From: soren.brinkmann@xilinx.com (Sören Brinkmann)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 3/4] fpga mgr: zynq: Add support for encrypted bitstreams
Date: Tue, 8 Nov 2016 10:32:17 -0800 [thread overview]
Message-ID: <20161108183217.GV14444@xsjsorenbubuntu> (raw)
In-Reply-To: <20161107001326.7395-4-moritz.fischer@ettus.com>
On Sun, 2016-11-06 at 17:13:25 -0700, Moritz Fischer wrote:
> Add new flag FPGA_MGR_DECRYPT_BISTREAM as well as a matching
> capability FPGA_MGR_CAP_DECRYPT to allow for on-the-fly
> decryption of an encrypted bitstream.
>
> If the system is not booted in secure mode AES & HMAC units
> are disabled by the boot ROM, therefore the capability
> is not available.
>
> Signed-off-by: Moritz Fischer <moritz.fischer@ettus.com>
> Cc: Alan Tull <atull@opensource.altera.com>
> Cc: Michal Simek <michal.simek@xilinx.com>
> Cc: S?ren Brinkmann <soren.brinkmann@xilinx.com>
> Cc: linux-kernel at vger.kernel.org
> Cc: linux-arm-kernel at lists.infradead.org
> ---
> drivers/fpga/fpga-mgr.c | 7 +++++++
> drivers/fpga/zynq-fpga.c | 21 +++++++++++++++++++--
> include/linux/fpga/fpga-mgr.h | 2 ++
> 3 files changed, 28 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/fpga/fpga-mgr.c b/drivers/fpga/fpga-mgr.c
> index 98230b7..e4d08e1 100644
> --- a/drivers/fpga/fpga-mgr.c
> +++ b/drivers/fpga/fpga-mgr.c
> @@ -61,6 +61,12 @@ int fpga_mgr_buf_load(struct fpga_manager *mgr, u32 flags, const char *buf,
> return -ENOTSUPP;
> }
>
> + if (flags & FPGA_MGR_DECRYPT_BITSTREAM &&
> + !fpga_mgr_has_cap(FPGA_MGR_CAP_DECRYPT, mgr->caps)) {
> + dev_err(dev, "Bitstream decryption not supported\n");
> + return -ENOTSUPP;
> + }
> +
> /*
> * Call the low level driver's write_init function. This will do the
> * device-specific things to get the FPGA into the state where it is
> @@ -170,6 +176,7 @@ static const char * const state_str[] = {
> static const char * const cap_str[] = {
> [FPGA_MGR_CAP_FULL_RECONF] = "Full reconfiguration",
> [FPGA_MGR_CAP_PARTIAL_RECONF] = "Partial reconfiguration",
> + [FPGA_MGR_CAP_DECRYPT] = "Decrypt bitstream on the fly",
> };
>
> static ssize_t name_show(struct device *dev,
> diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c
> index 1d37ff0..0aa4705 100644
> --- a/drivers/fpga/zynq-fpga.c
> +++ b/drivers/fpga/zynq-fpga.c
> @@ -71,6 +71,10 @@
> #define CTRL_PCAP_PR_MASK BIT(27)
> /* Enable PCAP */
> #define CTRL_PCAP_MODE_MASK BIT(26)
> +/* Needed to reduce clock rate for secure config */
> +#define CTRL_PCAP_RATE_EN_MASK BIT(25)
> +/* System booted in secure mode */
> +#define CTRL_SEC_EN_MASK BIT(7)
>
> /* Miscellaneous Control Register bit definitions */
> /* Internal PCAP loopback */
> @@ -252,12 +256,20 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, u32 flags,
>
> /* set configuration register with following options:
> * - enable PCAP interface
> - * - set throughput for maximum speed
> + * - set throughput for maximum speed (if we're not decrypting)
> * - set CPU in user mode
> */
> ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
> - zynq_fpga_write(priv, CTRL_OFFSET,
> + if (flags & FPGA_MGR_DECRYPT_BITSTREAM) {
> + zynq_fpga_write(priv, CTRL_OFFSET,
> + (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK |
> + CTRL_PCAP_RATE_EN_MASK | ctrl));
> +
> + } else {
> + ctrl &= ~CTRL_PCAP_RATE_EN_MASK;
> + zynq_fpga_write(priv, CTRL_OFFSET,
> (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl));
> + }
Minor nit:
Assuming that there may be more caps to check to come, wouldn't it be
slightly easier to write this in a way like?:
if (flags & SOME_FLAG)
ctrl |= FOO;
if (flags & SOME_OTHER_FLAG)
ctrl |= BAR;
zynq_fpga_write(priv, CTRL_OFFSET, ctrl);
i.e. moving the fpga_write outside of the conditionals.
S?ren
WARNING: multiple messages have this Message-ID (diff)
From: "Sören Brinkmann" <soren.brinkmann@xilinx.com>
To: Moritz Fischer <moritz.fischer@ettus.com>
Cc: <linux-kernel@vger.kernel.org>,
<moritz.fischer.private@gmail.com>, <atull@opensource.altera.com>,
<michal.simek@xilinx.com>, <linux-arm-kernel@lists.infradead.org>,
<julia@ni.com>
Subject: Re: [PATCH 3/4] fpga mgr: zynq: Add support for encrypted bitstreams
Date: Tue, 8 Nov 2016 10:32:17 -0800 [thread overview]
Message-ID: <20161108183217.GV14444@xsjsorenbubuntu> (raw)
In-Reply-To: <20161107001326.7395-4-moritz.fischer@ettus.com>
On Sun, 2016-11-06 at 17:13:25 -0700, Moritz Fischer wrote:
> Add new flag FPGA_MGR_DECRYPT_BISTREAM as well as a matching
> capability FPGA_MGR_CAP_DECRYPT to allow for on-the-fly
> decryption of an encrypted bitstream.
>
> If the system is not booted in secure mode AES & HMAC units
> are disabled by the boot ROM, therefore the capability
> is not available.
>
> Signed-off-by: Moritz Fischer <moritz.fischer@ettus.com>
> Cc: Alan Tull <atull@opensource.altera.com>
> Cc: Michal Simek <michal.simek@xilinx.com>
> Cc: Sören Brinkmann <soren.brinkmann@xilinx.com>
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-arm-kernel@lists.infradead.org
> ---
> drivers/fpga/fpga-mgr.c | 7 +++++++
> drivers/fpga/zynq-fpga.c | 21 +++++++++++++++++++--
> include/linux/fpga/fpga-mgr.h | 2 ++
> 3 files changed, 28 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/fpga/fpga-mgr.c b/drivers/fpga/fpga-mgr.c
> index 98230b7..e4d08e1 100644
> --- a/drivers/fpga/fpga-mgr.c
> +++ b/drivers/fpga/fpga-mgr.c
> @@ -61,6 +61,12 @@ int fpga_mgr_buf_load(struct fpga_manager *mgr, u32 flags, const char *buf,
> return -ENOTSUPP;
> }
>
> + if (flags & FPGA_MGR_DECRYPT_BITSTREAM &&
> + !fpga_mgr_has_cap(FPGA_MGR_CAP_DECRYPT, mgr->caps)) {
> + dev_err(dev, "Bitstream decryption not supported\n");
> + return -ENOTSUPP;
> + }
> +
> /*
> * Call the low level driver's write_init function. This will do the
> * device-specific things to get the FPGA into the state where it is
> @@ -170,6 +176,7 @@ static const char * const state_str[] = {
> static const char * const cap_str[] = {
> [FPGA_MGR_CAP_FULL_RECONF] = "Full reconfiguration",
> [FPGA_MGR_CAP_PARTIAL_RECONF] = "Partial reconfiguration",
> + [FPGA_MGR_CAP_DECRYPT] = "Decrypt bitstream on the fly",
> };
>
> static ssize_t name_show(struct device *dev,
> diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c
> index 1d37ff0..0aa4705 100644
> --- a/drivers/fpga/zynq-fpga.c
> +++ b/drivers/fpga/zynq-fpga.c
> @@ -71,6 +71,10 @@
> #define CTRL_PCAP_PR_MASK BIT(27)
> /* Enable PCAP */
> #define CTRL_PCAP_MODE_MASK BIT(26)
> +/* Needed to reduce clock rate for secure config */
> +#define CTRL_PCAP_RATE_EN_MASK BIT(25)
> +/* System booted in secure mode */
> +#define CTRL_SEC_EN_MASK BIT(7)
>
> /* Miscellaneous Control Register bit definitions */
> /* Internal PCAP loopback */
> @@ -252,12 +256,20 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, u32 flags,
>
> /* set configuration register with following options:
> * - enable PCAP interface
> - * - set throughput for maximum speed
> + * - set throughput for maximum speed (if we're not decrypting)
> * - set CPU in user mode
> */
> ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
> - zynq_fpga_write(priv, CTRL_OFFSET,
> + if (flags & FPGA_MGR_DECRYPT_BITSTREAM) {
> + zynq_fpga_write(priv, CTRL_OFFSET,
> + (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK |
> + CTRL_PCAP_RATE_EN_MASK | ctrl));
> +
> + } else {
> + ctrl &= ~CTRL_PCAP_RATE_EN_MASK;
> + zynq_fpga_write(priv, CTRL_OFFSET,
> (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl));
> + }
Minor nit:
Assuming that there may be more caps to check to come, wouldn't it be
slightly easier to write this in a way like?:
if (flags & SOME_FLAG)
ctrl |= FOO;
if (flags & SOME_OTHER_FLAG)
ctrl |= BAR;
zynq_fpga_write(priv, CTRL_OFFSET, ctrl);
i.e. moving the fpga_write outside of the conditionals.
Sören
next prev parent reply other threads:[~2016-11-08 18:32 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-07 0:13 [PATCH 0/4] fpga mgr: Add support for capabilities & encrypted bistreams Moritz Fischer
2016-11-07 0:13 ` Moritz Fischer
2016-11-07 0:13 ` [PATCH 1/4] fpga mgr: Introduce FPGA capabilities Moritz Fischer
2016-11-07 0:13 ` Moritz Fischer
2016-11-14 14:01 ` atull
2016-11-14 14:01 ` atull
2016-11-14 14:06 ` atull
2016-11-14 14:06 ` atull
2016-11-14 17:26 ` Moritz Fischer
2016-11-14 17:26 ` Moritz Fischer
2016-11-14 23:23 ` atull
2016-11-14 23:23 ` atull
2016-11-07 0:13 ` [PATCH 2/4] fpga mgr: Expose FPGA capabilities to userland via sysfs Moritz Fischer
2016-11-07 0:13 ` Moritz Fischer
2016-11-14 14:33 ` atull
2016-11-14 14:33 ` atull
2016-11-07 0:13 ` [PATCH 3/4] fpga mgr: zynq: Add support for encrypted bitstreams Moritz Fischer
2016-11-07 0:13 ` Moritz Fischer
2016-11-08 18:32 ` Sören Brinkmann [this message]
2016-11-08 18:32 ` Sören Brinkmann
2016-11-08 18:59 ` Moritz Fischer
2016-11-08 18:59 ` Moritz Fischer
2016-11-15 2:42 ` atull
2016-11-15 2:42 ` atull
2016-11-15 3:25 ` Moritz Fischer
2016-11-15 3:25 ` Moritz Fischer
2016-11-07 0:13 ` [PATCH 4/4] fpga mgr: socfpga: Expose " Moritz Fischer
2016-11-07 0:13 ` Moritz Fischer
2016-11-13 22:37 ` atull
2016-11-13 22:37 ` atull
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161108183217.GV14444@xsjsorenbubuntu \
--to=soren.brinkmann@xilinx.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.