summaryrefslogtreecommitdiff
path: root/drivers/fpga/intel-m10-bmc-sec-update.c
AgeCommit message (Collapse)Author
2022-06-08fpga: m10bmc-sec: add max10 secure update functionsRuss Weight
Create firmware upload ops and call the Firmware Upload support of the Firmware Loader subsystem to enable FPGA image uploads for secure updates of BMC images, FPGA images, etc. Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-6-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
2022-06-08fpga: m10bmc-sec: expose max10 canceled keys in sysfsRuss Weight
Extend the MAX10 BMC Secure Update driver to provide sysfs files to expose the 128 bit code signing key (CSK) cancellation vectors. These use the standard bitmap list format (e.g. 1,2-6,9). Each CSK is assigned an ID, a number between 0-127, during the signing process. CSK ID cancellation information is stored in 128-bit fields in write-once locations in flash. The cancellation of a CSK can be used to prevent the card from being rolled back to older images that were signed with a CSK that is now cancelled. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-5-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
2022-06-08fpga: m10bmc-sec: expose max10 flash update countRuss Weight
Extend the MAX10 BMC Secure Update driver to provide a sysfs file to expose the flash update count. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-4-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
2022-06-08fpga: m10bmc-sec: create max10 bmc secure updateRuss Weight
Create a sub-driver for the FPGA Card BMC in order to support secure updates. This patch creates the Max10 BMC Secure Update driver and provides sysfs files for displaying the root entry hashes (REH) for the FPGA static region (SR), the FPGA Partial Reconfiguration (PR) region, and the card BMC. The Intel MAX10 BMC Root of Trust (RoT) requires that all BMC Nios firmware and FPGA images are authenticated using ECDSA before loading and executing on the card. Code Signing Keys (CSK) are used to sign images. CSKs are signed by a root key. The root entry hash is created from the root public key. The RoT provides authentication by storing an REH bitstream to a write-once location. Image signatures are verified against the hash. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-3-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-23 23:15:50 +0000