| Message ID | 20210504102227.15475-3-nava.manne@xilinx.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Fpga: adds support to load the user-key encrypted FPGA Image loading | expand |
On Tue, May 04, 2021 at 03:52:25PM +0530, Nava kishore Manne wrote: > This patch Adds ‘encrypted-key-name’ and > ‘encrypted-user-key-fpga-config’ properties > to support user-key encrypted bitstream loading > use case. > > Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com> > --- > Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt > index d787d57491a1..957dc6cbcd9e 100644 > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt > @@ -177,6 +177,9 @@ Optional properties: > it indicates that the FPGA has already been programmed with this image. > If this property is in an overlay targeting a FPGA region, it is a > request to program the FPGA with that image. > +- encrypted-key-name : should contain the name of an encrypted key file located > + on the firmware search path. It will be used to decrypt the FPGA image > + file. > - fpga-bridges : should contain a list of phandles to FPGA Bridges that must be > controlled during FPGA programming along with the parent FPGA bridge. > This property is optional if the FPGA Manager handles the bridges. > @@ -187,6 +190,8 @@ Optional properties: > - external-fpga-config : boolean, set if the FPGA has already been configured > prior to OS boot up. > - encrypted-fpga-config : boolean, set if the bitstream is encrypted > +- encrypted-user-key-fpga-config : boolean, set if the bitstream is encrypted > + with user key. What's the relationship with encrypted-fpga-config? Both present or mutually exclusive? Couldn't this be implied by encrypted-key-name being present? > - region-unfreeze-timeout-us : The maximum time in microseconds to wait for > bridges to successfully become enabled after the region has been > programmed. > -- > 2.17.1 >
Hi Rob, Please find my response inline. > -----Original Message----- > From: Rob Herring <robh@kernel.org> > Sent: Thursday, May 13, 2021 8:01 AM > To: Nava kishore Manne <navam@xilinx.com> > Cc: mdf@kernel.org; trix@redhat.com; Michal Simek <michals@xilinx.com>; > arnd@arndb.de; Rajan Vaja <RAJANV@xilinx.com>; > gregkh@linuxfoundation.org; linus.walleij@linaro.org; Amit Sunil Dhamne > <amitsuni@xlnx.xilinx.com>; Tejas Patel <tejasp@xlnx.xilinx.com>; > zou_wei@huawei.com; Manish Narani <MNARANI@xilinx.com>; Sai Krishna > Potthuri <lakshmis@xilinx.com>; Jiaying Liang <jliang@xilinx.com>; linux- > fpga@vger.kernel.org; devicetree@vger.kernel.org; linux- > kernel@vger.kernel.org; linux-arm-kernel@lists.infradead.org; git > <git@xilinx.com>; chinnikishore369@gmail.com > Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support user-key > encrypted bitstream loading > > On Tue, May 04, 2021 at 03:52:25PM +0530, Nava kishore Manne wrote: > > This patch Adds ‘encrypted-key-name’ and > > ‘encrypted-user-key-fpga-config’ properties to support user-key > > encrypted bitstream loading use case. > > > > Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com> > > --- > > Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > index d787d57491a1..957dc6cbcd9e 100644 > > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > @@ -177,6 +177,9 @@ Optional properties: > > it indicates that the FPGA has already been programmed with this > image. > > If this property is in an overlay targeting a FPGA region, it is a > > request to program the FPGA with that image. > > +- encrypted-key-name : should contain the name of an encrypted key file > located > > + on the firmware search path. It will be used to decrypt the FPGA > image > > + file. > > - fpga-bridges : should contain a list of phandles to FPGA Bridges that must > be > > controlled during FPGA programming along with the parent FPGA > bridge. > > This property is optional if the FPGA Manager handles the bridges. > > @@ -187,6 +190,8 @@ Optional properties: > > - external-fpga-config : boolean, set if the FPGA has already been > configured > > prior to OS boot up. > > - encrypted-fpga-config : boolean, set if the bitstream is encrypted > > +- encrypted-user-key-fpga-config : boolean, set if the bitstream is > encrypted > > + with user key. > > What's the relationship with encrypted-fpga-config? Both present or > mutually exclusive? Couldn't this be implied by encrypted-key-name being > present? > In Encryption we have two kinds of use case one is Encrypted Bitstream loading with Device-key and Other one is Encrypted Bitstream loading with User-key. encrypted-fpga-config and encrypted-user-key-fpga-config are mutually exclusive. To differentiate both the use cases I have added this new flag and Aes Key file(encrypted-key-name) is needed only for encrypted-user-key-fpga-config use cases. Regards, Navakishore.
On Thu, May 13, 2021 at 5:55 AM Nava kishore Manne <navam@xilinx.com> wrote: > > Hi Rob, > > Please find my response inline. > > > -----Original Message----- > > From: Rob Herring <robh@kernel.org> > > Sent: Thursday, May 13, 2021 8:01 AM > > To: Nava kishore Manne <navam@xilinx.com> > > Cc: mdf@kernel.org; trix@redhat.com; Michal Simek <michals@xilinx.com>; > > arnd@arndb.de; Rajan Vaja <RAJANV@xilinx.com>; > > gregkh@linuxfoundation.org; linus.walleij@linaro.org; Amit Sunil Dhamne > > <amitsuni@xlnx.xilinx.com>; Tejas Patel <tejasp@xlnx.xilinx.com>; > > zou_wei@huawei.com; Manish Narani <MNARANI@xilinx.com>; Sai Krishna > > Potthuri <lakshmis@xilinx.com>; Jiaying Liang <jliang@xilinx.com>; linux- > > fpga@vger.kernel.org; devicetree@vger.kernel.org; linux- > > kernel@vger.kernel.org; linux-arm-kernel@lists.infradead.org; git > > <git@xilinx.com>; chinnikishore369@gmail.com > > Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support user-key > > encrypted bitstream loading > > > > On Tue, May 04, 2021 at 03:52:25PM +0530, Nava kishore Manne wrote: > > > This patch Adds ‘encrypted-key-name’ and > > > ‘encrypted-user-key-fpga-config’ properties to support user-key > > > encrypted bitstream loading use case. > > > > > > Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com> > > > --- > > > Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++ > > > 1 file changed, 5 insertions(+) > > > > > > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > index d787d57491a1..957dc6cbcd9e 100644 > > > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > @@ -177,6 +177,9 @@ Optional properties: > > > it indicates that the FPGA has already been programmed with this > > image. > > > If this property is in an overlay targeting a FPGA region, it is a > > > request to program the FPGA with that image. > > > +- encrypted-key-name : should contain the name of an encrypted key file > > located > > > + on the firmware search path. It will be used to decrypt the FPGA > > image > > > + file. > > > - fpga-bridges : should contain a list of phandles to FPGA Bridges that must > > be > > > controlled during FPGA programming along with the parent FPGA > > bridge. > > > This property is optional if the FPGA Manager handles the bridges. > > > @@ -187,6 +190,8 @@ Optional properties: > > > - external-fpga-config : boolean, set if the FPGA has already been > > configured > > > prior to OS boot up. > > > - encrypted-fpga-config : boolean, set if the bitstream is encrypted > > > +- encrypted-user-key-fpga-config : boolean, set if the bitstream is > > encrypted > > > + with user key. > > > > What's the relationship with encrypted-fpga-config? Both present or > > mutually exclusive? Couldn't this be implied by encrypted-key-name being > > present? > > > > In Encryption we have two kinds of use case one is Encrypted Bitstream loading with Device-key and > Other one is Encrypted Bitstream loading with User-key. encrypted-fpga-config and encrypted-user-key-fpga-config > are mutually exclusive. To differentiate both the use cases I have added this new flag and Aes Key file(encrypted-key-name) > is needed only for encrypted-user-key-fpga-config use cases. If encrypted-key-name is required for a user key, then why do you need encrypted-user-key-fpga-config also? IOW, why have 3 properties (that's 9 possible combinations) for 2 modes? Rob
Hi Rob, Please find my response inline. > -----Original Message----- > From: Rob Herring <robh@kernel.org> > Sent: Thursday, May 13, 2021 8:05 PM > To: Nava kishore Manne <navam@xilinx.com> > Cc: mdf@kernel.org; trix@redhat.com; Michal Simek <michals@xilinx.com>; > arnd@arndb.de; Rajan Vaja <RAJANV@xilinx.com>; > gregkh@linuxfoundation.org; linus.walleij@linaro.org; Amit Sunil Dhamne > <amitsuni@xlnx.xilinx.com>; Tejas Patel <tejasp@xlnx.xilinx.com>; > zou_wei@huawei.com; Manish Narani <MNARANI@xilinx.com>; Sai Krishna > Potthuri <lakshmis@xilinx.com>; Jiaying Liang <jliang@xilinx.com>; linux- > fpga@vger.kernel.org; devicetree@vger.kernel.org; linux- > kernel@vger.kernel.org; linux-arm-kernel@lists.infradead.org; git > <git@xilinx.com>; chinnikishore369@gmail.com > Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support user-key > encrypted bitstream loading > > On Thu, May 13, 2021 at 5:55 AM Nava kishore Manne <navam@xilinx.com> > wrote: > > > > Hi Rob, > > > > Please find my response inline. > > > > > -----Original Message----- > > > From: Rob Herring <robh@kernel.org> > > > Sent: Thursday, May 13, 2021 8:01 AM > > > To: Nava kishore Manne <navam@xilinx.com> > > > Cc: mdf@kernel.org; trix@redhat.com; Michal Simek > > > <michals@xilinx.com>; arnd@arndb.de; Rajan Vaja > <RAJANV@xilinx.com>; > > > gregkh@linuxfoundation.org; linus.walleij@linaro.org; Amit Sunil > > > Dhamne <amitsuni@xlnx.xilinx.com>; Tejas Patel > > > <tejasp@xlnx.xilinx.com>; zou_wei@huawei.com; Manish Narani > > > <MNARANI@xilinx.com>; Sai Krishna Potthuri <lakshmis@xilinx.com>; > > > Jiaying Liang <jliang@xilinx.com>; linux- fpga@vger.kernel.org; > > > devicetree@vger.kernel.org; linux- kernel@vger.kernel.org; > > > linux-arm-kernel@lists.infradead.org; git <git@xilinx.com>; > > > chinnikishore369@gmail.com > > > Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support > > > user-key encrypted bitstream loading > > > > > > On Tue, May 04, 2021 at 03:52:25PM +0530, Nava kishore Manne wrote: > > > > This patch Adds ‘encrypted-key-name’ and > > > > ‘encrypted-user-key-fpga-config’ properties to support user-key > > > > encrypted bitstream loading use case. > > > > > > > > Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com> > > > > --- > > > > Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++ > > > > 1 file changed, 5 insertions(+) > > > > > > > > diff --git > > > > a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > > b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > > index d787d57491a1..957dc6cbcd9e 100644 > > > > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > > @@ -177,6 +177,9 @@ Optional properties: > > > > it indicates that the FPGA has already been programmed with > > > > this > > > image. > > > > If this property is in an overlay targeting a FPGA region, it is a > > > > request to program the FPGA with that image. > > > > +- encrypted-key-name : should contain the name of an encrypted > > > > +key file > > > located > > > > + on the firmware search path. It will be used to decrypt the > > > > + FPGA > > > image > > > > + file. > > > > - fpga-bridges : should contain a list of phandles to FPGA > > > > Bridges that must > > > be > > > > controlled during FPGA programming along with the parent FPGA > > > bridge. > > > > This property is optional if the FPGA Manager handles the bridges. > > > > @@ -187,6 +190,8 @@ Optional properties: > > > > - external-fpga-config : boolean, set if the FPGA has already > > > > been > > > configured > > > > prior to OS boot up. > > > > - encrypted-fpga-config : boolean, set if the bitstream is > > > > encrypted > > > > +- encrypted-user-key-fpga-config : boolean, set if the bitstream > > > > +is > > > encrypted > > > > + with user key. > > > > > > What's the relationship with encrypted-fpga-config? Both present or > > > mutually exclusive? Couldn't this be implied by encrypted-key-name > > > being present? > > > > > > > In Encryption we have two kinds of use case one is Encrypted Bitstream > > loading with Device-key and Other one is Encrypted Bitstream loading > > with User-key. encrypted-fpga-config and > > encrypted-user-key-fpga-config are mutually exclusive. To differentiate > both the use cases I have added this new flag and Aes Key file(encrypted-key- > name) is needed only for encrypted-user-key-fpga-config use cases. > > If encrypted-key-name is required for a user key, then why do you need > encrypted-user-key-fpga-config also? > > IOW, why have 3 properties (that's 9 possible combinations) for 2 modes? > Agree, we can use encrypted-key-name for user-key use cases instead of having both encrypted-key-name and encrypted-user-key-fpga-config flags. Will fix this issue in v2. Regards, Navakishore.
diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt index d787d57491a1..957dc6cbcd9e 100644 --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt @@ -177,6 +177,9 @@ Optional properties: it indicates that the FPGA has already been programmed with this image. If this property is in an overlay targeting a FPGA region, it is a request to program the FPGA with that image. +- encrypted-key-name : should contain the name of an encrypted key file located + on the firmware search path. It will be used to decrypt the FPGA image + file. - fpga-bridges : should contain a list of phandles to FPGA Bridges that must be controlled during FPGA programming along with the parent FPGA bridge. This property is optional if the FPGA Manager handles the bridges. @@ -187,6 +190,8 @@ Optional properties: - external-fpga-config : boolean, set if the FPGA has already been configured prior to OS boot up. - encrypted-fpga-config : boolean, set if the bitstream is encrypted +- encrypted-user-key-fpga-config : boolean, set if the bitstream is encrypted + with user key. - region-unfreeze-timeout-us : The maximum time in microseconds to wait for bridges to successfully become enabled after the region has been programmed.
This patch Adds ‘encrypted-key-name’ and ‘encrypted-user-key-fpga-config’ properties to support user-key encrypted bitstream loading use case. Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com> --- Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++ 1 file changed, 5 insertions(+)