On Tue, 27 Feb 2024, David E. Box wrote:
> From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>
>
> As per SDSi in-band interface specification, sec titled "BIOS lock for
> in-band provisioning", when IB_LOCK bit is set in control qword, the
> SDSI agent is only allowed to perform the read flow, but not allowed to
> provision license blob or license key. So add check for it in
> sdsi_provision().
>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>
> Signed-off-by: David E. Box <david.e.box@xxxxxxxxxxxxxxx>
> ---
>
> V2 - Move sdsi_ib_locked() check after overflow check
>
> drivers/platform/x86/intel/sdsi.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/drivers/platform/x86/intel/sdsi.c b/drivers/platform/x86/intel/sdsi.c
> index d80c2dc0ce71..bb3eaf5eb382 100644
> --- a/drivers/platform/x86/intel/sdsi.c
> +++ b/drivers/platform/x86/intel/sdsi.c
> @@ -67,6 +67,7 @@
> #define CTRL_OWNER GENMASK(5, 4)
> #define CTRL_COMPLETE BIT(6)
> #define CTRL_READY BIT(7)
> +#define CTRL_INBAND_LOCK BIT(32)
> #define CTRL_STATUS GENMASK(15, 8)
> #define CTRL_PACKET_SIZE GENMASK(31, 16)
> #define CTRL_MSG_SIZE GENMASK(63, 48)
> @@ -346,6 +347,11 @@ static int sdsi_mbox_read(struct sdsi_priv *priv, struct sdsi_mbox_info *info, s
> return sdsi_mbox_cmd_read(priv, info, data_size);
> }
>
> +static bool sdsi_ib_locked(struct sdsi_priv *priv)
> +{
> + return !!FIELD_GET(CTRL_INBAND_LOCK, readq(priv->control_addr));
> +}
> +
> static ssize_t sdsi_provision(struct sdsi_priv *priv, char *buf, size_t count,
> enum sdsi_command command)
> {
> @@ -355,6 +361,10 @@ static ssize_t sdsi_provision(struct sdsi_priv *priv, char *buf, size_t count,
> if (count > (SDSI_SIZE_WRITE_MSG - SDSI_SIZE_CMD))
> return -EOVERFLOW;
>
> + /* Make sure In-band lock is not set */
> + if (sdsi_ib_locked(priv))
> + return -EPERM;
> +
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx>
--
i.
