Skip to content

Commit

Permalink
Add experimental extension to access firmware security version
Browse files Browse the repository at this point in the history
Resolves: #211

Signed-off-by: Kumar, Sanil <sanil.kumar@intel.com>
  • Loading branch information
sanilkumar0 authored Feb 1, 2024
1 parent a25a9ec commit d00e2bb
Show file tree
Hide file tree
Showing 2 changed files with 98 additions and 0 deletions.
43 changes: 43 additions & 0 deletions scripts/sysman/EXT_Exp_FirmwareSecurityVersion.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
<%
import re
from templates import helper as th
%><%
OneApi=tags['$OneApi']
s=tags['$s']
S=s.upper()
%>
:orphan:

.. _ZES_experimental_firmware_security_version:

===========================
Firmware Security Version
===========================

API
----

* Functions

* ${s}FirmwareGetSecurityVersionExp
* ${s}FirmwareSetSecurityVersionExp

* Enumerations

* ${s}_firmware_security_exp_version_t

Security Version
~~~~~~~~~~~~~~~~

This feature helps to prevent flashing of older firmware that have certain security vulnerabilities by using an hardware enforced anti-rollback scheme.
User can flash a firmware image and sets its version as the security version number (SVN). Images with lower SVN cannot be applied to device with
higher SVN for security considerations.

.. parsed-literal::
// Fetch current security version from the fuses
char* version = allocate(version_size);
${s}FirmwareGetSecurityVersionExp(hFirmware, &version);
// Set security version
${s}FirmwareSetSecurityVersionExp(hFirmware);
55 changes: 55 additions & 0 deletions scripts/sysman/firmwareSecurityVersion.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#
# Copyright (C) 2024 Intel Corporation
#
# SPDX-License-Identifier: MIT
#
# See YaML.md for syntax definition
#
--- #----------------------------------------------------------------------------------
type: header
desc: "Intel $OneApi Level-Zero Sysman Extension APIs for firmware security version"
version: "1.9"
--- #----------------------------------------------------------------------------------
type: macro
desc: "Firmware security version"
version: "1.9"
name: $S_FIRMWARE_SECURITY_VERSION_EXP_NAME
value: '"$XS_experimental_firmware_security_version"'
--- #--------------------------------------------------------------------------
type: enum
desc: "Firmware security version Extension Version(s)"
version: "1.9"
name: $s_firmware_security_exp_version_t
etors:
- name: "1_0"
value: "$X_MAKE_VERSION( 1, 0 )"
desc: "version 1.0"
--- #--------------------------------------------------------------------------
type: function
desc: "Get the firmware security version number of the currently running firmware"
version: "1.9"
class: $sFirmware
name: GetSecurityVersionExp
details:
- "The application may call this function from simultaneous threads."
- "The implementation of this function should be lock-free."
params:
- type: $s_firmware_handle_t
name: hFirmware
desc: "[in] Handle for the component."
- type: char
name: "version[$S_STRING_PROPERTY_SIZE]"
desc: "[out] NULL terminated string value. The string \"unknown\" will be returned if this property cannot be determined."
--- #--------------------------------------------------------------------------
type: function
desc: "Set the firmware security version number"
version: "1.9"
class: $sFirmware
name: SetSecurityVersionExp
details:
- "The application may call this function from simultaneous threads."
- "The implementation of this function should be lock-free."
params:
- type: $s_firmware_handle_t
name: hFirmware
desc: "[in] Handle for the component."

0 comments on commit d00e2bb

Please sign in to comment.