Message ID | 20240201010747.471141-1-david.e.box@linux.intel.com |
---|---|
Headers |
Return-Path: <linux-kernel+bounces-47469-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:106:209c:c626 with SMTP id mn5csp198565dyc; Wed, 31 Jan 2024 20:15:17 -0800 (PST) X-Google-Smtp-Source: AGHT+IGcEadV7fg67sRZ0avMi4LYvi6+lSMW3Ix9bxbxuKUHZPc77aUBOlJOd+VeH2aYDT5382mO X-Received: by 2002:a81:4817:0:b0:600:2a65:cad2 with SMTP id v23-20020a814817000000b006002a65cad2mr4234966ywa.26.1706760917714; Wed, 31 Jan 2024 20:15:17 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706760917; cv=pass; d=google.com; s=arc-20160816; b=Yjn5ebPD6s0lADFSRm/RyGx7Kfi1fzkdjGC0VPk3hxKKj0lftUfUIB0nEJHHuHdrZZ XnAetCsZw2cQMJozCZDm3efoEREQpTfSHKZn+Yzg7LIIGLwXAt5UOnBRF22Wzi5X2IlL 9DmAq83/x4fk9iw6s5QYBnbMPSsQ5QKBv9OYzvxrH7nlRLI1yaS82Syv8hLiBbmASTn8 ThzfsKGh9jEW6MARJuMyubZYJ/ayTNjIHty1L7EvBQS2xy5U3Ms/tvN7ajTr/stb8MzU 7Fu7k6II1VGEKsQb+BjPu3n212U6c+B4GV7WBo3MNGMPK7J/UsUgRC2KoBGoLhAyYntg 8b3Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=Le+ihVF3WriqTz39EfFMMb5iapWYV/Ch7UH4p5/l788=; fh=rKLf+EL8tdgh66wOI0MASK7Z5Sae7vfUFowhN6krwxA=; b=B8IW8KRaGlGpSXI5mtM2A+2jF/flyARRfmiuM8/+WOxUpp4ErV9VgWjhZZrO6yCO9M IfjhJ8XqyjVBd7oHJ0GdtX0DUMykux2RJcYGKLhmq0y92TTJOHynyKUo8RZvucdbwkKS xk+1bFwvS26W3QgTQpGyGvm0WseeVB0obHv+C0h+w3TRHBgGlyP2bpfAM+yCKIAdEdO9 Q5NlkO3PiQALVeqG0e0tdq0L4nsWmMjugsZVrc7Ah6UaFOuCPUGLPInviKtRli1G9Smd NeuHPJhlEfSr3ObMvvmJS/uxDa2nwY91B3dXblFI0i2bzqssDL71mmet6JsG+BfBdSEg TP+A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Rhdg2tRq; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-47469-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47469-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=1; AJvYcCVWCkpJ3vVBXiuxqkpxpx0/TwNwJCPifdKUvkfpq/z2jt0IQgvhMMbOWC8xx242Z98n0L++xKULJ9TZi1djkAENDFLL8w== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id q15-20020a05622a030f00b0042beb6c5f52si2296103qtw.760.2024.01.31.20.15.17 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jan 2024 20:15:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-47469-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Rhdg2tRq; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-47469-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47469-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 5F1F81C28226 for <ouuuleilei@gmail.com>; Thu, 1 Feb 2024 01:10:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 18C363B791; Thu, 1 Feb 2024 01:07:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Rhdg2tRq" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B22A2EEBC; Thu, 1 Feb 2024 01:07:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.9 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706749671; cv=none; b=rJ0///kYrn/bHSVG+GSZb7tPHD+W7GXm+pWC5hKoqyg4tVFpBou1i76ZkR7E9pYlFZbn/gxqUBdcf1UCk6D59arFlufyQugKGVEKVIy7MdfxOCtmtbrZr3Fd8eDLq96VfJ1SqB5W3Bn/0maxcgQOjhV7+iSY3888C001hCjPV+s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706749671; c=relaxed/simple; bh=sgswDJ0/htVOz3WVOuv+cYmW9CPfnvSDXlyt6t537J8=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=QALFxgcc+tSfRwmkc+e1ASpQuO7Vcqse9t9g5F3YQ0pGejjLRvnRSSCBw6197Ow/1ml4Pv1Pk5mOetouZW5MjDs0sRc6KGprl+BLdY2ArGw2CLuMrK8C9RMDvUNdCBwDBaEkp1X2KjTUBtDSaXzqeh8HSZck3es6qB9s43PpnL4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Rhdg2tRq; arc=none smtp.client-ip=192.198.163.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706749670; x=1738285670; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=sgswDJ0/htVOz3WVOuv+cYmW9CPfnvSDXlyt6t537J8=; b=Rhdg2tRqGrTZca52z3CbT7a8tp6Kk8n59EVIHNP2zTfwpWag707lE9hL LSXFldkNKf7kAPjHzVr7WgoLyDh5PanlO3lavTrhdndClyJWvlIHux6lb HHfcv6K2dbwTFdXXcVJZr4QEPZ8oCNe0qmxthSCMHozNyp+OJH9Whcb/8 H3Y9++XjHGadjZr10d4BnQTQB/BeFl1AFFO3rUqC31BqAkSJJXMT3N6UV 4UcjGwoaPmK4tPUMg3ASm3bghZeiEYyJM5tFiWDs0oG+Z0YXPTlArHjKO Afajsa/CaHD0ZsucYxbP9ODIZJzwGS01+qa09M3WHvRXD20KA0nXRUZB4 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10969"; a="10533012" X-IronPort-AV: E=Sophos;i="6.05,233,1701158400"; d="scan'208";a="10533012" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jan 2024 17:07:49 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,233,1701158400"; d="scan'208";a="4265158" Received: from linux.intel.com ([10.54.29.200]) by fmviesa004.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jan 2024 17:07:48 -0800 Received: from debox1-desk4.lan (unknown [10.212.205.115]) by linux.intel.com (Postfix) with ESMTP id 252B0580201; Wed, 31 Jan 2024 17:07:48 -0800 (PST) From: "David E. Box" <david.e.box@linux.intel.com> To: netdev@vger.kernel.org, ilpo.jarvinen@linux.intel.com, david.e.box@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com Cc: linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org Subject: [PATCH 0/8] Intel On Demand: Add netlink interface for SPDM attestation Date: Wed, 31 Jan 2024 17:07:39 -0800 Message-Id: <20240201010747.471141-1-david.e.box@linux.intel.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789666934595041544 X-GMAIL-MSGID: 1789668535896392971 |
Series |
Intel On Demand: Add netlink interface for SPDM attestation
|
|
Message
David E. Box
Feb. 1, 2024, 1:07 a.m. UTC
This patch series primarily adds support for a new netlink ABI in the Intel On Demand driver for performing attestation of the hardware state. Attestation patches Patch 1: The attestation mailbox command requires that the message size register be set along with the package size. Adds that support. Patch 2: The attestation command will need to write the SPDM message and read the response. The current mailbox flow handles reads and writes separately. Combines the two flows. Patch 3: Patch 4 will create a separate c file for the netlink interface. Add a separate header file now. No functional changes. This mostly just makes it easier to see the changes in Patch 4. Patch 4: Adds attestation support to the driver and provides a netlink interface to perform the service. Other changes Patch 5: Adds support to read the in-band BIOS lock. If set, On Demand controls are not available in the driver. Patch 6: Adds a new attribute to allow reading the most current metering state. Patch 7: Fixes for the intel_sdsi tool Patch 8: Adds support to the intel_sdsi tool to read the current meter state. David E. Box (7): platform/x86/intel/sdsi: Set message size during writes platform/x86/intel/sdsi: Combine read and write mailbox flows platform/x86/intel/sdsi: Add header file platform/x86/intel/sdsi: Add netlink SPDM transport platform/x86/intel/sdsi: Add attribute to read the current meter state tools: Fix errors in meter_certificate display tools: intel_sdsi: Add current meter support Kuppuswamy Sathyanarayanan (1): platform/x86/intel/sdsi: Add in-band BIOS lock support Documentation/netlink/specs/intel_sdsi.yaml | 97 ++++++ MAINTAINERS | 3 + drivers/platform/x86/intel/Makefile | 2 +- drivers/platform/x86/intel/sdsi.c | 317 ++++++++++++++++---- drivers/platform/x86/intel/sdsi.h | 47 +++ drivers/platform/x86/intel/sdsi_genl.c | 249 +++++++++++++++ include/uapi/linux/intel-sdsi.h | 40 +++ tools/arch/x86/intel_sdsi/intel_sdsi.c | 99 +++--- 8 files changed, 754 insertions(+), 100 deletions(-) create mode 100644 Documentation/netlink/specs/intel_sdsi.yaml create mode 100644 drivers/platform/x86/intel/sdsi.h create mode 100644 drivers/platform/x86/intel/sdsi_genl.c create mode 100644 include/uapi/linux/intel-sdsi.h base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d
Comments
On 1/31/24 5:07 PM, David E. Box wrote: > This patch series primarily adds support for a new netlink ABI in the > Intel On Demand driver for performing attestation of the hardware state. Try to add some info about why you need new netlink ABI? > > Attestation patches > > Patch 1: The attestation mailbox command requires that the message size > register be set along with the package size. Adds that support. > > Patch 2: The attestation command will need to write the SPDM message and > read the response. The current mailbox flow handles reads and writes > separately. Combines the two flows. > > Patch 3: Patch 4 will create a separate c file for the netlink > interface. Add a separate header file now. No functional changes. This > mostly just makes it easier to see the changes in Patch 4. > > Patch 4: Adds attestation support to the driver and provides a netlink > interface to perform the service. > > Other changes > > Patch 5: Adds support to read the in-band BIOS lock. If set, On Demand > controls are not available in the driver. > > Patch 6: Adds a new attribute to allow reading the most current metering > state. > > Patch 7: Fixes for the intel_sdsi tool > > Patch 8: Adds support to the intel_sdsi tool to read the current meter > state. > > David E. Box (7): > platform/x86/intel/sdsi: Set message size during writes > platform/x86/intel/sdsi: Combine read and write mailbox flows > platform/x86/intel/sdsi: Add header file > platform/x86/intel/sdsi: Add netlink SPDM transport > platform/x86/intel/sdsi: Add attribute to read the current meter state > tools: Fix errors in meter_certificate display > tools: intel_sdsi: Add current meter support > > Kuppuswamy Sathyanarayanan (1): > platform/x86/intel/sdsi: Add in-band BIOS lock support > > Documentation/netlink/specs/intel_sdsi.yaml | 97 ++++++ > MAINTAINERS | 3 + > drivers/platform/x86/intel/Makefile | 2 +- > drivers/platform/x86/intel/sdsi.c | 317 ++++++++++++++++---- > drivers/platform/x86/intel/sdsi.h | 47 +++ > drivers/platform/x86/intel/sdsi_genl.c | 249 +++++++++++++++ > include/uapi/linux/intel-sdsi.h | 40 +++ > tools/arch/x86/intel_sdsi/intel_sdsi.c | 99 +++--- > 8 files changed, 754 insertions(+), 100 deletions(-) > create mode 100644 Documentation/netlink/specs/intel_sdsi.yaml > create mode 100644 drivers/platform/x86/intel/sdsi.h > create mode 100644 drivers/platform/x86/intel/sdsi_genl.c > create mode 100644 include/uapi/linux/intel-sdsi.h > > > base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d
On Thu, 1 Feb 2024 08:53:37 -0800 Kuppuswamy Sathyanarayanan wrote: > On 1/31/24 5:07 PM, David E. Box wrote: > > This patch series primarily adds support for a new netlink ABI in the > > Intel On Demand driver for performing attestation of the hardware state. > > Try to add some info about why you need new netlink ABI? Since netdev is copied it'd also be useful to give us a high level intro into what pieces are involved. Assume we have heard about SPDM/attestation in context of NIC FW but have little understanding of x86 platform stuff. grep -i sdsi Documentation doesn't say much, the first Google result for Intel On Demand reads like marketing fluff :(