git.droids-corp.org / dpdk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ea78b1) | patch
net/ice/base: sign external device package programming
authorQi Zhang <qi.z.zhang@intel.com>
Thu, 29 Apr 2021 00:41:42 +0000 (08:41 +0800)
committerQi Zhang <qi.z.zhang@intel.com>
Fri, 30 Apr 2021 13:48:05 +0000 (15:48 +0200)
commit2913bc4155d209f7d2d11b0d46f46d6ab8ad47e9
treeae2c34e2d0ac8d23eec3f35cf8968eff2cf6081ctree | snapshot
parent8ea78b169603579d29726da9a099ab87f8273cb3commit | diff
net/ice/base: sign external device package programming

External topology devices (e.g. PHYs) connected to 100G or to SoC that
includes 100G IP might have a firmware engine within the device and
the firmware is usually loaded from NVM connected to the topology
device.
The topology device NVM images can be updated using SW tools but
such solution poses a security risk if there is no validation of
the integrity of an image before programming it to the device NVM.
In order to prevent security risk, the topology device NVM image might
be included as part of 100G NVM image. When the topology device
NVM image is present in the 100G NVM image, it is authenticated
and might be loaded to the topology device at startup or on command
of SW using dedicated AQ.
This patch provides support for this functionality.

Signed-off-by: Stefan Wegrzyn <stefan.wegrzyn@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
drivers/net/ice/base/ice_adminq_cmd.h diff | blob | history
drivers/net/ice/base/ice_common.c diff | blob | history
drivers/net/ice/base/ice_common.h diff | blob | history
drivers/net/ice/base/ice_type.h diff | blob | history
DPDK repo used for reviews