[RFC PATCH 3/3] fpga: zynqmp: Add encrypted Bitstream loading support

linux-fpga.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Nava kishore Manne <nava.kishore.manne@amd.com>
To: <mdf@kernel.org>, <hao.wu@intel.com>, <yilun.xu@intel.com>,
	<trix@redhat.com>, <robh+dt@kernel.org>,
	<krzysztof.kozlowski+dt@linaro.org>, <conor+dt@kernel.org>,
	<michal.simek@amd.com>, <mathieu.poirier@linaro.org>,
	<ben.levinsky@amd.com>, <sai.krishna.potthuri@amd.com>,
	<tanmay.shah@amd.com>, <nava.kishore.manne@amd.com>,
	<dhaval.r.shah@amd.com>, <arnd@arndb.de>,
	<shubhrajyoti.datta@amd.com>, <linux-fpga@vger.kernel.org>,
	<devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<linux-arm-kernel@lists.infradead.org>
Subject: [RFC PATCH 3/3] fpga: zynqmp: Add encrypted Bitstream loading support
Date: Wed, 22 Nov 2023 11:14:04 +0530	[thread overview]
Message-ID: <20231122054404.3764288-4-nava.kishore.manne@amd.com> (raw)
In-Reply-To: <20231122054404.3764288-1-nava.kishore.manne@amd.com>

Adds support for both Device-key and user-key encrypted bitstream
loading to the Xilinx ZynqMP Soc.

Signed-off-by: Nava kishore Manne <nava.kishore.manne@amd.com>
---
 drivers/fpga/zynqmp-fpga.c           | 53 ++++++++++++++++++++++++++--
 include/linux/firmware/xlnx-zynqmp.h |  2 ++
 2 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/drivers/fpga/zynqmp-fpga.c b/drivers/fpga/zynqmp-fpga.c
index f3434e2c487b..8b0e4b8b5d99 100644
--- a/drivers/fpga/zynqmp-fpga.c
+++ b/drivers/fpga/zynqmp-fpga.c
@@ -15,16 +15,44 @@
 /* Constant Definitions */
 #define IXR_FPGA_DONE_MASK	BIT(3)
 
+#define ENCRYPTED_KEY_LEN	64
+#define AES_MATCH_STR_LEN	5
+
 /**
  * struct zynqmp_fpga_priv - Private data structure
+ * @aes_key:	Pointer Aes key buffer
  * @dev:	Device data structure
  * @flags:	flags which is used to identify the bitfile type
  */
 struct zynqmp_fpga_priv {
+	const char *aes_key;
 	struct device *dev;
 	u32 flags;
 };
 
+static int zynqmp_fpga_parse_aes_key(struct fpga_manager *mgr,
+				     struct fpga_image_info *info,
+				     const char *buf, size_t size)
+{
+	struct zynqmp_fpga_priv *priv = mgr->priv;
+	const char *str = "Key 0";
+
+	for (int i = 0; i < size; i++) {
+		if (!strncmp(str, &buf[i], AES_MATCH_STR_LEN)) {
+			buf += AES_MATCH_STR_LEN + 1;
+			while (buf[i] == ' ')
+				i++;
+			if (size - i < ENCRYPTED_KEY_LEN)
+				return -EINVAL;
+			priv->aes_key = &buf[i];
+
+			return 0;
+		}
+	}
+
+	return -EINVAL;
+}
+
 static int zynqmp_fpga_ops_write_init(struct fpga_manager *mgr,
 				      struct fpga_image_info *info,
 				      const char *buf, size_t size)
@@ -43,25 +71,43 @@ static int zynqmp_fpga_ops_write(struct fpga_manager *mgr,
 	struct zynqmp_fpga_priv *priv;
 	dma_addr_t dma_addr;
 	u32 eemi_flags = 0;
+	size_t dma_size;
 	char *kbuf;
 	int ret;
 
 	priv = mgr->priv;
 
-	kbuf = dma_alloc_coherent(priv->dev, size, &dma_addr, GFP_KERNEL);
+	if (priv->flags & FPGA_MGR_USRKEY_ENCRYPTED_BITSTREAM)
+		dma_size = size + ENCRYPTED_KEY_LEN;
+	else
+		dma_size = size;
+
+	kbuf = dma_alloc_coherent(priv->dev, dma_size, &dma_addr, GFP_KERNEL);
 	if (!kbuf)
 		return -ENOMEM;
 
 	memcpy(kbuf, buf, size);
 
+	if (priv->flags & FPGA_MGR_USRKEY_ENCRYPTED_BITSTREAM) {
+		eemi_flags |= XILINX_ZYNQMP_PM_FPGA_ENCRYPTION_USERKEY;
+		memcpy(kbuf + size, priv->aes_key, ENCRYPTED_KEY_LEN);
+	}
+
 	wmb(); /* ensure all writes are done before initiate FW call */
 
 	if (priv->flags & FPGA_MGR_PARTIAL_RECONFIG)
 		eemi_flags |= XILINX_ZYNQMP_PM_FPGA_PARTIAL;
 
-	ret = zynqmp_pm_fpga_load(dma_addr, size, eemi_flags);
+	if (priv->flags & FPGA_MGR_ENCRYPTED_BITSTREAM)
+		eemi_flags |= XILINX_ZYNQMP_PM_FPGA_ENCRYPTION_DEVKEY;
+
+	if (priv->flags & FPGA_MGR_USRKEY_ENCRYPTED_BITSTREAM)
+		ret = zynqmp_pm_fpga_load(dma_addr, dma_addr + size,
+					  eemi_flags);
+	else
+		ret = zynqmp_pm_fpga_load(dma_addr, size, eemi_flags);
 
-	dma_free_coherent(priv->dev, size, kbuf, dma_addr);
+	dma_free_coherent(priv->dev, dma_size, kbuf, dma_addr);
 
 	return ret;
 }
@@ -99,6 +145,7 @@ ATTRIBUTE_GROUPS(zynqmp_fpga);
 
 static const struct fpga_manager_ops zynqmp_fpga_ops = {
 	.state = zynqmp_fpga_ops_state,
+	.parse_aes_key = zynqmp_fpga_parse_aes_key,
 	.write_init = zynqmp_fpga_ops_write_init,
 	.write = zynqmp_fpga_ops_write,
 };
diff --git a/include/linux/firmware/xlnx-zynqmp.h b/include/linux/firmware/xlnx-zynqmp.h
index d1ea3898564c..e88f24870a77 100644
--- a/include/linux/firmware/xlnx-zynqmp.h
+++ b/include/linux/firmware/xlnx-zynqmp.h
@@ -83,6 +83,8 @@
  */
 #define XILINX_ZYNQMP_PM_FPGA_FULL	0x0U
 #define XILINX_ZYNQMP_PM_FPGA_PARTIAL	BIT(0)
+#define XILINX_ZYNQMP_PM_FPGA_ENCRYPTION_USERKEY	BIT(3)
+#define XILINX_ZYNQMP_PM_FPGA_ENCRYPTION_DEVKEY		BIT(4)
 
 /* FPGA Status Reg */
 #define XILINX_ZYNQMP_PM_FPGA_CONFIG_STAT_OFFSET	7U
-- 
2.25.1

next prev parent reply	other threads:[~2023-11-22  5:44 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-22  5:44 [RFC PATCH 0/3]fpga: Add encrypted Bitstream loading support Nava kishore Manne
2023-11-22  5:44 ` [RFC PATCH 1/3] dt-bindings: fpga: Add support for user-key encrypted bitstream loading Nava kishore Manne
2023-11-22 16:50   ` Conor Dooley
2023-11-24  6:35     ` Manne, Nava kishore
2023-11-24 12:48       ` Conor Dooley
2023-11-24 15:46         ` Krzysztof Kozlowski
2023-12-22 15:30           ` Conor Dooley
2023-11-22  5:44 ` [RFC PATCH 2/3] drivers: fpga: Add user-key encrypted FPGA Image loading support Nava kishore Manne
2023-11-22  5:44 ` Nava kishore Manne [this message]
2023-11-24 15:49 ` [RFC PATCH 0/3]fpga: Add encrypted Bitstream " Krzysztof Kozlowski

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f3434e2c487 dfblob:8b0e4b8b5d9 dfblob:d1ea3898564
dfblob:e88f24870a7 )
 OR (
bs:"[RFC PATCH 3/3] fpga: zynqmp: Add encrypted Bitstream loading support" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231122054404.3764288-4-nava.kishore.manne@amd.com \
    --to=nava.kishore.manne@amd.com \
    --cc=arnd@arndb.de \
    --cc=ben.levinsky@amd.com \
    --cc=conor+dt@kernel.org \
    --cc=devicetree@vger.kernel.org \
    --cc=dhaval.r.shah@amd.com \
    --cc=hao.wu@intel.com \
    --cc=krzysztof.kozlowski+dt@linaro.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-fpga@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mathieu.poirier@linaro.org \
    --cc=mdf@kernel.org \
    --cc=michal.simek@amd.com \
    --cc=robh+dt@kernel.org \
    --cc=sai.krishna.potthuri@amd.com \
    --cc=shubhrajyoti.datta@amd.com \
    --cc=tanmay.shah@amd.com \
    --cc=trix@redhat.com \
    --cc=yilun.xu@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).