Re: [RFC v3 09/27] PCI/CMA: Authenticate devices on enumeration

[Aksh Garg]

On 11/02/26 08:59, alistair23@xxxxxxxxx wrote:
> diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig
> index e3f848ffb52a..7ea403799d78 100644
> --- a/drivers/pci/Kconfig
> +++ b/drivers/pci/Kconfig
> @@ -125,6 +125,22 @@ config PCI_ATS
>   config PCI_IDE
>   	bool
>   
> +config PCI_CMA
> +	bool "Component Measurement and Authentication (CMA-SPDM)"
> +	select CRYPTO_ECDSA
> +	select CRYPTO_RSA
> +	select CRYPTO_SHA256
> +	select CRYPTO_SHA512
> +	select PCI_DOE
> +	select RSPDM
> +	help
> +	  Authenticate devices on enumeration per PCIe r6.2 sec 6.31.
> +	  A PCI DOE mailbox is used as transport for DMTF SPDM based
> +	  authentication, measurement and secure channel establishment.
> +
> +config PCI_DOE
> +	bool
> +

config PCI_DOE is already in this Kconfig file just below config PCI_TSM

>   config PCI_TSM
>   	bool "PCI TSM: Device security protocol support"
>   	select PCI_IDE
> diff --git a/drivers/pci/Makefile b/drivers/pci/Makefile
> index e10cfe5a280b..f026f5dbb938 100644
> --- a/drivers/pci/Makefile
> +++ b/drivers/pci/Makefile
> @@ -40,6 +40,8 @@ obj-$(CONFIG_PCI_DYNAMIC_OF_NODES) += of_property.o
>   obj-$(CONFIG_PCI_NPEM)		+= npem.o
>   obj-$(CONFIG_PCIE_TPH)		+= tph.o
>   
> +obj-$(CONFIG_PCI_CMA)		+= cma.o
> +
>   # Endpoint library must be initialized before its users
>   obj-$(CONFIG_PCI_ENDPOINT)	+= endpoint/
>   
> diff --git a/drivers/pci/cma.c b/drivers/pci/cma.c
> new file mode 100644
> index 000000000000..7463cd1179f0
> --- /dev/null
> +++ b/drivers/pci/cma.c
> @@ -0,0 +1,101 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Component Measurement and Authentication (CMA-SPDM, PCIe r6.2 sec 6.31)
> + *
> + * Copyright (C) 2021 Huawei
> + *     Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx>
> + *
> + * Copyright (C) 2022-24 Intel Corporation
> + */
> +
> +#define dev_fmt(fmt) "CMA: " fmt
> +
> +#include <linux/pci.h>
> +#include <linux/pci-doe.h>
> +#include <linux/pm_runtime.h>
> +#include <linux/spdm.h>
> +
> +#include "pci.h"
> +
> +/* Keyring that userspace can poke certs into */
> +static struct key *pci_cma_keyring;
> +
> +#define PCI_DOE_FEATURE_CMA 1

This macro is already present in <linux/pci-doe.h>, which have been
included in this file.

Regards,
Aksh Garg