From patchwork Mon May 3 21:40:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12237085 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E269EC43600 for ; Mon, 3 May 2021 21:40:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C54F361283 for ; Mon, 3 May 2021 21:40:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229764AbhECVlm (ORCPT ); Mon, 3 May 2021 17:41:42 -0400 Received: from mga11.intel.com ([192.55.52.93]:49664 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229628AbhECVll (ORCPT ); Mon, 3 May 2021 17:41:41 -0400 IronPort-SDR: V8LJXc4PRXmOuj5q8Wy1LZp73thXXV9m0O8wY4F2ihioY6BohoLcvOsF12AEC4GS9Nweo+kMWC nc68HV0REwCg== X-IronPort-AV: E=McAfee;i="6200,9189,9973"; a="194699854" X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="194699854" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:45 -0700 IronPort-SDR: J9a0ZoABpTBSB8yeR0GnbmqzEXxk/X1/F4hXtsDujQfp8vtsGCNZdoSgvlO+CCu0YfhQn5g6KG EHg6UCSX18CQ== X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="538933099" Received: from rhweight-mobl2.amr.corp.intel.com (HELO rhweight-mobl2.ra.intel.com) ([10.212.218.202]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:45 -0700 From: Russ Weight To: mdf@kernel.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, lgoncalv@redhat.com, yilun.xu@intel.com, hao.wu@intel.com, matthew.gerlach@intel.com, richard.gong@intel.com, Russ Weight Subject: [PATCH v12 1/5] fpga: m10bmc-sec: create max10 bmc secure update driver Date: Mon, 3 May 2021 14:40:38 -0700 Message-Id: <20210503214042.316836-2-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210503214042.316836-1-russell.h.weight@intel.com> References: <20210503214042.316836-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org Create a platform driver that can be invoked as a sub driver for the Intel MAX10 BMC in order to support secure updates. This sub-driver will invoke an instance of the FPGA Security Manager class driver in order to expose sysfs interfaces for managing and monitoring secure updates to FPGA and BMC images. This patch creates the MAX10 BMC Secure Update driver and provides sysfs files for displaying the current root entry hashes for the FPGA static region, the FPGA PR region, and the MAX10 BMC. Signed-off-by: Russ Weight Reviewed-by: Tom Rix --- v12: - Updated Date and KernelVersion fields in ABI documentation v11: - Added Reviewed-by tag v10: - Changed the path expressions in the sysfs documentation to replace the n3000 reference with something more generic to accomodate other devices that use the same driver. v9: - Rebased to 5.12-rc2 next - Updated Date and KernelVersion in ABI documentation v8: - Previously patch 2/6, otherwise no change v7: - Updated Date and KernelVersion in ABI documentation v6: - Added WARN_ON() call for (sha_num_bytes / stride) to assert that the proper count is passed to regmap_bulk_read(). v5: - No change v4: - Moved sysfs files for displaying the root entry hashes (REH) from the FPGA Security Manager class driver to here. The m10bmc_reh() and m10bmc_reh_size() functions are removed and the functionality from these functions is moved into a show_root_entry_hash() function for displaying the REHs. - Added ABI documentation for the new sysfs entries: sysfs-driver-intel-m10-bmc-secure - Updated the MAINTAINERS file to add the new ABI documentation file: sysfs-driver-intel-m10-bmc-secure - Removed unnecessary ret variable from m10bmc_secure_probe() - Incorporated new devm_fpga_sec_mgr_register() function into m10bmc_secure_probe() and removed the m10bmc_secure_remove() function. v3: - Changed from "Intel FPGA Security Manager" to FPGA Security Manager" - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update driver" - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The underlying functions are now called directly. - Changed "_root_entry_hash" to "_reh", with a comment explaining what reh is. v2: - Added drivers/fpga/intel-m10-bmc-secure.c file to MAINTAINERS. - Switched to GENMASK(31, 16) for a couple of mask definitions. - Moved MAX10 BMC address and function definitions to a separate patch. - Replaced small function-creation macros with explicit function declarations. - Removed ifpga_sec_mgr_init() and ifpga_sec_mgr_uinit() functions. - Adapted to changes in the Intel FPGA Security Manager by splitting the single call to ifpga_sec_mgr_register() into two function calls: devm_ifpga_sec_mgr_create() and ifpga_sec_mgr_register(). --- .../testing/sysfs-driver-intel-m10-bmc-secure | 29 ++++ MAINTAINERS | 2 + drivers/fpga/Kconfig | 11 ++ drivers/fpga/Makefile | 3 + drivers/fpga/intel-m10-bmc-secure.c | 135 ++++++++++++++++++ 5 files changed, 180 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure create mode 100644 drivers/fpga/intel-m10-bmc-secure.c diff --git a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure new file mode 100644 index 000000000000..9a0abb147b28 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure @@ -0,0 +1,29 @@ +What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/sr_root_entry_hash +Date: June 2021 +KernelVersion: 5.14 +Contact: Russ Weight +Description: Read only. Returns the root entry hash for the static + region if one is programmed, else it returns the + string: "hash not programmed". This file is only + visible if the underlying device supports it. + Format: "0x%x". + +What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/pr_root_entry_hash +Date: June 2021 +KernelVersion: 5.14 +Contact: Russ Weight +Description: Read only. Returns the root entry hash for the partial + reconfiguration region if one is programmed, else it + returns the string: "hash not programmed". This file + is only visible if the underlying device supports it. + Format: "0x%x". + +What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/bmc_root_entry_hash +Date: June 2021 +KernelVersion: 5.14 +Contact: Russ Weight +Description: Read only. Returns the root entry hash for the BMC image + if one is programmed, else it returns the string: + "hash not programmed". This file is only visible if the + underlying device supports it. + Format: "0x%x". diff --git a/MAINTAINERS b/MAINTAINERS index 3b1dc0376b52..77fae7dbd95b 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -7151,8 +7151,10 @@ M: Russ Weight L: linux-fpga@vger.kernel.org S: Maintained F: Documentation/ABI/testing/sysfs-class-fpga-sec-mgr +F: Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure F: Documentation/fpga/fpga-sec-mgr.rst F: drivers/fpga/fpga-sec-mgr.c +F: drivers/fpga/intel-m10-bmc-secure.c F: include/linux/fpga/fpga-sec-mgr.h FPU EMULATOR diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig index 09a8d915db26..0f3bbebd8b08 100644 --- a/drivers/fpga/Kconfig +++ b/drivers/fpga/Kconfig @@ -243,4 +243,15 @@ config FPGA_SEC_MGR region and for the BMC. Select this option to enable updates for secure FPGA devices. +config IFPGA_M10_BMC_SECURE + tristate "Intel MAX10 BMC Secure Update driver" + depends on MFD_INTEL_M10_BMC && FPGA_SEC_MGR + help + Secure update support for the Intel MAX10 board management + controller. + + This is a subdriver of the Intel MAX10 board management controller + (BMC) and provides support for secure updates for the BMC image, + the FPGA image, the Root Entry Hashes, etc. + endif # FPGA diff --git a/drivers/fpga/Makefile b/drivers/fpga/Makefile index 22576d1a3996..7259f1ab2531 100644 --- a/drivers/fpga/Makefile +++ b/drivers/fpga/Makefile @@ -24,6 +24,9 @@ obj-$(CONFIG_ALTERA_PR_IP_CORE_PLAT) += altera-pr-ip-core-plat.o # FPGA Security Manager Framework obj-$(CONFIG_FPGA_SEC_MGR) += fpga-sec-mgr.o +# FPGA Secure Update Drivers +obj-$(CONFIG_IFPGA_M10_BMC_SECURE) += intel-m10-bmc-secure.o + # FPGA Bridge Drivers obj-$(CONFIG_FPGA_BRIDGE) += fpga-bridge.o obj-$(CONFIG_SOCFPGA_FPGA_BRIDGE) += altera-hps2fpga.o altera-fpga2sdram.o diff --git a/drivers/fpga/intel-m10-bmc-secure.c b/drivers/fpga/intel-m10-bmc-secure.c new file mode 100644 index 000000000000..5ac5f59b5731 --- /dev/null +++ b/drivers/fpga/intel-m10-bmc-secure.c @@ -0,0 +1,135 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Intel Max10 Board Management Controller Secure Update Driver + * + * Copyright (C) 2019-2020 Intel Corporation. All rights reserved. + * + */ +#include +#include +#include +#include +#include +#include + +struct m10bmc_sec { + struct device *dev; + struct intel_m10bmc *m10bmc; +}; + +/* Root Entry Hash (REH) support */ +#define REH_SHA256_SIZE 32 +#define REH_SHA384_SIZE 48 +#define REH_MAGIC GENMASK(15, 0) +#define REH_SHA_NUM_BYTES GENMASK(31, 16) + +static ssize_t +show_root_entry_hash(struct device *dev, u32 exp_magic, + u32 prog_addr, u32 reh_addr, char *buf) +{ + struct m10bmc_sec *sec = dev_get_drvdata(dev); + unsigned int stride = regmap_get_reg_stride(sec->m10bmc->regmap); + int sha_num_bytes, i, cnt, ret; + u8 hash[REH_SHA384_SIZE]; + u32 magic; + + ret = m10bmc_raw_read(sec->m10bmc, prog_addr, &magic); + if (ret) + return ret; + + dev_dbg(dev, "%s magic 0x%08x\n", __func__, magic); + + if (FIELD_GET(REH_MAGIC, magic) != exp_magic) + return sysfs_emit(buf, "hash not programmed\n"); + + sha_num_bytes = FIELD_GET(REH_SHA_NUM_BYTES, magic) / 8; + if (sha_num_bytes != REH_SHA256_SIZE && + sha_num_bytes != REH_SHA384_SIZE) { + dev_err(sec->dev, "%s bad sha num bytes %d\n", __func__, + sha_num_bytes); + return -EINVAL; + } + + WARN_ON(sha_num_bytes % stride); + ret = regmap_bulk_read(sec->m10bmc->regmap, reh_addr, + hash, sha_num_bytes / stride); + if (ret) { + dev_err(dev, "failed to read root entry hash: %x cnt %x: %d\n", + reh_addr, sha_num_bytes / stride, ret); + return ret; + } + + cnt = sprintf(buf, "0x"); + for (i = 0; i < sha_num_bytes; i++) + cnt += sprintf(buf + cnt, "%02x", hash[i]); + cnt += sprintf(buf + cnt, "\n"); + + return cnt; +} + +#define DEVICE_ATTR_SEC_REH_RO(_name, _magic, _prog_addr, _reh_addr) \ +static ssize_t _name##_root_entry_hash_show(struct device *dev, \ + struct device_attribute *attr, \ + char *buf) \ +{ return show_root_entry_hash(dev, _magic, _prog_addr, _reh_addr, buf); } \ +static DEVICE_ATTR_RO(_name##_root_entry_hash) + +DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR); +DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR); +DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR); + +static struct attribute *m10bmc_security_attrs[] = { + &dev_attr_bmc_root_entry_hash.attr, + &dev_attr_sr_root_entry_hash.attr, + &dev_attr_pr_root_entry_hash.attr, + NULL, +}; + +static struct attribute_group m10bmc_security_attr_group = { + .name = "security", + .attrs = m10bmc_security_attrs, +}; + +static const struct attribute_group *m10bmc_sec_attr_groups[] = { + &m10bmc_security_attr_group, + NULL, +}; + +static const struct fpga_sec_mgr_ops m10bmc_sops = { }; + +static int m10bmc_secure_probe(struct platform_device *pdev) +{ + struct fpga_sec_mgr *smgr; + struct m10bmc_sec *sec; + + sec = devm_kzalloc(&pdev->dev, sizeof(*sec), GFP_KERNEL); + if (!sec) + return -ENOMEM; + + sec->dev = &pdev->dev; + sec->m10bmc = dev_get_drvdata(pdev->dev.parent); + dev_set_drvdata(&pdev->dev, sec); + + smgr = devm_fpga_sec_mgr_create(sec->dev, "Max10 BMC Secure Update", + &m10bmc_sops, sec); + if (!smgr) { + dev_err(sec->dev, "Security manager failed to start\n"); + return -ENOMEM; + } + + return devm_fpga_sec_mgr_register(sec->dev, smgr); +} + +static struct platform_driver intel_m10bmc_secure_driver = { + .probe = m10bmc_secure_probe, + .driver = { + .name = "n3000bmc-secure", + .dev_groups = m10bmc_sec_attr_groups, + }, +}; +module_platform_driver(intel_m10bmc_secure_driver); + +MODULE_ALIAS("platform:n3000bmc-secure"); +MODULE_AUTHOR("Intel Corporation"); +MODULE_DESCRIPTION("Intel MAX10 BMC Secure Update"); +MODULE_LICENSE("GPL v2"); From patchwork Mon May 3 21:40:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12237077 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BC68C43460 for ; Mon, 3 May 2021 21:40:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2010E61283 for ; Mon, 3 May 2021 21:40:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229570AbhECVll (ORCPT ); Mon, 3 May 2021 17:41:41 -0400 Received: from mga11.intel.com ([192.55.52.93]:49664 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229497AbhECVlk (ORCPT ); Mon, 3 May 2021 17:41:40 -0400 IronPort-SDR: M9kk6wwCq/8lHR9FTi34cSoWIspGTClJ88ZkWXr4+QMWLNWwrFR9/x9+H7fR1dH2f1LtJ8HYrH y2cQTY691pCQ== X-IronPort-AV: E=McAfee;i="6200,9189,9973"; a="194699858" X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="194699858" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:46 -0700 IronPort-SDR: 0fmNBl9XSMir11FADMoIR+AWSiAg7nVOeQPB7I7O04xITQSUNKDIOCsjiy4Axh1vClyGDSAAzy Lx6brpYcyrxg== X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="538933107" Received: from rhweight-mobl2.amr.corp.intel.com (HELO rhweight-mobl2.ra.intel.com) ([10.212.218.202]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:45 -0700 From: Russ Weight To: mdf@kernel.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, lgoncalv@redhat.com, yilun.xu@intel.com, hao.wu@intel.com, matthew.gerlach@intel.com, richard.gong@intel.com, Russ Weight Subject: [PATCH v12 2/5] fpga: m10bmc-sec: expose max10 flash update count Date: Mon, 3 May 2021 14:40:39 -0700 Message-Id: <20210503214042.316836-3-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210503214042.316836-1-russell.h.weight@intel.com> References: <20210503214042.316836-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org Extend the MAX10 BMC Secure Update driver to provide a sysfs file to expose the flash update count for the FPGA user image. Signed-off-by: Russ Weight Reviewed-by: Tom Rix --- v12: - Updated Date and KernelVersion fields in ABI documentation v11: - No change v10: - Changed the path expression in the sysfs documentation to replace the n3000 reference with something more generic to accomodate other devices that use the same driver. v9: - Rebased to 5.12-rc2 next - Updated Date and KernelVersion in ABI documentation v8: - Previously patch 3/6, otherwise no change v7: - Updated Date and KernelVersion in ABI documentation v6: - Changed flash_count_show() parameter list to achieve reverse-christmas tree format. - Added WARN_ON() call for (FLASH_COUNT_SIZE / stride) to ensure that the proper count is passed to regmap_bulk_read(). v5: - Renamed sysfs node user_flash_count to flash_count and updated the sysfs documentation accordingly. v4: - Moved the sysfs file for displaying the flash count from the FPGA Security Manager class driver to here. The m10bmc_user_flash_count() function is removed and the functionality is moved into a user_flash_count_show() function. - Added ABI documentation for the new sysfs entry v3: - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update driver" - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The underlying functions are now called directly. v2: - Renamed get_qspi_flash_count() to m10bmc_user_flash_count() - Minor code cleanup per review comments - Added m10bmc_ prefix to functions in m10bmc_iops structure --- .../testing/sysfs-driver-intel-m10-bmc-secure | 8 ++++ drivers/fpga/intel-m10-bmc-secure.c | 37 +++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure index 9a0abb147b28..c805c25e776d 100644 --- a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure +++ b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure @@ -27,3 +27,11 @@ Description: Read only. Returns the root entry hash for the BMC image "hash not programmed". This file is only visible if the underlying device supports it. Format: "0x%x". + +What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/flash_count +Date: June 2021 +KernelVersion: 5.14 +Contact: Russ Weight +Description: Read only. Returns number of times the secure update + staging area has been flashed. + Format: "%u". diff --git a/drivers/fpga/intel-m10-bmc-secure.c b/drivers/fpga/intel-m10-bmc-secure.c index 5ac5f59b5731..ecd63c13cb2d 100644 --- a/drivers/fpga/intel-m10-bmc-secure.c +++ b/drivers/fpga/intel-m10-bmc-secure.c @@ -11,6 +11,7 @@ #include #include #include +#include struct m10bmc_sec { struct device *dev; @@ -78,7 +79,43 @@ DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR); DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR); DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR); +#define FLASH_COUNT_SIZE 4096 /* count stored as inverted bit vector */ + +static ssize_t flash_count_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + struct m10bmc_sec *sec = dev_get_drvdata(dev); + unsigned int stride, num_bits; + u8 *flash_buf; + int cnt, ret; + + stride = regmap_get_reg_stride(sec->m10bmc->regmap); + num_bits = FLASH_COUNT_SIZE * 8; + + flash_buf = kmalloc(FLASH_COUNT_SIZE, GFP_KERNEL); + if (!flash_buf) + return -ENOMEM; + + WARN_ON(FLASH_COUNT_SIZE % stride); + ret = regmap_bulk_read(sec->m10bmc->regmap, STAGING_FLASH_COUNT, + flash_buf, FLASH_COUNT_SIZE / stride); + if (ret) { + dev_err(sec->dev, + "failed to read flash count: %x cnt %x: %d\n", + STAGING_FLASH_COUNT, FLASH_COUNT_SIZE / stride, ret); + goto exit_free; + } + cnt = num_bits - bitmap_weight((unsigned long *)flash_buf, num_bits); + +exit_free: + kfree(flash_buf); + + return ret ? : sysfs_emit(buf, "%u\n", cnt); +} +static DEVICE_ATTR_RO(flash_count); + static struct attribute *m10bmc_security_attrs[] = { + &dev_attr_flash_count.attr, &dev_attr_bmc_root_entry_hash.attr, &dev_attr_sr_root_entry_hash.attr, &dev_attr_pr_root_entry_hash.attr, From patchwork Mon May 3 21:40:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12237083 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1328AC43470 for ; Mon, 3 May 2021 21:40:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E3DF5613C1 for ; Mon, 3 May 2021 21:40:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229497AbhECVlm (ORCPT ); Mon, 3 May 2021 17:41:42 -0400 Received: from mga11.intel.com ([192.55.52.93]:49664 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229665AbhECVll (ORCPT ); Mon, 3 May 2021 17:41:41 -0400 IronPort-SDR: 1RiSkh97aH6u0l3DPW26p/lu3vBH1DOabvTC7Kg1tdeEeLeH9JF9zXv+e4tqT+7f94muZ833EZ FWQIYYjP/gIA== X-IronPort-AV: E=McAfee;i="6200,9189,9973"; a="194699861" X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="194699861" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:46 -0700 IronPort-SDR: A/ZCqrjpRonIfvtwCrbfPuriiuNiOePLn+Nd+dQIaz/hmOPz2iSOy8bn4/fh/J7kcmK+3MYU1h 6+HroH6NnXFQ== X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="538933113" Received: from rhweight-mobl2.amr.corp.intel.com (HELO rhweight-mobl2.ra.intel.com) ([10.212.218.202]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:46 -0700 From: Russ Weight To: mdf@kernel.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, lgoncalv@redhat.com, yilun.xu@intel.com, hao.wu@intel.com, matthew.gerlach@intel.com, richard.gong@intel.com, Russ Weight Subject: [PATCH v12 3/5] fpga: m10bmc-sec: expose max10 canceled keys in sysfs Date: Mon, 3 May 2021 14:40:40 -0700 Message-Id: <20210503214042.316836-4-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210503214042.316836-1-russell.h.weight@intel.com> References: <20210503214042.316836-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org Extend the MAX10 BMC Secure Update driver to provide sysfs files to expose the canceled code signing key (CSK) bit vectors. These use the standard bitmap list format (e.g. 1,2-6,9). Signed-off-by: Russ Weight Reviewed-by: Tom Rix --- v12: - Updated Date and KernelVersion fields in ABI documentation v11: - No change v10: - Changed the path expressions in the sysfs documentation to replace the n3000 reference with something more generic to accomodate other devices that use the same driver. v9: - Rebased to 5.12-rc2 next - Updated Date and KernelVersion in ABI documentation v8: - Previously patch 4/6, otherwise no change v7: - Updated Date and KernelVersion in ABI documentation v6: - Added WARN_ON() call for (size / stride) to ensure that the proper count is passed to regmap_bulk_read(). v5: - No change v4: - Moved sysfs files for displaying the code-signing-key (CSK) cancellation vectors from the FPGA Security Manger class driver to here. The m10bmc_csk_vector() and m10bmc_csk_cancel_nbits() functions are removed and the functionality from these functions is moved into a show_canceled_csk() function for for displaying the CSK vectors. - Added ABI documentation for new sysfs entries v3: - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update driver" - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The underlying functions are now called directly. - Renamed get_csk_vector() to m10bmc_csk_vector() v2: - Replaced small function-creation macros for explicit function declarations. - Fixed get_csk_vector() function to properly apply the stride variable in calls to m10bmc_raw_bulk_read() - Added m10bmc_ prefix to functions in m10bmc_iops structure --- .../testing/sysfs-driver-intel-m10-bmc-secure | 24 ++++++++++ drivers/fpga/intel-m10-bmc-secure.c | 48 +++++++++++++++++++ 2 files changed, 72 insertions(+) diff --git a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure index c805c25e776d..798d33b625d8 100644 --- a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure +++ b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure @@ -28,6 +28,30 @@ Description: Read only. Returns the root entry hash for the BMC image underlying device supports it. Format: "0x%x". +What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/sr_canceled_csks +Date: June 2021 +KernelVersion: 5.14 +Contact: Russ Weight +Description: Read only. Returns a list of indices for canceled code + signing keys for the static region. The standard bitmap + list format is used (e.g. "1,2-6,9"). + +What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/pr_canceled_csks +Date: June 2021 +KernelVersion: 5.14 +Contact: Russ Weight +Description: Read only. Returns a list of indices for canceled code + signing keys for the partial reconfiguration region. The + standard bitmap list format is used (e.g. "1,2-6,9"). + +What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/bmc_canceled_csks +Date: June 2021 +KernelVersion: 5.14 +Contact: Russ Weight +Description: Read only. Returns a list of indices for canceled code + signing keys for the BMC. The standard bitmap list format + is used (e.g. "1,2-6,9"). + What: /sys/bus/platform/drivers/intel-m10bmc-secure/.../security/flash_count Date: June 2021 KernelVersion: 5.14 diff --git a/drivers/fpga/intel-m10-bmc-secure.c b/drivers/fpga/intel-m10-bmc-secure.c index ecd63c13cb2d..87e16c146569 100644 --- a/drivers/fpga/intel-m10-bmc-secure.c +++ b/drivers/fpga/intel-m10-bmc-secure.c @@ -79,6 +79,51 @@ DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR); DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR); DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR); +#define CSK_BIT_LEN 128U +#define CSK_32ARRAY_SIZE DIV_ROUND_UP(CSK_BIT_LEN, 32) + +static ssize_t +show_canceled_csk(struct device *dev, u32 addr, char *buf) +{ + unsigned int i, stride, size = CSK_32ARRAY_SIZE * sizeof(u32); + struct m10bmc_sec *sec = dev_get_drvdata(dev); + DECLARE_BITMAP(csk_map, CSK_BIT_LEN); + __le32 csk_le32[CSK_32ARRAY_SIZE]; + u32 csk32[CSK_32ARRAY_SIZE]; + int ret; + + stride = regmap_get_reg_stride(sec->m10bmc->regmap); + + WARN_ON(size % stride); + ret = regmap_bulk_read(sec->m10bmc->regmap, addr, csk_le32, + size / stride); + if (ret) { + dev_err(sec->dev, "failed to read CSK vector: %x cnt %x: %d\n", + addr, size / stride, ret); + return ret; + } + + for (i = 0; i < CSK_32ARRAY_SIZE; i++) + csk32[i] = le32_to_cpu(((csk_le32[i]))); + + bitmap_from_arr32(csk_map, csk32, CSK_BIT_LEN); + bitmap_complement(csk_map, csk_map, CSK_BIT_LEN); + return bitmap_print_to_pagebuf(1, buf, csk_map, CSK_BIT_LEN); +} + +#define DEVICE_ATTR_SEC_CSK_RO(_name, _addr) \ +static ssize_t _name##_canceled_csks_show(struct device *dev, \ + struct device_attribute *attr, \ + char *buf) \ +{ return show_canceled_csk(dev, _addr, buf); } \ +static DEVICE_ATTR_RO(_name##_canceled_csks) + +#define CSK_VEC_OFFSET 0x34 + +DEVICE_ATTR_SEC_CSK_RO(bmc, BMC_PROG_ADDR + CSK_VEC_OFFSET); +DEVICE_ATTR_SEC_CSK_RO(sr, SR_PROG_ADDR + CSK_VEC_OFFSET); +DEVICE_ATTR_SEC_CSK_RO(pr, PR_PROG_ADDR + CSK_VEC_OFFSET); + #define FLASH_COUNT_SIZE 4096 /* count stored as inverted bit vector */ static ssize_t flash_count_show(struct device *dev, @@ -119,6 +164,9 @@ static struct attribute *m10bmc_security_attrs[] = { &dev_attr_bmc_root_entry_hash.attr, &dev_attr_sr_root_entry_hash.attr, &dev_attr_pr_root_entry_hash.attr, + &dev_attr_sr_canceled_csks.attr, + &dev_attr_pr_canceled_csks.attr, + &dev_attr_bmc_canceled_csks.attr, NULL, }; From patchwork Mon May 3 21:40:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12237081 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB584C43462 for ; Mon, 3 May 2021 21:40:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 88D1361283 for ; Mon, 3 May 2021 21:40:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229609AbhECVll (ORCPT ); Mon, 3 May 2021 17:41:41 -0400 Received: from mga11.intel.com ([192.55.52.93]:49664 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229499AbhECVll (ORCPT ); Mon, 3 May 2021 17:41:41 -0400 IronPort-SDR: QiefCY8qoSplamxCKpScxBAw5ptRMokMPRpanq0ayLeRugDU4ouuYH0R9r3awpGX32yp2c8OGT V7ZuuktgvWbw== X-IronPort-AV: E=McAfee;i="6200,9189,9973"; a="194699864" X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="194699864" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:47 -0700 IronPort-SDR: hVsYF1+zm8RZPkfa4cCpG3bi1GPYwj43XxfDAxgK6rWBp5+zv45dc+lkJtL6JTaFQrXWVD+pcM NCRQbTo+hbJg== X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="538933118" Received: from rhweight-mobl2.amr.corp.intel.com (HELO rhweight-mobl2.ra.intel.com) ([10.212.218.202]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:46 -0700 From: Russ Weight To: mdf@kernel.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, lgoncalv@redhat.com, yilun.xu@intel.com, hao.wu@intel.com, matthew.gerlach@intel.com, richard.gong@intel.com, Russ Weight Subject: [PATCH v12 4/5] fpga: m10bmc-sec: add max10 secure update functions Date: Mon, 3 May 2021 14:40:41 -0700 Message-Id: <20210503214042.316836-5-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210503214042.316836-1-russell.h.weight@intel.com> References: <20210503214042.316836-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org Extend the MAX10 BMC Secure Update driver to include the functions that enable secure updates of BMC images, FPGA images, etc. Signed-off-by: Russ Weight --- v12: - Updated Date and KernelVersion fields in ABI documentation - Removed size parameter from the write_blk() op. m10bmc_sec_write_blk() no longer has a size parameter, and the block size is determined in this (the lower-level) driver. v11: - No change v10: - No change v9: - No change v8: - Previously patch 5/6, otherwise no change v7: - No change v6: - Changed (size / stride) calculation to ((size + stride - 1) / stride) to ensure that the proper count is passed to regmap_bulk_write(). - Removed unnecessary call to rsu_check_complete() in m10bmc_sec_poll_complete() and changed while loop to do/while loop. v5: - No change v4: - No change v3: - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update driver" - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The underlying functions are now called directly. - Changed calling functions of functions that return "enum fpga_sec_err" to check for (ret != FPGA_SEC_ERR_NONE) instead of (ret) v2: - Reworked the rsu_start_done() function to make it more readable - Reworked while-loop condition/content in rsu_prog_ready() - Minor code cleanup per review comments - Added a comment to the m10bmc_sec_poll_complete() function to explain the context (could take 30+ minutes to complete). - Added m10bmc_ prefix to functions in m10bmc_iops structure - Moved MAX10 BMC address and function definitions to a separate patch. --- drivers/fpga/intel-m10-bmc-secure.c | 310 +++++++++++++++++++++++++++- 1 file changed, 309 insertions(+), 1 deletion(-) diff --git a/drivers/fpga/intel-m10-bmc-secure.c b/drivers/fpga/intel-m10-bmc-secure.c index 87e16c146569..9d45312001a3 100644 --- a/drivers/fpga/intel-m10-bmc-secure.c +++ b/drivers/fpga/intel-m10-bmc-secure.c @@ -180,7 +180,315 @@ static const struct attribute_group *m10bmc_sec_attr_groups[] = { NULL, }; -static const struct fpga_sec_mgr_ops m10bmc_sops = { }; +static void log_error_regs(struct m10bmc_sec *sec, u32 doorbell) +{ + u32 auth_result; + + dev_err(sec->dev, "RSU error status: 0x%08x\n", doorbell); + + if (!m10bmc_sys_read(sec->m10bmc, M10BMC_AUTH_RESULT, &auth_result)) + dev_err(sec->dev, "RSU auth result: 0x%08x\n", auth_result); +} + +static enum fpga_sec_err rsu_check_idle(struct m10bmc_sec *sec) +{ + u32 doorbell; + int ret; + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) + return FPGA_SEC_ERR_RW_ERROR; + + if (rsu_prog(doorbell) != RSU_PROG_IDLE && + rsu_prog(doorbell) != RSU_PROG_RSU_DONE) { + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_BUSY; + } + + return FPGA_SEC_ERR_NONE; +} + +static inline bool rsu_start_done(u32 doorbell) +{ + u32 status, progress; + + if (doorbell & DRBL_RSU_REQUEST) + return false; + + status = rsu_stat(doorbell); + if (status == RSU_STAT_ERASE_FAIL || status == RSU_STAT_WEAROUT) + return true; + + progress = rsu_prog(doorbell); + if (progress != RSU_PROG_IDLE && progress != RSU_PROG_RSU_DONE) + return true; + + return false; +} + +static enum fpga_sec_err rsu_update_init(struct m10bmc_sec *sec) +{ + u32 doorbell, status; + int ret; + + ret = regmap_update_bits(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + DRBL_RSU_REQUEST | DRBL_HOST_STATUS, + DRBL_RSU_REQUEST | + FIELD_PREP(DRBL_HOST_STATUS, + HOST_STATUS_IDLE)); + if (ret) + return FPGA_SEC_ERR_RW_ERROR; + + ret = regmap_read_poll_timeout(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + doorbell, + rsu_start_done(doorbell), + NIOS_HANDSHAKE_INTERVAL_US, + NIOS_HANDSHAKE_TIMEOUT_US); + + if (ret == -ETIMEDOUT) { + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_TIMEOUT; + } else if (ret) { + return FPGA_SEC_ERR_RW_ERROR; + } + + status = rsu_stat(doorbell); + if (status == RSU_STAT_WEAROUT) { + dev_warn(sec->dev, "Excessive flash update count detected\n"); + return FPGA_SEC_ERR_WEAROUT; + } else if (status == RSU_STAT_ERASE_FAIL) { + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_HW_ERROR; + } + + return FPGA_SEC_ERR_NONE; +} + +static enum fpga_sec_err rsu_prog_ready(struct m10bmc_sec *sec) +{ + unsigned long poll_timeout; + u32 doorbell, progress; + int ret; + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) + return FPGA_SEC_ERR_RW_ERROR; + + poll_timeout = jiffies + msecs_to_jiffies(RSU_PREP_TIMEOUT_MS); + while (rsu_prog(doorbell) == RSU_PROG_PREPARE) { + msleep(RSU_PREP_INTERVAL_MS); + if (time_after(jiffies, poll_timeout)) + break; + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) + return FPGA_SEC_ERR_RW_ERROR; + } + + progress = rsu_prog(doorbell); + if (progress == RSU_PROG_PREPARE) { + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_TIMEOUT; + } else if (progress != RSU_PROG_READY) { + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_HW_ERROR; + } + + return FPGA_SEC_ERR_NONE; +} + +static enum fpga_sec_err rsu_send_data(struct m10bmc_sec *sec) +{ + u32 doorbell; + int ret; + + ret = regmap_update_bits(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + DRBL_HOST_STATUS, + FIELD_PREP(DRBL_HOST_STATUS, + HOST_STATUS_WRITE_DONE)); + if (ret) + return FPGA_SEC_ERR_RW_ERROR; + + ret = regmap_read_poll_timeout(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + doorbell, + rsu_prog(doorbell) != RSU_PROG_READY, + NIOS_HANDSHAKE_INTERVAL_US, + NIOS_HANDSHAKE_TIMEOUT_US); + + if (ret == -ETIMEDOUT) { + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_TIMEOUT; + } else if (ret) { + return FPGA_SEC_ERR_RW_ERROR; + } + + switch (rsu_stat(doorbell)) { + case RSU_STAT_NORMAL: + case RSU_STAT_NIOS_OK: + case RSU_STAT_USER_OK: + case RSU_STAT_FACTORY_OK: + break; + default: + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_HW_ERROR; + } + + return FPGA_SEC_ERR_NONE; +} + +static int rsu_check_complete(struct m10bmc_sec *sec, u32 *doorbell) +{ + if (m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, doorbell)) + return -EIO; + + switch (rsu_stat(*doorbell)) { + case RSU_STAT_NORMAL: + case RSU_STAT_NIOS_OK: + case RSU_STAT_USER_OK: + case RSU_STAT_FACTORY_OK: + break; + default: + return -EINVAL; + } + + switch (rsu_prog(*doorbell)) { + case RSU_PROG_IDLE: + case RSU_PROG_RSU_DONE: + return 0; + case RSU_PROG_AUTHENTICATING: + case RSU_PROG_COPYING: + case RSU_PROG_UPDATE_CANCEL: + case RSU_PROG_PROGRAM_KEY_HASH: + return -EAGAIN; + default: + return -EINVAL; + } +} + +static enum fpga_sec_err m10bmc_sec_prepare(struct fpga_sec_mgr *smgr) +{ + struct m10bmc_sec *sec = smgr->priv; + enum fpga_sec_err ret; + + if (smgr->remaining_size > M10BMC_STAGING_SIZE) + return FPGA_SEC_ERR_INVALID_SIZE; + + ret = rsu_check_idle(sec); + if (ret != FPGA_SEC_ERR_NONE) + return ret; + + ret = rsu_update_init(sec); + if (ret != FPGA_SEC_ERR_NONE) + return ret; + + return rsu_prog_ready(sec); +} + +#define WRITE_BLOCK_SIZE 0x4000 /* Update remaining_size every 0x4000 bytes */ + +static enum fpga_sec_err +m10bmc_sec_write_blk(struct fpga_sec_mgr *smgr, u32 offset) +{ + struct m10bmc_sec *sec = smgr->priv; + unsigned int stride = regmap_get_reg_stride(sec->m10bmc->regmap); + u32 doorbell, blk_size; + int ret; + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) { + return FPGA_SEC_ERR_RW_ERROR; + } else if (rsu_prog(doorbell) != RSU_PROG_READY) { + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_HW_ERROR; + } + + blk_size = min_t(u32, smgr->remaining_size, WRITE_BLOCK_SIZE); + ret = regmap_bulk_write(sec->m10bmc->regmap, + M10BMC_STAGING_BASE + offset, + (void *)smgr->data + offset, + (blk_size + stride - 1) / stride); + + if (ret) + return FPGA_SEC_ERR_RW_ERROR; + + smgr->remaining_size -= blk_size; + return FPGA_SEC_ERR_NONE; +} + +/* + * m10bmc_sec_poll_complete() is called after handing things off to + * the BMC firmware. Depending on the type of update, it could be + * 30+ minutes before the BMC firmware completes the update. The + * smgr->driver_unload check allows the driver to be unloaded, + * but the BMC firmware will continue the update and no further + * secure updates can be started for this device until the update + * is complete. + */ +static enum fpga_sec_err m10bmc_sec_poll_complete(struct fpga_sec_mgr *smgr) +{ + struct m10bmc_sec *sec = smgr->priv; + unsigned long poll_timeout; + enum fpga_sec_err result; + u32 doorbell; + int ret; + + result = rsu_send_data(sec); + if (result != FPGA_SEC_ERR_NONE) + return result; + + poll_timeout = jiffies + msecs_to_jiffies(RSU_COMPLETE_TIMEOUT_MS); + do { + msleep(RSU_COMPLETE_INTERVAL_MS); + ret = rsu_check_complete(sec, &doorbell); + if (smgr->driver_unload) + return FPGA_SEC_ERR_CANCELED; + } while (ret == -EAGAIN && !time_after(jiffies, poll_timeout)); + + if (ret == -EAGAIN) { + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_TIMEOUT; + } else if (ret == -EIO) { + return FPGA_SEC_ERR_RW_ERROR; + } else if (ret) { + log_error_regs(sec, doorbell); + return FPGA_SEC_ERR_HW_ERROR; + } + + return FPGA_SEC_ERR_NONE; +} + +static enum fpga_sec_err m10bmc_sec_cancel(struct fpga_sec_mgr *smgr) +{ + struct m10bmc_sec *sec = smgr->priv; + u32 doorbell; + int ret; + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) + return FPGA_SEC_ERR_RW_ERROR; + + if (rsu_prog(doorbell) != RSU_PROG_READY) + return FPGA_SEC_ERR_BUSY; + + ret = regmap_update_bits(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + DRBL_HOST_STATUS, + FIELD_PREP(DRBL_HOST_STATUS, + HOST_STATUS_ABORT_RSU)); + + return ret ? FPGA_SEC_ERR_RW_ERROR : FPGA_SEC_ERR_NONE; +} + +static const struct fpga_sec_mgr_ops m10bmc_sops = { + .prepare = m10bmc_sec_prepare, + .write_blk = m10bmc_sec_write_blk, + .poll_complete = m10bmc_sec_poll_complete, + .cancel = m10bmc_sec_cancel, +}; static int m10bmc_secure_probe(struct platform_device *pdev) { From patchwork Mon May 3 21:40:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12237087 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8871C43460 for ; Mon, 3 May 2021 21:40:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B28C861283 for ; Mon, 3 May 2021 21:40:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229771AbhECVln (ORCPT ); Mon, 3 May 2021 17:41:43 -0400 Received: from mga11.intel.com ([192.55.52.93]:49664 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229742AbhECVlm (ORCPT ); Mon, 3 May 2021 17:41:42 -0400 IronPort-SDR: mIscvnMa11oWX/BxbnUFJ4cXu44doN3bM+TnIQFmhVu/k3C/DFBLjEu5NC/LUblRDe1oW9LYjE OU7cI3nhoaVA== X-IronPort-AV: E=McAfee;i="6200,9189,9973"; a="194699865" X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="194699865" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:47 -0700 IronPort-SDR: DQy5a5gvHp+h5LqMG8/xEtWav4end5s8cQm6oDBf8ijROvwoGyOmvruhWFsAZ1fM0AihFc2xWD x2LvPl8FoKZw== X-IronPort-AV: E=Sophos;i="5.82,271,1613462400"; d="scan'208";a="538933123" Received: from rhweight-mobl2.amr.corp.intel.com (HELO rhweight-mobl2.ra.intel.com) ([10.212.218.202]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2021 14:40:47 -0700 From: Russ Weight To: mdf@kernel.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, lgoncalv@redhat.com, yilun.xu@intel.com, hao.wu@intel.com, matthew.gerlach@intel.com, richard.gong@intel.com, Russ Weight Subject: [PATCH v12 5/5] fpga: m10bmc-sec: add max10 get_hw_errinfo callback func Date: Mon, 3 May 2021 14:40:42 -0700 Message-Id: <20210503214042.316836-6-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210503214042.316836-1-russell.h.weight@intel.com> References: <20210503214042.316836-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org Extend the MAX10 BMC Secure Update driver to include a function that returns 64 bits of additional HW specific data for errors that require additional information. This callback function enables the hw_errinfo sysfs node in the Intel Security Manager class driver. Signed-off-by: Russ Weight Reviewed-by: Tom Rix --- v12: - No change v11: - No change v10: - No change v9: - No change v8: - Previously patch 6/6, otherwise no change v7: - No change v6: - Initialized auth_result and doorbell to HW_ERRINFO_POISON in m10bmc_sec_hw_errinfo() and removed unnecessary if statements. v5: - No change v4: - No change v3: - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update driver" v2: - Implemented HW_ERRINFO_POISON for m10bmc_sec_hw_errinfo() to ensure that corresponding bits are set to 1 if we are unable to read the doorbell or auth_result registers. - Added m10bmc_ prefix to functions in m10bmc_iops structure --- drivers/fpga/intel-m10-bmc-secure.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drivers/fpga/intel-m10-bmc-secure.c b/drivers/fpga/intel-m10-bmc-secure.c index 9d45312001a3..bdf87ec125fe 100644 --- a/drivers/fpga/intel-m10-bmc-secure.c +++ b/drivers/fpga/intel-m10-bmc-secure.c @@ -483,11 +483,33 @@ static enum fpga_sec_err m10bmc_sec_cancel(struct fpga_sec_mgr *smgr) return ret ? FPGA_SEC_ERR_RW_ERROR : FPGA_SEC_ERR_NONE; } +#define HW_ERRINFO_POISON GENMASK(31, 0) +static u64 m10bmc_sec_hw_errinfo(struct fpga_sec_mgr *smgr) +{ + struct m10bmc_sec *sec = smgr->priv; + u32 auth_result = HW_ERRINFO_POISON; + u32 doorbell = HW_ERRINFO_POISON; + + switch (smgr->err_code) { + case FPGA_SEC_ERR_HW_ERROR: + case FPGA_SEC_ERR_TIMEOUT: + case FPGA_SEC_ERR_BUSY: + case FPGA_SEC_ERR_WEAROUT: + m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + m10bmc_sys_read(sec->m10bmc, M10BMC_AUTH_RESULT, &auth_result); + + return (u64)doorbell << 32 | (u64)auth_result; + default: + return 0; + } +} + static const struct fpga_sec_mgr_ops m10bmc_sops = { .prepare = m10bmc_sec_prepare, .write_blk = m10bmc_sec_write_blk, .poll_complete = m10bmc_sec_poll_complete, .cancel = m10bmc_sec_cancel, + .get_hw_errinfo = m10bmc_sec_hw_errinfo, }; static int m10bmc_secure_probe(struct platform_device *pdev)