Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 82073,
    "url": "https://patches.dpdk.org/api/patches/82073/?format=api",
    "web_url": "https://patches.dpdk.org/project/dpdk/patch/20201025002953.1680999-7-qi.z.zhang@intel.com/",
    "project": {
        "id": 1,
        "url": "https://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20201025002953.1680999-7-qi.z.zhang@intel.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20201025002953.1680999-7-qi.z.zhang@intel.com",
    "date": "2020-10-25T00:29:38",
    "name": "[v2,06/21] net/ice/base: read security revision",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "a8068449d2cafd2e2688ed487cbe9cf19d4ee3dd",
    "submitter": {
        "id": 504,
        "url": "https://patches.dpdk.org/api/people/504/?format=api",
        "name": "Qi Zhang",
        "email": "qi.z.zhang@intel.com"
    },
    "delegate": {
        "id": 1540,
        "url": "https://patches.dpdk.org/api/users/1540/?format=api",
        "username": "qzhan15",
        "first_name": "Qi",
        "last_name": "Zhang",
        "email": "qi.z.zhang@intel.com"
    },
    "mbox": "https://patches.dpdk.org/project/dpdk/patch/20201025002953.1680999-7-qi.z.zhang@intel.com/mbox/",
    "series": [
        {
            "id": 13297,
            "url": "https://patches.dpdk.org/api/series/13297/?format=api",
            "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=13297",
            "date": "2020-10-25T00:29:32",
            "name": "ice: update base code",
            "version": 2,
            "mbox": "https://patches.dpdk.org/series/13297/mbox/"
        }
    ],
    "comments": "https://patches.dpdk.org/api/patches/82073/comments/",
    "check": "success",
    "checks": "https://patches.dpdk.org/api/patches/82073/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id AB3B1A04B5;\n\tSun, 25 Oct 2020 02:28:05 +0200 (CEST)",
            "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id DB5F12A66;\n\tSun, 25 Oct 2020 02:26:17 +0200 (CEST)",
            "from mga09.intel.com (mga09.intel.com [134.134.136.24])\n by dpdk.org (Postfix) with ESMTP id 0FE4525B3\n for <dev@dpdk.org>; Sun, 25 Oct 2020 02:26:06 +0200 (CEST)",
            "from fmsmga003.fm.intel.com ([10.253.24.29])\n by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 24 Oct 2020 17:26:06 -0700",
            "from dpdk51.sh.intel.com ([10.67.111.142])\n by FMSMGA003.fm.intel.com with ESMTP; 24 Oct 2020 17:26:04 -0700"
        ],
        "IronPort-SDR": [
            "\n n4rAvhdsRae5XtBbQkMYyeMhQUoWKMvzzF833Jh9AzFFIkbb6JVtF2E2bZ8S5nhMvTRSdLv1of\n Sws5TucAzMQw==",
            "\n S4kgoXWqT/6FQ/TG1wRFeOSzexJcze4avQs0r+fBL2BxvzIp4nkm+eoKKcGZ/JWxp/XO8Z8qIF\n paJhYsMV7Syw=="
        ],
        "X-IronPort-AV": [
            "E=McAfee;i=\"6000,8403,9784\"; a=\"167927031\"",
            "E=Sophos;i=\"5.77,414,1596524400\"; d=\"scan'208\";a=\"167927031\"",
            "E=Sophos;i=\"5.77,414,1596524400\"; d=\"scan'208\";a=\"359984029\""
        ],
        "X-Amp-Result": "SKIPPED(no attachment in message)",
        "X-Amp-File-Uploaded": "False",
        "X-ExtLoop1": "1",
        "From": "Qi Zhang <qi.z.zhang@intel.com>",
        "To": "qiming.yang@intel.com",
        "Cc": "dev@dpdk.org, Qi Zhang <qi.z.zhang@intel.com>,\n Jacob Keller <jacob.e.keller@intel.com>",
        "Date": "Sun, 25 Oct 2020 08:29:38 +0800",
        "Message-Id": "<20201025002953.1680999-7-qi.z.zhang@intel.com>",
        "X-Mailer": "git-send-email 2.25.4",
        "In-Reply-To": "<20201025002953.1680999-1-qi.z.zhang@intel.com>",
        "References": "<20201025002953.1680999-1-qi.z.zhang@intel.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Subject": "[dpdk-dev] [PATCH v2 06/21] net/ice/base: read security revision",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "The main NVM module and the Option ROM module contain a security\nrevision in their CSS header. This security revision is used to\ndetermine whether or not the signed module should be loaded at bootup.\nIf the module security revision is lower than the associated minimum\nsecurity revision, it will not be loaded.\n\nThe CSS header does not have a module id associated with it, and thus\nrequires flat NVM reads in order to access it. To do this, take\nadvantage of the cached bank information. Introduce a new\n\"ice_read_flash_module\" function that takes the module and bank to read.\nImplement both ice_read_active_nvm_module and\nice_read_active_orom_module. These functions will use the cached values\nto determine the active bank and calculate the appropriate offset.\n\nUsing these new access functions, extract the security revision for both\nthe main NVM bank and the Option ROM into the associated info structure.\n\nSigned-off-by: Jacob Keller <jacob.e.keller@intel.com>\nSigned-off-by: Qi Zhang <qi.z.zhang@intel.com>\n---\n drivers/net/ice/base/ice_nvm.c  | 174 ++++++++++++++++++++++++++++++++\n drivers/net/ice/base/ice_type.h |   9 ++\n 2 files changed, 183 insertions(+)",
    "diff": "diff --git a/drivers/net/ice/base/ice_nvm.c b/drivers/net/ice/base/ice_nvm.c\nindex 61af767edd..7b76af7b6f 100644\n--- a/drivers/net/ice/base/ice_nvm.c\n+++ b/drivers/net/ice/base/ice_nvm.c\n@@ -212,6 +212,107 @@ void ice_release_nvm(struct ice_hw *hw)\n \tice_release_res(hw, ICE_NVM_RES_ID);\n }\n \n+/**\n+ * ice_read_flash_module - Read a word from one of the main NVM modules\n+ * @hw: pointer to the HW structure\n+ * @bank: which bank of the module to read\n+ * @module: the module to read\n+ * @offset: the offset into the module in words\n+ * @data: storage for the word read from the flash\n+ *\n+ * Read a word from the specified bank of the module. The bank must be either\n+ * the 1st or 2nd bank. The word will be read using flat NVM access, and\n+ * relies on the hw->flash.banks data being setup by\n+ * ice_determine_active_flash_banks() during initialization.\n+ */\n+static enum ice_status\n+ice_read_flash_module(struct ice_hw *hw, enum ice_flash_bank bank, u16 module,\n+\t\t      u32 offset, u16 *data)\n+{\n+\tstruct ice_bank_info *banks = &hw->flash.banks;\n+\tu32 bytes = sizeof(u16);\n+\tenum ice_status status;\n+\t__le16 data_local;\n+\tbool second_bank;\n+\tu32 start;\n+\n+\tice_debug(hw, ICE_DBG_TRACE, \"%s\\n\", __func__);\n+\n+\tswitch (bank) {\n+\tcase ICE_1ST_FLASH_BANK:\n+\t\tsecond_bank = false;\n+\t\tbreak;\n+\tcase ICE_2ND_FLASH_BANK:\n+\t\tsecond_bank = true;\n+\t\tbreak;\n+\tcase ICE_INVALID_FLASH_BANK:\n+\tdefault:\n+\t\tice_debug(hw, ICE_DBG_NVM, \"Unexpected flash bank %u\\n\", bank);\n+\t\treturn ICE_ERR_PARAM;\n+\t}\n+\n+\tswitch (module) {\n+\tcase ICE_SR_1ST_NVM_BANK_PTR:\n+\t\tstart = banks->nvm_ptr + (second_bank ? banks->nvm_size : 0);\n+\t\tbreak;\n+\tcase ICE_SR_1ST_OROM_BANK_PTR:\n+\t\tstart = banks->orom_ptr + (second_bank ? banks->orom_size : 0);\n+\t\tbreak;\n+\tcase ICE_SR_NETLIST_BANK_PTR:\n+\t\tstart = banks->netlist_ptr + (second_bank ? banks->netlist_size : 0);\n+\t\tbreak;\n+\tdefault:\n+\t\tice_debug(hw, ICE_DBG_NVM, \"Unexpected flash module 0x%04x\\n\", module);\n+\t\treturn ICE_ERR_PARAM;\n+\t}\n+\n+\tstatus = ice_acquire_nvm(hw, ICE_RES_READ);\n+\tif (status)\n+\t\treturn status;\n+\n+\tstatus = ice_read_flat_nvm(hw, start + offset * sizeof(u16), &bytes,\n+\t\t\t\t   (_FORCE_ u8 *)&data_local, false);\n+\tif (!status)\n+\t\t*data = LE16_TO_CPU(data_local);\n+\n+\tice_release_nvm(hw);\n+\n+\treturn status;\n+}\n+\n+/**\n+ * ice_read_active_nvm_module - Read from the active main NVM module\n+ * @hw: pointer to the HW structure\n+ * @offset: offset into the NVM module to read, in words\n+ * @data: storage for returned word value\n+ *\n+ * Read the specified word from the active NVM module. This includes the CSS\n+ * header at the start of the NVM module.\n+ */\n+static enum ice_status\n+ice_read_active_nvm_module(struct ice_hw *hw, u32 offset, u16 *data)\n+{\n+\treturn ice_read_flash_module(hw, hw->flash.banks.nvm_bank,\n+\t\t\t\t     ICE_SR_1ST_NVM_BANK_PTR, offset, data);\n+}\n+\n+/**\n+ * ice_read_active_orom_module - Read from the active Option ROM module\n+ * @hw: pointer to the HW structure\n+ * @offset: offset into the OROM module to read, in words\n+ * @data: storage for returned word value\n+ *\n+ * Read the specified word from the active Option ROM module of the flash.\n+ * Note that unlike the NVM module, the CSS data is stored at the end of the\n+ * module instead of at the beginning.\n+ */\n+static enum ice_status\n+ice_read_active_orom_module(struct ice_hw *hw, u32 offset, u16 *data)\n+{\n+\treturn ice_read_flash_module(hw, hw->flash.banks.orom_bank,\n+\t\t\t\t     ICE_SR_1ST_OROM_BANK_PTR, offset, data);\n+}\n+\n /**\n  * ice_read_sr_word - Reads Shadow RAM word and acquire NVM if necessary\n  * @hw: pointer to the HW structure\n@@ -358,6 +459,32 @@ ice_read_pba_string(struct ice_hw *hw, u8 *pba_num, u32 pba_num_size)\n \treturn status;\n }\n \n+/**\n+ * ice_get_nvm_srev - Read the security revision from the NVM CSS header\n+ * @hw: pointer to the HW struct\n+ * @srev: storage for security revision\n+ *\n+ * Read the security revision out of the CSS header of the active NVM module\n+ * bank.\n+ */\n+static enum ice_status ice_get_nvm_srev(struct ice_hw *hw, u32 *srev)\n+{\n+\tenum ice_status status;\n+\tu16 srev_l, srev_h;\n+\n+\tstatus = ice_read_active_nvm_module(hw, ICE_NVM_CSS_SREV_L, &srev_l);\n+\tif (status)\n+\t\treturn status;\n+\n+\tstatus = ice_read_active_nvm_module(hw, ICE_NVM_CSS_SREV_H, &srev_h);\n+\tif (status)\n+\t\treturn status;\n+\n+\t*srev = srev_h << 16 | srev_l;\n+\n+\treturn ICE_SUCCESS;\n+}\n+\n /**\n  * ice_get_nvm_ver_info - Read NVM version information\n  * @hw: pointer to the HW struct\n@@ -393,6 +520,49 @@ ice_get_nvm_ver_info(struct ice_hw *hw, struct ice_nvm_info *nvm)\n \n \tnvm->eetrack = (eetrack_hi << 16) | eetrack_lo;\n \n+\tstatus = ice_get_nvm_srev(hw, &nvm->srev);\n+\tif (status)\n+\t\tice_debug(hw, ICE_DBG_NVM, \"Failed to read NVM security revision.\\n\");\n+\n+\treturn ICE_SUCCESS;\n+}\n+\n+/**\n+ * ice_get_orom_srev - Read the security revision from the OROM CSS header\n+ * @hw: pointer to the HW struct\n+ * @srev: storage for security revision\n+ *\n+ * Read the security revision out of the CSS header of the active OROM module\n+ * bank.\n+ */\n+static enum ice_status ice_get_orom_srev(struct ice_hw *hw, u32 *srev)\n+{\n+\tenum ice_status status;\n+\tu16 srev_l, srev_h;\n+\tu32 css_start;\n+\n+\tif (hw->flash.banks.orom_size < ICE_NVM_OROM_TRAILER_LENGTH) {\n+\t\tice_debug(hw, ICE_DBG_NVM, \"Unexpected Option ROM Size of %u\\n\",\n+\t\t\t  hw->flash.banks.orom_size);\n+\t\treturn ICE_ERR_CFG;\n+\t}\n+\n+\t/* calculate how far into the Option ROM the CSS header starts. Note\n+\t * that ice_read_active_orom_module takes a word offset so we need to\n+\t * divide by 2 here.\n+\t */\n+\tcss_start = (hw->flash.banks.orom_size - ICE_NVM_OROM_TRAILER_LENGTH) / 2;\n+\n+\tstatus = ice_read_active_orom_module(hw, css_start + ICE_NVM_CSS_SREV_L, &srev_l);\n+\tif (status)\n+\t\treturn status;\n+\n+\tstatus = ice_read_active_orom_module(hw, css_start + ICE_NVM_CSS_SREV_H, &srev_h);\n+\tif (status)\n+\t\treturn status;\n+\n+\t*srev = srev_h << 16 | srev_l;\n+\n \treturn ICE_SUCCESS;\n }\n \n@@ -448,6 +618,10 @@ ice_get_orom_ver_info(struct ice_hw *hw, struct ice_orom_info *orom)\n \torom->build = (u16)((combo_ver & ICE_OROM_VER_BUILD_MASK) >>\n \t\t\t    ICE_OROM_VER_BUILD_SHIFT);\n \n+\tstatus = ice_get_orom_srev(hw, &orom->srev);\n+\tif (status)\n+\t\tice_debug(hw, ICE_DBG_NVM, \"Failed to read Option ROM security revision.\\n\");\n+\n \treturn ICE_SUCCESS;\n }\n \ndiff --git a/drivers/net/ice/base/ice_type.h b/drivers/net/ice/base/ice_type.h\nindex 1e1c672cbd..fb350faa60 100644\n--- a/drivers/net/ice/base/ice_type.h\n+++ b/drivers/net/ice/base/ice_type.h\n@@ -509,11 +509,13 @@ struct ice_orom_info {\n \tu8 major;\t\t\t/* Major version of OROM */\n \tu8 patch;\t\t\t/* Patch version of OROM */\n \tu16 build;\t\t\t/* Build version of OROM */\n+\tu32 srev;\t\t\t/* Security revision */\n };\n \n /* NVM version information */\n struct ice_nvm_info {\n \tu32 eetrack;\n+\tu32 srev;\n \tu8 major;\n \tu8 minor;\n };\n@@ -1117,6 +1119,13 @@ enum ice_sw_fwd_act_type {\n #define ICE_SR_LINK_DEFAULT_OVERRIDE_PTR\t0x134\n #define ICE_SR_POR_REGISTERS_AUTOLOAD_PTR\t0x118\n \n+/* CSS Header words */\n+#define ICE_NVM_CSS_SREV_L\t\t\t0x14\n+#define ICE_NVM_CSS_SREV_H\t\t\t0x15\n+\n+/* Size in bytes of Option ROM trailer */\n+#define ICE_NVM_OROM_TRAILER_LENGTH\t\t660\n+\n /* Auxiliary field, mask and shift definition for Shadow RAM and NVM Flash */\n #define ICE_SR_VPD_SIZE_WORDS\t\t512\n #define ICE_SR_PCIE_ALT_SIZE_WORDS\t512\n",
    "prefixes": [
        "v2",
        "06/21"
    ]
}