Re: FIT image: load secure FPGA - Jorge Ramirez-Ortiz, Foundries

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: "Jorge Ramirez-Ortiz, Foundries" <jorge@foundries.io>
To: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Cc: Oleksandr Suvorov <cryosay@gmail.com>,
	"Jorge Ramirez-Ortiz, Foundries" <jorge@foundries.io>,
	Michal Simek <michal.simek@xilinx.com>,
	Tom Rini <trini@konsulko.com>, Simon Glass <sjg@chromium.org>,
	U-Boot Mailing List <u-boot@lists.denx.de>,
	Ricardo Salveti <ricardo@foundries.io>,
	Michael Scott <mike@foundries.io>,
	Igor Opaniuk <igor.opaniuk@foundries.io>,
	Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Subject: Re: FIT image: load secure FPGA
Date: Wed, 9 Feb 2022 08:51:19 +0100	[thread overview]
Message-ID: <20220209075119.GA1159670@trex> (raw)
In-Reply-To: <c27020a7-07f6-082e-1bea-1ce92f58d1b6@fastree3d.com>

On 07/02/22, Adrian Fiergolski wrote:
> Hi Jorge and Oleksandr,
> 
> Thank you for sharing all the links. I found there a lot of inspiration to
> meet my target of using encrypted bitfiles.


thanks Adrian. Glad to hear that

> 
> I have also shared with the community a patch, on top of your changes,
> adding encrypted bitfile support in u-boot.


awesome. btw how is the bitstream decrypted? I didnt look into that, I
suppose there is probably a doc somewhere?


> 
> Regards,
> 
> Adrian
> 
> On 19.01.2022 18:48, Oleksandr Suvorov wrote:
> > Hi Adrian,
> > 
> > On Wed, Jan 19, 2022 at 7:23 PM Jorge Ramirez-Ortiz, Foundries
> > <jorge@foundries.io> wrote:
> > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote:
> > > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote:
> > > > > On 19/01/22, Adrian Fiergolski wrote:
> > > > > > Hi Jorge,
> > > > > hi Adrian,
> > > > > 
> > > > > > Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's
> > > > > > FSBL)? Is it documented somewhere? Any configuration files/yocto recipes?
> > > > > somewhere there:
> > > > > https://github.com/foundriesio/meta-lmp
> > > > > 
> > > > > > Have you managed to resolve problem of the bitstream loaded in such a case
> > > > > > by SPL?
> > > > > > 
> > > > > Yes. I wrote the docs here below:
> > > > > https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html
> > > > > 
> > > > this might help you as well if you use OP-TEE and require RPMB access.
> > > > 
> > > > https://github.com/OP-TEE/optee_os/pull/4874
> > > > 
> > > > 
> > > forgot to add, the PR to load the bistream was followed up by Oleksandr (in copy).
> > > but not totally sure if it was merged yet as Simon asked for tests and those might be pending.
> > You can try this solution for the Xilinx u-boot 2020.07
> > https://github.com/foundriesio/u-boot/pull/116
> > or this one for the mainline u-boot:
> > https://patchwork.ozlabs.org/project/uboot/list/?series=276743
> > 
> > > > > > I need to use an encrypted bitstream. However, it required the use of
> > > > > > DeviceKeys in post-boot state which eventually requires secure boot.
> > > > > > 
> > > > > > Regards,
> > > > > hope that helps
> > > > > 
> > > > > > Adrian

next prev parent reply	other threads:[~2022-02-09  7:51 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-04 20:32 FIT image: load secure FPGA Jorge Ramirez-Ortiz, Foundries
2021-10-04 20:54 ` Alex G.
2021-10-05  5:45   ` Jorge Ramirez-Ortiz, Foundries
2021-10-05  6:08     ` Jorge Ramirez-Ortiz, Foundries
2021-10-05 12:14       ` Michal Simek
2022-01-19 16:03 ` Adrian Fiergolski
2022-01-19 16:44   ` Jorge Ramirez-Ortiz, Foundries
2022-01-19 16:51     ` Jorge Ramirez-Ortiz, Foundries
2022-01-19 17:22       ` Jorge Ramirez-Ortiz, Foundries
2022-01-19 17:48         ` Oleksandr Suvorov
2022-02-07 12:24           ` Adrian Fiergolski
2022-02-09  7:51             ` Jorge Ramirez-Ortiz, Foundries [this message]
2022-02-09 12:20               ` Adrian Fiergolski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220209075119.GA1159670@trex \
    --to=jorge@foundries.io \
    --cc=adrian.fiergolski@fastree3d.com \
    --cc=cryosay@gmail.com \
    --cc=igor.opaniuk@foundries.io \
    --cc=michal.simek@xilinx.com \
    --cc=mike@foundries.io \
    --cc=oleksandr.suvorov@foundries.io \
    --cc=ricardo@foundries.io \
    --cc=sjg@chromium.org \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox