diff options
| author | Suman Kumar Chakraborty <suman.kumar.chakraborty@intel.com> | 2026-03-19 11:02:57 +0000 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2026-03-27 18:52:43 +0900 |
| commit | 6ac142bf267ecf0aee5038abd00072ab583ce0de (patch) | |
| tree | c99aa9813ab3f05373488081085c5224376e0ce2 /Documentation/ABI/testing | |
| parent | 177730a273b18e195263ed953853273e901b5064 (diff) | |
| download | lwn-6ac142bf267ecf0aee5038abd00072ab583ce0de.tar.gz lwn-6ac142bf267ecf0aee5038abd00072ab583ce0de.zip | |
crypto: qat - add anti-rollback support for GEN6 devices
Anti-Rollback (ARB) is a QAT GEN6 hardware feature that prevents loading
firmware with a Security Version Number (SVN) lower than an authorized
minimum. This protects against downgrade attacks by ensuring that only
firmware at or above a committed SVN can run on the acceleration device.
During firmware loading, the driver checks the SVN validation status via
a hardware CSR. If the check reports a failure, firmware authentication
is aborted. If it reports a retry status, the driver reissues the
authentication command up to a maximum number of retries.
Extend the firmware admin interface with two new messages,
ICP_QAT_FW_SVN_READ and ICP_QAT_FW_SVN_COMMIT, to query and commit the
SVN, respectively. Integrate the SVN check into the firmware
authentication path in qat_uclo.c so the driver can react to
anti-rollback status during device bring-up.
Expose SVN information to userspace via a new sysfs attribute group,
qat_svn, under the PCI device directory. The group provides read-only
attributes for the active, enforced minimum, and permanent minimum SVN
values, as well as a write-only commit attribute that allows a system
administrator to commit the currently active SVN as the new authorized
minimum.
This is based on earlier work by Ciunas Bennett.
Signed-off-by: Suman Kumar Chakraborty <suman.kumar.chakraborty@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'Documentation/ABI/testing')
| -rw-r--r-- | Documentation/ABI/testing/sysfs-driver-qat_svn | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/Documentation/ABI/testing/sysfs-driver-qat_svn b/Documentation/ABI/testing/sysfs-driver-qat_svn new file mode 100644 index 000000000000..3832b523dcb0 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-driver-qat_svn @@ -0,0 +1,114 @@ +What: /sys/bus/pci/devices/<BDF>/qat_svn/ +Date: June 2026 +KernelVersion: 7.1 +Contact: qat-linux@intel.com +Description: Directory containing Security Version Number (SVN) attributes for + the Anti-Rollback (ARB) feature. The ARB feature prevents downloading + older firmware versions to the acceleration device. + +What: /sys/bus/pci/devices/<BDF>/qat_svn/enforced_min +Date: June 2026 +KernelVersion: 7.1 +Contact: qat-linux@intel.com +Description: + (RO) Reports the minimum allowed firmware SVN. + + Returns an integer greater than zero. Firmware with SVN lower than + this value is rejected. + + A write to qat_svn/commit will update this value. The update is not + persistent across reboot; on reboot, this value is reset from + qat_svn/permanent_min. + + Example usage:: + + # cat /sys/bus/pci/devices/<BDF>/qat_svn/enforced_min + 2 + + This attribute is available only on devices that support + Anti-Rollback. + +What: /sys/bus/pci/devices/<BDF>/qat_svn/permanent_min +Date: June 2026 +KernelVersion: 7.1 +Contact: qat-linux@intel.com +Description: + (RO) Reports the persistent minimum SVN used to initialize + qat_svn/enforced_min on each reboot. + + Returns an integer greater than zero. A write to qat_svn/commit + may update this value, depending on platform/BIOS settings. + + Example usage:: + + # cat /sys/bus/pci/devices/<BDF>/qat_svn/permanent_min + 3 + + This attribute is available only on devices that support + Anti-Rollback. + +What: /sys/bus/pci/devices/<BDF>/qat_svn/active +Date: June 2026 +KernelVersion: 7.1 +Contact: qat-linux@intel.com +Description: + (RO) Reports the SVN of the currently active firmware image. + + Returns an integer greater than zero. + + Example usage:: + + # cat /sys/bus/pci/devices/<BDF>/qat_svn/active + 2 + + This attribute is available only on devices that support + Anti-Rollback. + +What: /sys/bus/pci/devices/<BDF>/qat_svn/commit +Date: June 2026 +KernelVersion: 7.1 +Contact: qat-linux@intel.com +Description: + (WO) Commits the currently active SVN as the minimum allowed SVN. + + Writing 1 sets qat_svn/enforced_min to the value of qat_svn/active, + preventing future firmware loads with lower SVN. + + Depending on platform/BIOS settings, a commit may also update + qat_svn/permanent_min. + + Note that on reboot, qat_svn/enforced_min reverts to + qat_svn/permanent_min. + + It is advisable to use this attribute with caution, only when + it is necessary to set a new minimum SVN for the firmware. + + Before committing the SVN update, it is crucial to check the + current values of qat_svn/active, qat_svn/enforced_min and + qat_svn/permanent_min. This verification helps ensure that the + commit operation aligns with the intended outcome. + + While writing to the file, any value other than '1' will result + in an error and have no effect. + + Example usage:: + + ## Read current values + # cat /sys/bus/pci/devices/<BDF>/qat_svn/enforced_min + 2 + # cat /sys/bus/pci/devices/<BDF>/qat_svn/permanent_min + 2 + # cat /sys/bus/pci/devices/<BDF>/qat_svn/active + 3 + + ## Commit active SVN + # echo 1 > /sys/bus/pci/devices/<BDF>/qat_svn/commit + + ## Read updated values + # cat /sys/bus/pci/devices/<BDF>/qat_svn/enforced_min + 3 + # cat /sys/bus/pci/devices/<BDF>/qat_svn/permanent_min + 3 + + This attribute is available only on devices that support + Anti-Rollback. |