Bug#1027953: src:linux: Enable Intel VSEC, SDSI and PMT drivers
Source: linux
Severity: wishlist
Tags: patch
X-Debbugs-Cc: miguel.bernal.marin@linux.intel.com, jair.de.jesus.gonzalez.plascencia@intel.com
Dear Maintainer,
Intel is planing to release the next-generation Xeon products [1] and some
of the features are not enabled on Debian. Some of those are described
below:
# Intel Vendor Specific Extended Capabilities Driver
CONFIG_INTEL_VSEC=m
This adds support for feature drivers exposed using Intel PCIe VSEC
and DVSEC. This feature is used by the Intel PMT and Intel SDSi
# Intel Platform Monitoring Technology (PMT)
CONFIG_INTEL_PMT_CLASS=m
CONFIG_INTEL_PMT_TELEMETRY=m
CONFIG_INTEL_PMT_CRASHLOG=m
Intel PMT is an architecture for enumerating and accessing hardware
monitoring capabilities on a device. With customers increasingly asking
for hardware telemetry, engineers not only have to figure out how to
measure and collect data, but also how to deliver it and make it
discoverable. The latter may be through some device specific method
requiring device specific tools to collect the data.
PMT provides a solution for discovering and reading telemetry from a
device through a hardware agnostic framework that allows for updates
to systems without requiring patches to the kernel or software tools.
The current capabilities defined by PMT are Telemetry, Watcher, and
Crashlog.
PMT defines several capabilities to support collecting monitoring data
from hardware. All are discoverable as separate instances of the PCIE
Designated Vendor extended capability (DVSEC) with the Intel vendor code.
# Intel Software Defined Silicon Driver (SDSi)
CONFIG_INTEL_SDSI=m
Intel Software Defined Silicon (SDSi) is a post manufacturing mechanism for
activating additional silicon features. Features are enabled through a
license activation process. The SDSi driver provides a per socket, sysfs
attribute interface for applications to perform 3 main provisioning
functions:
1. Provision an Authentication Key Certificate (AKC), a key written to
internal NVRAM that is used to authenticate a capability specific
activation payload.
2. Provision a Capability Activation Payload (CAP), a token authenticated
using the AKC and applied to the CPU configuration to activate a new
feature.
3. Read the SDSi State Certificate, containing the CPU configuration
state.
The operations perform function specific mailbox commands that forward the
requests to SDSi hardware to perform authentication of the payloads and
enable the silicon configuration (to be made available after power
cycling).
The SDSi device itself is enumerated as an auxiliary device from the
intel_vsec driver and as such has a build dependency on CONFIG_INTEL_VSEC.
Link: https://github.com/intel/intel-sdsi
A MR was created for this request:
MR: https://salsa.debian.org/kernel-team/linux/-/merge_requests/621
Please let me know if it needs any modification.
[1] https://www.intel.com/content/www/us/en/newsroom/news/intel-technology-roadmaps-milestones.html
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: