[v3,07/11] platform/x86/intel/ifs: Authenticate and copy to secured memory

Message ID	20220419163859.2228874-8-tony.luck@intel.com (mailing list archive)
State	Superseded, archived
Headers	show Return-Path: <platform-driver-x86-owner@kernel.org> From: Tony Luck <tony.luck@intel.com> To: hdegoede@redhat.com, markgross@kernel.org Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, corbet@lwn.net, gregkh@linuxfoundation.org, andriy.shevchenko@linux.intel.com, jithu.joseph@intel.com, ashok.raj@intel.com, tony.luck@intel.com, rostedt@goodmis.org, dan.j.williams@intel.com, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, platform-driver-x86@vger.kernel.org, patches@lists.linux.dev, ravi.v.shankar@intel.com Subject: [PATCH v3 07/11] platform/x86/intel/ifs: Authenticate and copy to secured memory Date: Tue, 19 Apr 2022 09:38:55 -0700 Message-Id: <20220419163859.2228874-8-tony.luck@intel.com> In-Reply-To: <20220419163859.2228874-1-tony.luck@intel.com> References: <20220407191347.9681-1-jithu.joseph@intel.com> <20220419163859.2228874-1-tony.luck@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Introduce In Field Scan driver \| expand [v3,00/11] Introduce In Field Scan driver [v3,01/11] x86/microcode/intel: Expose collect_cpu_info_early() for IFS [v3,02/11] Documentation: In-Field Scan [v3,03/11] platform/x86/intel/ifs: Create device for Intel IFS (In Field Scan) [v3,04/11] platform/x86/intel/ifs: Add stub driver for In-Field Scan [v3,05/11] platform/x86/intel/ifs: Read IFS firmware image [v3,06/11] platform/x86/intel/ifs: Check IFS Image sanity [v3,07/11] platform/x86/intel/ifs: Authenticate and copy to secured memory [v3,08/11] platform/x86/intel/ifs: Add scan test support [v3,09/11] platform/x86/intel/ifs: Add IFS sysfs interface [v3,10/11] trace: platform/x86/intel/ifs: Add trace point to track Intel IFS operations [v3,11/11] platform/x86/intel/ifs: add ABI documentation for IFS

diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h index dacc8b6ce159..c51e285fc7ba 100644 --- a/drivers/platform/x86/intel/ifs/ifs.h +++ b/drivers/platform/x86/intel/ifs/ifs.h @@ -4,14 +4,47 @@ #ifndef _IFS_H_ #define _IFS_H_ +#define MSR_COPY_SCAN_HASHES 0x000002c2 +#define MSR_SCAN_HASHES_STATUS 0x000002c3 +#define MSR_AUTHENTICATE_AND_COPY_CHUNK 0x000002c4 +#define MSR_CHUNKS_AUTHENTICATION_STATUS 0x000002c5 + +/* MSR_SCAN_HASHES_STATUS bit fields */ +union ifs_scan_hashes_status { + u64 data; + struct { + u32 chunk_size :16; + u32 num_chunks :8; + u32 rsvd1 :8; + u32 error_code :8; + u32 rsvd2 :11; + u32 max_core_limit :12; + u32 valid :1; + }; +}; + +/* MSR_CHUNKS_AUTH_STATUS bit fields */ +union ifs_chunks_auth_status { + u64 data; + struct { + u32 valid_chunks :8; + u32 total_chunks :8; + u32 rsvd1 :16; + u32 error_code :8; + u32 rsvd2 :24; + }; +}; + /** * struct ifs_data - attributes related to intel IFS driver * @loaded_version: stores the currently loaded ifs image version. * @loaded: If a valid test binary has been loaded into the memory + * @valid_chunks: number of chunks which could be validated. */ struct ifs_data { int loaded_version; bool loaded; + int valid_chunks; }; int load_ifs_binary(struct device *dev); diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index b05d9055c391..04072ed84071 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -3,10 +3,169 @@ #include <linux/firmware.h> #include <linux/platform_device.h> +#include <linux/slab.h> #include <asm/cpu.h> #include <asm/microcode_intel.h> +#include "ifs.h" + static const char *ifs_path = "intel/ifs/"; +static bool ifs_loading_error; /* error occurred during ifs hashes/chunk authentication.*/ + +struct ifs_header { + u32 header_ver; + u32 blob_revision; + u32 date; + u32 processor_sig; + u32 check_sum; + u32 loader_rev; + u32 processor_flags; + u32 metadata_size; + u32 total_size; + u32 fusa_info; + u64 reserved; +}; + +#define IFS_HEADER_SIZE (sizeof(struct ifs_header)) +static struct ifs_header *ifs_header_ptr; /* pointer to the ifs image header */ +static u64 ifs_hash_ptr; /* Address of ifs metadata (hash) */ +static u64 ifs_test_image_ptr; /* 256B aligned address of test pattern */ + +static const char * const scan_hash_status[] = { + [0] = "No error reported", + [1] = "Attempt to copy scan hashes when copy already in progress", + [2] = "Secure Memory not set up correctly", + [3] = "FuSaInfo.ProgramID does not match or ff-mm-ss does not match", + [4] = "Reserved", + [5] = "Integrity check failed", + [6] = "Scan reload or test is in progress" +}; + +static const char * const scan_authentication_status[] = { + [0] = "No error reported", + [1] = "Attempt to authenticate a chunk which is already marked as authentic", + [2] = "Chunk authentication error. The hash of chunk did not match expected value" +}; + +/* + * To copy scan hashes and authenticate test chunks, the initiating cpu must point + * to the EDX:EAX to the test image in linear address. + * Run wrmsr(MSR_COPY_SCAN_HASHES) for scan hash copy and run wrmsr(MSR_AUTHENTICATE_AND_COPY_CHUNK) + * for scan hash copy and test chunk authentication. + */ +static void copy_hashes_authenticate_chunks(void *arg) +{ + union ifs_scan_hashes_status hashes_status; + union ifs_chunks_auth_status chunk_status; + int i, num_chunks, chunk_size; + struct device *dev = arg; + struct ifs_data *ifsd; + u64 linear_addr, base; + u32 err_code; + + ifsd = dev_get_drvdata(dev); + /* run scan hash copy */ + wrmsrl(MSR_COPY_SCAN_HASHES, ifs_hash_ptr); + rdmsrl(MSR_SCAN_HASHES_STATUS, hashes_status.data); + + /* enumerate the scan image information */ + num_chunks = hashes_status.num_chunks; + chunk_size = hashes_status.chunk_size * 1024; + err_code = hashes_status.error_code; + + if (!hashes_status.valid) { + ifs_loading_error = true; + if (err_code >= ARRAY_SIZE(scan_hash_status)) { + dev_err(dev, "invalid error code 0x%x for hash copy\n", err_code); + return; + } + dev_err(dev, "Hash copy error : %s", scan_hash_status[err_code]); + return; + } + + /* base linear address to the scan data */ + base = ifs_test_image_ptr; + + /* scan data authentication and copy chunks to secured memory */ + for (i = 0; i < num_chunks; i++) { + linear_addr = base + i * chunk_size; + linear_addr |= i; + + wrmsrl(MSR_AUTHENTICATE_AND_COPY_CHUNK, linear_addr); + rdmsrl(MSR_CHUNKS_AUTHENTICATION_STATUS, chunk_status.data); + + ifsd->valid_chunks = chunk_status.valid_chunks; + err_code = chunk_status.error_code; + + if (err_code) { + ifs_loading_error = true; + if (err_code >= ARRAY_SIZE(scan_authentication_status)) { + dev_err(dev, + "invalid error code 0x%x for authentication\n", err_code); + return; + } + dev_err(dev, "Chunk authentication error %s\n", + scan_authentication_status[err_code]); + return; + } + } +} + +/* + * IFS requires scan chunks authenticated per each socket in the platform. + * Once the test chunk is authenticated, it is automatically copied to secured memory + * and proceed the authentication for the next chunk. + */ +static int scan_chunks_sanity_check(struct device *dev) +{ + int metadata_size, curr_pkg, cpu, ret = -ENOMEM; + struct ifs_data *ifsd = dev_get_drvdata(dev); + bool *package_authenticated; + char *test_ptr; + + package_authenticated = kcalloc(topology_max_packages(), sizeof(bool), GFP_KERNEL); + if (!package_authenticated) + return ret; + + metadata_size = ifs_header_ptr->metadata_size; + + /* Spec says that if the Meta Data Size = 0 then it should be treated as 2000 */ + if (metadata_size == 0) + metadata_size = 2000; + + /* Scan chunk start must be 256 byte aligned */ + if ((metadata_size + IFS_HEADER_SIZE) % 256) { + dev_err(dev, "Scan pattern offset within the binary is not 256 byte aligned\n"); + return -EINVAL; + } + + test_ptr = (char *)ifs_header_ptr + IFS_HEADER_SIZE + metadata_size; + ifs_loading_error = false; + + ifs_test_image_ptr = (u64)test_ptr; + ifsd->loaded_version = ifs_header_ptr->blob_revision; + + /* copy the scan hash and authenticate per package */ + cpus_read_lock(); + for_each_online_cpu(cpu) { + curr_pkg = topology_physical_package_id(cpu); + if (package_authenticated[curr_pkg]) + continue; + package_authenticated[curr_pkg] = 1; + ret = smp_call_function_single(cpu, copy_hashes_authenticate_chunks, + dev, 1); + if (ret || ifs_loading_error) { + ret = ifs_loading_error ? -ENOMEM : ret; + goto out; + } + } + +out: + cpus_read_unlock(); + kfree(package_authenticated); + + return ret; +} static int ifs_sanity_check(struct device *dev, void *mc) { @@ -92,8 +251,14 @@ int load_ifs_binary(struct device *dev) if (!ifs_image_sanity_check(dev, (void *)fw->data)) { dev_err(dev, "ifs header sanity check failed\n"); ret = -ENOENT; + goto release; } + ifs_header_ptr = (struct ifs_header *)fw->data; + ifs_hash_ptr = (u64)(ifs_header_ptr + 1); + + ret = scan_chunks_sanity_check(dev); +release: release_firmware(fw); return ret;

[v3,07/11] platform/x86/intel/ifs: Authenticate and copy to secured memory

Commit Message

Patch