[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1027953: src:linux: Enable Intel VSEC, SDSI and PMT drivers

Source: linux
Severity: wishlist
Tags: patch
X-Debbugs-Cc: miguel.bernal.marin@linux.intel.com, jair.de.jesus.gonzalez.plascencia@intel.com

Dear Maintainer,

Intel is planing to release the next-generation Xeon products [1] and some
of the features are not enabled on Debian. Some of those are described
below:

# Intel Vendor Specific Extended Capabilities Driver

  CONFIG_INTEL_VSEC=m

  This adds support for feature drivers exposed using Intel PCIe VSEC
  and DVSEC. This feature is used by the Intel PMT and Intel SDSi

# Intel Platform Monitoring Technology (PMT)

  CONFIG_INTEL_PMT_CLASS=m
  CONFIG_INTEL_PMT_TELEMETRY=m
  CONFIG_INTEL_PMT_CRASHLOG=m

  Intel PMT is an architecture for enumerating and accessing hardware
  monitoring capabilities on a device. With customers increasingly asking
  for hardware telemetry, engineers not only have to figure out how to
  measure and collect data, but also how to deliver it and make it
  discoverable. The latter may be through some device specific method
  requiring device specific tools to collect the data.

  PMT provides a solution for discovering and reading telemetry from a
  device through a hardware agnostic framework that allows for updates
  to systems without requiring patches to the kernel or software tools.

  The current capabilities defined by PMT are Telemetry, Watcher, and
  Crashlog.

  PMT defines several capabilities to support collecting monitoring data
  from hardware. All are discoverable as separate instances of the PCIE
  Designated Vendor extended capability (DVSEC) with the Intel vendor code.

# Intel Software Defined Silicon Driver (SDSi)

  CONFIG_INTEL_SDSI=m
    
  Intel Software Defined Silicon (SDSi) is a post manufacturing mechanism for
  activating additional silicon features. Features are enabled through a
  license activation process.  The SDSi driver provides a per socket, sysfs
  attribute interface for applications to perform 3 main provisioning
  functions:
    
  1. Provision an Authentication Key Certificate (AKC), a key written to
     internal NVRAM that is used to authenticate a capability specific
     activation payload.
    
  2. Provision a Capability Activation Payload (CAP), a token authenticated
     using the AKC and applied to the CPU configuration to activate a new
     feature.

  3. Read the SDSi State Certificate, containing the CPU configuration
     state.
    
  The operations perform function specific mailbox commands that forward the
  requests to SDSi hardware to perform authentication of the payloads and
  enable the silicon configuration (to be made available after power
  cycling).
    
  The SDSi device itself is enumerated as an auxiliary device from the
  intel_vsec driver and as such has a build dependency on CONFIG_INTEL_VSEC.
    
  Link: https://github.com/intel/intel-sdsi

A MR was created for this request:

MR: https://salsa.debian.org/kernel-team/linux/-/merge_requests/621

Please let me know if it needs any modification.

[1] https://www.intel.com/content/www/us/en/newsroom/news/intel-technology-roadmaps-milestones.html

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.0.0-6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: