Re: [PATCH RESEND V2 4/6] platform/x86: Add Intel Software Defined Silicon driver

From: Greg KH
Date: Wed Dec 08 2021 - 13:43:05 EST

Next message: Steven Rostedt: "Re: [PATCH -mm 4/5] tools/perf: replace hard-coded 16 with TASK_COMM_LEN"
Previous message: Minchan Kim: "Re: [RFC] mm: introduce page pinner"
In reply to: David E. Box: "Re: [PATCH RESEND V2 4/6] platform/x86: Add Intel Software Defined Silicon driver"
Next in thread: Greg KH: "Re: [PATCH RESEND V2 4/6] platform/x86: Add Intel Software Defined Silicon driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 08, 2021 at 10:30:27AM -0800, David E. Box wrote:
> On Wed, 2021-12-08 at 19:12 +0100, Greg KH wrote:
> > On Wed, Dec 08, 2021 at 09:49:36AM -0800, David E. Box wrote:
> > > On Wed, 2021-12-08 at 17:24 +0100, Greg KH wrote:
> > > > On Tue, Dec 07, 2021 at 05:50:13PM -0800, David E. Box wrote:
> > > > > Intel Software Defined Silicon (SDSi) is a post manufacturing mechanism for
> > > > > activating additional silicon features. Features are enabled through a
> > > > > license activation process. The SDSi driver provides a per socket, sysfs
> > > > > attribute interface for applications to perform 3 main provisioning
> > > > > functions:
> > > > >
> > > > > 1. Provision an Authentication Key Certificate (AKC), a key written to
> > > > >    internal NVRAM that is used to authenticate a capability specific
> > > > >    activation payload.
> > > > >
> > > > > 2. Provision a Capability Activation Payload (CAP), a token authenticated
> > > > >    using the AKC and applied to the CPU configuration to activate a new
> > > > >    feature.
> > > > >
> > > > > 3. Read the SDSi State Certificate, containing the CPU configuration
> > > > >    state.
> > > > >
> > > > > The operations perform function specific mailbox commands that forward the
> > > > > requests to SDSi hardware to perform authentication of the payloads and
> > > > > enable the silicon configuration (to be made available after power
> > > > > cycling).
> > > > >
> > > > > The SDSi device itself is enumerated as an auxiliary device from the
> > > > > intel_vsec driver and as such has a build dependency on CONFIG_INTEL_VSEC.
> > > > >
> > > > > Link: https://github.com/intel/intel-sdsi
> > > >
> > > > There is no code at this link :(
> > > >
> > >
> > > Not yet. It's currently just documentation. But sample code was added to this patch series.
> >
> > Is the sample code "real" and what you are going to use for this api?
>
> It's real in that it could be used to provision real certificates on a production system.

Great, so it's all you need, you should move it to tools/ and be done
with it! :)

thanks,

greg k-h

Next message: Steven Rostedt: "Re: [PATCH -mm 4/5] tools/perf: replace hard-coded 16 with TASK_COMM_LEN"
Previous message: Minchan Kim: "Re: [RFC] mm: introduce page pinner"
In reply to: David E. Box: "Re: [PATCH RESEND V2 4/6] platform/x86: Add Intel Software Defined Silicon driver"
Next in thread: Greg KH: "Re: [PATCH RESEND V2 4/6] platform/x86: Add Intel Software Defined Silicon driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]