diff mbox series

[RFC,v2,2/4] fpga: Add new property to support user-key encrypted bitstream loading

Message ID 20210609055232.4501-3-nava.manne@xilinx.com (mailing list archive)
State New
Headers show
Series Fpga: adds support to load the user-key encrypted FPGA Image loading | expand

Commit Message

Nava kishore Manne June 9, 2021, 5:52 a.m. UTC
This patch Adds ‘encrypted-key-name’ property to
support user-key encrypted bitstream loading
use case.

Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com>
---
Changes for v2:
                -Both DT properties ie; encrypted-key-name and encrypted-user-key-fpga-config
                 are targeted to use for the same use cases but ideally encrypted-key-name
                 is enough to serve the purpose so updated the file to remove the unwanted
                 encrypted-user-key-fpga-config property as suggested by Rob.

 Documentation/devicetree/bindings/fpga/fpga-region.txt | 3 +++
 1 file changed, 3 insertions(+)

Comments

Greg Kroah-Hartman June 9, 2021, 9:56 a.m. UTC | #1
On Wed, Jun 09, 2021 at 11:22:30AM +0530, Nava kishore Manne wrote:
> This patch Adds ‘encrypted-key-name’ property to
> support user-key encrypted bitstream loading
> use case.
> 
> Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com>
> ---
> Changes for v2:
>                 -Both DT properties ie; encrypted-key-name and encrypted-user-key-fpga-config
>                  are targeted to use for the same use cases but ideally encrypted-key-name
>                  is enough to serve the purpose so updated the file to remove the unwanted
>                  encrypted-user-key-fpga-config property as suggested by Rob.
> 
>  Documentation/devicetree/bindings/fpga/fpga-region.txt | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> index d787d57491a1..0de4a1c54650 100644
> --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> @@ -177,6 +177,9 @@ Optional properties:
>  	it indicates that the FPGA has already been programmed with this image.
>  	If this property is in an overlay targeting a FPGA region, it is a
>  	request to program the FPGA with that image.
> +- encrypted-key-name : should contain the name of an encrypted key file located
> +	on the firmware search path. It will be used to decrypt the FPGA image
> +	file with user-key.

What is the format this "user-key" is in?  Where is the documentation
for how to use this type of thing?

thanks,

greg k-h
Nava kishore Manne July 9, 2021, 8:48 a.m. UTC | #2
Hi Greg,

	Thanks for providing the review comments.
Please find my response inline.

> -----Original Message-----
> From: Greg KH <gregkh@linuxfoundation.org>
> Sent: Wednesday, June 9, 2021 3:26 PM
> To: Nava kishore Manne <navam@xilinx.com>
> Cc: robh+dt@kernel.org; Michal Simek <michals@xilinx.com>;
> mdf@kernel.org; trix@redhat.com; arnd@arndb.de; Rajan Vaja
> <RAJANV@xilinx.com>; Amit Sunil Dhamne <amitsuni@xlnx.xilinx.com>;
> Tejas Patel <tejasp@xlnx.xilinx.com>; zou_wei@huawei.com; Sai Krishna
> Potthuri <lakshmis@xilinx.com>; Ravi Patel <RAVIPATE@xilinx.com>;
> iwamatsu@nigauri.org; Jiaying Liang <jliang@xilinx.com>;
> devicetree@vger.kernel.org; linux-arm-kernel@lists.infradead.org; linux-
> kernel@vger.kernel.org; linux-fpga@vger.kernel.org; git <git@xilinx.com>;
> chinnikishore369@gmail.com
> Subject: Re: [RFC v2 2/4] fpga: Add new property to support user-key
> encrypted bitstream loading
> 
> On Wed, Jun 09, 2021 at 11:22:30AM +0530, Nava kishore Manne wrote:
> > This patch Adds ‘encrypted-key-name’ property to support user-key
> > encrypted bitstream loading use case.
> >
> > Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com>
> > ---
> > Changes for v2:
> >                 -Both DT properties ie; encrypted-key-name and encrypted-user-
> key-fpga-config
> >                  are targeted to use for the same use cases but ideally encrypted-
> key-name
> >                  is enough to serve the purpose so updated the file to remove the
> unwanted
> >                  encrypted-user-key-fpga-config property as suggested by Rob.
> >
> >  Documentation/devicetree/bindings/fpga/fpga-region.txt | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > index d787d57491a1..0de4a1c54650 100644
> > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > @@ -177,6 +177,9 @@ Optional properties:
> >  	it indicates that the FPGA has already been programmed with this
> image.
> >  	If this property is in an overlay targeting a FPGA region, it is a
> >  	request to program the FPGA with that image.
> > +- encrypted-key-name : should contain the name of an encrypted key file
> located
> > +	on the firmware search path. It will be used to decrypt the FPGA
> image
> > +	file with user-key.
> 
> What is the format this "user-key" is in?  Where is the documentation for
> how to use this type of thing?
> 

Will fix user key format issues in v3.

Will update this binding doc with user key  encrypted bitstream loading use case info.

Use case info:
Reconfiguration with encrypted image using AES key
   In this case, the FPGA Manager will decrypt the configuration data and
   placed it into the programmable logic. To decrypt the configuration data
   it uses AES key provided by the user.

DT Overlay contains:
/dts-v1/;
/plugin/;

&fpga_region0 {
        #address-cells = <1>;
        #size-cells = <1>;

        firmware-name = "versal-gpio.bin";
        encrypted-key-name = “Aes-key.nky”

        gpio1: gpio@40000000 {
                compatible = "xlnx,xps-gpio-1.00.a";
                reg = <0x40000000 0x10000>;
                gpio-controller;
                #gpio-cells = <0x2>;
                xlnx,gpio-width= <0x6>;
        };
};

Regards,
Navakishore.
diff mbox series

Patch

diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt
index d787d57491a1..0de4a1c54650 100644
--- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
+++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
@@ -177,6 +177,9 @@  Optional properties:
 	it indicates that the FPGA has already been programmed with this image.
 	If this property is in an overlay targeting a FPGA region, it is a
 	request to program the FPGA with that image.
+- encrypted-key-name : should contain the name of an encrypted key file located
+	on the firmware search path. It will be used to decrypt the FPGA image
+	file with user-key.
 - fpga-bridges : should contain a list of phandles to FPGA Bridges that must be
 	controlled during FPGA programming along with the parent FPGA bridge.
 	This property is optional if the FPGA Manager handles the bridges.