mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-01 06:33:07 +00:00
7f03d84a67
Extend the MAX10 BMC Secure Update driver to provide sysfs files to expose the 128 bit code signing key (CSK) cancellation vectors. These use the standard bitmap list format (e.g. 1,2-6,9). Each CSK is assigned an ID, a number between 0-127, during the signing process. CSK ID cancellation information is stored in 128-bit fields in write-once locations in flash. The cancellation of a CSK can be used to prevent the card from being rolled back to older images that were signed with a CSK that is now cancelled. Reviewed-by: Tom Rix <trix@redhat.com> Tested-by: Tianfei Zhang <tianfei.zhang@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20220606160038.846236-5-russell.h.weight@intel.com Signed-off-by: Xu Yilun <yilun.xu@intel.com>
61 lines
2.5 KiB
Text
61 lines
2.5 KiB
Text
What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/sr_root_entry_hash
|
|
Date: Sep 2022
|
|
KernelVersion: 5.20
|
|
Contact: Russ Weight <russell.h.weight@intel.com>
|
|
Description: Read only. Returns the root entry hash for the static
|
|
region if one is programmed, else it returns the
|
|
string: "hash not programmed". This file is only
|
|
visible if the underlying device supports it.
|
|
Format: string.
|
|
|
|
What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/pr_root_entry_hash
|
|
Date: Sep 2022
|
|
KernelVersion: 5.20
|
|
Contact: Russ Weight <russell.h.weight@intel.com>
|
|
Description: Read only. Returns the root entry hash for the partial
|
|
reconfiguration region if one is programmed, else it
|
|
returns the string: "hash not programmed". This file
|
|
is only visible if the underlying device supports it.
|
|
Format: string.
|
|
|
|
What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/bmc_root_entry_hash
|
|
Date: Sep 2022
|
|
KernelVersion: 5.20
|
|
Contact: Russ Weight <russell.h.weight@intel.com>
|
|
Description: Read only. Returns the root entry hash for the BMC image
|
|
if one is programmed, else it returns the string:
|
|
"hash not programmed". This file is only visible if the
|
|
underlying device supports it.
|
|
Format: string.
|
|
|
|
What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/sr_canceled_csks
|
|
Date: Sep 2022
|
|
KernelVersion: 5.20
|
|
Contact: Russ Weight <russell.h.weight@intel.com>
|
|
Description: Read only. Returns a list of indices for canceled code
|
|
signing keys for the static region. The standard bitmap
|
|
list format is used (e.g. "1,2-6,9").
|
|
|
|
What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/pr_canceled_csks
|
|
Date: Sep 2022
|
|
KernelVersion: 5.20
|
|
Contact: Russ Weight <russell.h.weight@intel.com>
|
|
Description: Read only. Returns a list of indices for canceled code
|
|
signing keys for the partial reconfiguration region. The
|
|
standard bitmap list format is used (e.g. "1,2-6,9").
|
|
|
|
What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/bmc_canceled_csks
|
|
Date: Sep 2022
|
|
KernelVersion: 5.20
|
|
Contact: Russ Weight <russell.h.weight@intel.com>
|
|
Description: Read only. Returns a list of indices for canceled code
|
|
signing keys for the BMC. The standard bitmap list format
|
|
is used (e.g. "1,2-6,9").
|
|
|
|
What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/flash_count
|
|
Date: Sep 2022
|
|
KernelVersion: 5.20
|
|
Contact: Russ Weight <russell.h.weight@intel.com>
|
|
Description: Read only. Returns number of times the secure update
|
|
staging area has been flashed.
|
|
Format: "%u".
|