#
84a313b7 |
|
19-Dec-2023 |
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> |
fpga: intel-m10-bmc-sec-update: Convert to platform remove callback returning void The .remove() callback for a platform driver returns an int which makes many driver authors wrongly assume it's possible to do error handling by returning an error code. However the value returned is ignored (apart from emitting a warning) and this typically results in resource leaks. To improve here there is a quest to make the remove callback return void. In the first step of this quest all drivers are converted to .remove_new(), which already returns void. Eventually after all drivers are converted, .remove_new() will be renamed to .remove(). Trivially convert this driver from always returning zero in the remove callback to the void returning variant. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Acked-by: Xu Yilun <yilun.xu@intel.com> Link: https://lore.kernel.org/r/8d7b192ade744a70da4d7bc681ee4e00f9d04ba9.1703006638.git.u.kleine-koenig@pengutronix.de Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
|
#
867cae44 |
|
16-Apr-2023 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
mfd: intel-m10-bmc: Manage access to MAX 10 fw handshake registers On some MAX 10 cards, the BMC firmware is not available to service handshake registers during secure update erase and write phases at normal speeds. This problem affects at least hwmon driver. When the MAX 10 hwmon driver tries to read the sensor values during a secure update, the reads are slowed down (e.g., reading all D5005 sensors takes ~24s which is magnitudes worse than the normal <0.02s). Manage access to the handshake registers using a rw semaphore and a FW state variable to prevent accesses during those secure update phases and return -EBUSY instead. If handshake_sys_reg_nranges == 0, don't update bwcfw_state as it is not used. This avoids the locking cost. Co-developed-by: Russ Weight <russell.h.weight@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Co-developed-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Signed-off-by: Lee Jones <lee@kernel.org> Link: https://lore.kernel.org/r/20230417092653.16487-5-ilpo.jarvinen@linux.intel.com
|
#
c452e3bd |
|
16-Apr-2023 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
mfd: intel-m10-bmc: Create m10bmc_sys_update_bits() Wrap regmap_update_bits() with m10bmc_sys_update_bits() in order to be able to add additional checks into it. Co-developed-by: Russ Weight <russell.h.weight@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Reviewed-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Lee Jones <lee@kernel.org> Link: https://lore.kernel.org/r/20230417092653.16487-3-ilpo.jarvinen@linux.intel.com
|
#
c3d79fda |
|
08-Feb-2023 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
fpga: m10bmc-sec: Fix rsu_send_data() to return FW_UPLOAD_ERR_HW_ERROR rsu_send_data() should return FW_UPLOAD_ERR_* error codes instead of normal -Exxxx codes. Convert <0 return from ->rsu_status() to FW_UPLOAD_ERR_HW_ERROR. Fixes: 001a734a55d0 ("fpga: m10bmc-sec: Make rsu status type specific") Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Reviewed-by: Russ Weight <russell.h.weight@intel.com> Cc: <stable@vger.kernel.org> Acked-by: Xu Yilun <yilun.xu@intel.com> Link: https://lore.kernel.org/r/20230208080846.10795-1-ilpo.jarvinen@linux.intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
#
acf63c45 |
|
15-Jan-2023 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
fpga: m10bmc-sec: Add support for N6000 Add support for PMCI-based flash access path and N6000 sec update support. Access to flash staging area is different for N6000 from that of the SPI interfaced counterparts. Introduce intel_m10bmc_flash_bulk_ops to allow interface specific differentiations for the flash access path for sec update and make m10bmc_sec_read/write() in sec update driver to use the new operations. The .flash_mutex serializes read/read. Flash update (erase+write) must use ->lock/unlock_write() to prevent reads during update (reads would timeout on setting flash MUX as BMC will prevent it). Create a type specific RSU status reg handler for N6000 because the field has moved from doorbell to auth result register. If a failure is detected while altering the flash MUX, it seems safer to try to set it back and doesn't seem harmful. Likely there are enough troubles in that case anyway so setting it back fails too (which is harmless sans the small extra delay) or just confirms that the value wasn't changed. Co-developed-by: Tianfei zhang <tianfei.zhang@intel.com> Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> Co-developed-by: Russ Weight <russell.h.weight@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Acked-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Signed-off-by: Lee Jones <lee@kernel.org> Link: https://lore.kernel.org/r/20230116100845.6153-12-ilpo.jarvinen@linux.intel.com
|
#
001a734a |
|
15-Jan-2023 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
fpga: m10bmc-sec: Make rsu status type specific The rsu status field moves from the doorbell register to the auth result register in the PMCI implementation of the MAX10 BMC. In order to prepare for that, refactor the sec update driver code to have a type specific ops that provides ->rsu_status(). Co-developed-by: Tianfei zhang <tianfei.zhang@intel.com> Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> Co-developed-by: Russ Weight <russell.h.weight@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Acked-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Lee Jones <lee@kernel.org> Link: https://lore.kernel.org/r/20230116100845.6153-10-ilpo.jarvinen@linux.intel.com
|
#
da04fa8c |
|
15-Jan-2023 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
fpga: m10bmc-sec: Create helpers for rsu status/progress checks RSU_STAT_* and RSU_PROG_* checks are done in more than one place in the sec update code. Move the checks into new helper functions. No function changes intended. Co-developed-by: Tianfei zhang <tianfei.zhang@intel.com> Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> Co-developed-by: Russ Weight <russell.h.weight@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Acked-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Signed-off-by: Lee Jones <lee@kernel.org> Link: https://lore.kernel.org/r/20230116100845.6153-9-ilpo.jarvinen@linux.intel.com
|
#
3e10c805 |
|
15-Jan-2023 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
fpga: intel-m10-bmc: Rework flash read/write Access to flash staging area is different for N6000 from that of the SPI interfaced counterparts. To make it easier to differentiate flash access path, move read/write into new functions where the new access path can be easily placed into. Rework the unaligned access such the behavior it matches for both read and write. This change also renames m10bmc_sec_write() to m10bmc_sec_fw_write() as it would have a name conflict otherwise. Co-developed-by: Tianfei zhang <tianfei.zhang@intel.com> Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> Co-developed-by: Russ Weight <russell.h.weight@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Acked-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Signed-off-by: Lee Jones <lee@kernel.org> Link: https://lore.kernel.org/r/20230116100845.6153-7-ilpo.jarvinen@linux.intel.com
|
#
6052a005 |
|
15-Jan-2023 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
mfd: intel-m10-bmc: Support multiple CSR register layouts There are different addresses for the MAX10 CSR registers. Introducing a new data structure m10bmc_csr_map for the register definition of MAX10 CSR. Provide the csr_map for SPI. Co-developed-by: Tianfei zhang <tianfei.zhang@intel.com> Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> Reviewed-by: Russ Weight <russell.h.weight@intel.com> Reviewed-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Signed-off-by: Lee Jones <lee@kernel.org> Link: https://lore.kernel.org/r/20230116100845.6153-6-ilpo.jarvinen@linux.intel.com
|
#
60ce26d1 |
|
14-Dec-2022 |
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> |
fpga: m10bmc-sec: Fix probe rollback Handle probe error rollbacks properly to avoid leaks. Fixes: 5cd339b370e2 ("fpga: m10bmc-sec: add max10 secure update functions") Reviewed-by: Matthew Gerlach <matthew.gerlach@linux.intel.com> Reviewed-by: Russ Weight <russell.h.weight@intel.com> Reviewed-by: Marco Pagani <marpagan@redhat.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Cc: stable@vger.kernel.org Acked-by: Xu Yilun <yilun.xu@intel.com> Link: https://lore.kernel.org/r/20221214144952.8392-1-ilpo.jarvinen@linux.intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
#
562d0bf2 |
|
02-Sep-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: d5005 bmc secure update driver Add a driver name for the D5005 BMC secure update driver. Different driver names are used for the N3000 and D5005 devices because future changes will add conditional code based on the device type (N3000 vs D5005). This change enables D5005 secure updates of BCM images, BMC firmware, static-region images, etc. Signed-off-by: Russ Weight <russell.h.weight@intel.com> Acked-by: Xu Yilun <yilun.xu@intel.com> Link: https://lore.kernel.org/r/20220902165706.518074-3-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
#
468c9d92 |
|
16-Sep-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: Fix possible memory leak of flash_buf There is an error check following the allocation of flash_buf that returns without freeing flash_buf. It makes more sense to do the error check before the allocation and the reordering eliminates the memory leak. Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 154afa5c31cd ("fpga: m10bmc-sec: expose max10 flash update count") Signed-off-by: Russ Weight <russell.h.weight@intel.com> Reviewed-by: Tom Rix <trix@redhat.com> Acked-by: Xu Yilun <yilun.xu@intel.com> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20220916235205.106873-1-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
#
5cd339b3 |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: add max10 secure update functions Create firmware upload ops and call the Firmware Upload support of the Firmware Loader subsystem to enable FPGA image uploads for secure updates of BMC images, FPGA images, etc. Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-6-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
#
7f03d84a |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: expose max10 canceled keys in sysfs Extend the MAX10 BMC Secure Update driver to provide sysfs files to expose the 128 bit code signing key (CSK) cancellation vectors. These use the standard bitmap list format (e.g. 1,2-6,9). Each CSK is assigned an ID, a number between 0-127, during the signing process. CSK ID cancellation information is stored in 128-bit fields in write-once locations in flash. The cancellation of a CSK can be used to prevent the card from being rolled back to older images that were signed with a CSK that is now cancelled. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-5-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
#
154afa5c |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: expose max10 flash update count Extend the MAX10 BMC Secure Update driver to provide a sysfs file to expose the flash update count. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-4-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|
#
bdf86d0e |
|
06-Jun-2022 |
Russ Weight <russell.h.weight@intel.com> |
fpga: m10bmc-sec: create max10 bmc secure update Create a sub-driver for the FPGA Card BMC in order to support secure updates. This patch creates the Max10 BMC Secure Update driver and provides sysfs files for displaying the root entry hashes (REH) for the FPGA static region (SR), the FPGA Partial Reconfiguration (PR) region, and the card BMC. The Intel MAX10 BMC Root of Trust (RoT) requires that all BMC Nios firmware and FPGA images are authenticated using ECDSA before loading and executing on the card. Code Signing Keys (CSK) are used to sign images. CSKs are signed by a root key. The root entry hash is created from the root public key. The RoT provides authentication by storing an REH bitstream to a write-once location. Image signatures are verified against the hash. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-3-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
|