Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp1482280pxy; Thu, 29 Apr 2021 08:01:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzKtCkdnDZpBkdqgIqYF3jqgoO/k9EPgRK8K8EmXCaoUJzOSl0kKG/Lh/P1VovixH+NF1vD X-Received: by 2002:a17:906:328c:: with SMTP id 12mr237920ejw.361.1619708464647; Thu, 29 Apr 2021 08:01:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619708464; cv=none; d=google.com; s=arc-20160816; b=E2H+8sHQY44bnJTawr4bJlHTBZGQxPv+8NaBE2+Mo69z4Q9z7i80UfY+CGGBCUM+94 D3uxOf09F+P+ldT198R301V8SRqiXBSJSbP+LwHA/0j+SuHIOAdTqDOGPP1bHErgl5E4 NDa1VqcxyLDIO8FOzgbCqcougZbaSHDw+mGk0nEdQows21+9Ni0rS15V0gmTwUT4IEb3 H3ox0u26ejdmKjoINjdD/O2GakpcXgenwR4nh+gxnjzXKz/t3MbUvYikyHmib20H7XVe tvCU4jlNFwDnL0dVucKx9RmPaQpb52DmjTphPWtqoVYWgbAGFMD1IqR9fr6j9umDyk+v Na5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:from:subject:ironport-sdr:ironport-sdr; bh=ncoH4Ay4Z8GiBmk3NSOIpw11K7pbJJJr9CwxLvTK7/o=; b=uXtIUJ01Zgfj37SJm5JzIUHIRgzglZgy9hcNmQKcUKdQHPATXQ2KjtVDSDTNjAHn8Y 34ik83zyYoIrd59mcCppce233smslblJO3WlQ6sWCeT1R9edOlYEpgVx8n6FYgblY2c5 K/w2R0roV/vqS7VQWk4Hr7aRaGpxcmG/AxPp3QO8oK+RDVr0SJmPFL8mv7Pf7tlfCSAg fklv3l6NMOQG8gvQPzQGBzZ+s+GVEj278hVrHxADBPCEO5spYWCCdlICSawJDnZtxiRA gXBi3WEVwbgGuHOE7lEi5JyyHkPIaskkWVTW1qp/2+6CmAqpgtR9BPK/fUttCzy2+N3F LUAg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qx9si192106ejb.434.2021.04.29.08.00.40; Thu, 29 Apr 2021 08:01:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233290AbhD2O6D (ORCPT + 99 others); Thu, 29 Apr 2021 10:58:03 -0400 Received: from mga03.intel.com ([134.134.136.65]:42588 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232556AbhD2O6B (ORCPT ); Thu, 29 Apr 2021 10:58:01 -0400 IronPort-SDR: /Avq0B02llL/HtSP9g//q/S9mWcSvc1sL0iLkl1OoMNPTOhMoH8qyIqtundFXnhXx2HmoGBU52 Rtz63MCo4eBQ== X-IronPort-AV: E=McAfee;i="6200,9189,9969"; a="197069618" X-IronPort-AV: E=Sophos;i="5.82,259,1613462400"; d="scan'208";a="197069618" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Apr 2021 07:57:13 -0700 IronPort-SDR: gJSrSv+nHsc47oysalmZkSpUzWooU42+BJ64KvM4XJJc/bUKl3ShAzDZg8/AzII7N0HaZWKT8n oWLT2/bg0pKw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,259,1613462400"; d="scan'208";a="424122601" Received: from marshy.an.intel.com (HELO [10.122.105.143]) ([10.122.105.143]) by fmsmga008.fm.intel.com with ESMTP; 29 Apr 2021 07:57:12 -0700 Subject: Re: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and region From: Richard Gong To: Moritz Fischer , Tom Rix Cc: "Gong, Richard" , "gregkh@linuxfoundation.org" , "linux-fpga@vger.kernel.org" , "linux-kernel@vger.kernel.org" , russell.h.weight@intel.com References: <1612909233-13867-1-git-send-email-richard.gong@linux.intel.com> <496aa871-cfb0-faf4-4b1c-b53e56b58030@redhat.com> <8c0fcdde-540b-2ae3-01f2-30cdb87ac037@linux.intel.com> Message-ID: Date: Thu, 29 Apr 2021 09:56:54 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <8c0fcdde-540b-2ae3-01f2-30cdb87ac037@linux.intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Moritz, Not sure if you have chance to view Russ's comments and my comments. Pleas let us know what you think so I can act accordingly. I had a few discussions with Russ, and we all realized that the goals we were trying to achieve were not as similar as they seemed. Regards, Richard On 4/12/21 8:41 PM, Richard Gong wrote: > > Hi Moritz, > > On 3/28/21 12:20 PM, Moritz Fischer wrote: >> Tom, >> >> On Sun, Mar 28, 2021 at 08:40:24AM -0700, Tom Rix wrote: >>> >>> On 3/27/21 11:09 AM, Moritz Fischer wrote: >>>> Hi Richard, Russ, >>>> >>>> On Thu, Feb 25, 2021 at 01:07:14PM +0000, Gong, Richard wrote: >>>>> Hi Moritz, >>>>> >>>>> Sorry for asking. >>>>> >>>>> When you have chance, can you help review the version 5 patchset >>>>> submitted on 02/09/21? >>>>> >>>>> Regards, >>>>> Richard >>>>> >>>>> -----Original Message----- >>>>> From: richard.gong@linux.intel.com >>>>> Sent: Tuesday, February 9, 2021 4:20 PM >>>>> To: mdf@kernel.org; trix@redhat.com; gregkh@linuxfoundation.org; >>>>> linux-fpga@vger.kernel.org; linux-kernel@vger.kernel.org >>>>> Cc: Gong, Richard >>>>> Subject: [PATCHv5 0/7] Extend Intel service layer, FPGA manager and >>>>> region >>>>> >>>>> From: Richard Gong >>>>> >>>>> This is 5th submission of Intel service layer and FPGA patches, >>>>> which includes the missing standalone patch in the 4th submission. >>>>> >>>>> This submission includes additional changes for Intel service layer >>>>> driver to get the firmware version running at FPGA SoC device. Then >>>>> FPGA manager driver, one of Intel service layer driver's client, >>>>> can decide whether to handle the newly added bitstream >>>>> authentication function based on the retrieved firmware version. So >>>>> that we can maintain FPGA manager driver the back compatible. >>>>> >>>>> Bitstream authentication makes sure a signed bitstream has valid >>>>> signatures. >>>>> >>>>> The customer sends the bitstream via FPGA framework and overlay, >>>>> the firmware will authenticate the bitstream but not program the >>>>> bitstream to device. If the authentication passes, the bitstream >>>>> will be programmed into QSPI flash and will be expected to boot >>>>> without issues. >>>>> >>>>> Extend Intel service layer, FPGA manager and region drivers to >>>>> support the bitstream authentication feature. >>>>> >>>>> Richard Gong (7): >>>>>    firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0 >>>>>    firmware: stratix10-svc: add COMMAND_AUTHENTICATE_BITSTREAM flag >>>>>    firmware: stratix10-svc: extend SVC driver to get the firmware >>>>> version >>>>>    fpga: fpga-mgr: add FPGA_MGR_BITSTREAM_AUTHENTICATE flag >>>>>    fpga: of-fpga-region: add authenticate-fpga-config property >>>>>    dt-bindings: fpga: add authenticate-fpga-config property >>>>>    fpga: stratix10-soc: extend driver for bitstream authentication >>>>> >>>>>   .../devicetree/bindings/fpga/fpga-region.txt       | 10 ++++ >>>>>   drivers/firmware/stratix10-svc.c                   | 12 ++++- >>>>>   drivers/fpga/of-fpga-region.c                      | 24 ++++++--- >>>>>   drivers/fpga/stratix10-soc.c                       | 62 >>>>> +++++++++++++++++++--- >>>>>   include/linux/firmware/intel/stratix10-smc.h       | 21 +++++++- >>>>>   .../linux/firmware/intel/stratix10-svc-client.h    | 11 +++- >>>>>   include/linux/fpga/fpga-mgr.h                      |  3 ++ >>>>>   7 files changed, 125 insertions(+), 18 deletions(-) >>>>> >>>>> -- >>>>> 2.7.4 >>>>> >>>> Apologies for the epic delay in getting back to this, I took another >>>> look at this patchset and Russ' patchset. >>>> >>>> TL;DR I'm not really a fan of using device-tree overlays for this (and >>>> again, apologies, I should've voiced this earlier ...). >>>> >>>> Anyways, let's find a common API for this and Russ' work, they're >>>> trying >>>> to achieve the same / similar thing, they should use the same API. >>>> >>>> I'd like to re-invetigate the possiblity to extend FPGA Manager with >>>> 'secure update' ops that work for both these use-cases (and I susspect >>>> hte XRT patchset will follow with a similar requirement, right after). >>> >>> The xrt patchset makes heavy use of device trees. >>> >>> What is the general guidance for device tree usage ? >> >> I'm not generally against using device tree, it has its place. To >> describe hardware (and hardware *changes* with overlays) :) >> >> What I don't like about this particular implementation w.r.t device-tree >> usage is that it uses DT overlays as a mechanism to program the flash -- >> in place of having an API to do so. >> >> One could add device-nodes during the DT overlay application, while the >> FPGA doesn't actually get programmed with a new runtime image -- meaning >> live DT and actual hardware state diverged -- worst case it'd crash. >> >> So when roughly at the same time (from the same company even) we have two >> patchsets that do similar things with radically different APIs I think >> we should pause, and reflect on whether we can come up with something >> that works for both :) >> > > I discussed with Russ and studies his patches, came to realize that the > work we had to accomplish was not same or similar. What I want to > achieve is to verify the identity of the bitstream, which is like doing > a "dry-run" to FPGA configuration. > > Performing FPGA configuration (full or partial) through the device tree > overlay is a method widely used by our customers. > > Russ's approach utilizes a different user API which is a set of sysfs > files. > > If we depart from device tree overlay, then the end-user must utilize 2 > different mechanism or APIs (device tree overlay is used for > full/partial configuration, and sysfs is used for bitstream > authentication). Similarly low-level FPGA manager driver also needs to > add additional codes. For the end-user the single and simple mechanism > is always better choice, device tree overlay should be a better way to > achieve that goal. > > Regards, > Richard > >> TL;DR the firmware parts to authenticate the bitstream look fine to >> me, the >> way we tie it into the FPGA region I'm not a fan of. >> >> - Moritz >>