* [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting @ 2017-02-15 0:31 mdf 2017-02-15 0:31 ` [PATCH 2/2] fpga: zynq: Add support for encrypted bitstreams mdf 2017-02-15 15:03 ` [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting Michal Simek 0 siblings, 2 replies; 6+ messages in thread From: mdf @ 2017-02-15 0:31 UTC (permalink / raw) To: linux-fpga Cc: mdf, Moritz Fischer, Alan Tull, Michal Simek, Sören Brinkmann, linux-kernel From: Moritz Fischer <moritz.fischer@ettus.com> Add a flag that is passed to the write_init() callback, indicating that the bitstream is encrypted. The low-level driver will deal with the flag, or return an error, if encrypted bitstreams are not supported. Signed-off-by: Moritz Fischer <moritz.fischer@ettus.com> Cc: Alan Tull <atull@kernel.org> Cc: Michal Simek <michal.simek@xilinx.com> Cc: Sören Brinkmann <soren.brinkmann@xilinx.com> Cc: linux-kernel@vger.kernel.org Cc: linux-fpga@vger.kernel.org --- include/linux/fpga/fpga-mgr.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/fpga/fpga-mgr.h b/include/linux/fpga/fpga-mgr.h index 57beb5d..1355d8a 100644 --- a/include/linux/fpga/fpga-mgr.h +++ b/include/linux/fpga/fpga-mgr.h @@ -70,6 +70,7 @@ enum fpga_mgr_states { */ #define FPGA_MGR_PARTIAL_RECONFIG BIT(0) #define FPGA_MGR_EXTERNAL_CONFIG BIT(1) +#define FPGA_MGR_DECRYPT_BITSTREAM BIT(2) /** * struct fpga_image_info - information specific to a FPGA image -- 2.7.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] fpga: zynq: Add support for encrypted bitstreams 2017-02-15 0:31 [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting mdf @ 2017-02-15 0:31 ` mdf 2017-02-15 15:03 ` [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting Michal Simek 1 sibling, 0 replies; 6+ messages in thread From: mdf @ 2017-02-15 0:31 UTC (permalink / raw) To: linux-fpga Cc: mdf, Moritz Fischer, Alan Tull, Michal Simek, Sören Brinkmann, linux-kernel From: Moritz Fischer <moritz.fischer@ettus.com> Add support for encrypted bitstreams. For this to work the system must be booted in secure mode. In order for on-the-fly decryption to work, the PCAP clock rate needs to be lowered via the PCAP_RATE_EN bit. Signed-off-by: Moritz Fischer <moritz.fischer@ettus.com> Cc: Alan Tull <atull@kernel.org> Cc: Michal Simek <michal.simek@xilinx.com> Cc: Sören Brinkmann <soren.brinkmann@xilinx.com> Cc: linux-kernel@vger.kernel.org Cc: linux-fpga@vger.kernel.org --- drivers/fpga/zynq-fpga.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c index cb3caf5..52dabfc 100644 --- a/drivers/fpga/zynq-fpga.c +++ b/drivers/fpga/zynq-fpga.c @@ -72,6 +72,10 @@ #define CTRL_PCAP_PR_MASK BIT(27) /* Enable PCAP */ #define CTRL_PCAP_MODE_MASK BIT(26) +/* Lower rate to allow decrypt on the fly */ +#define CTRL_PCAP_RATE_EN_MASK BIT(25) +/* System booted in secure mode */ +#define CTRL_SEC_EN_MASK BIT(7) /* Miscellaneous Control Register bit definitions */ /* Internal PCAP loopback */ @@ -264,6 +268,17 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, if (err) return err; + /* check if bitstream is encrypted & and system's still secure */ + if (info->flags & FPGA_MGR_DECRYPT_BITSTREAM) { + ctrl = zynq_fpga_read(priv, CTRL_OFFSET); + if (!(ctrl & CTRL_SEC_EN_MASK)) { + dev_err(&mgr->dev, + "System not secure, can't use crypted bitstreams\n"); + err = -EINVAL; + goto out_err; + } + } + /* don't globally reset PL if we're doing partial reconfig */ if (!(info->flags & FPGA_MGR_PARTIAL_RECONFIG)) { if (!zynq_fpga_has_sync(buf, count)) { @@ -335,12 +350,19 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, /* set configuration register with following options: * - enable PCAP interface - * - set throughput for maximum speed + * - set throughput for maximum speed (if bistream not crypted) * - set CPU in user mode */ ctrl = zynq_fpga_read(priv, CTRL_OFFSET); - zynq_fpga_write(priv, CTRL_OFFSET, - (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl)); + if (info->flags & FPGA_MGR_DECRYPT_BITSTREAM) + zynq_fpga_write(priv, CTRL_OFFSET, + (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK + | CTRL_PCAP_RATE_EN_MASK | ctrl)); + else + zynq_fpga_write(priv, CTRL_OFFSET, + (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK + | ctrl)); + /* We expect that the command queue is empty right now. */ status = zynq_fpga_read(priv, STATUS_OFFSET); -- 2.7.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting 2017-02-15 0:31 [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting mdf 2017-02-15 0:31 ` [PATCH 2/2] fpga: zynq: Add support for encrypted bitstreams mdf @ 2017-02-15 15:03 ` Michal Simek 2017-02-15 16:30 ` Alan Tull 1 sibling, 1 reply; 6+ messages in thread From: Michal Simek @ 2017-02-15 15:03 UTC (permalink / raw) To: mdf, linux-fpga Cc: Moritz Fischer, Alan Tull, Michal Simek, Sören Brinkmann, linux-kernel On 15.2.2017 01:31, mdf@kernel.org wrote: > From: Moritz Fischer <moritz.fischer@ettus.com> > > Add a flag that is passed to the write_init() callback, indicating > that the bitstream is encrypted. > > The low-level driver will deal with the flag, or return an error, > if encrypted bitstreams are not supported. > > Signed-off-by: Moritz Fischer <moritz.fischer@ettus.com> > Cc: Alan Tull <atull@kernel.org> > Cc: Michal Simek <michal.simek@xilinx.com> > Cc: Sören Brinkmann <soren.brinkmann@xilinx.com> > Cc: linux-kernel@vger.kernel.org > Cc: linux-fpga@vger.kernel.org > --- > include/linux/fpga/fpga-mgr.h | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/include/linux/fpga/fpga-mgr.h b/include/linux/fpga/fpga-mgr.h > index 57beb5d..1355d8a 100644 > --- a/include/linux/fpga/fpga-mgr.h > +++ b/include/linux/fpga/fpga-mgr.h > @@ -70,6 +70,7 @@ enum fpga_mgr_states { > */ > #define FPGA_MGR_PARTIAL_RECONFIG BIT(0) > #define FPGA_MGR_EXTERNAL_CONFIG BIT(1) > +#define FPGA_MGR_DECRYPT_BITSTREAM BIT(2) > > /** > * struct fpga_image_info - information specific to a FPGA image > Isn't it better to state that bitstream is encrypted instead of saying that bitstream requires decryption? Your second patch is saying add support for encrypted bitstreams. M ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting 2017-02-15 15:03 ` [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting Michal Simek @ 2017-02-15 16:30 ` Alan Tull 2017-02-15 18:02 ` Moritz Fischer 0 siblings, 1 reply; 6+ messages in thread From: Alan Tull @ 2017-02-15 16:30 UTC (permalink / raw) To: Michal Simek Cc: Moritz Fischer, linux-fpga, Moritz Fischer, Sören Brinkmann, linux-kernel On Wed, Feb 15, 2017 at 9:03 AM, Michal Simek <michal.simek@xilinx.com> wrote: > On 15.2.2017 01:31, mdf@kernel.org wrote: >> From: Moritz Fischer <moritz.fischer@ettus.com> >> >> Add a flag that is passed to the write_init() callback, indicating >> that the bitstream is encrypted. >> >> The low-level driver will deal with the flag, or return an error, >> if encrypted bitstreams are not supported. >> >> Signed-off-by: Moritz Fischer <moritz.fischer@ettus.com> >> Cc: Alan Tull <atull@kernel.org> >> Cc: Michal Simek <michal.simek@xilinx.com> >> Cc: Sören Brinkmann <soren.brinkmann@xilinx.com> >> Cc: linux-kernel@vger.kernel.org >> Cc: linux-fpga@vger.kernel.org >> --- >> include/linux/fpga/fpga-mgr.h | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/include/linux/fpga/fpga-mgr.h b/include/linux/fpga/fpga-mgr.h >> index 57beb5d..1355d8a 100644 >> --- a/include/linux/fpga/fpga-mgr.h >> +++ b/include/linux/fpga/fpga-mgr.h >> @@ -70,6 +70,7 @@ enum fpga_mgr_states { >> */ >> #define FPGA_MGR_PARTIAL_RECONFIG BIT(0) >> #define FPGA_MGR_EXTERNAL_CONFIG BIT(1) >> +#define FPGA_MGR_DECRYPT_BITSTREAM BIT(2) >> >> /** >> * struct fpga_image_info - information specific to a FPGA image >> > > Isn't it better to state that bitstream is encrypted > instead of saying that bitstream requires decryption? Such as FPGA_MGR_ENCRYPTED_BITSTREAM ? Also please consider adding a DT property such that the FPGA region code will set this flag similar to how the DTO sets up other FPGA image info. Alan > > Your second patch is saying add support for encrypted bitstreams. > > M > > -- > To unsubscribe from this list: send the line "unsubscribe linux-fpga" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting 2017-02-15 16:30 ` Alan Tull @ 2017-02-15 18:02 ` Moritz Fischer 2017-02-15 18:07 ` Michal Simek 0 siblings, 1 reply; 6+ messages in thread From: Moritz Fischer @ 2017-02-15 18:02 UTC (permalink / raw) To: Alan Tull; +Cc: Michal Simek, linux-fpga, Sören Brinkmann, linux-kernel On Wed, Feb 15, 2017 at 5:30 PM, Alan Tull <atull@kernel.org> wrote: > On Wed, Feb 15, 2017 at 9:03 AM, Michal Simek <michal.simek@xilinx.com> wrote: >>> #define FPGA_MGR_PARTIAL_RECONFIG BIT(0) >>> #define FPGA_MGR_EXTERNAL_CONFIG BIT(1) >>> +#define FPGA_MGR_DECRYPT_BITSTREAM BIT(2) >>> >>> /** >>> * struct fpga_image_info - information specific to a FPGA image >>> >> >> Isn't it better to state that bitstream is encrypted >> instead of saying that bitstream requires decryption? > > Such as FPGA_MGR_ENCRYPTED_BITSTREAM ? Yeah, can do. This was basically a 'redo' of my earlier 'capability' based patchset. There it made more sense to have a 'can decrypt' capability. > Also please consider adding a DT property such that the FPGA region > code will set this flag similar to how the DTO sets up other FPGA > image info. Yeah, had that on my list. Can add that to v3. Cheers, Moritz ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting 2017-02-15 18:02 ` Moritz Fischer @ 2017-02-15 18:07 ` Michal Simek 0 siblings, 0 replies; 6+ messages in thread From: Michal Simek @ 2017-02-15 18:07 UTC (permalink / raw) To: Moritz Fischer, Alan Tull Cc: Michal Simek, linux-fpga, Sören Brinkmann, linux-kernel On 15.2.2017 19:02, Moritz Fischer wrote: > On Wed, Feb 15, 2017 at 5:30 PM, Alan Tull <atull@kernel.org> wrote: >> On Wed, Feb 15, 2017 at 9:03 AM, Michal Simek <michal.simek@xilinx.com> wrote: > >>>> #define FPGA_MGR_PARTIAL_RECONFIG BIT(0) >>>> #define FPGA_MGR_EXTERNAL_CONFIG BIT(1) >>>> +#define FPGA_MGR_DECRYPT_BITSTREAM BIT(2) >>>> >>>> /** >>>> * struct fpga_image_info - information specific to a FPGA image >>>> >>> >>> Isn't it better to state that bitstream is encrypted >>> instead of saying that bitstream requires decryption? >> >> Such as FPGA_MGR_ENCRYPTED_BITSTREAM ? > > Yeah, can do. This was basically a 'redo' of my earlier 'capability' based > patchset. There it made more sense to have a 'can decrypt' capability. Just keep in your mind that there are use cases where you also need to pass keys. Thanks, Michal ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-02-15 18:07 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-02-15 0:31 [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting mdf 2017-02-15 0:31 ` [PATCH 2/2] fpga: zynq: Add support for encrypted bitstreams mdf 2017-02-15 15:03 ` [PATCH 1/2] fpga: Add flag to indicate bitstream needs decrypting Michal Simek 2017-02-15 16:30 ` Alan Tull 2017-02-15 18:02 ` Moritz Fischer 2017-02-15 18:07 ` Michal Simek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox