-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
platform/x86: Add Intel Software Defined Silicon driver
Intel Software Defined Silicon (SDSi) is a post manufacturing mechanism for activating additional silicon features. Features are enabled through a license activation process. The SDSi driver provides a per socket, sysfs attribute interface for applications to perform 3 main provisioning functions: 1. Provision an Authentication Key Certificate (AKC), a key written to internal NVRAM that is used to authenticate a capability specific activation payload. 2. Provision a Capability Activation Payload (CAP), a token authenticated using the AKC and applied to the CPU configuration to activate a new feature. 3. Read the SDSi State Certificate, containing the CPU configuration state. The operations perform function specific mailbox commands that forward the requests to SDSi hardware to perform authentication of the payloads and enable the silicon configuration (to be made available after power cycling). The SDSi device itself is enumerated as an auxiliary device from the intel_vsec driver and as such has a build dependency on CONFIG_INTEL_VSEC. Link: https://github.com/intel/intel-sdsi Signed-off-by: David E. Box <david.e.box@linux.intel.com> Reviewed-by: Mark Gross <markgross@kernel.org> Link: https://lore.kernel.org/r/20220212013252.1293396-2-david.e.box@linux.intel.com Reviewed-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
- Loading branch information
David E. Box
authored and
Hans de Goede
committed
Feb 14, 2022
1 parent
ae707d0
commit 2546c60
Showing
6 changed files
with
681 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
What: /sys/bus/auxiliary/devices/intel_vsec.sdsi.X | ||
Date: Feb 2022 | ||
KernelVersion: 5.18 | ||
Contact: "David E. Box" <david.e.box@linux.intel.com> | ||
Description: | ||
This directory contains interface files for accessing Intel | ||
Software Defined Silicon (SDSi) features on a CPU. X | ||
represents the socket instance (though not the socket ID). | ||
The socket ID is determined by reading the registers file | ||
and decoding it per the specification. | ||
|
||
Some files communicate with SDSi hardware through a mailbox. | ||
Should the operation fail, one of the following error codes | ||
may be returned: | ||
|
||
Error Code Cause | ||
---------- ----- | ||
EIO General mailbox failure. Log may indicate cause. | ||
EBUSY Mailbox is owned by another agent. | ||
EPERM SDSI capability is not enabled in hardware. | ||
EPROTO Failure in mailbox protocol detected by driver. | ||
See log for details. | ||
EOVERFLOW For provision commands, the size of the data | ||
exceeds what may be written. | ||
ESPIPE Seeking is not allowed. | ||
ETIMEDOUT Failure to complete mailbox transaction in time. | ||
|
||
What: /sys/bus/auxiliary/devices/intel_vsec.sdsi.X/guid | ||
Date: Feb 2022 | ||
KernelVersion: 5.18 | ||
Contact: "David E. Box" <david.e.box@linux.intel.com> | ||
Description: | ||
(RO) The GUID for the registers file. The GUID identifies | ||
the layout of the registers file in this directory. | ||
Information about the register layouts for a particular GUID | ||
is available at http://github.com/intel/intel-sdsi | ||
|
||
What: /sys/bus/auxiliary/devices/intel_vsec.sdsi.X/registers | ||
Date: Feb 2022 | ||
KernelVersion: 5.18 | ||
Contact: "David E. Box" <david.e.box@linux.intel.com> | ||
Description: | ||
(RO) Contains information needed by applications to provision | ||
a CPU and monitor status information. The layout of this file | ||
is determined by the GUID in this directory. Information about | ||
the layout for a particular GUID is available at | ||
http://github.com/intel/intel-sdsi | ||
|
||
What: /sys/bus/auxiliary/devices/intel_vsec.sdsi.X/provision_akc | ||
Date: Feb 2022 | ||
KernelVersion: 5.18 | ||
Contact: "David E. Box" <david.e.box@linux.intel.com> | ||
Description: | ||
(WO) Used to write an Authentication Key Certificate (AKC) to | ||
the SDSi NVRAM for the CPU. The AKC is used to authenticate a | ||
Capability Activation Payload. Mailbox command. | ||
|
||
What: /sys/bus/auxiliary/devices/intel_vsec.sdsi.X/provision_cap | ||
Date: Feb 2022 | ||
KernelVersion: 5.18 | ||
Contact: "David E. Box" <david.e.box@linux.intel.com> | ||
Description: | ||
(WO) Used to write a Capability Activation Payload (CAP) to the | ||
SDSi NVRAM for the CPU. CAPs are used to activate a given CPU | ||
feature. A CAP is validated by SDSi hardware using a previously | ||
provisioned AKC file. Upon successful authentication, the CPU | ||
configuration is updated. A cold reboot is required to fully | ||
activate the feature. Mailbox command. | ||
|
||
What: /sys/bus/auxiliary/devices/intel_vsec.sdsi.X/state_certificate | ||
Date: Feb 2022 | ||
KernelVersion: 5.18 | ||
Contact: "David E. Box" <david.e.box@linux.intel.com> | ||
Description: | ||
(RO) Used to read back the current State Certificate for the CPU | ||
from SDSi hardware. The State Certificate contains information | ||
about the current licenses on the CPU. Mailbox command. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.