platform/x86/intel/ifs: Authenticate and copy to secured memory

mainline inclusion
from mainline-v5.19-rc1
commit 684ec215
category: feature
feature: Intel In Filed Scan(IFS)
bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I651S7
CVE: N/A
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/


commit/?id=684ec215

Intel-SIG: commit 684ec215 ("platform/x86/intel/ifs: Authenticate and copy to secured memory")

-------------------------------------

platform/x86/intel/ifs: Authenticate and copy to secured memory

The IFS image contains hashes that will be used to authenticate the ifs
test chunks. First, use WRMSR to copy the hashes and enumerate the number
of test chunks, chunk size and the maximum number of cores that can run
scan test simultaneously.

Next, use WRMSR to authenticate each and every scan test chunk which is
stored in the IFS image. The CPU will check if the test chunks match
the hashes, otherwise failure is indicated to system software. If the test
chunk is authenticated, it is automatically copied to secured memory.

Use schedule_work_on() to perform the hash copy and authentication. Note
this needs only be done on the first logical cpu of each socket.

Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
Co-developed-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20220506225410.1652287-8-tony.luck@intel.com


Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Aichun Shi <aichun.shi@intel.com>