From nobody Sun Feb 8 04:23:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC76BEB64D7 for ; Wed, 21 Jun 2023 06:16:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230267AbjFUGQN (ORCPT ); Wed, 21 Jun 2023 02:16:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230205AbjFUGP5 (ORCPT ); Wed, 21 Jun 2023 02:15:57 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF4291735 for ; Tue, 20 Jun 2023 23:15:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687328155; x=1718864155; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=blgGkk6NJsHNnTTut4LN7PpjYxihY3+YGEr7VV47fcU=; b=EekFo0IkM8lMrokVJxMFzL7kU/KG9g73Pi2Ae7XuzHcfWtRuiwoXIxJM zHKFLp/d4AlzDwzUdKeAEe+Yl0Xz7tyNpwfXw+36qz4iSe3TiYLqXKDBy O0JbPY3WfaLE4Yw8vIP6Hid/JpjolK1+dCXbaXWSfrm+MTHjNQok3eKpE LlZH14DYFjfYItD/IqPKxboNqPgbChnwQXYG/O7648dYlcLHo7XNpvWHG N2d+MFIWWTJ6CR2lgSb7OhOhvUvKJxcKrQuZWe7WKeUyXa773S8gb7Iip Q3UqxtlRmEkRmS1/8fAaP2OK10BYF8O3SRzOJ+NE8wQYEmJ32X4npEfkU Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10747"; a="349814426" X-IronPort-AV: E=Sophos;i="6.00,259,1681196400"; d="scan'208";a="349814426" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2023 23:15:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10747"; a="714327529" X-IronPort-AV: E=Sophos;i="6.00,259,1681196400"; d="scan'208";a="714327529" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga002.jf.intel.com with ESMTP; 20 Jun 2023 23:15:53 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 1/3] firmware: stratix10-svc: extend svc for attestation Date: Wed, 21 Jun 2023 14:15:06 +0800 Message-Id: <20230621061508.1429913-2-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230621061508.1429913-1-tien.sung.ang@intel.com> References: <20230621061508.1429913-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung Extend Intel service layer driver to support FPGA attestation features on Intel FPGA SoC platforms, which makes sure the trustworthiness of FPGA images currently running on a FPGA device. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 40 ++++++++- include/linux/firmware/intel/stratix10-smc.h | 85 ++++++++++++++++++- .../firmware/intel/stratix10-svc-client.h | 18 ++++ 3 files changed, 140 insertions(+), 3 deletions(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index 80f4e2d14e04..a277fe9c4db4 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -328,6 +328,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_SEND_CERTIFICATE: case COMMAND_FCS_DATA_ENCRYPTION: case COMMAND_FCS_DATA_DECRYPTION: + case COMMAND_FCS_PSGSIGMA_TEARDOWN: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -361,6 +362,17 @@ static void svc_thread_recv_status_ok(struct stratix10= _svc_data *p_data, cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; break; + case COMMAND_FCS_GET_CHIP_ID: + cb_data->status =3D BIT(SVC_STATUS_OK); + cb_data->kaddr2 =3D &res.a2; + cb_data->kaddr3 =3D &res.a3; + break; + case COMMAND_FCS_ATTESTATION_SUBKEY: + case COMMAND_FCS_ATTESTATION_MEASUREMENTS: + cb_data->status =3D BIT(SVC_STATUS_OK); + cb_data->kaddr2 =3D svc_pa_to_va(res.a2); + cb_data->kaddr3 =3D &res.a3; + break; default: pr_warn("it shouldn't happen\n"); break; @@ -514,10 +526,30 @@ static int svc_normal_to_secure_thread(void *data) break; case COMMAND_FCS_GET_PROVISION_DATA: a0 =3D INTEL_SIP_SMC_FCS_GET_PROVISION_DATA; - a1 =3D (unsigned long)pdata->paddr; + case COMMAND_FCS_PSGSIGMA_TEARDOWN: + a0 =3D INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN; + a1 =3D pdata->arg[0]; a2 =3D 0; break; - + case COMMAND_FCS_GET_CHIP_ID: + a0 =3D INTEL_SIP_SMC_FCS_CHIP_ID; + a1 =3D 0; + a2 =3D 0; + break; + case COMMAND_FCS_ATTESTATION_SUBKEY: + a0 =3D INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY; + a1 =3D (unsigned long)pdata->paddr; + a2 =3D (unsigned long)pdata->size; + a3 =3D (unsigned long)pdata->paddr_output; + a4 =3D (unsigned long)pdata->size_output; + break; + case COMMAND_FCS_ATTESTATION_MEASUREMENTS: + a0 =3D INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS; + a1 =3D (unsigned long)pdata->paddr; + a2 =3D (unsigned long)pdata->size; + a3 =3D (unsigned long)pdata->paddr_output; + a4 =3D (unsigned long)pdata->size_output; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -597,6 +629,10 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_DATA_ENCRYPTION: case COMMAND_FCS_DATA_DECRYPTION: case COMMAND_FCS_RANDOM_NUMBER_GEN: + case COMMAND_FCS_PSGSIGMA_TEARDOWN: + case COMMAND_FCS_GET_CHIP_ID: + case COMMAND_FCS_ATTESTATION_SUBKEY: + case COMMAND_FCS_ATTESTATION_MEASUREMENTS: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index a718f853d457..d9f0251256e9 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -464,7 +464,7 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_C= ONFIG_COMPLETED_WRITE) */ #define INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION 31 #define INTEL_SIP_SMC_FIRMWARE_VERSION \ - INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION) + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION) =20 /** * Request INTEL_SIP_SMC_SVC_VERSION @@ -595,4 +595,87 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_= CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA) =20 +/** + * Request INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN + * Sync call to tear down all previous black key provision sessions and to + * delete keys assicated with those sessions + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN + * a1 the session ID + * a2-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or + * INTEL_SIP_SMC_STATUS_REJECTED + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR, + * not used if a0 is INTEL_SIP_SMC_STATUS_OK or + * INTEL_SIP_SMC_STATUS_REJECTED + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_PSGSIGMA_TEARDOWN 100 +#define INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_PSGSIGMA_TEARDOWN) + +/** + * Request INTEL_SIP_SMC_FCS_CHIP_ID + * Sync call to get the device ID + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_CHIP_ID + * a1-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or + * INTEL_SIP_SMC_STATUS_REJECTED + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 retrieved chipID value low 32 bits + * a3 retrieved chipID value high 32 bits + */ +#define INTEL_SIP_SMC_FUNCID_FCS_CHIP_ID 101 +#define INTEL_SIP_SMC_FCS_CHIP_ID \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CHIP_ID) + +/** + * Request INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY + * Sync call to the device attestation subkey + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY + * a1 physical address of subkey command data + * a2 subkey command data size + * a3 physical address of to be filled subkey response data + * a4 subkey response data size + * a5-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, or INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of the filled subkey response data + * a3 size of the filled subkey response dat + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_SUBKEY 102 +#define INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_SUBKEY) + +/** + * Request INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS + * Async call to get device attestation measurements + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS + * a1 physical address of measurement command data + * a2 measurement command data size + * a3 physical address of to be filled measurement response data + * a4 measurement response data size + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, or INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of the filled subkey measurement data + * a3 size of the filled subkey measurement data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREMENTS 103 +#define INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREM= ENTS) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 0c16037fd08d..5346967dd2fe 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -138,6 +138,19 @@ struct stratix10_svc_chan; * * @COMMAND_FCS_RANDOM_NUMBER_GEN: generate a random number, return status * is SVC_STATUS_OK, SVC_STATUS_ERROR + * + * @COMMAND_FCS_PSGSIGMA_TEARDOWN: tear down all previous black key + * provision sessions and delete keys assicated with those sessions, + * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR + * + * @COMMAND_FCS_GET_CHIP_ID: get the device's chip ID, return status is + * SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR + * + * @COMMAND_FCS_ATTESTATION_SUBKEY: get device's attestation subkey, + * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR + * + * @COMMAND_FCS_ATTESTATION_MEASUREMENTS: to get device's attestation + * measurements, return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR */ enum stratix10_svc_command_code { /* for FPGA */ @@ -162,6 +175,11 @@ enum stratix10_svc_command_code { COMMAND_FCS_DATA_ENCRYPTION, COMMAND_FCS_DATA_DECRYPTION, COMMAND_FCS_RANDOM_NUMBER_GEN, + /* for Attestation */ + COMMAND_FCS_PSGSIGMA_TEARDOWN =3D 30, + COMMAND_FCS_GET_CHIP_ID, + COMMAND_FCS_ATTESTATION_SUBKEY, + COMMAND_FCS_ATTESTATION_MEASUREMENTS, /* for general status poll */ COMMAND_POLL_SERVICE_STATUS =3D 40, /* Non-mailbox SMC Call */ --=20 2.25.1 From nobody Sun Feb 8 04:23:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF136EB64D8 for ; Wed, 21 Jun 2023 06:16:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229671AbjFUGQR (ORCPT ); Wed, 21 Jun 2023 02:16:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230191AbjFUGQA (ORCPT ); Wed, 21 Jun 2023 02:16:00 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69F231730 for ; Tue, 20 Jun 2023 23:15:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687328159; x=1718864159; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6wfThIJKa88l/0KfHTo8J6towRQs0GBms/PPJa4Tx1E=; b=kbyLWPgnq1saU85n4U60M4M0IzCCdqD85WjW17V68vfUEBp16rs9TFdg PQ0nSOy+eUttZDUXDqykxc6WoVxFumkPNqlxQrdQ+d6DyPaGU6HkFzbvC QG66Ukac78EKiX6kihzQrMgotf13FYbxRQNm02bMYXoOrs5hVAZobVMff jXkezJZEcsm6IZRd9c3W6H7Twxu9XS/XnPJYRoWFZXm2MgXbHkQa/T4Pi N1VaU2q23xizCKeaOQ9mhydq4zCqgc8VrUvvV2BrFViTzm6b9OXI35EVj hC9AjqZNBbmq5qBLpIXRE9R+K1Sxvlwfv7aiDCpi9kqNJn0PcpP7722pZ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10747"; a="349814438" X-IronPort-AV: E=Sophos;i="6.00,259,1681196400"; d="scan'208";a="349814438" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2023 23:15:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10747"; a="714327557" X-IronPort-AV: E=Sophos;i="6.00,259,1681196400"; d="scan'208";a="714327557" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga002.jf.intel.com with ESMTP; 20 Jun 2023 23:15:57 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 2/3] firmware: stratix10-svc: extend for single certificate Date: Wed, 21 Jun 2023 14:15:07 +0800 Message-Id: <20230621061508.1429913-3-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230621061508.1429913-1-tien.sung.ang@intel.com> References: <20230621061508.1429913-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung Extend Intel service layer driver to support a single certificate to allow unauthenticated updates to the PTS counter. PTS =3D Pseudo Time Stamp Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 11 +++++++++++ include/linux/firmware/intel/stratix10-smc.h | 18 ++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 5 +++++ 3 files changed, 34 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index a277fe9c4db4..be0a39900570 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -329,6 +329,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_DATA_ENCRYPTION: case COMMAND_FCS_DATA_DECRYPTION: case COMMAND_FCS_PSGSIGMA_TEARDOWN: + case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -524,8 +525,17 @@ static int svc_normal_to_secure_thread(void *data) a1 =3D (unsigned long)pdata->paddr; a2 =3D (unsigned long)pdata->size; break; + case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED: + a0 =3D INTEL_SIP_SMC_FCS_COUNTER_SET_PREAUTHORIZED; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + break; case COMMAND_FCS_GET_PROVISION_DATA: a0 =3D INTEL_SIP_SMC_FCS_GET_PROVISION_DATA; + a1 =3D 0; + a2 =3D 0; + break; case COMMAND_FCS_PSGSIGMA_TEARDOWN: a0 =3D INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN; a1 =3D pdata->arg[0]; @@ -633,6 +643,7 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_GET_CHIP_ID: case COMMAND_FCS_ATTESTATION_SUBKEY: case COMMAND_FCS_ATTESTATION_MEASUREMENTS: + case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index d9f0251256e9..8f92a55ba51d 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -594,6 +594,24 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_= CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA 94 #define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA) +/** + * Request INTEL_SIP_SMC_FCS_COUNTER_SET_PREAUTHORIZED + * Sync call to update counter value w/o signed certificate + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_COUNTER_SET_PREAUTHORIZED + * a1 counter type + * a2 counter value + * a3 test bit + * a3-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK or INTEL_SIP_SMC_STATUS_ERROR + * a1-a4 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_COUNTER_SET_PREAUTHORIZED 95 +#define INTEL_SIP_SMC_FCS_COUNTER_SET_PREAUTHORIZED \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_COUNTER_SET_PREAUTHO= RIZED) =20 /** * Request INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 5346967dd2fe..4703f6c486a1 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -139,6 +139,10 @@ struct stratix10_svc_chan; * @COMMAND_FCS_RANDOM_NUMBER_GEN: generate a random number, return status * is SVC_STATUS_OK, SVC_STATUS_ERROR * + * @COMMAND_FCS_COUNTER_SET_PREAUTHORIZED: update the counter value for + * the selected counter without the signed certificate, return status is + * SVC_STATUS_OK, or SVC_STATUS_ERROR + * * @COMMAND_FCS_PSGSIGMA_TEARDOWN: tear down all previous black key * provision sessions and delete keys assicated with those sessions, * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR @@ -175,6 +179,7 @@ enum stratix10_svc_command_code { COMMAND_FCS_DATA_ENCRYPTION, COMMAND_FCS_DATA_DECRYPTION, COMMAND_FCS_RANDOM_NUMBER_GEN, + COMMAND_FCS_COUNTER_SET_PREAUTHORIZED, /* for Attestation */ COMMAND_FCS_PSGSIGMA_TEARDOWN =3D 30, COMMAND_FCS_GET_CHIP_ID, --=20 2.25.1 From nobody Sun Feb 8 04:23:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59FD3EB64D8 for ; Wed, 21 Jun 2023 06:16:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230265AbjFUGQ2 (ORCPT ); Wed, 21 Jun 2023 02:16:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230259AbjFUGQI (ORCPT ); Wed, 21 Jun 2023 02:16:08 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F29219AE for ; Tue, 20 Jun 2023 23:16:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687328166; x=1718864166; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=xTemgDyUVU74ty8gHYSw+QMVcpkS1VCopLSY1kfavFs=; b=WGU+c55MHGbbwF4GsGtk6sBI8l57dw4Nrxtvmgp/A/wBDOO35848cRgr f1rDceF63/u1zkhVLe1en2jUs0QzK+MJgnQ9gR0i389nYm7JmhY0VgtFO TbwwmOkE8pio8eduJKO7qC3Xydnbsv2y6hgeSbd3tnacTRBmv1WPqPrcS EjlHwP8IVu4EbGwX8QJ2IGIL0TEDxfehm+4jIi4SX77jTmSajGY+rA18s 0iv1regUUXluxbqt1QsfV9fQs3Y6mnmP7euWFshzT6eATCwDGbL5VQE4k 99nF203lLQ5rWki53PsXFIKdo501EKhgkBoTksKgy1K28hJUvw6wraEqL g==; X-IronPort-AV: E=McAfee;i="6600,9927,10747"; a="349814474" X-IronPort-AV: E=Sophos;i="6.00,259,1681196400"; d="scan'208";a="349814474" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2023 23:16:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10747"; a="714327603" X-IronPort-AV: E=Sophos;i="6.00,259,1681196400"; d="scan'208";a="714327603" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga002.jf.intel.com with ESMTP; 20 Jun 2023 23:16:04 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 3/3] firmware: stratix10-svc: extend to support new FPGA attestation Date: Wed, 21 Jun 2023 14:15:08 +0800 Message-Id: <20230621061508.1429913-4-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230621061508.1429913-1-tien.sung.ang@intel.com> References: <20230621061508.1429913-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung Support the new FPGA attestation get_certificate and certificate_reload features. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 15 +++++++ include/linux/firmware/intel/stratix10-smc.h | 45 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 9 ++++ 3 files changed, 69 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index be0a39900570..403a660f1df7 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -330,6 +330,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_DATA_DECRYPTION: case COMMAND_FCS_PSGSIGMA_TEARDOWN: case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED: + case COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -370,6 +371,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, break; case COMMAND_FCS_ATTESTATION_SUBKEY: case COMMAND_FCS_ATTESTATION_MEASUREMENTS: + case COMMAND_FCS_ATTESTATION_CERTIFICATE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -560,6 +562,17 @@ static int svc_normal_to_secure_thread(void *data) a3 =3D (unsigned long)pdata->paddr_output; a4 =3D (unsigned long)pdata->size_output; break; + case COMMAND_FCS_ATTESTATION_CERTIFICATE: + a0 =3D INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERTIFICATE; + a1 =3D pdata->arg[0]; + a2 =3D (unsigned long)pdata->paddr_output; + a3 =3D (unsigned long)pdata->size_output; + break; + case COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD: + a0 =3D INTEL_SIP_SMC_FCS_CREATE_CERTIFICATE_ON_RELOAD; + a1 =3D pdata->arg[0]; + a2 =3D 0; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -644,6 +657,8 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_ATTESTATION_SUBKEY: case COMMAND_FCS_ATTESTATION_MEASUREMENTS: case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED: + case COMMAND_FCS_ATTESTATION_CERTIFICATE: + case COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index 8f92a55ba51d..ddfffda6ba0e 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -67,6 +67,9 @@ * * INTEL_SIP_SMC_RSU_ERROR: * There is error during the process of remote status update request. + * + * INTEL_SIP_SMC_STATUS_NOT_SUPPORTED: + * Secure monitor software doesn't support the request */ #define INTEL_SIP_SMC_RETURN_UNKNOWN_FUNCTION 0xFFFFFFFF #define INTEL_SIP_SMC_STATUS_OK 0x0 @@ -74,6 +77,7 @@ #define INTEL_SIP_SMC_STATUS_REJECTED 0x2 #define INTEL_SIP_SMC_STATUS_ERROR 0x4 #define INTEL_SIP_SMC_RSU_ERROR 0x7 +#define INTEL_SIP_SMC_STATUS_NOT_SUPPORTED 0x8 =20 /** * Request INTEL_SIP_SMC_FPGA_CONFIG_START @@ -696,4 +700,45 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_= CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREMENTS 103 #define INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREM= ENTS) + +/** + * Request INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERTIFICATE + * Sync call to get device attestation certificate + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERTIFICATE + * a1 the type of certificate request + * a2 the physical address which holds certificate response data + * a3 the size of the certificate response data + * a4-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of the requested certificate + * a3 sized of the requested certificate + */ +#define INTEL_SIP_SMC_FUNCID_FCS_GET_ATTESTATION_CERTIFICATE 104 +#define INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERTIFICATE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_ATTESTATION_CERT= IFICATE) + +/** + * Request INTEL_SIP_SMC_FCS_CREATE_CERTIFICATE_ON_RELOAD + * Sync call to specify what certificate is to be generated + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_CREATE_CERTIFICATE_ON_RELOAD + * a1 the type of certificat request + * a2-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_CREATE_CERTIFICATE_ON_RELOAD 105 +#define INTEL_SIP_SMC_FCS_CREATE_CERTIFICATE_ON_RELOAD \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CREATE_CERTIFICATE_O= N_RELOAD) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 4703f6c486a1..f3b0a69114fd 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -155,6 +155,13 @@ struct stratix10_svc_chan; * * @COMMAND_FCS_ATTESTATION_MEASUREMENTS: to get device's attestation * measurements, return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR + * + * @COMMAND_FCS_ATTESTATION_CERTIFICATE: get FPGA attestation certificate, + * return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD: reload FPGA attestation + * certificate, return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * */ enum stratix10_svc_command_code { /* for FPGA */ @@ -185,6 +192,8 @@ enum stratix10_svc_command_code { COMMAND_FCS_GET_CHIP_ID, COMMAND_FCS_ATTESTATION_SUBKEY, COMMAND_FCS_ATTESTATION_MEASUREMENTS, + COMMAND_FCS_ATTESTATION_CERTIFICATE, + COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD, /* for general status poll */ COMMAND_POLL_SERVICE_STATUS =3D 40, /* Non-mailbox SMC Call */ --=20 2.25.1