| Message ID | 20210609055232.4501-3-nava.manne@xilinx.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fpga: adds support to load the user-key encrypted FPGA Image loading | expand |
On Wed, Jun 09, 2021 at 11:22:30AM +0530, Nava kishore Manne wrote: > This patch Adds ‘encrypted-key-name’ property to > support user-key encrypted bitstream loading > use case. > > Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com> > --- > Changes for v2: > -Both DT properties ie; encrypted-key-name and encrypted-user-key-fpga-config > are targeted to use for the same use cases but ideally encrypted-key-name > is enough to serve the purpose so updated the file to remove the unwanted > encrypted-user-key-fpga-config property as suggested by Rob. > > Documentation/devicetree/bindings/fpga/fpga-region.txt | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt > index d787d57491a1..0de4a1c54650 100644 > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt > @@ -177,6 +177,9 @@ Optional properties: > it indicates that the FPGA has already been programmed with this image. > If this property is in an overlay targeting a FPGA region, it is a > request to program the FPGA with that image. > +- encrypted-key-name : should contain the name of an encrypted key file located > + on the firmware search path. It will be used to decrypt the FPGA image > + file with user-key. What is the format this "user-key" is in? Where is the documentation for how to use this type of thing? thanks, greg k-h
Hi Greg, Thanks for providing the review comments. Please find my response inline. > -----Original Message----- > From: Greg KH <gregkh@linuxfoundation.org> > Sent: Wednesday, June 9, 2021 3:26 PM > To: Nava kishore Manne <navam@xilinx.com> > Cc: robh+dt@kernel.org; Michal Simek <michals@xilinx.com>; > mdf@kernel.org; trix@redhat.com; arnd@arndb.de; Rajan Vaja > <RAJANV@xilinx.com>; Amit Sunil Dhamne <amitsuni@xlnx.xilinx.com>; > Tejas Patel <tejasp@xlnx.xilinx.com>; zou_wei@huawei.com; Sai Krishna > Potthuri <lakshmis@xilinx.com>; Ravi Patel <RAVIPATE@xilinx.com>; > iwamatsu@nigauri.org; Jiaying Liang <jliang@xilinx.com>; > devicetree@vger.kernel.org; linux-arm-kernel@lists.infradead.org; linux- > kernel@vger.kernel.org; linux-fpga@vger.kernel.org; git <git@xilinx.com>; > chinnikishore369@gmail.com > Subject: Re: [RFC v2 2/4] fpga: Add new property to support user-key > encrypted bitstream loading > > On Wed, Jun 09, 2021 at 11:22:30AM +0530, Nava kishore Manne wrote: > > This patch Adds ‘encrypted-key-name’ property to support user-key > > encrypted bitstream loading use case. > > > > Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com> > > --- > > Changes for v2: > > -Both DT properties ie; encrypted-key-name and encrypted-user- > key-fpga-config > > are targeted to use for the same use cases but ideally encrypted- > key-name > > is enough to serve the purpose so updated the file to remove the > unwanted > > encrypted-user-key-fpga-config property as suggested by Rob. > > > > Documentation/devicetree/bindings/fpga/fpga-region.txt | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > index d787d57491a1..0de4a1c54650 100644 > > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > @@ -177,6 +177,9 @@ Optional properties: > > it indicates that the FPGA has already been programmed with this > image. > > If this property is in an overlay targeting a FPGA region, it is a > > request to program the FPGA with that image. > > +- encrypted-key-name : should contain the name of an encrypted key file > located > > + on the firmware search path. It will be used to decrypt the FPGA > image > > + file with user-key. > > What is the format this "user-key" is in? Where is the documentation for > how to use this type of thing? > Will fix user key format issues in v3. Will update this binding doc with user key encrypted bitstream loading use case info. Use case info: Reconfiguration with encrypted image using AES key In this case, the FPGA Manager will decrypt the configuration data and placed it into the programmable logic. To decrypt the configuration data it uses AES key provided by the user. DT Overlay contains: /dts-v1/; /plugin/; &fpga_region0 { #address-cells = <1>; #size-cells = <1>; firmware-name = "versal-gpio.bin"; encrypted-key-name = “Aes-key.nky” gpio1: gpio@40000000 { compatible = "xlnx,xps-gpio-1.00.a"; reg = <0x40000000 0x10000>; gpio-controller; #gpio-cells = <0x2>; xlnx,gpio-width= <0x6>; }; }; Regards, Navakishore.
diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt index d787d57491a1..0de4a1c54650 100644 --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt @@ -177,6 +177,9 @@ Optional properties: it indicates that the FPGA has already been programmed with this image. If this property is in an overlay targeting a FPGA region, it is a request to program the FPGA with that image. +- encrypted-key-name : should contain the name of an encrypted key file located + on the firmware search path. It will be used to decrypt the FPGA image + file with user-key. - fpga-bridges : should contain a list of phandles to FPGA Bridges that must be controlled during FPGA programming along with the parent FPGA bridge. This property is optional if the FPGA Manager handles the bridges.
This patch Adds ‘encrypted-key-name’ property to support user-key encrypted bitstream loading use case. Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com> --- Changes for v2: -Both DT properties ie; encrypted-key-name and encrypted-user-key-fpga-config are targeted to use for the same use cases but ideally encrypted-key-name is enough to serve the purpose so updated the file to remove the unwanted encrypted-user-key-fpga-config property as suggested by Rob. Documentation/devicetree/bindings/fpga/fpga-region.txt | 3 +++ 1 file changed, 3 insertions(+)