diff options
| author | Russ Weight <russell.h.weight@intel.com> | 2022-06-06 09:00:35 -0700 |
|---|---|---|
| committer | Xu Yilun <yilun.xu@intel.com> | 2022-06-08 17:04:37 +0800 |
| commit | bdf86d0e6ca307de8c85e9363b31ca8c86c0b0c7 (patch) | |
| tree | 66d81cfa1292c584a941aa4f35c2ab7139721be7 /Documentation | |
| parent | 3f83b62a7bfa273959cb124bb581a20a68d114c3 (diff) | |
| download | net-bdf86d0e6ca307de8c85e9363b31ca8c86c0b0c7.tar.gz | |
fpga: m10bmc-sec: create max10 bmc secure update
Create a sub-driver for the FPGA Card BMC in order to support secure
updates. This patch creates the Max10 BMC Secure Update driver and
provides sysfs files for displaying the root entry hashes (REH) for the
FPGA static region (SR), the FPGA Partial Reconfiguration (PR) region,
and the card BMC.
The Intel MAX10 BMC Root of Trust (RoT) requires that all BMC Nios firmware
and FPGA images are authenticated using ECDSA before loading and executing
on the card. Code Signing Keys (CSK) are used to sign images. CSKs are
signed by a root key. The root entry hash is created from the root public
key.
The RoT provides authentication by storing an REH bitstream to a write-once
location. Image signatures are verified against the hash.
Reviewed-by: Tom Rix <trix@redhat.com>
Tested-by: Tianfei Zhang <tianfei.zhang@intel.com>
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Link: https://lore.kernel.org/r/20220606160038.846236-3-russell.h.weight@intel.com
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-sec-update | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-sec-update b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-sec-update new file mode 100644 index 00000000000000..a208367e6956d9 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-driver-intel-m10-bmc-sec-update @@ -0,0 +1,29 @@ +What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/sr_root_entry_hash +Date: Sep 2022 +KernelVersion: 5.20 +Contact: Russ Weight <russell.h.weight@intel.com> +Description: Read only. Returns the root entry hash for the static + region if one is programmed, else it returns the + string: "hash not programmed". This file is only + visible if the underlying device supports it. + Format: string. + +What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/pr_root_entry_hash +Date: Sep 2022 +KernelVersion: 5.20 +Contact: Russ Weight <russell.h.weight@intel.com> +Description: Read only. Returns the root entry hash for the partial + reconfiguration region if one is programmed, else it + returns the string: "hash not programmed". This file + is only visible if the underlying device supports it. + Format: string. + +What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/bmc_root_entry_hash +Date: Sep 2022 +KernelVersion: 5.20 +Contact: Russ Weight <russell.h.weight@intel.com> +Description: Read only. Returns the root entry hash for the BMC image + if one is programmed, else it returns the string: + "hash not programmed". This file is only visible if the + underlying device supports it. + Format: string. |