Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp148189rdb; Thu, 30 Nov 2023 00:26:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IHAE4WlN96/gmGBpykvFMztUTXF1I1G63+rVFqIArVqe6qs2sq/Ud/2E17i1gBVRPNzk6kJ X-Received: by 2002:a05:6e02:106e:b0:35c:7d64:fa53 with SMTP id q14-20020a056e02106e00b0035c7d64fa53mr19698348ilj.7.1701332788654; Thu, 30 Nov 2023 00:26:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701332788; cv=none; d=google.com; s=arc-20160816; b=MgvJ4Ipeg2wCXzX6zW8/LHD3HHH18uS0tuLdsiG2MMnz7J6JCFSqsI5X2wV+OthKqt o9+7XezBReZNoPxU+fq3FYvQYf+BOx/ArxOGvcWsQOWKbPN0HjzGPFEvHYEYt5W0B8pm c058ls6+rjmZQVK2WziEqTY4jHaYi4a6FwI/jlQoDDKv3ELF5j+HY8B4t8lSWuW3uKjl +EHN6Hmj6ojsIHm07dZkvd805D90mPpITkJDvPr5KZ+WewnNjuDphSy8MLXRDpI6JNk+ BZrqf/k1VazfIwHptLqLwONKYA1Qe3wZb9JryU3PqO5f0b4jNPWjA8ChqVU0cuZfv2EQ GrqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3or4yQsKh9YwOrj9rWWHVHSWW8Qmh36la/H0pPpt+rw=; fh=kDU2m21B16DVHj06JEA9jzcVSlggQ1lf5GFUdER5DPE=; b=0PLA4LUJRFO+z+kACj7YjMKmKZMmI4sqknjiwqAxpv8NrbVXzMq+FJZ82yVU7b5XzU RjvFMM6c7b77VJF7JcuFxO7LTGgBOTv/kdeOwbQRXed6x9MzVyNWoS5qfvoLTuSONJwy 2tp2gR4Utv2C8VNXK0AzMqBGHd77yW2xL7cMsBW4PjbkhAQN20y2tskc4qkVsgaZGKIL QDgTIPb81hu+YXg/2svyMLSj02UYYASLKPtseKawsD3uvpaBkwCQqAEricFZ4cbi8y9G I2hGPbJNficZ+JM+3FP42ewFZRrGIHruk40zKlhrZHbEehc2HKyTucer4ymgWahE1fYB 6UgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GVr8PfBu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id a21-20020a656415000000b005bdbea1c477si816430pgv.203.2023.11.30.00.26.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 00:26:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GVr8PfBu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id B1ED78045C76; Thu, 30 Nov 2023 00:26:25 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344851AbjK3I0D (ORCPT + 99 others); Thu, 30 Nov 2023 03:26:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231787AbjK3IZ7 (ORCPT ); Thu, 30 Nov 2023 03:25:59 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE0F510D0 for ; Thu, 30 Nov 2023 00:26:05 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7E3A1C433CA; Thu, 30 Nov 2023 08:26:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701332765; bh=BtRz+Y7hxsLxGACiC7aE/ah8oZo1Gqyj9qu8yNDvozU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GVr8PfBuWFgNaIixJBFfiDt1JmwDrd90RMDz8Z9oy5C/4UiaXE74/Hj1YHdxKMV3j zah6HNxIGGlf7pJFb14kJA8WRCGtqUTANDvVoIN8rmkQV4NXfDZ4zCBvz8hO9KTuoI cPDxT2l+6k9pS3UL9T/CrrHYeBYH1ztk6yx8V2LEnsqfA3nhXDaI2h4b0BTq1Lnwvw fy3MifJSQFp1u3Hg1EzI//fqCu+mpN6MCvQFfc/Whk/yUrgWbj9JfIiokNjYkeRsz8 b+K9GqKdjnKYrFzJmCxLmcfLglaNf9PCS/EQAunop3a53ykIL2oJuXXKb4oH3vGc9W KgaqHfVYiwVgw== From: Oded Gabbay To: dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Cc: Moti Haimovski Subject: [PATCH 2/2] accel/habanalabs/gaudi2: add signed dev info uAPI Date: Thu, 30 Nov 2023 10:25:57 +0200 Message-Id: <20231130082557.1783532-2-ogabbay@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231130082557.1783532-1-ogabbay@kernel.org> References: <20231130082557.1783532-1-ogabbay@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 30 Nov 2023 00:26:25 -0800 (PST) From: Moti Haimovski User will provide a nonce via the INFO ioctl, and will retrieve the signed device info generated using given nonce. Signed-off-by: Moti Haimovski Reviewed-by: Oded Gabbay Signed-off-by: Oded Gabbay --- drivers/accel/habanalabs/common/firmware_if.c | 8 ++++ drivers/accel/habanalabs/common/habanalabs.h | 2 + .../habanalabs/common/habanalabs_ioctl.c | 48 +++++++++++++++++++ include/linux/habanalabs/cpucp_if.h | 8 +++- include/uapi/drm/habanalabs_accel.h | 23 +++++++++ 5 files changed, 88 insertions(+), 1 deletion(-) diff --git a/drivers/accel/habanalabs/common/firmware_if.c b/drivers/accel/habanalabs/common/firmware_if.c index 9e9dfe013659..3558a6a8e192 100644 --- a/drivers/accel/habanalabs/common/firmware_if.c +++ b/drivers/accel/habanalabs/common/firmware_if.c @@ -3244,6 +3244,14 @@ int hl_fw_get_sec_attest_info(struct hl_device *hdev, struct cpucp_sec_attest_in HL_CPUCP_SEC_ATTEST_INFO_TINEOUT_USEC); } +int hl_fw_get_dev_info_signed(struct hl_device *hdev, + struct cpucp_dev_info_signed *dev_info_signed, u32 nonce) +{ + return hl_fw_get_sec_attest_data(hdev, CPUCP_PACKET_INFO_SIGNED_GET, dev_info_signed, + sizeof(struct cpucp_dev_info_signed), nonce, + HL_CPUCP_SEC_ATTEST_INFO_TINEOUT_USEC); +} + int hl_fw_send_generic_request(struct hl_device *hdev, enum hl_passthrough_type sub_opcode, dma_addr_t buff, u32 *size) { diff --git a/drivers/accel/habanalabs/common/habanalabs.h b/drivers/accel/habanalabs/common/habanalabs.h index 7b0209e5bad6..dd3fe3ddc00a 100644 --- a/drivers/accel/habanalabs/common/habanalabs.h +++ b/drivers/accel/habanalabs/common/habanalabs.h @@ -3964,6 +3964,8 @@ long hl_fw_get_max_power(struct hl_device *hdev); void hl_fw_set_max_power(struct hl_device *hdev); int hl_fw_get_sec_attest_info(struct hl_device *hdev, struct cpucp_sec_attest_info *sec_attest_info, u32 nonce); +int hl_fw_get_dev_info_signed(struct hl_device *hdev, + struct cpucp_dev_info_signed *dev_info_signed, u32 nonce); int hl_set_voltage(struct hl_device *hdev, int sensor_index, u32 attr, long value); int hl_set_current(struct hl_device *hdev, int sensor_index, u32 attr, long value); int hl_set_power(struct hl_device *hdev, int sensor_index, u32 attr, long value); diff --git a/drivers/accel/habanalabs/common/habanalabs_ioctl.c b/drivers/accel/habanalabs/common/habanalabs_ioctl.c index 8ef36effb95b..a43d21c5136a 100644 --- a/drivers/accel/habanalabs/common/habanalabs_ioctl.c +++ b/drivers/accel/habanalabs/common/habanalabs_ioctl.c @@ -719,6 +719,51 @@ static int sec_attest_info(struct hl_fpriv *hpriv, struct hl_info_args *args) return rc; } +static int dev_info_signed(struct hl_fpriv *hpriv, struct hl_info_args *args) +{ + void __user *out = (void __user *) (uintptr_t) args->return_pointer; + struct cpucp_dev_info_signed *dev_info_signed; + struct hl_info_signed *info; + u32 max_size = args->return_size; + int rc; + + if ((!max_size) || (!out)) + return -EINVAL; + + dev_info_signed = kzalloc(sizeof(*dev_info_signed), GFP_KERNEL); + if (!dev_info_signed) + return -ENOMEM; + + info = kzalloc(sizeof(*info), GFP_KERNEL); + if (!info) { + rc = -ENOMEM; + goto free_dev_info_signed; + } + + rc = hl_fw_get_dev_info_signed(hpriv->hdev, + dev_info_signed, args->sec_attest_nonce); + if (rc) + goto free_info; + + info->nonce = le32_to_cpu(dev_info_signed->nonce); + info->info_sig_len = dev_info_signed->info_sig_len; + info->pub_data_len = le16_to_cpu(dev_info_signed->pub_data_len); + info->certificate_len = le16_to_cpu(dev_info_signed->certificate_len); + memcpy(&info->info_sig, &dev_info_signed->info_sig, sizeof(info->info_sig)); + memcpy(&info->public_data, &dev_info_signed->public_data, sizeof(info->public_data)); + memcpy(&info->certificate, &dev_info_signed->certificate, sizeof(info->certificate)); + + rc = copy_to_user(out, info, min_t(size_t, max_size, sizeof(*info))) ? -EFAULT : 0; + +free_info: + kfree(info); +free_dev_info_signed: + kfree(dev_info_signed); + + return rc; +} + + static int eventfd_register(struct hl_fpriv *hpriv, struct hl_info_args *args) { int rc; @@ -1089,6 +1134,9 @@ static int _hl_info_ioctl(struct hl_fpriv *hpriv, void *data, case HL_INFO_FW_GENERIC_REQ: return send_fw_generic_request(hdev, args); + case HL_INFO_DEV_SIGNED: + return dev_info_signed(hpriv, args); + default: dev_err(dev, "Invalid request %d\n", args->op); rc = -EINVAL; diff --git a/include/linux/habanalabs/cpucp_if.h b/include/linux/habanalabs/cpucp_if.h index 86ea7c63a0d2..f316c8d0f3fc 100644 --- a/include/linux/habanalabs/cpucp_if.h +++ b/include/linux/habanalabs/cpucp_if.h @@ -659,6 +659,12 @@ enum pq_init_status { * number (nonce) provided by the host to prevent replay attacks. * public key and certificate also provided as part of the FW response. * + * CPUCP_PACKET_INFO_SIGNED_GET - + * Get the device information signed by the Trusted Platform device. + * device info data is also hashed with some unique number (nonce) provided + * by the host to prevent replay attacks. public key and certificate also + * provided as part of the FW response. + * * CPUCP_PACKET_MONITOR_DUMP_GET - * Get monitors registers dump from the CpuCP kernel. * The CPU will put the registers dump in the a buffer allocated by the driver @@ -733,7 +739,7 @@ enum cpucp_packet_id { CPUCP_PACKET_ENGINE_CORE_ASID_SET, /* internal */ CPUCP_PACKET_RESERVED2, /* not used */ CPUCP_PACKET_SEC_ATTEST_GET, /* internal */ - CPUCP_PACKET_RESERVED3, /* not used */ + CPUCP_PACKET_INFO_SIGNED_GET, /* internal */ CPUCP_PACKET_RESERVED4, /* not used */ CPUCP_PACKET_MONITOR_DUMP_GET, /* debugfs */ CPUCP_PACKET_RESERVED5, /* not used */ diff --git a/include/uapi/drm/habanalabs_accel.h b/include/uapi/drm/habanalabs_accel.h index 347c7b62e60e..3da0d3ac6056 100644 --- a/include/uapi/drm/habanalabs_accel.h +++ b/include/uapi/drm/habanalabs_accel.h @@ -846,6 +846,7 @@ enum hl_server_type { #define HL_INFO_HW_ERR_EVENT 36 #define HL_INFO_FW_ERR_EVENT 37 #define HL_INFO_USER_ENGINE_ERR_EVENT 38 +#define HL_INFO_DEV_SIGNED 40 #define HL_INFO_VERSION_MAX_LEN 128 #define HL_INFO_CARD_NAME_MAX_LEN 16 @@ -1290,6 +1291,28 @@ struct hl_info_sec_attest { __u8 pad0[2]; }; +/* + * struct hl_info_signed - device information signed by a secured device. + * @nonce: number only used once. random number provided by host. this also passed to the quote + * command as a qualifying data. + * @pub_data_len: length of the public data (bytes) + * @certificate_len: length of the certificate (bytes) + * @info_sig_len: length of the attestation signature (bytes) + * @public_data: public key info signed info data (outPublic + name + qualifiedName) + * @certificate: certificate for the signing key + * @info_sig: signature of the info + nonce data. + */ +struct hl_info_signed { + __u32 nonce; + __u16 pub_data_len; + __u16 certificate_len; + __u8 info_sig_len; + __u8 public_data[SEC_PUB_DATA_BUF_SZ]; + __u8 certificate[SEC_CERTIFICATE_BUF_SZ]; + __u8 info_sig[SEC_SIGNATURE_BUF_SZ]; + __u8 pad[4]; +}; + /** * struct hl_page_fault_info - page fault information. * @timestamp: timestamp of page fault. -- 2.34.1