr 07, 2021 at 04:27:03PM -0700, Russ Weight wrote:
> Hi Moritz,
> 
> On 3/31/21 3:16 PM, Moritz Fischer wrote:
> > Hi Russ,
> > On Wed, Mar 31, 2021 at 11:47:26AM -0700, Russ Weight wrote:
> >> Moritz,
> >>
> >> On 3/28/21 10:20 AM, Moritz Fischer wrote:
> >>> Tom,
> >>>
> >>> On Sun, Mar 28, 2021 at 08:40:24AM -0700, Tom Rix wrote:
> >>>> On 3/27/21 11:09 AM, Moritz Fischer wrote:
> >>>>> Hi Richard, Russ,
> >>>>>
> >>>>> On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote:
> >>>>>> Hi Moritz,
> >>>>>>
> >>>>>> Sorry for asking.
> >>>>>>
> >>>>>> When you have chance, can you help review the version 5 patchset submitted on 02/09/21?
> >>>>>>
> >>>>>> Regards,
> >>>>>> Richard
> >>>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: richard.gong@linux.intel.com <richard.gong@linux.intel.com> 
> >>>>>> Sent: Tuesday, February 9, 2021 4:20 PM
> >>>>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org
> >>>>>> Cc: Gong, Richard <richard.gong@intel.com>
> >>>>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region
> >>>>>>
> >>>>>> From: Richard Gong <richard.gong@intel.com>
> >>>>>>
> >>>>>> This is 5th submission of Intel service layer and FPGA patches, which includes the missing standalone patch in the 4th submission.
> >>>>>>
> >>>>>> This submission includes additional changes for Intel service layer driver to get the firmware version running at FPGA SoC device. Then FPGA manager driver, one of Intel service layer driver's client, can decide whether to handle the newly added bitstream authentication function based on the retrieved firmware version. So that we can maintain FPGA manager driver the back compatible.
> >>>>>>
> >>>>>> Bitstream authentication makes sure a signed bitstream has valid signatures.
> >>>>>>
> >>>>>> The customer sends the bitstream via FPGA framework and overlay, the firmware will authenticate the bitstream but not program the bitstream to device. If the authentication passes, the bitstream will be programmed into QSPI flash and will be expected to boot without issues.
> >>>>>>
> >>>>>> Extend Intel service layer, FPGA manager and region drivers to support the bitstream authentication feature. 
> >>>>>>
> >>>>>> Richard Gong (7):
> >>>>>>   firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
> >>>>>>   firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag
> >>>>>>   firmware: stratix10-svc: extend SVC driver to get the firmware version
> >>>>>>   fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag
> >>>>>>   fpga: of-fpga-region: add authenticate-fpga-config property
> >>>>>>   dt-bindings: fpga: add authenticate-fpga-config property
> >>>>>>   fpga: stratix10-soc: extend driver for bitstream authentication
> >>>>>>
> >>>>>>  .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++
> >>>>>>  drivers/firmware/stratix10-svc.c                   | 12 ++++-
> >>>>>>  drivers/fpga/of-fpga-region.c                      | 24 ++++++---
> >>>>>>  drivers/fpga/stratix10-soc.c                       | 62 +++++++++++++++++++---
> >>>>>>  include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++-
> >>>>>>  .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++-
> >>>>>>  include/linux/fpga/fpga-mgr.h                      |  3 ++
> >>>>>>  7 files changed, 125 insertions(+), 18 deletions(-)
> >>>>>>
> >>>>>> --
> >>>>>> 2.7.4
> >>>>>>
> >>>>> Apologies for the epic delay in getting back to this, I took another
> >>>>> look at this patchset and Russ' patchset.
> >>>>>
> >>>>> TL;DR I'm not really a fan of using device-tree overlays for this (and
> >>>>> again, apologies, I should've voiced this earlier ...).
> >>>>>
> >>>>> Anyways, let's find a common API for this and Russ' work, they're trying
> >>>>> to achieve the same / similar thing, they should use the same API.
> >>>>>
> >>>>> I'd like to re-invetigate the possiblity to extend FPGA Manager with
> >>>>> 'secure update' ops that work for both these use-cases (and I susspect
> >>>>> hte XRT patchset will follow with a similar requirement, right after).
> >> Richard and I had an initial conversation today. I'll start looking at how secure operations can be integrated into the fpga manager.
> >>
> >> More to come...
> > Great, feel free to send RFCs ahead.
> >
> > Cheers,
> > Moritz
> I have completed a comparison of the security manager and the FPGA manager
> to see how the secure update functions can be integrated into the FPGA
> manager. I'll send that out separately as an RFC document (it is about 150
> lines).
> 
> FYI: In my conversations with Richard, we have learned that what we are
> trying to accomplish is not as similar as it seemed. Richard is effectively
> wanting to do a "dry-run" of an existing FPGA Manager function to verify
> authentication of an image. Based on the results, higher-level code may
> choose to write the image to flash.

Ok, as mentioned on the other thread. Let's replace the overlay code
with a sysfs entry for dry-run or verify-image or something of that
sort.

I don't see what the overlay mechanism adds in this case since we're not
trying to load drivers.

- Moritz