From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 5ED19C433F5
	for <u-boot@archiver.kernel.org>; Wed,  9 Feb 2022 07:51:30 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id A825683D52;
	Wed,  9 Feb 2022 08:51:27 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="aZ0xc0QM";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 4B69083D72; Wed,  9 Feb 2022 08:51:26 +0100 (CET)
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com
 [IPv6:2a00:1450:4864:20::431])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 8A0B183D47
 for <u-boot@lists.denx.de>; Wed,  9 Feb 2022 08:51:22 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=foundries.io
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=jorge@foundries.io
Received: by mail-wr1-x431.google.com with SMTP id d27so2510047wrc.6
 for <u-boot@lists.denx.de>; Tue, 08 Feb 2022 23:51:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google;
 h=from:date:to:cc:subject:message-id:references:mime-version
 :content-disposition:content-transfer-encoding:in-reply-to;
 bh=oi5oZp557IWb6c6ByUNC2U1DAW0j3iXRrs4hYr5sYk0=;
 b=aZ0xc0QM/cQUQPcfeJqqN3H9XNX4OPOsmaoWdsMi6EQdMBL4uqnwarX1aALZYiSJHx
 uqYEbZ29oDknsyk0CVuaqDC/QqTrTHQW1iSGkBnOu+Lnfs8dOpewL0DBLZ8jtDHeY8u2
 EJKwzu96soJTm7OnC0B/fhxwdEHd0qbhPgn6xwFwV6ctWSWaXJdbLqH9L/m9uDr8RW7l
 NhD0XsA7wNzZun/9X7UUGqKsj/6NSS0U+usMlOP8bTciHvgHp1757FxTOE/uH93Znqj4
 sL5q3eQNWXqaD+KMTDwPhHEr5MkqEsP6UAmFfkA1ukd+HuNJ3YPGEOEC3KqZB5fPO9sD
 7m4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:date:to:cc:subject:message-id:references
 :mime-version:content-disposition:content-transfer-encoding
 :in-reply-to;
 bh=oi5oZp557IWb6c6ByUNC2U1DAW0j3iXRrs4hYr5sYk0=;
 b=t3DcV9qn8cUS8/eqTKzGs24yIVloEDMoUIJoSkXaqmH3r/d3e4v/FyQBi7GetYk5PS
 MkmZu0ctvRr38/5EytxVisWDk6/C9qG2bhK9bRkhjt7jbb5Dgvt0Y8TvwP1HGI40u3Y7
 iE9B9bqUr4sTbUI4jXHwlyZ8hN7MXtmc4VopSAG88ubZ6B5L1FwsbO5gR0tcd3Xwslkv
 nXHa00nWgET86rJZicmdY/fzo2dCJp2wmqG8nGvquJH1uP1aprz1zbp19UakK+4Yo1OC
 iUjQXdPy9Mc4KPPw3QxttDYSMmVl8M692icwPJN0u0ZlctF7Xg7EenqkiBMCq96j+SJY
 cE8w==
X-Gm-Message-State: AOAM5336QKOjjb/oxE+zmL+pw7mcYHDPnwYHSNh9jzMKNhTEC57+fb5B
 Ne80YHhY6s6vfucWF0QQqqONCA==
X-Google-Smtp-Source: ABdhPJzZslQ4s/RvqseWEBFpFgM8Yz7udSzmZWoGlDwpTjKk69gRUfB0zuRJ9QUf6qEW1SNa9tsOWw==
X-Received: by 2002:a5d:47a1:: with SMTP id 1mr977999wrb.87.1644393082180;
 Tue, 08 Feb 2022 23:51:22 -0800 (PST)
Received: from trex (4.red-83-34-191.dynamicip.rima-tde.net. [83.34.191.4])
 by smtp.gmail.com with ESMTPSA id t11sm884073wrm.46.2022.02.08.23.51.20
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 08 Feb 2022 23:51:21 -0800 (PST)
From: "Jorge Ramirez-Ortiz, Foundries" <jorge@foundries.io>
X-Google-Original-From: "Jorge Ramirez-Ortiz, Foundries" <JorgeRamirez-Ortiz>
Date: Wed, 9 Feb 2022 08:51:19 +0100
To: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Cc: Oleksandr Suvorov <cryosay@gmail.com>,
 "Jorge Ramirez-Ortiz, Foundries" <jorge@foundries.io>,
 Michal Simek <michal.simek@xilinx.com>,
 Tom Rini <trini@konsulko.com>, Simon Glass <sjg@chromium.org>,
 U-Boot Mailing List <u-boot@lists.denx.de>,
 Ricardo Salveti <ricardo@foundries.io>, Michael Scott <mike@foundries.io>,
 Igor Opaniuk <igor.opaniuk@foundries.io>,
 Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Subject: Re: FIT image: load secure FPGA
Message-ID: <20220209075119.GA1159670@trex>
References: <20211004203226.GA4704@trex>
 <cc4cfdfc-e9c0-9228-65bb-f25157f6e491@fastree3d.com>
 <20220119164422.GA1468952@trex> <20220119165138.GA1470179@trex>
 <20220119172249.GA1473019@trex>
 <CAGgjyvF8zS8ynL6+1WrOOtXApDbYUru8R6h3QSN5d+ytQV6K4A@mail.gmail.com>
 <c27020a7-07f6-082e-1bea-1ce92f58d1b6@fastree3d.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <c27020a7-07f6-082e-1bea-1ce92f58d1b6@fastree3d.com>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean

On 07/02/22, Adrian Fiergolski wrote:
> Hi Jorge and Oleksandr,
> 
> Thank you for sharing all the links. I found there a lot of inspiration to
> meet my target of using encrypted bitfiles.


thanks Adrian. Glad to hear that

> 
> I have also shared with the community a patch, on top of your changes,
> adding encrypted bitfile support in u-boot.


awesome. btw how is the bitstream decrypted? I didnt look into that, I
suppose there is probably a doc somewhere?


> 
> Regards,
> 
> Adrian
> 
> On 19.01.2022 18:48, Oleksandr Suvorov wrote:
> > Hi Adrian,
> > 
> > On Wed, Jan 19, 2022 at 7:23 PM Jorge Ramirez-Ortiz, Foundries
> > <jorge@foundries.io> wrote:
> > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote:
> > > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote:
> > > > > On 19/01/22, Adrian Fiergolski wrote:
> > > > > > Hi Jorge,
> > > > > hi Adrian,
> > > > > 
> > > > > > Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's
> > > > > > FSBL)? Is it documented somewhere? Any configuration files/yocto recipes?
> > > > > somewhere there:
> > > > > https://github.com/foundriesio/meta-lmp
> > > > > 
> > > > > > Have you managed to resolve problem of the bitstream loaded in such a case
> > > > > > by SPL?
> > > > > > 
> > > > > Yes. I wrote the docs here below:
> > > > > https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html
> > > > > 
> > > > this might help you as well if you use OP-TEE and require RPMB access.
> > > > 
> > > > https://github.com/OP-TEE/optee_os/pull/4874
> > > > 
> > > > 
> > > forgot to add, the PR to load the bistream was followed up by Oleksandr (in copy).
> > > but not totally sure if it was merged yet as Simon asked for tests and those might be pending.
> > You can try this solution for the Xilinx u-boot 2020.07
> > https://github.com/foundriesio/u-boot/pull/116
> > or this one for the mainline u-boot:
> > https://patchwork.ozlabs.org/project/uboot/list/?series=276743
> > 
> > > > > > I need to use an encrypted bitstream. However, it required the use of
> > > > > > DeviceKeys in post-boot state which eventually requires secure boot.
> > > > > > 
> > > > > > Regards,
> > > > > hope that helps
> > > > > 
> > > > > > Adrian