On 5/12/25 11:47 AM, Jacob Keller wrote:
On 5/9/2025 5:21 PM, Lee Trager wrote:
fbnic supports applying firmware which may not be rolled back. This is
implemented in firmware however it is useful for the driver to know the
minimum supported firmware version. This will enable the driver validate
new firmware before it is sent to the NIC. If it is too old the driver can
provide a clear message that the version is too old.
This reminds me of the original efforts i had with minimum firmware
versions for the ice E810 hardware.
I guess for fbnic, you entirely handle this within firmware so there's
no reason to provide an interface to control this, and you have a lot
more control over verifying that the anti-rollback behavior is correct.
The definition for the minimum version is baked into the firmware image?
So once a version with this anti-rollback is applied it then prevents
you from rolling back to lower version, and can do a verification to
enforce this. Unlike the similar "opt-in" behavior in ice which requires
a user to first apply a firmware and then set the parameter, opening up
a bunch of attestation issues due to not being a single atomic operation.
Correct this is handled entirely in firmware. We use the normal firmware
update process when incrementing anti-rollback. During the updating
process firmware first validates that the new version number is >= to
the anti rollback version set in the SOTP. If not the update is
rejected. The drivers role is purely informational, it checks anti roll
back and provides devlink with a human readable error when necessary.
When incrementing anti rollback the NIC first boots the new firmware.
Once it has validated it can boot the new firmware it increments the
anti roll back version in the SOTP automatically. This makes anti roll
back automatic and provides a way for us to abort the process if needed.
