#
1e55c520 |
|
22-Oct-2023 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: Change contact for secure update driver Change the maintainer for the Intel MAX10 BMC Secure Update driver from Russ Weight to Peter Colberg. Update the ABI documentation contact information as well. Signed-off-by: Russ Weight <russell.h.weight@intel.com> Acked-by: Peter Colberg <peter.colberg@intel.com> Link: https://lore.kernel.org/r/20230928164753.278684-1-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com> Link: https://lore.kernel.org/r/20231023032857.902699-2-yilun.xu@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7f03d84a |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: expose max10 canceled keys in sysfs Extend the MAX10 BMC Secure Update driver to provide sysfs files to expose the 128 bit code signing key (CSK) cancellation vectors. These use the standard bitmap list format (e.g. 1,2-6,9). Each CSK is assigned an ID, a number between 0-127, during the signing process. CSK ID cancellation information is stored in 128-bit fields in write-once locations in flash. The cancellation of a CSK can be used to prevent the card from being rolled back to older images that were signed with a CSK that is now cancelled. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-5-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
#
154afa5c |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: expose max10 flash update count Extend the MAX10 BMC Secure Update driver to provide a sysfs file to expose the flash update count. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-4-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
#
bdf86d0e |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: create max10 bmc secure update Create a sub-driver for the FPGA Card BMC in order to support secure updates. This patch creates the Max10 BMC Secure Update driver and provides sysfs files for displaying the root entry hashes (REH) for the FPGA static region (SR), the FPGA Partial Reconfiguration (PR) region, and the card BMC. The Intel MAX10 BMC Root of Trust (RoT) requires that all BMC Nios firmware and FPGA images are authenticated using ECDSA before loading and executing on the card. Code Signing Keys (CSK) are used to sign images. CSKs are signed by a root key. The root entry hash is created from the root public key. The RoT provides authentication by storing an REH bitstream to a write-once location. Image signatures are verified against the hash. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-3-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|