On Mon, 24 Jun 2024 19:47:24 -0300 Jason Gunthorpe wrote: > fwctl is a new subsystem intended to bring some common rules and order to > the growing pattern of exposing a secure FW interface directly to > userspace. Unlike existing places like RDMA/DRM/VFIO/uacce that are > exposing a device for datapath operations fwctl is focused on debugging, > configuration and provisioning of the device. It will not have the > necessary features like interrupt delivery to support a datapath. > > This concept is similar to the long standing practice in the "HW" RAID > space of having a device specific misc device to manager the RAID > controller FW. fwctl generalizes this notion of a companion debug and > management interface that goes along with a dataplane implemented in an > appropriate subsystem. > > The need for this has reached a critical point as many users are moving to > run lockdown enabled kernels. Several existing devices have had long > standing tooling for management that relied on /sys/../resource0 or PCI > config space access which is not permitted in lockdown. A major point of > fwctl is to define and document the rules that a device must follow to > expose a lockdown compatible RPC. > > Based on some discussion fwctl splits the RPCs into four categories > > FWCTL_RPC_CONFIGURATION > FWCTL_RPC_DEBUG_READ_ONLY > FWCTL_RPC_DEBUG_WRITE > FWCTL_RPC_DEBUG_WRITE_FULL Nacked-by: Jakub Kicinski <kuba@xxxxxxxxxx>
