Re: [PATCH v8 0/5] Intel MAX10 BMC Secure Update Driver

[Russ Weight]

On 1/21/21 3:29 PM, Russ Weight wrote:
> The Intel MAX10 BMC Secure Update driver instantiates the FPGA
> Security Manager class driver and provides the callback functions
> required to support secure updates on Intel n3000 PAC devices.
> This driver is implemented as a sub-driver of the Intel MAX10 BMC
> mfd driver. Future instances of the MAX10 BMC will support other
> devices as well (e.g. d5005) and this same MAX10 BMC Secure
> Update driver will receive modifications to support that device.
>
> This driver interacts with the HW secure update engine of the
> BMC in order to transfer new FPGA and BMC images to FLASH so
> that they will be automatically loaded when the FPGA card reboots.
> Security is enforced by hardware and firmware. The MAX10 BMC
> Secure Update driver interacts with the firmware to initiate
> an update, pass in the necessary data, and collect status on
> the update.
>
> This driver provides sysfs files for displaying the flash count,
> the root entry hashes (REH), and the code-signing-key (CSK)
> cancellation vectors.
>
> These patches are dependent on other patches that are under
> review. If you want to apply and compile these patches on
> linux-next, please apply these patches first:
One more prerequisite patch. Apply this one first:

https://marc.info/?l=linux-kernel&m=161066634118704&w=2

> (1 patch)   https://marc.info/?l=linux-kernel&m=161126987101096&w=2
> (7 patches) https://marc.info/?l=linux-fpga&m=160988774201859&w=2
>
> Changelog v7 -> v8:
>   - Spit out patch "mfd: intel-m10-bmc: support for MAX10 BMC Secure
>     Updates" and submitted it separately:
>     https://marc.info/?l=linux-kernel&m=161126987101096&w=2
>
> Changelog v6 -> v7:
>   - Rebased patches for 5.11-rc2
>   - Updated Date and KernelVersion in ABI documentation
>
> Changelog v5 -> v6:
>   - Added WARN_ON() prior to several calls to regmap_bulk_read()
>     to assert that the (SIZE / stride) calculations did not result
>     in remainders.
>   - Changed the (size / stride) calculation in regmap_bulk_write()
>     call to ensure that we don't write one less than intended.
>   - Changed flash_count_show() parameter list to achieve
>     reverse-christmas tree format.
>   - Removed unnecessary call to rsu_check_complete() in
>     m10bmc_sec_poll_complete() and changed while loop to
>     do/while loop.
>   - Initialized auth_result and doorbell to HW_ERRINFO_POISON
>     in m10bmc_sec_hw_errinfo() and removed unnecessary if statements.
>
> Changelog v4 -> v5:
>   - Renamed sysfs node user_flash_count to flash_count and updated
>     the sysfs documentation accordingly to more accurately descirbe
>     the purpose of the count.
>
> Changelog v3 -> v4:
>   - Moved sysfs files for displaying the flash count, the root
>     entry hashes (REH), and the code-signing-key (CSK) cancellation
>     vectors from the FPGA Security Manager class driver to this
>     driver (as they are not generic enough for the class driver).
>   - Added a new ABI documentation file with informtaion about the
>     new sysfs entries: sysfs-driver-intel-m10-bmc-secure
>   - Updated the MAINTAINERS file to add the new ABI documentation
>     file: sysfs-driver-intel-m10-bmc-secure
>   - Removed unnecessary ret variable from m10bmc_secure_probe()
>   - Incorporated new devm_fpga_sec_mgr_register() function into
>     m10bmc_secure_probe() and removed the m10bmc_secure_remove()
>     function.
>
> Changelog v2 -> v3:
>   - Changed "MAX10 BMC Security Engine driver" to "MAX10 BMC Secure
>     Update driver"
>   - Changed from "Intel FPGA Security Manager" to FPGA Security Manager"
>   - Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_
>   - Removed wrapper functions (m10bmc_raw_*, m10bmc_sys_*). The
>     underlying functions are now called directly.
>   - Changed "_root_entry_hash" to "_reh", with a comment explaining
>     what reh is.
>   - Renamed get_csk_vector() to m10bmc_csk_vector()
>   - Changed calling functions of functions that return "enum fpga_sec_err"
>     to check for (ret != FPGA_SEC_ERR_NONE) instead of (ret)
>
> Changelog v1 -> v2:
>   - These patches were previously submitted as part of a larger V1
>     patch set under the title "Intel FPGA Security Manager Class Driver".
>   - Grouped all changes to include/linux/mfd/intel-m10-bmc.h into a
>     single patch: "mfd: intel-m10-bmc: support for MAX10 BMC Security
>     Engine".
>   - Removed ifpga_sec_mgr_init() and ifpga_sec_mgr_uinit() functions.
>   - Adapted to changes in the Intel FPGA Security Manager by splitting
>     the single call to ifpga_sec_mgr_register() into two function
>     calls: devm_ifpga_sec_mgr_create() and ifpga_sec_mgr_register().
>   - Replaced small function-creation macros for explicit function
>     declarations.
>   - Bug fix for the get_csk_vector() function to properly apply the
>     stride variable in calls to m10bmc_raw_bulk_read().
>   - Added m10bmc_ prefix to functions in m10bmc_iops structure
>   - Implemented HW_ERRINFO_POISON for m10bmc_sec_hw_errinfo() to
>     ensure that corresponding bits are set to 1 if we are unable
>     to read the doorbell or auth_result registers.
>   - Added comments and additional code cleanup per V1 review.
>
>
> Russ Weight (5):
>   fpga: m10bmc-sec: create max10 bmc secure update driver
>   fpga: m10bmc-sec: expose max10 flash update count
>   fpga: m10bmc-sec: expose max10 canceled keys in sysfs
>   fpga: m10bmc-sec: add max10 secure update functions
>   fpga: m10bmc-sec: add max10 get_hw_errinfo callback func
>
>  .../testing/sysfs-driver-intel-m10-bmc-secure |  61 ++
>  MAINTAINERS                                   |   2 +
>  drivers/fpga/Kconfig                          |  11 +
>  drivers/fpga/Makefile                         |   3 +
>  drivers/fpga/intel-m10-bmc-secure.c           | 543 ++++++++++++++++++
>  5 files changed, 620 insertions(+)
>  create mode 100644 Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-secure
>  create mode 100644 drivers/fpga/intel-m10-bmc-secure.c
>