On Wed, Dec 08, 2021 at 10:30:27AM -0800, David E. Box wrote: > On Wed, 2021-12-08 at 19:12 +0100, Greg KH wrote: > > On Wed, Dec 08, 2021 at 09:49:36AM -0800, David E. Box wrote: > > > On Wed, 2021-12-08 at 17:24 +0100, Greg KH wrote: > > > > On Tue, Dec 07, 2021 at 05:50:13PM -0800, David E. Box wrote: > > > > > Intel Software Defined Silicon (SDSi) is a post manufacturing mechanism for > > > > > activating additional silicon features. Features are enabled through a > > > > > license activation process. The SDSi driver provides a per socket, sysfs > > > > > attribute interface for applications to perform 3 main provisioning > > > > > functions: > > > > > > > > > > 1. Provision an Authentication Key Certificate (AKC), a key written to > > > > > internal NVRAM that is used to authenticate a capability specific > > > > > activation payload. > > > > > > > > > > 2. Provision a Capability Activation Payload (CAP), a token authenticated > > > > > using the AKC and applied to the CPU configuration to activate a new > > > > > feature. > > > > > > > > > > 3. Read the SDSi State Certificate, containing the CPU configuration > > > > > state. > > > > > > > > > > The operations perform function specific mailbox commands that forward the > > > > > requests to SDSi hardware to perform authentication of the payloads and > > > > > enable the silicon configuration (to be made available after power > > > > > cycling). > > > > > > > > > > The SDSi device itself is enumerated as an auxiliary device from the > > > > > intel_vsec driver and as such has a build dependency on CONFIG_INTEL_VSEC. > > > > > > > > > > Link: https://github.com/intel/intel-sdsi > > > > > > > > There is no code at this link :( > > > > > > > > > > Not yet. It's currently just documentation. But sample code was added to this patch series. > > > > Is the sample code "real" and what you are going to use for this api? > > It's real in that it could be used to provision real certificates on a production system. Great, so it's all you need, you should move it to tools/ and be done with it! :) thanks, greg k-h