On 9/5/20 7:13 AM, Wu, Hao wrote: >> Subject: [PATCH v1 00/12] Intel FPGA Security Manager Class Driver >> >> >> These patches depend on the patchset: "add regmap-spi-avmm & Intel >> Max10 BMC chip support" which is currently under review. >> >> -------------------------------------------------- >> >> This patchset introduces the Intel Security Manager class driver >> for managing secure updates on Intel FPGA Cards. It also provides >> the n3000bmc-secure mfd sub-driver for the MAX10 BMC for the n3000 >> Programmable Acceleration Cards (PAC). The n3000bmc-secure driver >> is implemented using the Intel Security Manager class driver. > So this patchset contains two parts > (1) adding a new class driver for Intel FPGA secure update. > (2) a new driver which uses (1) to implement secure update for n3000 PAC. Yes - that is correct > > And only part (2) depends on "Intel MAX10 BMC chip support" patchset. > (Maybe you can provide a link to that thread). > > Is my understanding correct? If yes, is it possible to reorder these patches? > At least there is no dependency on the class driver patches, right? Yes - I'm splitting the patch set, and I'll provide links for the dependencies on the MAX10 BMC Secure Engine patch set. > >> The Intel Security Manager class driver provides a common API for >> user-space tools to manage updates for Secure FPGA devices. Device >> drivers that instantiate the Intel Security Manager class driver will >> interact with the HW secure update engine in order to transfer >> new FPGA and BMC images to FLASH so that they will be automatically >> loaded when the FPGA card reboots. >> >> The API consists of sysfs nodes and supports the following functions: >> >> (1) Instantiate and monitor a secure update >> (2) Display security information including: Root Entry Hashes (REH), >> Cancelled Code Signing Keys (CSK), and flash update counts for >> both BMC and FPGA images. >> >> Secure updates make use of the request_firmware framework, which >> requires that image files are accessible under /lib/firmware. A request >> for a secure update returns immediately, while the update itself >> proceeds in the context of a kernel worker thread. Sysfs files provide >> a means for monitoring the progress of a secure update and for >> retrieving error information in the event of a failure. > Maybe you can explain a little more on why we need to have this done > via a class driver not just some internal code in max10 driver? This class > driver will be reused in different cases? And why adding a new class > driver not just reuse or extend fpga manager (existing fpga mgr is used > to update fpga too). Yes - I'll so that in the next patch set. > >> The n3000bmc-secure driver instantiates the Intel Security Manager >> class driver and provides the callback functions required to support >> secure updates on Intel n3000 PAC devices. >> >> Russ Weight (12): >> fpga: fpga security manager class driver > Intel FPGA Security Manager? Yes - I'll make that change > >> fpga: create intel max10 bmc security engine >> fpga: expose max10 flash update counts in sysfs >> fpga: expose max10 canceled keys in sysfs >> fpga: enable secure updates >> fpga: add max10 secure update functions >> fpga: expose sec-mgr update status >> fpga: expose sec-mgr update errors >> fpga: expose sec-mgr update size >> fpga: enable sec-mgr update cancel >> fpga: expose hardware error info in sysfs > For these patches, is it possible to have a better title for these patches. > Then it will be easier to know which component this patch is going to modify. > e.g. fpga: ifpga-sec-mgr: xxxxxx Yes. Thanks for the comments. - Russ > > Thanks > Hao > >> fpga: add max10 get_hw_errinfo callback func >> >> .../ABI/testing/sysfs-class-ifpga-sec-mgr | 151 ++++ >> MAINTAINERS | 8 + >> drivers/fpga/Kconfig | 20 + >> drivers/fpga/Makefile | 6 + >> drivers/fpga/ifpga-sec-mgr.c | 669 ++++++++++++++++++ >> drivers/fpga/intel-m10-bmc-secure.c | 557 +++++++++++++++ >> include/linux/fpga/ifpga-sec-mgr.h | 201 ++++++ >> include/linux/mfd/intel-m10-bmc.h | 116 +++ >> 8 files changed, 1728 insertions(+) >> create mode 100644 Documentation/ABI/testing/sysfs-class-ifpga-sec-mgr >> create mode 100644 drivers/fpga/ifpga-sec-mgr.c >> create mode 100644 drivers/fpga/intel-m10-bmc-secure.c >> create mode 100644 include/linux/fpga/ifpga-sec-mgr.h >> >> -- >> 2.17.1
