| #
1e55c520 |
|
22-Oct-2023 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: Change contact for secure update driver
Change the maintainer for the Intel MAX10 BMC Secure Update driver from
Russ Weight to Peter Colberg. Update the ABI documentation contact
information as well.
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Acked-by: Peter Colberg <peter.colberg@intel.com>
Link: https://lore.kernel.org/r/20230928164753.278684-1-russell.h.weight@intel.com
Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
Link: https://lore.kernel.org/r/20231023032857.902699-2-yilun.xu@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| #
7f03d84a |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: expose max10 canceled keys in sysfs
Extend the MAX10 BMC Secure Update driver to provide sysfs files to
expose the 128 bit code signing key (CSK) cancellation vectors. These use
the standard bitmap list format (e.g. 1,2-6,9).
Each CSK is assigned an ID, a number between 0-127, during the signing
process. CSK ID cancellation information is stored in 128-bit fields in
write-once locations in flash. The cancellation of a CSK can be used
to prevent the card from being rolled back to older images that were
signed with a CSK that is now cancelled.
Reviewed-by: Tom Rix <trix@redhat.com>
Tested-by: Tianfei Zhang <tianfei.zhang@intel.com>
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Link: https://lore.kernel.org/r/20220606160038.846236-5-russell.h.weight@intel.com
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
| #
154afa5c |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: expose max10 flash update count
Extend the MAX10 BMC Secure Update driver to provide a sysfs file to
expose the flash update count.
Reviewed-by: Tom Rix <trix@redhat.com>
Tested-by: Tianfei Zhang <tianfei.zhang@intel.com>
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Link: https://lore.kernel.org/r/20220606160038.846236-4-russell.h.weight@intel.com
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
| #
bdf86d0e |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: create max10 bmc secure update
Create a sub-driver for the FPGA Card BMC in order to support secure
updates. This patch creates the Max10 BMC Secure Update driver and
provides sysfs files for displaying the root entry hashes (REH) for the
FPGA static region (SR), the FPGA Partial Reconfiguration (PR) region,
and the card BMC.
The Intel MAX10 BMC Root of Trust (RoT) requires that all BMC Nios firmware
and FPGA images are authenticated using ECDSA before loading and executing
on the card. Code Signing Keys (CSK) are used to sign images. CSKs are
signed by a root key. The root entry hash is created from the root public
key.
The RoT provides authentication by storing an REH bitstream to a write-once
location. Image signatures are verified against the hash.
Reviewed-by: Tom Rix <trix@redhat.com>
Tested-by: Tianfei Zhang <tianfei.zhang@intel.com>
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Link: https://lore.kernel.org/r/20220606160038.846236-3-russell.h.weight@intel.com
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|