From: Jérôme Pouiller <jerome.pouil...@silabs.com> In case a security flaw is found in a version of firmware, the device offers a way to disallow the loading an older firmware.
This patch provides a vendor extension to nl80211 to enable this feature. Signed-off-by: Jérôme Pouiller <jerome.pouil...@silabs.com> --- drivers/staging/wfx/hif_api_general.h | 8 ++++++++ drivers/staging/wfx/hif_tx.c | 18 ++++++++++++++++++ drivers/staging/wfx/hif_tx.h | 1 + drivers/staging/wfx/nl80211_vendor.c | 23 +++++++++++++++++++++++ drivers/staging/wfx/nl80211_vendor.h | 11 +++++++++++ 5 files changed, 61 insertions(+) diff --git a/drivers/staging/wfx/hif_api_general.h b/drivers/staging/wfx/hif_api_general.h index dba18a7ae9194..c8af3534700ca 100644 --- a/drivers/staging/wfx/hif_api_general.h +++ b/drivers/staging/wfx/hif_api_general.h @@ -361,4 +361,12 @@ struct hif_cnf_sl_configure { __le32 status; } __packed; +struct hif_req_prevent_rollback { + __le32 magic_word; // Return an error if not equal to 0x5C8912F3 +} __packed; + +struct hif_cnf_prevent_rollback { + __le32 status; +} __packed; + #endif diff --git a/drivers/staging/wfx/hif_tx.c b/drivers/staging/wfx/hif_tx.c index 6db41587cc7a5..899e1eb71a44b 100644 --- a/drivers/staging/wfx/hif_tx.c +++ b/drivers/staging/wfx/hif_tx.c @@ -535,6 +535,24 @@ int hif_update_ie_beacon(struct wfx_vif *wvif, const u8 *ies, size_t ies_len) return ret; } +int hif_burn_prevent_rollback(struct wfx_dev *wdev, u32 magic_word) +{ + int ret; + struct hif_msg *hif; + struct hif_req_prevent_rollback *body = wfx_alloc_hif(sizeof(*body), + &hif); + + if (!hif) + return -ENOMEM; + body->magic_word = cpu_to_le32(magic_word); + wfx_fill_header(hif, -1, HIF_REQ_ID_PREVENT_ROLLBACK, sizeof(*body)); + ret = wfx_cmd_send(wdev, hif, NULL, 0, false); + if (ret == le32_to_cpu(HIF_STATUS_ROLLBACK_SUCCESS)) + ret = 0; + kfree(hif); + return ret; +} + int hif_sl_send_pub_keys(struct wfx_dev *wdev, const u8 *pubkey, const u8 *pubkey_hmac) { diff --git a/drivers/staging/wfx/hif_tx.h b/drivers/staging/wfx/hif_tx.h index e1da28aef706e..d29c72d94789a 100644 --- a/drivers/staging/wfx/hif_tx.h +++ b/drivers/staging/wfx/hif_tx.h @@ -57,6 +57,7 @@ int hif_start(struct wfx_vif *wvif, const struct ieee80211_bss_conf *conf, int hif_beacon_transmit(struct wfx_vif *wvif, bool enable); int hif_map_link(struct wfx_vif *wvif, u8 *mac_addr, int flags, int sta_id); int hif_update_ie_beacon(struct wfx_vif *wvif, const u8 *ies, size_t ies_len); +int hif_burn_prevent_rollback(struct wfx_dev *wdev, u32 magic_word); int hif_sl_set_mac_key(struct wfx_dev *wdev, const u8 *slk_key, int destination); int hif_sl_config(struct wfx_dev *wdev, const unsigned long *bitmap); diff --git a/drivers/staging/wfx/nl80211_vendor.c b/drivers/staging/wfx/nl80211_vendor.c index ec2fd2d73885f..1a9d411718a73 100644 --- a/drivers/staging/wfx/nl80211_vendor.c +++ b/drivers/staging/wfx/nl80211_vendor.c @@ -7,6 +7,7 @@ #include "nl80211_vendor.h" #include "wfx.h" #include "sta.h" +#include "hif_tx.h" int wfx_nl_ps_timeout(struct wiphy *wiphy, struct wireless_dev *widev, const void *data, int data_len) @@ -47,3 +48,25 @@ int wfx_nl_ps_timeout(struct wiphy *wiphy, struct wireless_dev *widev, return rc; } +int wfx_nl_burn_antirollback(struct wiphy *wiphy, struct wireless_dev *widev, + const void *data, int data_len) +{ + struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy); + struct wfx_dev *wdev = (struct wfx_dev *)hw->priv; + struct nlattr *tb[WFX_NL80211_ATTR_MAX]; + u32 magic; + int rc; + + rc = nla_parse(tb, WFX_NL80211_ATTR_MAX - 1, data, data_len, + wfx_nl_policy, NULL); + if (rc) + return rc; + if (!tb[WFX_NL80211_ATTR_ROLLBACK_MAGIC]) + return -EINVAL; + magic = nla_get_u32(tb[WFX_NL80211_ATTR_ROLLBACK_MAGIC]); + rc = hif_burn_prevent_rollback(wdev, magic); + if (rc) + return -EINVAL; + return 0; +} + diff --git a/drivers/staging/wfx/nl80211_vendor.h b/drivers/staging/wfx/nl80211_vendor.h index c069330e240a9..49efe8716a654 100644 --- a/drivers/staging/wfx/nl80211_vendor.h +++ b/drivers/staging/wfx/nl80211_vendor.h @@ -16,18 +16,23 @@ int wfx_nl_ps_timeout(struct wiphy *wiphy, struct wireless_dev *widev, const void *data, int data_len); +int wfx_nl_burn_antirollback(struct wiphy *wiphy, struct wireless_dev *widev, + const void *data, int data_len); enum { WFX_NL80211_SUBCMD_PS_TIMEOUT = 0x10, + WFX_NL80211_SUBCMD_BURN_PREVENT_ROLLBACK = 0x20, }; enum { WFX_NL80211_ATTR_PS_TIMEOUT = 1, + WFX_NL80211_ATTR_ROLLBACK_MAGIC = 2, WFX_NL80211_ATTR_MAX }; static const struct nla_policy wfx_nl_policy[WFX_NL80211_ATTR_MAX] = { [WFX_NL80211_ATTR_PS_TIMEOUT] = NLA_POLICY_RANGE(NLA_S32, -1, 127), + [WFX_NL80211_ATTR_ROLLBACK_MAGIC] = { .type = NLA_U32 }, }; static const struct wiphy_vendor_command wfx_nl80211_vendor_commands[] = { @@ -38,6 +43,12 @@ static const struct wiphy_vendor_command wfx_nl80211_vendor_commands[] = { .policy = wfx_nl_policy, .doit = wfx_nl_ps_timeout, .maxattr = WFX_NL80211_ATTR_MAX - 1, + }, { + .info.vendor_id = WFX_NL80211_ID, + .info.subcmd = WFX_NL80211_SUBCMD_BURN_PREVENT_ROLLBACK, + .policy = wfx_nl_policy, + .doit = wfx_nl_burn_antirollback, + .maxattr = WFX_NL80211_ATTR_MAX - 1, }, }; -- 2.26.2 _______________________________________________ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel