wifi: rtw89: fw: add blacklist to avoid obsolete secure firmware

To ensure secure chip only runs expected secure firmware, stop using
obsolete firmware in blacklist which weakness or flaw was found.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20250217064308.43559-2-pkshih@realtek.com

diff --git a/drivers/net/wireless/realtek/rtw89/core.h b/drivers/net/wireless/realtek/rtw89/core.h
index 542390f1d28cbb70ccb0743405581c768acb1722..865cdcfa59e1d1ca755b0f3bd78e3d4b78668d9f 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/core.h
+++ b/drivers/net/wireless/realtek/rtw89/core.h
@@ -17,6 +17,7 @@ struct rtw89_dev;
 struct rtw89_pci_info;
 struct rtw89_mac_gen_def;
 struct rtw89_phy_gen_def;
+struct rtw89_fw_blacklist;
 struct rtw89_efuse_block_cfg;
 struct rtw89_h2c_rf_tssi;
 struct rtw89_fw_txpwr_track_cfg;
@@ -4259,6 +4260,7 @@ struct rtw89_chip_info {
        bool try_ce_fw;
        u8 bbmcu_nr;
        u32 needed_fw_elms;
+       const struct rtw89_fw_blacklist *fw_blacklist;
        u32 fifo_size;
        bool small_fifo_size;
        u32 dle_scc_rsvd_size;

diff --git a/drivers/net/wireless/realtek/rtw89/fw.c b/drivers/net/wireless/realtek/rtw89/fw.c
index eff94f0592c9eabc1bfadbfe2b893441bad4ec67..e4231dd620e6ea5b07ef4410335f86e914b3bb6e 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/fw.c
+++ b/drivers/net/wireless/realtek/rtw89/fw.c
@@ -38,6 +38,16 @@ struct rtw89_arp_rsp {
 
 static const u8 mss_signature[] = {0x4D, 0x53, 0x53, 0x4B, 0x50, 0x4F, 0x4F, 0x4C};
 
+const struct rtw89_fw_blacklist rtw89_fw_blacklist_default = {
+       .ver = 0x00,
+       .list = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+       },
+};
+EXPORT_SYMBOL(rtw89_fw_blacklist_default);
+
 union rtw89_fw_element_arg {
        size_t offset;
        enum rtw89_rf_path rf_path;
@@ -344,6 +354,46 @@ ignore:
        return 0;
 }
 
+static int __check_secure_blacklist(struct rtw89_dev *rtwdev,
+                                   struct rtw89_fw_bin_info *info,
+                                   struct rtw89_fw_hdr_section_info *section_info,
+                                   const void *content)
+{
+       const struct rtw89_fw_blacklist *chip_blacklist = rtwdev->chip->fw_blacklist;
+       const union rtw89_fw_section_mssc_content *section_content = content;
+       struct rtw89_fw_secure *sec = &rtwdev->fw.sec;
+       u8 byte_idx;
+       u8 bit_mask;
+
+       if (!sec->secure_boot)
+               return 0;
+
+       if (!info->secure_section_exist || section_info->ignore)
+               return 0;
+
+       if (!chip_blacklist) {
+               rtw89_err(rtwdev, "chip no blacklist for secure firmware\n");
+               return -ENOENT;
+       }
+
+       byte_idx = section_content->blacklist.bit_in_chip_list >> 3;
+       bit_mask = BIT(section_content->blacklist.bit_in_chip_list & 0x7);
+
+       if (section_content->blacklist.ver > chip_blacklist->ver) {
+               rtw89_err(rtwdev, "chip blacklist out of date (%u, %u)\n",
+                         section_content->blacklist.ver, chip_blacklist->ver);
+               return -EINVAL;
+       }
+
+       if (chip_blacklist->list[byte_idx] & bit_mask) {
+               rtw89_err(rtwdev, "firmware %u in chip blacklist\n",
+                         section_content->blacklist.ver);
+               return -EPERM;
+       }
+
+       return 0;
+}
+
 static int __parse_security_section(struct rtw89_dev *rtwdev,
                                    struct rtw89_fw_bin_info *info,
                                    struct rtw89_fw_hdr_section_info *section_info,
@@ -374,7 +424,7 @@ static int __parse_security_section(struct rtw89_dev *rtwdev,
                info->secure_section_exist = true;
        }
 
-       return 0;
+       return __check_secure_blacklist(rtwdev, info, section_info, content);
 }
 
 static int rtw89_fw_hdr_parser_v1(struct rtw89_dev *rtwdev, const u8 *fw, u32 len,

diff --git a/drivers/net/wireless/realtek/rtw89/fw.h b/drivers/net/wireless/realtek/rtw89/fw.h
index 53a4083ba12875e094a649a7feb8ae45b86d854e..1c53c1e224396e161d127455d033e2f1acab0a38 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/fw.h
+++ b/drivers/net/wireless/realtek/rtw89/fw.h
@@ -663,6 +663,11 @@ struct rtw89_fw_mss_pool_hdr {
 } __packed;
 
 union rtw89_fw_section_mssc_content {
+       struct {
+               u8 pad[0x20];
+               u8 bit_in_chip_list;
+               u8 ver;
+       } __packed blacklist;
        struct {
                u8 pad[58];
                __le32 v;
@@ -673,6 +678,13 @@ union rtw89_fw_section_mssc_content {
        } __packed key_sign_len;
 } __packed;
 
+struct rtw89_fw_blacklist {
+       u8 ver;
+       u8 list[32];
+};
+
+extern const struct rtw89_fw_blacklist rtw89_fw_blacklist_default;
+
 static inline void SET_CTRL_INFO_MACID(void *table, u32 val)
 {
        le32p_replace_bits((__le32 *)(table) + 0, val, GENMASK(6, 0));

diff --git a/drivers/net/wireless/realtek/rtw89/rtw8851b.c b/drivers/net/wireless/realtek/rtw89/rtw8851b.c
index 3ef07d80caf16f4bdf8c920a2603f7884a287606..3cd1d7a4d202c6aa19e01d7146d6d5b5a32b5a5e 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/rtw8851b.c
+++ b/drivers/net/wireless/realtek/rtw89/rtw8851b.c
@@ -2459,6 +2459,7 @@ const struct rtw89_chip_info rtw8851b_chip_info = {
        .try_ce_fw              = true,
        .bbmcu_nr               = 0,
        .needed_fw_elms         = 0,
+       .fw_blacklist           = NULL,
        .fifo_size              = 196608,
        .small_fifo_size        = true,
        .dle_scc_rsvd_size      = 98304,

diff --git a/drivers/net/wireless/realtek/rtw89/rtw8852a.c b/drivers/net/wireless/realtek/rtw89/rtw8852a.c
index bcd71d6fce29757d0e3c580e6701b13772a881a1..514ef0c2b32b7b9bac7b4f86d1a4d583cece67d4 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/rtw8852a.c
+++ b/drivers/net/wireless/realtek/rtw89/rtw8852a.c
@@ -2176,6 +2176,7 @@ const struct rtw89_chip_info rtw8852a_chip_info = {
        .try_ce_fw              = false,
        .bbmcu_nr               = 0,
        .needed_fw_elms         = 0,
+       .fw_blacklist           = NULL,
        .fifo_size              = 458752,
        .small_fifo_size        = false,
        .dle_scc_rsvd_size      = 0,

diff --git a/drivers/net/wireless/realtek/rtw89/rtw8852b.c b/drivers/net/wireless/realtek/rtw89/rtw8852b.c
index 2ef534b4e95136f8000caf060b3d4090ffe0e6fa..5dbb33d5e40383cb4c5325a5f4cfd9d7d036f105 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/rtw8852b.c
+++ b/drivers/net/wireless/realtek/rtw89/rtw8852b.c
@@ -812,6 +812,7 @@ const struct rtw89_chip_info rtw8852b_chip_info = {
        .try_ce_fw              = true,
        .bbmcu_nr               = 0,
        .needed_fw_elms         = 0,
+       .fw_blacklist           = &rtw89_fw_blacklist_default,
        .fifo_size              = 196608,
        .small_fifo_size        = true,
        .dle_scc_rsvd_size      = 98304,

diff --git a/drivers/net/wireless/realtek/rtw89/rtw8852bt.c b/drivers/net/wireless/realtek/rtw89/rtw8852bt.c
index 8f2dccc07bb51d91d99f036664bf78b64498b1db..b4832c7897a865ebd226d7ef248adb74ce3d3336 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/rtw8852bt.c
+++ b/drivers/net/wireless/realtek/rtw89/rtw8852bt.c
@@ -746,6 +746,7 @@ const struct rtw89_chip_info rtw8852bt_chip_info = {
        .try_ce_fw              = true,
        .bbmcu_nr               = 0,
        .needed_fw_elms         = RTW89_AX_GEN_DEF_NEEDED_FW_ELEMENTS_NO_6GHZ,
+       .fw_blacklist           = &rtw89_fw_blacklist_default,
        .fifo_size              = 458752,
        .small_fifo_size        = true,
        .dle_scc_rsvd_size      = 98304,

diff --git a/drivers/net/wireless/realtek/rtw89/rtw8852c.c b/drivers/net/wireless/realtek/rtw89/rtw8852c.c
index 5876b1e8bb6b701311c5f9591353d4a9876b26f5..f3965a65ae18c978e705070eb9e11bcc22b0f8c7 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/rtw8852c.c
+++ b/drivers/net/wireless/realtek/rtw89/rtw8852c.c
@@ -2968,6 +2968,7 @@ const struct rtw89_chip_info rtw8852c_chip_info = {
        .try_ce_fw              = false,
        .bbmcu_nr               = 0,
        .needed_fw_elms         = 0,
+       .fw_blacklist           = &rtw89_fw_blacklist_default,
        .fifo_size              = 458752,
        .small_fifo_size        = false,
        .dle_scc_rsvd_size      = 0,

diff --git a/drivers/net/wireless/realtek/rtw89/rtw8922a.c b/drivers/net/wireless/realtek/rtw89/rtw8922a.c
index f3661eb894dcd9468f09c5d0e737aa95865f5862..defa6cf9f7f0b76423516d648d22f15bbc2a5f2c 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/rtw8922a.c
+++ b/drivers/net/wireless/realtek/rtw89/rtw8922a.c
@@ -2729,6 +2729,7 @@ const struct rtw89_chip_info rtw8922a_chip_info = {
        .try_ce_fw              = false,
        .bbmcu_nr               = 1,
        .needed_fw_elms         = RTW89_BE_GEN_DEF_NEEDED_FW_ELEMENTS,
+       .fw_blacklist           = &rtw89_fw_blacklist_default,
        .fifo_size              = 589824,
        .small_fifo_size        = false,
        .dle_scc_rsvd_size      = 0,