On 5/9/2025 5:21 PM, Lee Trager wrote: > fbnic supports applying firmware which may not be rolled back. This is > implemented in firmware however it is useful for the driver to know the > minimum supported firmware version. This will enable the driver validate > new firmware before it is sent to the NIC. If it is too old the driver can > provide a clear message that the version is too old. > This reminds me of the original efforts i had with minimum firmware versions for the ice E810 hardware. I guess for fbnic, you entirely handle this within firmware so there's no reason to provide an interface to control this, and you have a lot more control over verifying that the anti-rollback behavior is correct. The definition for the minimum version is baked into the firmware image? So once a version with this anti-rollback is applied it then prevents you from rolling back to lower version, and can do a verification to enforce this. Unlike the similar "opt-in" behavior in ice which requires a user to first apply a firmware and then set the parameter, opening up a bunch of attestation issues due to not being a single atomic operation.
