From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 80B9EC433EF for ; Wed, 19 Jan 2022 17:22:58 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E2C03831B5; Wed, 19 Jan 2022 18:22:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="PS9nvB1h"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 291378309D; Wed, 19 Jan 2022 18:22:54 +0100 (CET) Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2D50B8309D for ; Wed, 19 Jan 2022 18:22:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wm1-x32f.google.com with SMTP id c2so6538711wml.1 for ; Wed, 19 Jan 2022 09:22:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=MIzkR8wR17vsiZJZ7W5aMax5IkoymFreNGaYP7CTcIA=; b=PS9nvB1hpRz4z2nwWq6b5MZIWuGJKx/J8eXv9MYhcyrh/T5DeN0ZwIqGCX1+7VVmI3 M7kgesjEdZihfJ4sA6yxUl43pb5og6zhiV7W3KfeDRVVP+rcabGTBm+7/GEgR93mFP6o 6J8UrnolRDj4pb5AJIUJYqLaeZaDYVBuVdue690Db59fF+23LJFYx+yWo+6SfD0ZYwoX HnxWrG8S4vUg0jbEm9bu12C7b/uNB9jL5n715tM1Xv5tVjgFwGNiNT22HqC1QVg4ccyp txUMiXlMrGpJEt4+ETgOgpFTQz58Crg6cBQGmZtlfWmNanmbpjj0tANE1jSNWuuLV64X GV7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=MIzkR8wR17vsiZJZ7W5aMax5IkoymFreNGaYP7CTcIA=; b=MvPKGpRNzVlfsXmj5CE503OrtfY2IE0vexpWDWgLNawJYf/ojVdJ0lYDiS/Sw8vTvy abtg9E04+yRdd2F+kZ5mR14aGgkOcLFKTl7/77bFyRUID63ijnq/3xFvOXvJJ2n9do4/ ZiH8xIueZJ0NkRMrpABxsCwn2V7KPFVYHtmf9HsQFLpDFfXNdBZGNRyJvSWFbwickI2S 8Vued7ysJ2zm0ntSoIiLDjMLEhttE5W8pxcKZvwQHskh1xf0LKDXqYICwNmZ87ANTWmi S+Ao6N9VHlTefGZwbds6V/oTFUs36T9Cfb3o2cOtCtZ/wEy9BG9oa87JMEm5qftWxuiT CDxA== X-Gm-Message-State: AOAM533emA8PnJqyCLxOPFdCVmru11UsFgCZMXdFXxwn73lzbPyP0rDd cSYU1aNDhs466gQEK1f7TWA0jA== X-Google-Smtp-Source: ABdhPJx/Ru4xLvh1sNo0F62+aATaGZjYuoqPlJW4tlWpRP1XLabroZjmwRpf5G/KdhQkxYRbEUAqCA== X-Received: by 2002:a05:600c:1c1c:: with SMTP id j28mr4590778wms.138.1642612970654; Wed, 19 Jan 2022 09:22:50 -0800 (PST) Received: from trex (198.red-83-34-201.dynamicip.rima-tde.net. [83.34.201.198]) by smtp.gmail.com with ESMTPSA id 21sm117745wmk.45.2022.01.19.09.22.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Jan 2022 09:22:50 -0800 (PST) From: "Jorge Ramirez-Ortiz, Foundries" X-Google-Original-From: "Jorge Ramirez-Ortiz, Foundries" Date: Wed, 19 Jan 2022 18:22:49 +0100 To: "Jorge Ramirez-Ortiz, Foundries" Cc: Adrian Fiergolski , michal.simek@xilinx.com, trini@konsulko.com, sjg@chromium.org, u-boot@lists.denx.de, ricardo@foundries.io, mike@foundries.io, igor.opaniuk@foundries.io, oleksandr.suvorov@foundries.io Subject: Re: FIT image: load secure FPGA Message-ID: <20220119172249.GA1473019@trex> References: <20211004203226.GA4704@trex> <20220119164422.GA1468952@trex> <20220119165138.GA1470179@trex> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220119165138.GA1470179@trex> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > > On 19/01/22, Adrian Fiergolski wrote: > > > Hi Jorge, > > > > hi Adrian, > > > > > > > > Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's > > > FSBL)? Is it documented somewhere? Any configuration files/yocto recipes? > > > > somewhere there: > > https://github.com/foundriesio/meta-lmp > > > > > Have you managed to resolve problem of the bitstream loaded in such a case > > > by SPL? > > > > > > > Yes. I wrote the docs here below: > > https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html > > > > this might help you as well if you use OP-TEE and require RPMB access. > > https://github.com/OP-TEE/optee_os/pull/4874 > > forgot to add, the PR to load the bistream was followed up by Oleksandr (in copy). but not totally sure if it was merged yet as Simon asked for tests and those might be pending. > > > > > > I need to use an encrypted bitstream. However, it required the use of > > > DeviceKeys in post-boot state which eventually requires secure boot. > > > > > > Regards, > > > > hope that helps > > > > > > > > Adrian > > >