From: "Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>
To: Jithu Joseph <jithu.joseph@intel.com>
Cc: Hans de Goede <hdegoede@redhat.com>,
markgross@kernel.org, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org,
hpa@zytor.com, rostedt@goodmis.org, ashok.raj@intel.com,
tony.luck@intel.com, LKML <linux-kernel@vger.kernel.org>,
platform-driver-x86@vger.kernel.org, patches@lists.linux.dev,
ravi.v.shankar@intel.com, pengfei.xu@intel.com
Subject: Re: [PATCH v2 3/9] platform/x86/intel/ifs: Gen2 scan image loading
Date: Mon, 25 Sep 2023 18:23:55 +0300 (EEST) [thread overview]
Message-ID: <7461a59-251d-541d-9db8-28bdce1a61f@linux.intel.com> (raw)
In-Reply-To: <20230922232606.1928026-4-jithu.joseph@intel.com>
[-- Attachment #1: Type: text/plain, Size: 8135 bytes --]
On Fri, 22 Sep 2023, Jithu Joseph wrote:
> Scan image loading flow for newer IFS generations are slightly different
> from that of current generation. In newer schemes, loading need not be
> done once for each socket as was done in gen0.
>
> Also the width of NUM_CHUNKS bitfield in SCAN_HASHES_STATUS MSR has
> increased from 8 -> 16 bits. Similarly there are width differences for
> CHUNK_AUTHENTICATION_STATUS too.
>
> Further the parameter to AUTHENTICATE_AND_COPY_CHUNK is passed
> differently in newer generations.
>
> Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
> Reviewed-by: Tony Luck <tony.luck@intel.com>
> Tested-by: Pengfei Xu <pengfei.xu@intel.com>
> ---
> drivers/platform/x86/intel/ifs/ifs.h | 27 +++++++
> drivers/platform/x86/intel/ifs/load.c | 112 +++++++++++++++++++++++++-
> 2 files changed, 137 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h
> index d666aeed20fc..43281d456a09 100644
> --- a/drivers/platform/x86/intel/ifs/ifs.h
> +++ b/drivers/platform/x86/intel/ifs/ifs.h
> @@ -137,6 +137,8 @@
> #define MSR_CHUNKS_AUTHENTICATION_STATUS 0x000002c5
> #define MSR_ACTIVATE_SCAN 0x000002c6
> #define MSR_SCAN_STATUS 0x000002c7
> +#define MSR_SAF_CTRL 0x000004f0
> +
> #define SCAN_NOT_TESTED 0
> #define SCAN_TEST_PASS 1
> #define SCAN_TEST_FAIL 2
> @@ -158,6 +160,19 @@ union ifs_scan_hashes_status {
> };
> };
>
> +union ifs_scan_hashes_status_gen2 {
> + u64 data;
> + struct {
> + u16 chunk_size;
> + u16 num_chunks;
> + u32 error_code :8;
> + u32 chunks_in_stride :9;
If you need to respin, it would be nice to align these but don't do
another version of the series just because of that.
> + u32 rsvd :2;
> + u32 max_core_limit :12;
> + u32 valid :1;
> + };
> +};
> +
> /* MSR_CHUNKS_AUTH_STATUS bit fields */
> union ifs_chunks_auth_status {
> u64 data;
> @@ -170,6 +185,16 @@ union ifs_chunks_auth_status {
> };
> };
>
> +union ifs_chunks_auth_status_gen2 {
> + u64 data;
> + struct {
> + u16 valid_chunks;
> + u16 total_chunks;
> + u32 error_code :8;
> + u32 rsvd2 :24;
> + };
> +};
> +
> /* MSR_ACTIVATE_SCAN bit fields */
> union ifs_scan {
> u64 data;
> @@ -230,6 +255,7 @@ struct ifs_test_caps {
> * @scan_details: opaque scan status code from h/w
> * @cur_batch: number indicating the currently loaded test file
> * @generation: IFS test generation enumerated by hardware
> + * @chunk_size: size of a test chunk
> */
> struct ifs_data {
> int loaded_version;
> @@ -240,6 +266,7 @@ struct ifs_data {
> u64 scan_details;
> u32 cur_batch;
> u32 generation;
> + u32 chunk_size;
> };
>
> struct ifs_work {
> diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
> index 851c97cc6a6b..6b827247945b 100644
> --- a/drivers/platform/x86/intel/ifs/load.c
> +++ b/drivers/platform/x86/intel/ifs/load.c
> @@ -2,6 +2,7 @@
> /* Copyright(c) 2022 Intel Corporation. */
>
> #include <linux/firmware.h>
> +#include <linux/sizes.h>
> #include <asm/cpu.h>
> #include <asm/microcode.h>
>
> @@ -26,6 +27,11 @@ union meta_data {
>
> #define IFS_HEADER_SIZE (sizeof(struct microcode_header_intel))
> #define META_TYPE_IFS 1
> +#define INVALIDATE_STRIDE 0x1UL
> +#define IFS_GEN_STRIDE_AWARE 2
> +#define AUTH_INTERRUPTED_ERROR 5
> +#define IFS_AUTH_RETRY_CT 10
> +
> static struct microcode_header_intel *ifs_header_ptr; /* pointer to the ifs image header */
> static u64 ifs_hash_ptr; /* Address of ifs metadata (hash) */
> static u64 ifs_test_image_ptr; /* 256B aligned address of test pattern */
> @@ -44,7 +50,10 @@ static const char * const scan_hash_status[] = {
> static const char * const scan_authentication_status[] = {
> [0] = "No error reported",
> [1] = "Attempt to authenticate a chunk which is already marked as authentic",
> - [2] = "Chunk authentication error. The hash of chunk did not match expected value"
> + [2] = "Chunk authentication error. The hash of chunk did not match expected value",
> + [3] = "Reserved",
> + [4] = "Chunk outside the current stride",
> + [5] = "Authentication flow interrupted",
> };
>
> #define MC_HEADER_META_TYPE_END (0)
> @@ -154,6 +163,102 @@ static void copy_hashes_authenticate_chunks(struct work_struct *work)
> complete(&ifs_done);
> }
>
> +static int get_num_chunks(int gen, union ifs_scan_hashes_status_gen2 status)
> +{
> + return gen >= IFS_GEN_STRIDE_AWARE ? status.chunks_in_stride : status.num_chunks;
> +}
> +
> +static bool need_copy_scan_hashes(struct ifs_data *ifsd)
> +{
> + return !ifsd->loaded ||
> + ifsd->generation < IFS_GEN_STRIDE_AWARE ||
> + ifsd->loaded_version != ifs_header_ptr->rev;
> +}
> +
> +static int copy_hashes_authenticate_chunks_gen2(struct device *dev)
> +{
> + union ifs_scan_hashes_status_gen2 hashes_status;
> + union ifs_chunks_auth_status_gen2 chunk_status;
> + u32 err_code, valid_chunks, total_chunks;
> + int i, num_chunks, chunk_size;
> + union meta_data *ifs_meta;
> + int starting_chunk_nr;
> + struct ifs_data *ifsd;
> + u64 linear_addr, base;
> + u64 chunk_table[2];
> + int retry_count;
> +
> + ifsd = ifs_get_data(dev);
> +
> + if (need_copy_scan_hashes(ifsd)) {
> + wrmsrl(MSR_COPY_SCAN_HASHES, ifs_hash_ptr);
> + rdmsrl(MSR_SCAN_HASHES_STATUS, hashes_status.data);
> +
> + /* enumerate the scan image information */
> + chunk_size = hashes_status.chunk_size * SZ_1K;
> + err_code = hashes_status.error_code;
> +
> + num_chunks = get_num_chunks(ifsd->generation, hashes_status);
> +
> + if (!hashes_status.valid) {
> + hashcopy_err_message(dev, err_code);
> + return -EIO;
> + }
> + ifsd->loaded_version = ifs_header_ptr->rev;
> + ifsd->chunk_size = chunk_size;
> + } else {
> + num_chunks = ifsd->valid_chunks;
> + chunk_size = ifsd->chunk_size;
> + }
> +
> + if (ifsd->generation >= IFS_GEN_STRIDE_AWARE) {
> + wrmsrl(MSR_SAF_CTRL, INVALIDATE_STRIDE);
> + rdmsrl(MSR_CHUNKS_AUTHENTICATION_STATUS, chunk_status.data);
> + if (chunk_status.valid_chunks != 0) {
> + dev_err(dev, "Couldn't invalidate installed stride - %d\n",
> + chunk_status.valid_chunks);
> + return -EIO;
> + }
> + }
> +
> + base = ifs_test_image_ptr;
> + ifs_meta = (union meta_data *)find_meta_data(ifs_header_ptr, META_TYPE_IFS);
> + starting_chunk_nr = ifs_meta->starting_chunk;
> +
> + /* scan data authentication and copy chunks to secured memory */
> + for (i = 0; i < num_chunks; i++) {
> + retry_count = IFS_AUTH_RETRY_CT;
> + linear_addr = base + i * chunk_size;
> +
> + chunk_table[0] = starting_chunk_nr + i;
> + chunk_table[1] = linear_addr;
> + do {
> + wrmsrl(MSR_AUTHENTICATE_AND_COPY_CHUNK, (u64)chunk_table);
> + rdmsrl(MSR_CHUNKS_AUTHENTICATION_STATUS, chunk_status.data);
> + err_code = chunk_status.error_code;
> + } while (err_code == AUTH_INTERRUPTED_ERROR && --retry_count);
> +
> + if (err_code) {
> + ifsd->loading_error = true;
> + auth_err_message(dev, err_code);
> + return -EIO;
> + }
> + }
> +
> + valid_chunks = chunk_status.valid_chunks;
> + total_chunks = chunk_status.total_chunks;
> +
> + if (valid_chunks != total_chunks) {
> + ifsd->loading_error = true;
> + dev_err(dev, "Couldn't authenticate all the chunks. Authenticated %d total %d.\n",
> + valid_chunks, total_chunks);
> + return -EIO;
> + }
> + ifsd->valid_chunks = valid_chunks;
> +
> + return 0;
> +}
> +
> static int validate_ifs_metadata(struct device *dev)
> {
> struct ifs_data *ifsd = ifs_get_data(dev);
> @@ -206,7 +311,9 @@ static int scan_chunks_sanity_check(struct device *dev)
> return ret;
>
> ifsd->loading_error = false;
> - ifsd->loaded_version = ifs_header_ptr->rev;
> +
> + if (ifsd->generation > 0)
> + return copy_hashes_authenticate_chunks_gen2(dev);
>
> /* copy the scan hash and authenticate per package */
> cpus_read_lock();
> @@ -226,6 +333,7 @@ static int scan_chunks_sanity_check(struct device *dev)
> ifs_pkg_auth[curr_pkg] = 1;
> }
> ret = 0;
> + ifsd->loaded_version = ifs_header_ptr->rev;
> out:
> cpus_read_unlock();
>
>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
--
i.
next prev parent reply other threads:[~2023-09-25 15:24 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-13 18:33 [PATCH 00/10] IFS support for GNR and SRF Jithu Joseph
2023-09-13 18:33 ` [PATCH 01/10] platform/x86/intel/ifs: Store IFS generation number Jithu Joseph
2023-09-15 16:22 ` Ilpo Järvinen
2023-09-15 17:12 ` Joseph, Jithu
2023-09-13 18:33 ` [PATCH 02/10] platform/x86/intel/ifs: Refactor image loading code Jithu Joseph
2023-09-13 18:33 ` [PATCH 03/10] platform/x86/intel/ifs: Image loading for new generations Jithu Joseph
2023-09-15 16:46 ` Ilpo Järvinen
2023-09-15 17:20 ` Joseph, Jithu
2023-09-18 8:49 ` Ilpo Järvinen
2023-09-18 15:25 ` Luck, Tony
2023-09-18 15:46 ` Ilpo Järvinen
2023-09-18 16:09 ` Luck, Tony
2023-09-18 16:29 ` Ilpo Järvinen
2023-09-18 16:51 ` Joseph, Jithu
2023-09-18 16:58 ` Dave Hansen
2023-09-18 17:45 ` Joseph, Jithu
2023-09-13 18:33 ` [PATCH 04/10] platform/x86/intel/ifs: Scan test " Jithu Joseph
2023-09-15 16:51 ` Ilpo Järvinen
2023-09-15 20:10 ` Joseph, Jithu
2023-09-19 7:44 ` Ilpo Järvinen
2023-09-19 16:22 ` Joseph, Jithu
2023-09-13 18:33 ` [PATCH 05/10] trace: platform/x86/intel/ifs: Modify scan trace Jithu Joseph
2023-09-13 18:33 ` [PATCH 06/10] platform/x86/intel/ifs: Validate image size Jithu Joseph
2023-09-15 16:57 ` Ilpo Järvinen
2023-09-15 18:06 ` Joseph, Jithu
2023-09-13 18:33 ` [PATCH 07/10] platform/x86/intel/ifs: Metadata validation for start_chunk Jithu Joseph
2023-09-15 16:59 ` Ilpo Järvinen
2023-09-15 18:07 ` Joseph, Jithu
2023-09-13 18:33 ` [PATCH 08/10] platform/x86/intel/ifs: Add new CPU support Jithu Joseph
2023-09-13 18:33 ` [PATCH 09/10] platform/x86/intel/ifs: Add new error code Jithu Joseph
2023-09-13 18:33 ` [PATCH 10/10] platform/x86/intel/ifs: ARRAY BIST for Sierra Forest Jithu Joseph
2023-09-15 17:04 ` Ilpo Järvinen
2023-09-15 20:13 ` Joseph, Jithu
2023-09-18 12:32 ` [PATCH 00/10] IFS support for GNR and SRF Hans de Goede
2023-09-18 16:53 ` Joseph, Jithu
2023-09-22 23:25 ` [PATCH v2 0/9] " Jithu Joseph
2023-09-22 23:25 ` [PATCH v2 1/9] platform/x86/intel/ifs: Store IFS generation number Jithu Joseph
2023-09-25 15:08 ` Ilpo Järvinen
2023-09-22 23:25 ` [PATCH v2 2/9] platform/x86/intel/ifs: Refactor image loading code Jithu Joseph
2023-09-25 15:20 ` Ilpo Järvinen
2023-09-22 23:26 ` [PATCH v2 3/9] platform/x86/intel/ifs: Gen2 scan image loading Jithu Joseph
2023-09-25 15:23 ` Ilpo Järvinen [this message]
2023-09-22 23:26 ` [PATCH v2 4/9] platform/x86/intel/ifs: Gen2 Scan test support Jithu Joseph
2023-09-25 15:39 ` Ilpo Järvinen
2023-09-25 16:08 ` Joseph, Jithu
2023-09-26 10:20 ` Ilpo Järvinen
2023-09-26 23:26 ` Joseph, Jithu
2023-09-22 23:26 ` [PATCH v2 5/9] platform/x86/intel/ifs: Validate image size Jithu Joseph
2023-09-25 15:43 ` Ilpo Järvinen
2023-09-25 18:24 ` Joseph, Jithu
2023-09-22 23:26 ` [PATCH v2 6/9] platform/x86/intel/ifs: Metadata validation for start_chunk Jithu Joseph
2023-09-25 15:45 ` Ilpo Järvinen
2023-09-25 18:25 ` Joseph, Jithu
2023-09-22 23:26 ` [PATCH v2 7/9] platform/x86/intel/ifs: Add new CPU support Jithu Joseph
2023-09-25 15:51 ` Ilpo Järvinen
2023-09-22 23:26 ` [PATCH v2 8/9] platform/x86/intel/ifs: Add new error code Jithu Joseph
2023-09-25 15:51 ` Ilpo Järvinen
2023-09-22 23:26 ` [PATCH v2 9/9] platform/x86/intel/ifs: ARRAY BIST for Sierra Forest Jithu Joseph
2023-09-29 20:24 ` [PATCH v3 0/9] IFS support for GNR and SRF Jithu Joseph
2023-09-29 20:24 ` [PATCH v3 1/9] platform/x86/intel/ifs: Store IFS generation number Jithu Joseph
2023-09-29 20:24 ` [PATCH v3 2/9] platform/x86/intel/ifs: Refactor image loading code Jithu Joseph
2023-09-29 20:24 ` [PATCH v3 3/9] platform/x86/intel/ifs: Gen2 scan image loading Jithu Joseph
2023-09-29 20:24 ` [PATCH v3 4/9] platform/x86/intel/ifs: Gen2 Scan test support Jithu Joseph
2023-10-02 11:45 ` Ilpo Järvinen
2023-09-29 20:24 ` [PATCH v3 5/9] platform/x86/intel/ifs: Validate image size Jithu Joseph
2023-10-02 11:45 ` Ilpo Järvinen
2023-10-02 11:50 ` Ilpo Järvinen
2023-10-02 22:56 ` Joseph, Jithu
2023-10-04 18:56 ` Jithu Joseph
2023-09-29 20:24 ` [PATCH v3 6/9] platform/x86/intel/ifs: Metadata validation for start_chunk Jithu Joseph
2023-10-02 11:47 ` Ilpo Järvinen
2023-10-02 22:58 ` Joseph, Jithu
2023-10-04 19:00 ` Jithu Joseph
2023-09-29 20:24 ` [PATCH v3 7/9] platform/x86/intel/ifs: Add new CPU support Jithu Joseph
2023-09-29 20:24 ` [PATCH v3 8/9] platform/x86/intel/ifs: Add new error code Jithu Joseph
2023-09-29 20:24 ` [PATCH v3 9/9] platform/x86/intel/ifs: ARRAY BIST for Sierra Forest Jithu Joseph
2023-10-02 11:59 ` Ilpo Järvinen
2023-10-02 23:01 ` Joseph, Jithu
2023-10-04 19:04 ` Jithu Joseph
2023-10-04 18:57 ` [PATCH v3 0/9] IFS support for GNR and SRF Joseph, Jithu
2023-10-05 10:51 ` Ilpo Järvinen
2023-10-05 19:57 ` Joseph, Jithu
2023-10-05 19:51 ` [PATCH v4 " Jithu Joseph
2023-10-05 19:51 ` [PATCH v4 1/9] platform/x86/intel/ifs: Store IFS generation number Jithu Joseph
2023-10-05 19:51 ` [PATCH v4 2/9] platform/x86/intel/ifs: Refactor image loading code Jithu Joseph
2023-10-05 19:51 ` [PATCH v4 3/9] platform/x86/intel/ifs: Gen2 scan image loading Jithu Joseph
2023-10-05 19:51 ` [PATCH v4 4/9] platform/x86/intel/ifs: Gen2 Scan test support Jithu Joseph
2023-10-05 19:51 ` [PATCH v4 5/9] platform/x86/intel/ifs: Validate image size Jithu Joseph
2023-10-05 19:51 ` [PATCH v4 6/9] platform/x86/intel/ifs: Metadata validation for start_chunk Jithu Joseph
2023-10-05 19:51 ` [PATCH v4 7/9] platform/x86/intel/ifs: Add new CPU support Jithu Joseph
2023-10-05 19:51 ` [PATCH v4 8/9] platform/x86/intel/ifs: Add new error code Jithu Joseph
2023-10-05 19:51 ` [PATCH v4 9/9] platform/x86/intel/ifs: ARRAY BIST for Sierra Forest Jithu Joseph
2023-10-06 10:30 ` Ilpo Järvinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7461a59-251d-541d-9db8-28bdce1a61f@linux.intel.com \
--to=ilpo.jarvinen@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hdegoede@redhat.com \
--cc=hpa@zytor.com \
--cc=jithu.joseph@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=markgross@kernel.org \
--cc=mingo@redhat.com \
--cc=patches@lists.linux.dev \
--cc=pengfei.xu@intel.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=ravi.v.shankar@intel.com \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).