Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp1163701rdb; Fri, 2 Feb 2024 16:36:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IH9sK3jcvXHe8UHiLJtTttBXO3H7L1ZVl6AwD41fH9FSSvH9nvc2c6ZxbQ6knXGE5QK5r2o X-Received: by 2002:a17:902:d501:b0:1d9:65be:68e3 with SMTP id b1-20020a170902d50100b001d965be68e3mr6037139plg.9.1706920575306; Fri, 02 Feb 2024 16:36:15 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706920575; cv=pass; d=google.com; s=arc-20160816; b=WRnmUcdojpC12BfUFiflHK1FROayy+OGq9Cx3cZ7osxS9n7goJFQiW6ZaVrDdobXtn zRsq2kZtqCHXhQvjcjyZy0v/yuHB95o3vGsfgsWVGW8EEzTmQEPQLL9gKMm97jGatcvQ 19aXpeFTlLq8popWkjMXAsDdAOmju603FPuMWkobCv3OxzAgktWv8pNA7B5M1VsFL3Kb jYMSI7u1/zZklzU0YqMq3KjPA7Vn7KSsnfXJG2ueavhMGHKRof/f9fzqiuABMSG0F0jb 84jXq6x9S4A2yX1e1Ej9JKoTcpYKhN7kwWl9hov4fHPsXm1Zk6hVLhAQ24wpUcFN4avv lq2A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=NofCeEFMI5hesu7pOlYkXQeD4tjdBfKrplO43zXdbYo=; fh=KsELAxlX9a+P76/tMeWJ2jI9oaZkxwAylRC7y3MVpuo=; b=u2X+jNCgEvVaUtH2wmQhaMIPRaAalkw1oR7GH8Xbc7mnfJ1ambkFHddnysShyq9KPK jpBVSheyeA+zfEGNOyX3eHU/Twx845SH8NN/jl/kTeVs+CtzUUt4U//INCJL4Sy/Lam2 hHIkMjACW+Z+UqmxGs5lkQsf0MPIzWByNcjSwIFU2C7ytJw7FC7THkPIfYdxGGYrsCn5 ureOcoy+TqhZby21LpT9bai5QJlJWLeijNvIYMqTg80hqx2PNXI2v5vMa7BORI5wgfjC 658ocgqxU0wMUzO7BdKiZVsK5PxeWV+K8gzp42OFlX6hmDo5lHVf/aDl+RT412cgB0hm dlow==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=realtek.com); spf=pass (google.com: domain of linux-wireless+bounces-3068-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-3068-linux.lists.archive=gmail.com@vger.kernel.org" X-Forwarded-Encrypted: i=1; AJvYcCWYVOh2LziQIZRqRPwUj1Z+682kLOawIrb3QUGywIfRmuAMugLbHmXbrQRI6PHudQmpKp0nujq9UlkGeAq+FDJQ2GZVaLBM2b7GVRwuCw== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id t10-20020a170902d28a00b001d893990719si2400356plc.359.2024.02.02.16.36.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 16:36:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless+bounces-3068-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=realtek.com); spf=pass (google.com: domain of linux-wireless+bounces-3068-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-wireless+bounces-3068-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id E310A288DF2 for ; Sat, 3 Feb 2024 00:33:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7DCFD626; Sat, 3 Feb 2024 00:33:38 +0000 (UTC) X-Original-To: linux-wireless@vger.kernel.org Received: from rtits2.realtek.com.tw (rtits2.realtek.com [211.75.126.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 17E3E622 for ; Sat, 3 Feb 2024 00:33:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=211.75.126.72 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706920418; cv=none; b=p0wUdN0Ig9071SwdSvtZJUVMD6TGE7yAdgARXuBJJxQyWn7APL1OgTb88y2nmLnz2Mw4rmvpUxgqFlRfgOXR6HkUzBH+NOdoliB32seK4rrpv3q3Jn4brX4dLRz0JLcOFAtmJC1JySEmLytgkLcYpQvhWQATOafEovlxRBEwyaI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706920418; c=relaxed/simple; bh=t1QD/HaNJ8fP0UavPWDtfQjiDac8zWLfH0U10n7OVUg=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=FEEMCgYADtwAOB4XIE3WCoUP57/uZdyUIKiNeTzoHHOnuBFJn4DfUBJWX4uizsE0EpsFYxfEh/FuN5uiifWUweolvCC+GI388J63RVQn+bJa4oKPTfB14qjq17eXBIsd+hy+1GQJPWwutdRsr+WklyzN95YaDio0qoySI49qYls= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=realtek.com; spf=pass smtp.mailfrom=realtek.com; arc=none smtp.client-ip=211.75.126.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=realtek.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=realtek.com X-SpamFilter-By: ArmorX SpamTrap 5.78 with qID 4130XQ5D02300742, This message is accepted by code: ctloc85258 Received: from mail.realtek.com (rtexh36505.realtek.com.tw[172.21.6.25]) by rtits2.realtek.com.tw (8.15.2/2.95/5.92) with ESMTPS id 4130XQ5D02300742 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 3 Feb 2024 08:33:26 +0800 Received: from RTEXMBS04.realtek.com.tw (172.21.6.97) by RTEXH36505.realtek.com.tw (172.21.6.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.32; Sat, 3 Feb 2024 08:33:27 +0800 Received: from [127.0.1.1] (172.16.16.254) by RTEXMBS04.realtek.com.tw (172.21.6.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Sat, 3 Feb 2024 08:33:26 +0800 From: Ping-Ke Shih To: CC: Subject: [PATCH 0/4] wifi: rtw89: fw: support firmware secure boot Date: Sat, 3 Feb 2024 08:32:47 +0800 Message-ID: <20240203003251.10641-1-pkshih@realtek.com> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: RTEXMBS02.realtek.com.tw (172.21.6.95) To RTEXMBS04.realtek.com.tw (172.21.6.97) X-KSE-ServerInfo: RTEXH36505.realtek.com.tw, 9 X-KSE-AntiSpam-Interceptor-Info: fallback X-KSE-Antivirus-Interceptor-Info: fallback X-KSE-AntiSpam-Interceptor-Info: fallback Firmware secure boot is to ensure firmware running on chip is the one which is signed and released officially. Without this, it will be failed to download firmware result from wrong security key data. The main difference between secure and non-secure boot is content of secure section, which is one type of many firmware sections, and is to provide key data. The basic steps for key data are: 1. read cryptography method and key_index from efuse (patch 2/4) 2. parse firmware file to select secure section by the information of step 1 (patch 3/4) 3. download firmware with selected secure section and key data (patch 4/4) Ping-Ke Shih (4): wifi: rtw89: fw: consider checksum length of security data wifi: rtw89: fw: read firmware secure information from efuse wifi: rtw89: fw: parse secure section from firmware file wifi: rtw89: fw: download firmware with key data for secure boot drivers/net/wireless/realtek/rtw89/core.h | 15 + drivers/net/wireless/realtek/rtw89/efuse.h | 1 + drivers/net/wireless/realtek/rtw89/efuse_be.c | 142 +++++++++ drivers/net/wireless/realtek/rtw89/fw.c | 296 ++++++++++++++++-- drivers/net/wireless/realtek/rtw89/fw.h | 47 ++- drivers/net/wireless/realtek/rtw89/pci.c | 2 + drivers/net/wireless/realtek/rtw89/rtw8922a.c | 3 + 7 files changed, 484 insertions(+), 22 deletions(-) -- 2.25.1