From patchwork Fri May 6 22:54:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12841726 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B4DAC433EF for ; Fri, 6 May 2022 22:56:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1444867AbiEFW63 (ORCPT ); Fri, 6 May 2022 18:58:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1444873AbiEFW6V (ORCPT ); Fri, 6 May 2022 18:58:21 -0400 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8915F703E9; Fri, 6 May 2022 15:54:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1651877672; x=1683413672; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+HO9lXs26TUFhW9zGLCZoI0Gw9iGfwBtljI5dCRfwTM=; b=eVhnyD1pnEIuTu/UcIV6qLoGZR3LzCq3Vx6NT2AT/neuH7solehYBoYn b5udVIbEC695CnkUXRB1nGep057F1rKW99Z3iNhdjnpov+xCndRcdMBUI TIPYT0jSuBXNv3yEz/VS+0+WERT9HAaPCAZzWHajde2akhwDaMhCvdQnG UuFDmZO0ACVe3dmAJK19BJOMqWrEI0GuCxLppmgbDN0OcTJM6Sax5BgB7 K1283xL43bycEkXhGg1u7ut4Sj/xRKZHlgmG7If129E4tl/X4ZLU42HoL N1tJ4l/+WEKdi3YVy5x5TfPZOqKBa1zuDMPG5oLbcAf82FPGNHlSYsSZf g==; X-IronPort-AV: E=McAfee;i="6400,9594,10339"; a="268736159" X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="268736159" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:20 -0700 X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="812594475" Received: from rhweight-mobl.amr.corp.intel.com (HELO rhweight-mobl.ra.intel.com) ([10.212.152.127]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:19 -0700 From: Russ Weight To: mdf@kernel.org, hao.wu@intel.com, yilun.xu@intel.com, lee.jones@linaro.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, marpagan@redhat.com, lgoncalv@redhat.com, matthew.gerlach@linux.intel.com, basheer.ahmed.muddebihal@intel.com, tianfei.zhang@intel.com, Russ Weight Subject: [PATCH v18 1/5] mfd: intel-m10-bmc: Rename n3000bmc-secure driver Date: Fri, 6 May 2022 15:54:11 -0700 Message-Id: <20220506225415.78763-2-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220506225415.78763-1-russell.h.weight@intel.com> References: <20220506225415.78763-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org The n3000bmc-secure driver has changed to n3000bmc-sec-update. Update the name in the list of the intel-m10-bmc sub-drivers. Signed-off-by: Russ Weight --- v18: - No change v17: - This is a new patch to change in the name of the secure update driver. --- drivers/mfd/intel-m10-bmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mfd/intel-m10-bmc.c b/drivers/mfd/intel-m10-bmc.c index 8db3bcf5fccc..f4d0d72573c8 100644 --- a/drivers/mfd/intel-m10-bmc.c +++ b/drivers/mfd/intel-m10-bmc.c @@ -26,7 +26,7 @@ static struct mfd_cell m10bmc_d5005_subdevs[] = { static struct mfd_cell m10bmc_pacn3000_subdevs[] = { { .name = "n3000bmc-hwmon" }, { .name = "n3000bmc-retimer" }, - { .name = "n3000bmc-secure" }, + { .name = "n3000bmc-sec-update" }, }; static struct mfd_cell m10bmc_n5010_subdevs[] = { From patchwork Fri May 6 22:54:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12841727 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7838C433F5 for ; Fri, 6 May 2022 22:56:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1444907AbiEFW6m (ORCPT ); Fri, 6 May 2022 18:58:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1444852AbiEFW6X (ORCPT ); Fri, 6 May 2022 18:58:23 -0400 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 302447091D; Fri, 6 May 2022 15:54:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1651877674; x=1683413674; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=vp9SQ7L0hlMkbpQNaWX4u5qq5CW3hPg6tLpfgUikiJM=; b=B5lcf0vbF4V5JpTNf5yYXgG+upgd5XwV2n2KnwjCAffDPt0HPyo9/9oY ZEIun/ocnet04iKq1RL78RUuojUi5eS9kpWD/TxiLUVWFzz8YWLeZLECh lQYGUy5+3exCsSKb7dkQm3Ta8/SkDyBK50zOOBtZuYrKtMnCl6ApvTkOk Q5+xxVJGIMSLD+oNGU/m5xmNYfuExWyFNLAEVUNAbXd7KLl33VJYOadph Njq5R0OJdPuGu3QkXtS973XwszMiD6MK/92U271biX95nU4pS2MnQDza7 95HoM9HUZXq+WQPBy/wCwsL7sX5eZL8gDwqhXU9ObjwfsbMmlvTchh/fG w==; X-IronPort-AV: E=McAfee;i="6400,9594,10339"; a="268736162" X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="268736162" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:20 -0700 X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="812594479" Received: from rhweight-mobl.amr.corp.intel.com (HELO rhweight-mobl.ra.intel.com) ([10.212.152.127]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:20 -0700 From: Russ Weight To: mdf@kernel.org, hao.wu@intel.com, yilun.xu@intel.com, lee.jones@linaro.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, marpagan@redhat.com, lgoncalv@redhat.com, matthew.gerlach@linux.intel.com, basheer.ahmed.muddebihal@intel.com, tianfei.zhang@intel.com, Russ Weight Subject: [PATCH v18 2/5] fpga: cardbmc-sec: create bmc secure update driver Date: Fri, 6 May 2022 15:54:12 -0700 Message-Id: <20220506225415.78763-3-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220506225415.78763-1-russell.h.weight@intel.com> References: <20220506225415.78763-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org Create a sub driver for the FPGA Card BMC in order to support secure updates. This patch creates the FPGA Card BMC Secure Update driver and provides sysfs files for displaying the current root entry hashes for the FPGA static region, the FPGA PR region, and the card BMC. Signed-off-by: Russ Weight Reviewed-by: Tom Rix --- v18: - Changed the ABI documentation for the Root Entry Hashes to specify string as the format for the output. - Updated comments, strings and config options to more consistently refer to the driver as the Intel FPGA Card BMC Secure Update driver. - Removed an instance of dev_dbg(). - Deferred the call to firmware_upload_register() to a later patch where the required ops are provided. The bmc_sec_remove() function is also removed from this patch and added in a later patch. - Switched from MODULE_ALIAS() to MODULE_DEVICE_TABLE() in anticipation of additional cards to be supported by the same driver. v17: - Update the Date and KernelVersion for the ABI documentation to Jul 2022 and 5.19 respectively. - Updated the copyright end-date to 2022 for the secure update driver. - Change m10bmc to cardbmc to reflect the fact that the future devices will not necessarily use the MAX10. This affects filenames, configs, and symbol names. - Removed references to the FPGA Image Load class driver and replaced them with the new firmware-upload service from the firmware loader. - Firmware upload requires a unique name for the firmware device. Use xarray_alloc to generate a unique number to append to the name. - Changed the license from GPL to GPLv2 per commit bf7fbeeae6db: 'module: Cure the MODULE_LICENSE "GPL" vs. "GPL v2" bogosity' v16: - No Change v15: - Updated the Dates and KernelVersions in the ABI documentation - Change driver name from "n3000bmc-secure" to "n3000bmc-sec-update". - Change CONFIG_FPGA_M10_BMC_SECURE to CONFIG_FPGA_M10_BMC_SEC_UPDATE. - Change instances of *bmc-secure to *bmc-sec-update in file name and symbol names. - Change instances of *m10bmc_secure* to *m10bmc-sec_update* in symbol names. - Change instances of *lops* to *ops* in symbol names. v14: - Changed symbol and text references to reflect the renaming of the Security Manager Class driver to FPGA Image Load. v13: - Updated copyright to 2021 - Updated ABI documentation date and kernel version - Call updated fpga_sec_mgr_register() and fpga_sec_mgr_unregister() functions instead of devm_fpga_sec_mgr_create() and devm_fpga_sec_mgr_register(). v12: - Updated Date and KernelVersion fields in ABI documentation v11: - Added Reviewed-by tag v10: - Changed the path expressions in the sysfs documentation to replace the n3000 reference with something more generic to accomodate other devices that use the same driver. v9: - Rebased to 5.12-rc2 next - Updated Date and KernelVersion in ABI documentation v8: - Previously patch 2/6, otherwise no change v7: - Updated Date and KernelVersion in ABI documentation v6: - Added WARN_ON() call for (sha_num_bytes / stride) to assert that the proper count is passed to regmap_bulk_read(). v5: - No change v4: - Moved sysfs files for displaying the root entry hashes (REH) from the FPGA Security Manager class driver to here. The m10bmc_reh() and m10bmc_reh_size() functions are removed and the functionality from these functions is moved into a show_root_entry_hash() function for displaying the REHs. - Added ABI documentation for the new sysfs entries: sysfs-driver-intel-m10-bmc-secure - Updated the MAINTAINERS file to add the new ABI documentation file: sysfs-driver-intel-m10-bmc-secure - Removed unnecessary ret variable from m10bmc_secure_probe() - Incorporated new devm_fpga_sec_mgr_register() function into m10bmc_secure_probe() and removed the m10bmc_secure_remove() function. v3: - Changed from "Intel FPGA Security Manager" to FPGA Security Manager" - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update driver" - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The underlying functions are now called directly. - Changed "_root_entry_hash" to "_reh", with a comment explaining what reh is. v2: - Added drivers/fpga/intel-m10-bmc-secure.c file to MAINTAINERS. - Switched to GENMASK(31, 16) for a couple of mask definitions. - Moved MAX10 BMC address and function definitions to a separate patch. - Replaced small function-creation macros with explicit function declarations. - Removed ifpga_sec_mgr_init() and ifpga_sec_mgr_uinit() functions. - Adapted to changes in the Intel FPGA Security Manager by splitting the single call to ifpga_sec_mgr_register() into two function calls: devm_ifpga_sec_mgr_create() and ifpga_sec_mgr_register(). --- .../sysfs-driver-intel-cardbmc-sec-update | 29 ++++ MAINTAINERS | 7 + drivers/fpga/Kconfig | 12 ++ drivers/fpga/Makefile | 3 + drivers/fpga/intel-cardbmc-sec-update.c | 133 ++++++++++++++++++ 5 files changed, 184 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update create mode 100644 drivers/fpga/intel-cardbmc-sec-update.c diff --git a/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update b/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update new file mode 100644 index 000000000000..94887ab055a5 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update @@ -0,0 +1,29 @@ +What: /sys/bus/platform/drivers/intel-cardbmc-sec-update/.../security/sr_root_entry_hash +Date: Jul 2022 +KernelVersion: 5.19 +Contact: Russ Weight +Description: Read only. Returns the root entry hash for the static + region if one is programmed, else it returns the + string: "hash not programmed". This file is only + visible if the underlying device supports it. + Format: string. + +What: /sys/bus/platform/drivers/intel-cardbmc-sec-update/.../security/pr_root_entry_hash +Date: Jul 2022 +KernelVersion: 5.19 +Contact: Russ Weight +Description: Read only. Returns the root entry hash for the partial + reconfiguration region if one is programmed, else it + returns the string: "hash not programmed". This file + is only visible if the underlying device supports it. + Format: string. + +What: /sys/bus/platform/drivers/intel-cardbmc-sec-update/.../security/bmc_root_entry_hash +Date: Jul 2022 +KernelVersion: 5.19 +Contact: Russ Weight +Description: Read only. Returns the root entry hash for the BMC image + if one is programmed, else it returns the string: + "hash not programmed". This file is only visible if the + underlying device supports it. + Format: string. diff --git a/MAINTAINERS b/MAINTAINERS index 2869a958f5e4..2496379dc5d2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -7756,6 +7756,13 @@ F: Documentation/fpga/ F: drivers/fpga/ F: include/linux/fpga/ +INTEL FPGA BMC SECURE UPDATES +M: Russ Weight +L: linux-fpga@vger.kernel.org +S: Maintained +F: Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update +F: drivers/fpga/intel-cardbmc-sec-update.c + FPU EMULATOR M: Bill Metzenthen S: Maintained diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig index 991b3f361ec9..dc9285b2dbcb 100644 --- a/drivers/fpga/Kconfig +++ b/drivers/fpga/Kconfig @@ -243,4 +243,16 @@ config FPGA_MGR_VERSAL_FPGA configure the programmable logic(PL). To compile this as a module, choose M here. + +config INTEL_FPGA_CARDBMC_SEC_UPDATE + tristate "Intel FPGA Card BMC Secure Update driver" + depends on MFD_INTEL_M10_BMC && FW_UPLOAD + help + Secure update support for the Intel FPGA board management + controller. + + This is a subdriver of the Intel MAX10 board management controller + (BMC) and provides support for secure updates for the BMC image, + the FPGA image, the Root Entry Hashes, etc. + endif # FPGA diff --git a/drivers/fpga/Makefile b/drivers/fpga/Makefile index 5935b3d0abd5..0e793c66af55 100644 --- a/drivers/fpga/Makefile +++ b/drivers/fpga/Makefile @@ -22,6 +22,9 @@ obj-$(CONFIG_FPGA_MGR_VERSAL_FPGA) += versal-fpga.o obj-$(CONFIG_ALTERA_PR_IP_CORE) += altera-pr-ip-core.o obj-$(CONFIG_ALTERA_PR_IP_CORE_PLAT) += altera-pr-ip-core-plat.o +# FPGA Secure Update Drivers +obj-$(CONFIG_INTEL_FPGA_CARDBMC_SEC_UPDATE) += intel-cardbmc-sec-update.o + # FPGA Bridge Drivers obj-$(CONFIG_FPGA_BRIDGE) += fpga-bridge.o obj-$(CONFIG_SOCFPGA_FPGA_BRIDGE) += altera-hps2fpga.o altera-fpga2sdram.o diff --git a/drivers/fpga/intel-cardbmc-sec-update.c b/drivers/fpga/intel-cardbmc-sec-update.c new file mode 100644 index 000000000000..6b8ed326e766 --- /dev/null +++ b/drivers/fpga/intel-cardbmc-sec-update.c @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Intel FPGA Card Board Management Controller Secure Update Driver + * + * Copyright (C) 2019-2022 Intel Corporation. All rights reserved. + * + */ +#include +#include +#include +#include +#include +#include +#include +#include + +struct bmc_sec { + struct device *dev; + struct intel_m10bmc *m10bmc; +}; + +/* Root Entry Hash (REH) support */ +#define REH_SHA256_SIZE 32 +#define REH_SHA384_SIZE 48 +#define REH_MAGIC GENMASK(15, 0) +#define REH_SHA_NUM_BYTES GENMASK(31, 16) + +static ssize_t +show_root_entry_hash(struct device *dev, u32 exp_magic, + u32 prog_addr, u32 reh_addr, char *buf) +{ + struct bmc_sec *sec = dev_get_drvdata(dev); + unsigned int stride = regmap_get_reg_stride(sec->m10bmc->regmap); + int sha_num_bytes, i, ret, cnt = 0; + u8 hash[REH_SHA384_SIZE]; + u32 magic; + + ret = m10bmc_raw_read(sec->m10bmc, prog_addr, &magic); + if (ret) + return ret; + + if (FIELD_GET(REH_MAGIC, magic) != exp_magic) + return sysfs_emit(buf, "hash not programmed\n"); + + sha_num_bytes = FIELD_GET(REH_SHA_NUM_BYTES, magic) / 8; + if (sha_num_bytes != REH_SHA256_SIZE && + sha_num_bytes != REH_SHA384_SIZE) { + dev_err(sec->dev, "%s bad sha num bytes %d\n", __func__, + sha_num_bytes); + return -EINVAL; + } + + WARN_ON(sha_num_bytes % stride); + ret = regmap_bulk_read(sec->m10bmc->regmap, reh_addr, + hash, sha_num_bytes / stride); + if (ret) { + dev_err(dev, "failed to read root entry hash: %x cnt %x: %d\n", + reh_addr, sha_num_bytes / stride, ret); + return ret; + } + + for (i = 0; i < sha_num_bytes; i++) + cnt += sprintf(buf + cnt, "%02x", hash[i]); + cnt += sprintf(buf + cnt, "\n"); + + return cnt; +} + +#define DEVICE_ATTR_SEC_REH_RO(_name, _magic, _prog_addr, _reh_addr) \ +static ssize_t _name##_root_entry_hash_show(struct device *dev, \ + struct device_attribute *attr, \ + char *buf) \ +{ return show_root_entry_hash(dev, _magic, _prog_addr, _reh_addr, buf); } \ +static DEVICE_ATTR_RO(_name##_root_entry_hash) + +DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR); +DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR); +DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR); + +static struct attribute *bmc_security_attrs[] = { + &dev_attr_bmc_root_entry_hash.attr, + &dev_attr_sr_root_entry_hash.attr, + &dev_attr_pr_root_entry_hash.attr, + NULL, +}; + +static struct attribute_group bmc_security_attr_group = { + .name = "security", + .attrs = bmc_security_attrs, +}; + +static const struct attribute_group *bmc_sec_attr_groups[] = { + &bmc_security_attr_group, + NULL, +}; + +#define SEC_UPDATE_LEN_MAX 32 +static int bmc_sec_probe(struct platform_device *pdev) +{ + struct bmc_sec *sec; + + sec = devm_kzalloc(&pdev->dev, sizeof(*sec), GFP_KERNEL); + if (!sec) + return -ENOMEM; + + sec->dev = &pdev->dev; + sec->m10bmc = dev_get_drvdata(pdev->dev.parent); + dev_set_drvdata(&pdev->dev, sec); + + return 0; +} + +static const struct platform_device_id intel_cardbmc_sec_ids[] = { + { + .name = "n3000bmc-sec-update", + }, + { } +}; + +static struct platform_driver intel_cardbmc_sec_driver = { + .probe = bmc_sec_probe, + .driver = { + .name = "intel-cardbmc-sec-update", + .dev_groups = bmc_sec_attr_groups, + }, + .id_table = intel_cardbmc_sec_ids, +}; +module_platform_driver(intel_cardbmc_sec_driver); + +MODULE_DEVICE_TABLE(platform, intel_cardbmc_sec_ids); +MODULE_AUTHOR("Intel Corporation"); +MODULE_DESCRIPTION("Intel FPGA CARD BMC Secure Update"); +MODULE_LICENSE("GPL"); From patchwork Fri May 6 22:54:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12841728 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E7AAC433EF for ; Fri, 6 May 2022 22:56:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1444931AbiEFW6x (ORCPT ); Fri, 6 May 2022 18:58:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35324 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1444864AbiEFW6X (ORCPT ); Fri, 6 May 2022 18:58:23 -0400 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45E0F6D384; Fri, 6 May 2022 15:54:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1651877674; x=1683413674; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=KGA1nmqFeK8SackFzzwlitqvHkNtr99ZD6P9ZTJva6U=; b=XCwppUgzH4i1rhFmtm4cuFjzDDLlf842pPljX7rf1Hiy36x++etsHcR1 LZuPfAo2BM/WFvYyk6SPnY6IQF3V9ayt3P8xGgxxtP7guz7UToNGR6ZLS W29m3XNQ74OPO/uRTFaYRbfrFkh20bKbk5v6X9EW6B22xGQHI++3QLKiF 712A89d9IZSyGdu+tru93qdElko7lXl8ZxWgkbx/KoC/R+5rhu3DYvzEF SM50jlsIombfGs7ycrH5jmkkPOmtDA2mLGaGtfRKnxJo7DSuharf7hEm0 cxo1UpFhe1lEiUg8ADpG5lwVOUCQQ14Hi+Kmfj5pHHSO8ytKi3GYUUO0W Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10339"; a="268736165" X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="268736165" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:21 -0700 X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="812594482" Received: from rhweight-mobl.amr.corp.intel.com (HELO rhweight-mobl.ra.intel.com) ([10.212.152.127]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:20 -0700 From: Russ Weight To: mdf@kernel.org, hao.wu@intel.com, yilun.xu@intel.com, lee.jones@linaro.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, marpagan@redhat.com, lgoncalv@redhat.com, matthew.gerlach@linux.intel.com, basheer.ahmed.muddebihal@intel.com, tianfei.zhang@intel.com, Russ Weight Subject: [PATCH v18 3/5] fpga: cardbmc-sec: expose flash update count Date: Fri, 6 May 2022 15:54:13 -0700 Message-Id: <20220506225415.78763-4-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220506225415.78763-1-russell.h.weight@intel.com> References: <20220506225415.78763-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org Extend the FPGA Card BMC Secure Update driver to provide a sysfs file to expose the flash update count. Signed-off-by: Russ Weight Reviewed-by: Tom Rix --- v18: - No change v17: - Update the Date and KernelVersion for the ABI documentation to Jul 2022 and 5.19 respectively. - Change "m10bmc" in symbol names to "cardbmc" to reflect the fact that the future devices will not necessarily use the MAX10. v16: - No Change v15: - Updated the Dates and KernelVersions in the ABI documentation v14: - No change v13: - Updated ABI documentation date and kernel version v12: - Updated Date and KernelVersion fields in ABI documentation v11: - No change v10: - Changed the path expression in the sysfs documentation to replace the n3000 reference with something more generic to accomodate other devices that use the same driver. v9: - Rebased to 5.12-rc2 next - Updated Date and KernelVersion in ABI documentation v8: - Previously patch 3/6, otherwise no change v7: - Updated Date and KernelVersion in ABI documentation v6: - Changed flash_count_show() parameter list to achieve reverse-christmas tree format. - Added WARN_ON() call for (FLASH_COUNT_SIZE / stride) to ensure that the proper count is passed to regmap_bulk_read(). v5: - Renamed sysfs node user_flash_count to flash_count and updated the sysfs documentation accordingly. v4: - Moved the sysfs file for displaying the flash count from the FPGA Security Manager class driver to here. The m10bmc_user_flash_count() function is removed and the functionality is moved into a user_flash_count_show() function. - Added ABI documentation for the new sysfs entry v3: - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update driver" - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The underlying functions are now called directly. v2: - Renamed get_qspi_flash_count() to m10bmc_user_flash_count() - Minor code cleanup per review comments - Added m10bmc_ prefix to functions in m10bmc_iops structure --- .../sysfs-driver-intel-cardbmc-sec-update | 8 +++++ drivers/fpga/intel-cardbmc-sec-update.c | 36 +++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update b/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update index 94887ab055a5..04f8c5a1fc1c 100644 --- a/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update +++ b/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update @@ -27,3 +27,11 @@ Description: Read only. Returns the root entry hash for the BMC image "hash not programmed". This file is only visible if the underlying device supports it. Format: string. + +What: /sys/bus/platform/drivers/intel-cardbmc-sec-update/.../security/flash_count +Date: Jul 2022 +KernelVersion: 5.19 +Contact: Russ Weight +Description: Read only. Returns number of times the secure update + staging area has been flashed. + Format: "%u". diff --git a/drivers/fpga/intel-cardbmc-sec-update.c b/drivers/fpga/intel-cardbmc-sec-update.c index 6b8ed326e766..d8f3645e2139 100644 --- a/drivers/fpga/intel-cardbmc-sec-update.c +++ b/drivers/fpga/intel-cardbmc-sec-update.c @@ -77,7 +77,43 @@ DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR); DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR); DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR); +#define FLASH_COUNT_SIZE 4096 /* count stored as inverted bit vector */ + +static ssize_t flash_count_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + struct bmc_sec *sec = dev_get_drvdata(dev); + unsigned int stride, num_bits; + u8 *flash_buf; + int cnt, ret; + + stride = regmap_get_reg_stride(sec->m10bmc->regmap); + num_bits = FLASH_COUNT_SIZE * 8; + + flash_buf = kmalloc(FLASH_COUNT_SIZE, GFP_KERNEL); + if (!flash_buf) + return -ENOMEM; + + WARN_ON(FLASH_COUNT_SIZE % stride); + ret = regmap_bulk_read(sec->m10bmc->regmap, STAGING_FLASH_COUNT, + flash_buf, FLASH_COUNT_SIZE / stride); + if (ret) { + dev_err(sec->dev, + "failed to read flash count: %x cnt %x: %d\n", + STAGING_FLASH_COUNT, FLASH_COUNT_SIZE / stride, ret); + goto exit_free; + } + cnt = num_bits - bitmap_weight((unsigned long *)flash_buf, num_bits); + +exit_free: + kfree(flash_buf); + + return ret ? : sysfs_emit(buf, "%u\n", cnt); +} +static DEVICE_ATTR_RO(flash_count); + static struct attribute *bmc_security_attrs[] = { + &dev_attr_flash_count.attr, &dev_attr_bmc_root_entry_hash.attr, &dev_attr_sr_root_entry_hash.attr, &dev_attr_pr_root_entry_hash.attr, From patchwork Fri May 6 22:54:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12841729 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DCB79C433FE for ; Fri, 6 May 2022 22:59:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1444874AbiEFXBg (ORCPT ); Fri, 6 May 2022 19:01:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35320 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1444881AbiEFW6X (ORCPT ); Fri, 6 May 2022 18:58:23 -0400 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E12E6D3A3; Fri, 6 May 2022 15:54:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1651877675; x=1683413675; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=v1YwFKtal3kMawipq7ia+66jTjBPVEgOIPiGN55nzaU=; b=j8nvUUDsv/2v5pcKuGnwnXSb1q+3K/SFnG9S5CPHwV0OC1SU8tB/QRKb 0grKL8DAhQsO4H4xtxEdSg2W2HNQXFEPUMPDqmIoGeYo6pF9loW1IgPey O2hYyBItWFYM8jYb3ubtscQSXwuinDr4nwrn/EEsBGtNDQH3bPFqY6q/Y TtzWodXtaJC/HkEz3HS3kVYaqB9Mq8KC+eI0ajXzYAuncRwdn8GK7tFLg GQgpdRoiTKjqES/9F6wc0IQ9noe+mKrWwehfr1DY7Zz4MlnWTvpuJs2be jRGNPR85L6hg/j6Fa50notxD4lRJ3sgmzqBKgVakXG08DYqTb6i+7H/qj w==; X-IronPort-AV: E=McAfee;i="6400,9594,10339"; a="268736170" X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="268736170" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:21 -0700 X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="812594485" Received: from rhweight-mobl.amr.corp.intel.com (HELO rhweight-mobl.ra.intel.com) ([10.212.152.127]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:21 -0700 From: Russ Weight To: mdf@kernel.org, hao.wu@intel.com, yilun.xu@intel.com, lee.jones@linaro.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, marpagan@redhat.com, lgoncalv@redhat.com, matthew.gerlach@linux.intel.com, basheer.ahmed.muddebihal@intel.com, tianfei.zhang@intel.com, Russ Weight Subject: [PATCH v18 4/5] fpga: cardbmc-sec: expose canceled keys in sysfs Date: Fri, 6 May 2022 15:54:14 -0700 Message-Id: <20220506225415.78763-5-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220506225415.78763-1-russell.h.weight@intel.com> References: <20220506225415.78763-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org Extend the FPGA Card BMC Secure Update driver to provide sysfs files to expose the canceled code signing key (CSK) bit vectors. These use the standard bitmap list format (e.g. 1,2-6,9). Signed-off-by: Russ Weight Reviewed-by: Tom Rix --- v18: - No change v17: - Update the Date and KernelVersion for the ABI documentation to Jul 2022 and 5.19 respectively. - Change "m10bmc" in symbol names to "cardbmc" to reflect the fact that the future devices will not necessarily use the MAX10. v16: - No Change v15: - Updated the Dates and KernelVersions in the ABI documentation v14: - No changes v13: - Updated ABI documentation date and kernel version v12: - Updated Date and KernelVersion fields in ABI documentation v11: - No change v10: - Changed the path expressions in the sysfs documentation to replace the n3000 reference with something more generic to accomodate other devices that use the same driver. v9: - Rebased to 5.12-rc2 next - Updated Date and KernelVersion in ABI documentation v8: - Previously patch 4/6, otherwise no change v7: - Updated Date and KernelVersion in ABI documentation v6: - Added WARN_ON() call for (size / stride) to ensure that the proper count is passed to regmap_bulk_read(). v5: - No change v4: - Moved sysfs files for displaying the code-signing-key (CSK) cancellation vectors from the FPGA Security Manger class driver to here. The m10bmc_csk_vector() and m10bmc_csk_cancel_nbits() functions are removed and the functionality from these functions is moved into a show_canceled_csk() function for for displaying the CSK vectors. - Added ABI documentation for new sysfs entries v3: - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update driver" - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The underlying functions are now called directly. - Renamed get_csk_vector() to m10bmc_csk_vector() v2: - Replaced small function-creation macros for explicit function declarations. - Fixed get_csk_vector() function to properly apply the stride variable in calls to m10bmc_raw_bulk_read() - Added m10bmc_ prefix to functions in m10bmc_iops structure --- .../sysfs-driver-intel-cardbmc-sec-update | 24 ++++++++++ drivers/fpga/intel-cardbmc-sec-update.c | 48 +++++++++++++++++++ 2 files changed, 72 insertions(+) diff --git a/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update b/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update index 04f8c5a1fc1c..f7c2c9a6e9c6 100644 --- a/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update +++ b/Documentation/ABI/testing/sysfs-driver-intel-cardbmc-sec-update @@ -28,6 +28,30 @@ Description: Read only. Returns the root entry hash for the BMC image underlying device supports it. Format: string. +What: /sys/bus/platform/drivers/intel-cardbmc-sec-update/.../security/sr_canceled_csks +Date: Jul 2022 +KernelVersion: 5.19 +Contact: Russ Weight +Description: Read only. Returns a list of indices for canceled code + signing keys for the static region. The standard bitmap + list format is used (e.g. "1,2-6,9"). + +What: /sys/bus/platform/drivers/intel-cardbmc-sec-update/.../security/pr_canceled_csks +Date: Jul 2022 +KernelVersion: 5.19 +Contact: Russ Weight +Description: Read only. Returns a list of indices for canceled code + signing keys for the partial reconfiguration region. The + standard bitmap list format is used (e.g. "1,2-6,9"). + +What: /sys/bus/platform/drivers/intel-cardbmc-sec-update/.../security/bmc_canceled_csks +Date: Jul 2022 +KernelVersion: 5.19 +Contact: Russ Weight +Description: Read only. Returns a list of indices for canceled code + signing keys for the BMC. The standard bitmap list format + is used (e.g. "1,2-6,9"). + What: /sys/bus/platform/drivers/intel-cardbmc-sec-update/.../security/flash_count Date: Jul 2022 KernelVersion: 5.19 diff --git a/drivers/fpga/intel-cardbmc-sec-update.c b/drivers/fpga/intel-cardbmc-sec-update.c index d8f3645e2139..41c828d6d65a 100644 --- a/drivers/fpga/intel-cardbmc-sec-update.c +++ b/drivers/fpga/intel-cardbmc-sec-update.c @@ -77,6 +77,51 @@ DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR); DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR); DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR); +#define CSK_BIT_LEN 128U +#define CSK_32ARRAY_SIZE DIV_ROUND_UP(CSK_BIT_LEN, 32) + +static ssize_t +show_canceled_csk(struct device *dev, u32 addr, char *buf) +{ + unsigned int i, stride, size = CSK_32ARRAY_SIZE * sizeof(u32); + struct bmc_sec *sec = dev_get_drvdata(dev); + DECLARE_BITMAP(csk_map, CSK_BIT_LEN); + __le32 csk_le32[CSK_32ARRAY_SIZE]; + u32 csk32[CSK_32ARRAY_SIZE]; + int ret; + + stride = regmap_get_reg_stride(sec->m10bmc->regmap); + + WARN_ON(size % stride); + ret = regmap_bulk_read(sec->m10bmc->regmap, addr, csk_le32, + size / stride); + if (ret) { + dev_err(sec->dev, "failed to read CSK vector: %x cnt %x: %d\n", + addr, size / stride, ret); + return ret; + } + + for (i = 0; i < CSK_32ARRAY_SIZE; i++) + csk32[i] = le32_to_cpu(((csk_le32[i]))); + + bitmap_from_arr32(csk_map, csk32, CSK_BIT_LEN); + bitmap_complement(csk_map, csk_map, CSK_BIT_LEN); + return bitmap_print_to_pagebuf(1, buf, csk_map, CSK_BIT_LEN); +} + +#define DEVICE_ATTR_SEC_CSK_RO(_name, _addr) \ +static ssize_t _name##_canceled_csks_show(struct device *dev, \ + struct device_attribute *attr, \ + char *buf) \ +{ return show_canceled_csk(dev, _addr, buf); } \ +static DEVICE_ATTR_RO(_name##_canceled_csks) + +#define CSK_VEC_OFFSET 0x34 + +DEVICE_ATTR_SEC_CSK_RO(bmc, BMC_PROG_ADDR + CSK_VEC_OFFSET); +DEVICE_ATTR_SEC_CSK_RO(sr, SR_PROG_ADDR + CSK_VEC_OFFSET); +DEVICE_ATTR_SEC_CSK_RO(pr, PR_PROG_ADDR + CSK_VEC_OFFSET); + #define FLASH_COUNT_SIZE 4096 /* count stored as inverted bit vector */ static ssize_t flash_count_show(struct device *dev, @@ -117,6 +162,9 @@ static struct attribute *bmc_security_attrs[] = { &dev_attr_bmc_root_entry_hash.attr, &dev_attr_sr_root_entry_hash.attr, &dev_attr_pr_root_entry_hash.attr, + &dev_attr_sr_canceled_csks.attr, + &dev_attr_pr_canceled_csks.attr, + &dev_attr_bmc_canceled_csks.attr, NULL, }; From patchwork Fri May 6 22:54:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russ Weight X-Patchwork-Id: 12841730 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ACC3FC433EF for ; Fri, 6 May 2022 22:59:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1444521AbiEFXBc (ORCPT ); Fri, 6 May 2022 19:01:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35638 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1444897AbiEFW61 (ORCPT ); Fri, 6 May 2022 18:58:27 -0400 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1998D6D959; Fri, 6 May 2022 15:54:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1651877678; x=1683413678; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=c3oOL/8ctMHZbRdIKCYhP1D/us2d+lYV7lvX/LHH9uw=; b=BNbQlqlEG2qZng+k0A6e8Efoz1+D4qxfvf84U1oNFTORkLNfliDW6ZGt xOrgjwr9ZZ7dRIaKyHc3ZqtaTstJiS1ZzRiHoKm0/sEoY1acWiqKIKynI QV4Ess/KWVEmeH500Ugk31IKhG/4RO7VHuGw+RHFgY9Z+9Rq4QtKhPO7B oD/M3WMJuydacydrMujOdNtoS9syy6K2DokGiTmxqetOSlbLWgetH75yQ 01yOYUvU5O+XRJ534WaxxRZBWaSyTZorxWh/SJgUpHLfhphAdeUBcV2aT bq2MisRagvi99N/ZtWqjgYFvs6DXeCsoZeMe0c8P6g/PSE9sjnOIs/ya1 w==; X-IronPort-AV: E=McAfee;i="6400,9594,10339"; a="268736174" X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="268736174" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:22 -0700 X-IronPort-AV: E=Sophos;i="5.91,205,1647327600"; d="scan'208";a="812594489" Received: from rhweight-mobl.amr.corp.intel.com (HELO rhweight-mobl.ra.intel.com) ([10.212.152.127]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2022 15:54:21 -0700 From: Russ Weight To: mdf@kernel.org, hao.wu@intel.com, yilun.xu@intel.com, lee.jones@linaro.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: trix@redhat.com, marpagan@redhat.com, lgoncalv@redhat.com, matthew.gerlach@linux.intel.com, basheer.ahmed.muddebihal@intel.com, tianfei.zhang@intel.com, Russ Weight Subject: [PATCH v18 5/5] fpga: cardbmc-sec: add card BMC secure update functions Date: Fri, 6 May 2022 15:54:15 -0700 Message-Id: <20220506225415.78763-6-russell.h.weight@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220506225415.78763-1-russell.h.weight@intel.com> References: <20220506225415.78763-1-russell.h.weight@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fpga@vger.kernel.org Create firmware upload ops and call the Firmware Upload support of the Firmware Loader subsystem to enable FPGA image uploads for secure updates of BMC images, FPGA images, etc. Signed-off-by: Russ Weight --- v18: - Moved the firmware_upload_register() function here from an earlier patch since this is where the required ops are provided. - Moved the bmc_sec_remove() function here from an earlier patch to unregister the firmware driver and do cleanup. v17: - Change "m10bmc" in symbol names to "cardbmc" to reflect the fact that the future devices will not necessarily use the MAX10. - Change from image_load class driver to the new firmware_upload functionality of the firmware_loader. - fw_upload_ops functions will return "enum fw_upload_err" data types instead of integer values. v16: - Use 0 instead of FPGA_IMAGE_ERR_NONE to indicate success. - The size alignment check was moved from the FPGA Image Load framework to the prepare() op. - Added cancel_request boolean flag to struct m10bmc_sec. - Moved the RSU cancellation logic from m10bmc_sec_cancel() to a new rsu_cancel() function. - The m10bmc_sec_cancel() function ONLY sets the cancel_request flag. The cancel_request flag is checked at the beginning of the m10bmc_sec_write() and m10bmc_sec_poll_complete() functions. - Adapt to changed prototypes for the prepare() and write() ops. The m10bmc_sec_write_blk() function has been renamed to m10bmc_sec_write(). - Created a cleanup() op, m10bmc_sec_cleanup(), to attempt to cancel an ongoing op during when exiting the update process. v15: - Adapted to changes in the FPGA Image Load framework: (1) All enum types (progress and errors) are now type u32 (2) m10bmc_sec_write_blk() adds *blk_size and max_size parameters and uses *blk_size as provided by the caller. (3) m10bmc_sec_poll_complete() no long checks the driver_unload flag. v14: - Changed symbol names to reflect the renaming of the Security Manager Class driver to FPGA Image Load. v13: - No change v12: - Updated Date and KernelVersion fields in ABI documentation - Removed size parameter from the write_blk() op. m10bmc_sec_write_blk() no longer has a size parameter, and the block size is determined in this (the lower-level) driver. v11: - No change v10: - No change v9: - No change v8: - Previously patch 5/6, otherwise no change v7: - No change v6: - Changed (size / stride) calculation to ((size + stride - 1) / stride) to ensure that the proper count is passed to regmap_bulk_write(). - Removed unnecessary call to rsu_check_complete() in m10bmc_sec_poll_complete() and changed while loop to do/while loop. v5: - No change v4: - No change v3: - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_ - Changed "MAX10 BMC Secure Engine driver" to "MAX10 BMC Secure Update driver" - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The underlying functions are now called directly. - Changed calling functions of functions that return "enum fpga_sec_err" to check for (ret != FPGA_SEC_ERR_NONE) instead of (ret) v2: - Reworked the rsu_start_done() function to make it more readable - Reworked while-loop condition/content in rsu_prog_ready() - Minor code cleanup per review comments - Added a comment to the m10bmc_sec_poll_complete() function to explain the context (could take 30+ minutes to complete). - Added m10bmc_ prefix to functions in m10bmc_iops structure - Moved MAX10 BMC address and function definitions to a separate patch. --- drivers/fpga/intel-cardbmc-sec-update.c | 377 ++++++++++++++++++++++++ 1 file changed, 377 insertions(+) diff --git a/drivers/fpga/intel-cardbmc-sec-update.c b/drivers/fpga/intel-cardbmc-sec-update.c index 41c828d6d65a..39d5590d582a 100644 --- a/drivers/fpga/intel-cardbmc-sec-update.c +++ b/drivers/fpga/intel-cardbmc-sec-update.c @@ -17,8 +17,14 @@ struct bmc_sec { struct device *dev; struct intel_m10bmc *m10bmc; + struct fw_upload *fwl; + char *fw_name; + u32 fw_name_id; + bool cancel_request; }; +static DEFINE_XARRAY_ALLOC(fw_upload_xa); + /* Root Entry Hash (REH) support */ #define REH_SHA256_SIZE 32 #define REH_SHA384_SIZE 48 @@ -178,9 +184,349 @@ static const struct attribute_group *bmc_sec_attr_groups[] = { NULL, }; +static void log_error_regs(struct bmc_sec *sec, u32 doorbell) +{ + u32 auth_result; + + dev_err(sec->dev, "RSU error status: 0x%08x\n", doorbell); + + if (!m10bmc_sys_read(sec->m10bmc, M10BMC_AUTH_RESULT, &auth_result)) + dev_err(sec->dev, "RSU auth result: 0x%08x\n", auth_result); +} + +static enum fw_upload_err rsu_check_idle(struct bmc_sec *sec) +{ + u32 doorbell; + int ret; + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) + return FW_UPLOAD_ERR_RW_ERROR; + + if (rsu_prog(doorbell) != RSU_PROG_IDLE && + rsu_prog(doorbell) != RSU_PROG_RSU_DONE) { + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_BUSY; + } + + return FW_UPLOAD_ERR_NONE; +} + +static inline bool rsu_start_done(u32 doorbell) +{ + u32 status, progress; + + if (doorbell & DRBL_RSU_REQUEST) + return false; + + status = rsu_stat(doorbell); + if (status == RSU_STAT_ERASE_FAIL || status == RSU_STAT_WEAROUT) + return true; + + progress = rsu_prog(doorbell); + if (progress != RSU_PROG_IDLE && progress != RSU_PROG_RSU_DONE) + return true; + + return false; +} + +static enum fw_upload_err rsu_update_init(struct bmc_sec *sec) +{ + u32 doorbell, status; + int ret; + + ret = regmap_update_bits(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + DRBL_RSU_REQUEST | DRBL_HOST_STATUS, + DRBL_RSU_REQUEST | + FIELD_PREP(DRBL_HOST_STATUS, + HOST_STATUS_IDLE)); + if (ret) + return FW_UPLOAD_ERR_RW_ERROR; + + ret = regmap_read_poll_timeout(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + doorbell, + rsu_start_done(doorbell), + NIOS_HANDSHAKE_INTERVAL_US, + NIOS_HANDSHAKE_TIMEOUT_US); + + if (ret == -ETIMEDOUT) { + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_TIMEOUT; + } else if (ret) { + return FW_UPLOAD_ERR_RW_ERROR; + } + + status = rsu_stat(doorbell); + if (status == RSU_STAT_WEAROUT) { + dev_warn(sec->dev, "Excessive flash update count detected\n"); + return FW_UPLOAD_ERR_WEAROUT; + } else if (status == RSU_STAT_ERASE_FAIL) { + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_HW_ERROR; + } + + return FW_UPLOAD_ERR_NONE; +} + +static enum fw_upload_err rsu_prog_ready(struct bmc_sec *sec) +{ + unsigned long poll_timeout; + u32 doorbell, progress; + int ret; + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) + return FW_UPLOAD_ERR_RW_ERROR; + + poll_timeout = jiffies + msecs_to_jiffies(RSU_PREP_TIMEOUT_MS); + while (rsu_prog(doorbell) == RSU_PROG_PREPARE) { + msleep(RSU_PREP_INTERVAL_MS); + if (time_after(jiffies, poll_timeout)) + break; + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) + return FW_UPLOAD_ERR_RW_ERROR; + } + + progress = rsu_prog(doorbell); + if (progress == RSU_PROG_PREPARE) { + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_TIMEOUT; + } else if (progress != RSU_PROG_READY) { + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_HW_ERROR; + } + + return FW_UPLOAD_ERR_NONE; +} + +static enum fw_upload_err rsu_send_data(struct bmc_sec *sec) +{ + u32 doorbell; + int ret; + + ret = regmap_update_bits(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + DRBL_HOST_STATUS, + FIELD_PREP(DRBL_HOST_STATUS, + HOST_STATUS_WRITE_DONE)); + if (ret) + return FW_UPLOAD_ERR_RW_ERROR; + + ret = regmap_read_poll_timeout(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + doorbell, + rsu_prog(doorbell) != RSU_PROG_READY, + NIOS_HANDSHAKE_INTERVAL_US, + NIOS_HANDSHAKE_TIMEOUT_US); + + if (ret == -ETIMEDOUT) { + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_TIMEOUT; + } else if (ret) { + return FW_UPLOAD_ERR_RW_ERROR; + } + + switch (rsu_stat(doorbell)) { + case RSU_STAT_NORMAL: + case RSU_STAT_NIOS_OK: + case RSU_STAT_USER_OK: + case RSU_STAT_FACTORY_OK: + break; + default: + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_HW_ERROR; + } + + return FW_UPLOAD_ERR_NONE; +} + +static int rsu_check_complete(struct bmc_sec *sec, u32 *doorbell) +{ + if (m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, doorbell)) + return -EIO; + + switch (rsu_stat(*doorbell)) { + case RSU_STAT_NORMAL: + case RSU_STAT_NIOS_OK: + case RSU_STAT_USER_OK: + case RSU_STAT_FACTORY_OK: + break; + default: + return -EINVAL; + } + + switch (rsu_prog(*doorbell)) { + case RSU_PROG_IDLE: + case RSU_PROG_RSU_DONE: + return 0; + case RSU_PROG_AUTHENTICATING: + case RSU_PROG_COPYING: + case RSU_PROG_UPDATE_CANCEL: + case RSU_PROG_PROGRAM_KEY_HASH: + return -EAGAIN; + default: + return -EINVAL; + } +} + +static enum fw_upload_err rsu_cancel(struct bmc_sec *sec) +{ + u32 doorbell; + int ret; + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) + return FW_UPLOAD_ERR_RW_ERROR; + + if (rsu_prog(doorbell) != RSU_PROG_READY) + return FW_UPLOAD_ERR_BUSY; + + ret = regmap_update_bits(sec->m10bmc->regmap, + M10BMC_SYS_BASE + M10BMC_DOORBELL, + DRBL_HOST_STATUS, + FIELD_PREP(DRBL_HOST_STATUS, + HOST_STATUS_ABORT_RSU)); + if (ret) + return FW_UPLOAD_ERR_RW_ERROR; + + return FW_UPLOAD_ERR_CANCELED; +} + +static enum fw_upload_err bmc_sec_prepare(struct fw_upload *fwl, + const u8 *data, u32 size) +{ + struct bmc_sec *sec = fwl->dd_handle; + u32 ret; + + sec->cancel_request = false; + + if (!size || size & 0x3 || size > M10BMC_STAGING_SIZE) + return FW_UPLOAD_ERR_INVALID_SIZE; + + ret = rsu_check_idle(sec); + if (ret != FW_UPLOAD_ERR_NONE) + return ret; + + ret = rsu_update_init(sec); + if (ret != FW_UPLOAD_ERR_NONE) + return ret; + + ret = rsu_prog_ready(sec); + if (ret != FW_UPLOAD_ERR_NONE) + return ret; + + if (sec->cancel_request) + return rsu_cancel(sec); + + return FW_UPLOAD_ERR_NONE; +} + +#define WRITE_BLOCK_SIZE 0x4000 /* Default write-block size is 0x4000 bytes */ + +static enum fw_upload_err bmc_sec_write(struct fw_upload *fwl, const u8 *data, + u32 offset, u32 size, u32 *written) +{ + struct bmc_sec *sec = fwl->dd_handle; + unsigned int stride = regmap_get_reg_stride(sec->m10bmc->regmap); + u32 blk_size, doorbell; + int ret; + + if (sec->cancel_request) + return rsu_cancel(sec); + + ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell); + if (ret) { + return FW_UPLOAD_ERR_RW_ERROR; + } else if (rsu_prog(doorbell) != RSU_PROG_READY) { + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_HW_ERROR; + } + + blk_size = min_t(u32, WRITE_BLOCK_SIZE, size); + ret = regmap_bulk_write(sec->m10bmc->regmap, + M10BMC_STAGING_BASE + offset, + (void *)data + offset, + (blk_size + stride - 1) / stride); + + if (ret) + return FW_UPLOAD_ERR_RW_ERROR; + + *written = blk_size; + return FW_UPLOAD_ERR_NONE; +} + +static enum fw_upload_err bmc_sec_poll_complete(struct fw_upload *fwl) +{ + struct bmc_sec *sec = fwl->dd_handle; + unsigned long poll_timeout; + u32 doorbell, result; + int ret; + + if (sec->cancel_request) + return rsu_cancel(sec); + + result = rsu_send_data(sec); + if (result != FW_UPLOAD_ERR_NONE) + return result; + + poll_timeout = jiffies + msecs_to_jiffies(RSU_COMPLETE_TIMEOUT_MS); + do { + msleep(RSU_COMPLETE_INTERVAL_MS); + ret = rsu_check_complete(sec, &doorbell); + } while (ret == -EAGAIN && !time_after(jiffies, poll_timeout)); + + if (ret == -EAGAIN) { + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_TIMEOUT; + } else if (ret == -EIO) { + return FW_UPLOAD_ERR_RW_ERROR; + } else if (ret) { + log_error_regs(sec, doorbell); + return FW_UPLOAD_ERR_HW_ERROR; + } + + return FW_UPLOAD_ERR_NONE; +} + +/* + * bmc_sec_cancel() may be called asynchronously with an on-going update. + * All other functions are called sequentially in a single thread. To avoid + * contention on register accesses, bmc_sec_cancel() must only update + * the cancel_request flag. Other functions will check this flag and handle + * the cancel request synchronously. + */ +static void bmc_sec_cancel(struct fw_upload *fwl) +{ + struct bmc_sec *sec = fwl->dd_handle; + + sec->cancel_request = true; +} + +static void bmc_sec_cleanup(struct fw_upload *fwl) +{ + struct bmc_sec *sec = fwl->dd_handle; + + (void)rsu_cancel(sec); +} + +static const struct fw_upload_ops cardbmc_ops = { + .prepare = bmc_sec_prepare, + .write = bmc_sec_write, + .poll_complete = bmc_sec_poll_complete, + .cancel = bmc_sec_cancel, + .cleanup = bmc_sec_cleanup, +}; + #define SEC_UPDATE_LEN_MAX 32 static int bmc_sec_probe(struct platform_device *pdev) { + char buf[SEC_UPDATE_LEN_MAX]; + struct fw_upload *fwl; + unsigned int len, ret; struct bmc_sec *sec; sec = devm_kzalloc(&pdev->dev, sizeof(*sec), GFP_KERNEL); @@ -191,6 +537,36 @@ static int bmc_sec_probe(struct platform_device *pdev) sec->m10bmc = dev_get_drvdata(pdev->dev.parent); dev_set_drvdata(&pdev->dev, sec); + ret = xa_alloc(&fw_upload_xa, &sec->fw_name_id, sec, + xa_limit_32b, GFP_KERNEL); + if (ret) + return ret; + + len = scnprintf(buf, SEC_UPDATE_LEN_MAX, "secure-update%d", + sec->fw_name_id); + sec->fw_name = kmemdup_nul(buf, len, GFP_KERNEL); + + fwl = firmware_upload_register(THIS_MODULE, sec->dev, sec->fw_name, + &cardbmc_ops, sec); + if (IS_ERR(fwl)) { + dev_err(sec->dev, "Firmware Upload driver failed to start\n"); + kfree(sec->fw_name); + xa_erase(&fw_upload_xa, sec->fw_name_id); + return PTR_ERR(fwl); + } + + sec->fwl = fwl; + return 0; +} + +static int bmc_sec_remove(struct platform_device *pdev) +{ + struct bmc_sec *sec = dev_get_drvdata(&pdev->dev); + + firmware_upload_unregister(sec->fwl); + kfree(sec->fw_name); + xa_erase(&fw_upload_xa, sec->fw_name_id); + return 0; } @@ -203,6 +579,7 @@ static const struct platform_device_id intel_cardbmc_sec_ids[] = { static struct platform_driver intel_cardbmc_sec_driver = { .probe = bmc_sec_probe, + .remove = bmc_sec_remove, .driver = { .name = "intel-cardbmc-sec-update", .dev_groups = bmc_sec_attr_groups,