From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D3D73C433EF for ; Tue, 3 May 2022 07:56:03 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8433883960; Tue, 3 May 2022 09:56:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=xilinx.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=xilinx.onmicrosoft.com header.i=@xilinx.onmicrosoft.com header.b="KYVR1Tqa"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 41EEC839DF; Tue, 3 May 2022 09:55:58 +0200 (CEST) Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2061a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe59::61a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C2F78839DF for ; Tue, 3 May 2022 09:55:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=xilinx.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=michals@xilinx.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R+O1gE9gAV0yniUvwEgApbrIAH+kaMQ/jYoWee6yq2vaRBzKF4ZmILKgcKsD3dLfT/O83P7kqgkXLN9E63EqjUix7Fwvl+vxrA7RKVefL+HFDtwPLH16FcOpEAQJgZZgJ+ygWdIY0VLrnSHrTbH62rRbdg6pnezdTic1yHPhVa2qkR/8CIbaxc+ClOUxsyZdCNpqEtMtsoUuKq+weQBTn19qXafXCewVVQoRajjqlPa+fEu9mgIpXpG2iC4QO7/mtTUY7l3wT7ezP5FAEzD3lHx8hp09vhidETrfNxR2MS2A4D76JmKqT0pvuS74rULjly1zU8sVAMlJOWc5Z3g4BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uK08XZ/C5ShzYrRJztCuZ3N0183CYv5WscK/WUtAvT4=; b=RfzTZ312Zu8nbpK56SlP9JS3NkDMFhToJVvIH5wLkYnlyazYrlufH2kqj8ZP2nNbPKkyhM+VSN3GLKUbEFGI/EdHXwIE5woL00oJfUY61B5bD5LSII4iMt7Y0v2BfW1gf6EJ80ShCqjYEeKkqwWNJhBl/Sn8vpOWaXfdKmsw0Nluez6cLxpXqKD2gyl67lXNLgED+r8dsp7TvQflzc623JC24Fvt4MHdr0z1jnxWE/b89tqco0Hno58eqkbLDChYWiSAw07oBJohSOmthnXvvUrdLa107lpUdQRmfkwKeIkHeD1u/uGU5N7zq/x8Dh3asvdwxvrVYhEujV+ba46wgQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.199.62.198) smtp.rcpttodomain=fastree3d.com smtp.mailfrom=xilinx.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=xilinx.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xilinx.onmicrosoft.com; s=selector2-xilinx-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uK08XZ/C5ShzYrRJztCuZ3N0183CYv5WscK/WUtAvT4=; b=KYVR1TqaGiZvyfudSpwWhY147NWV510QrvKGqvaSCg62jcDpScGbK088uZ+T9ICaRjZaPmfUEFlBNsntP4pfG68dCRptiKYY3b4vIrYKtPh6gbAh9SGDy8YNh7ezersMIFpb7J94YUZoX/JHl8HEl0jx937ZNYr06cpHXpiIXtA= Received: from SN1PR12CA0097.namprd12.prod.outlook.com (2603:10b6:802:21::32) by MW4PR02MB7186.namprd02.prod.outlook.com (2603:10b6:303:73::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.24; Tue, 3 May 2022 07:55:49 +0000 Received: from SN1NAM02FT0024.eop-nam02.prod.protection.outlook.com (2603:10b6:802:21:cafe::cf) by SN1PR12CA0097.outlook.office365.com (2603:10b6:802:21::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.24 via Frontend Transport; Tue, 3 May 2022 07:55:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.199.62.198) smtp.mailfrom=xilinx.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=xilinx.com; Received-SPF: Pass (protection.outlook.com: domain of xilinx.com designates 149.199.62.198 as permitted sender) receiver=protection.outlook.com; client-ip=149.199.62.198; helo=xsj-pvapexch02.xlnx.xilinx.com; Received: from xsj-pvapexch02.xlnx.xilinx.com (149.199.62.198) by SN1NAM02FT0024.mail.protection.outlook.com (10.97.5.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5206.12 via Frontend Transport; Tue, 3 May 2022 07:55:49 +0000 Received: from xsj-pvapexch02.xlnx.xilinx.com (172.19.86.41) by xsj-pvapexch02.xlnx.xilinx.com (172.19.86.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.14; Tue, 3 May 2022 00:55:48 -0700 Received: from smtp.xilinx.com (172.19.127.95) by xsj-pvapexch02.xlnx.xilinx.com (172.19.86.41) with Microsoft SMTP Server id 15.1.2176.14 via Frontend Transport; Tue, 3 May 2022 00:55:48 -0700 Envelope-to: adrian.fiergolski@fastree3d.com, u-boot@lists.denx.de, oleksandr.suvorov@foundries.io, ricardo@foundries.io, igor.opaniuk@foundries.io, jorge@foundries.io, mr.nuke.me@gmail.com, bmeng.cn@gmail.com, hs@denx.de, jagan@amarulasolutions.com, klaus@linux.vnet.ibm.com, seanga2@gmail.com, sjg@chromium.org, jaeckel-floss@eyet-services.de Received: from [10.254.241.50] (port=59668) by smtp.xilinx.com with esmtp (Exim 4.90) (envelope-from ) id 1nlnNs-000EpG-D4; Tue, 03 May 2022 00:55:48 -0700 Message-ID: <3291358c-4159-d6ff-067e-34fbfb4aa7ba@xilinx.com> Date: Tue, 3 May 2022 09:55:44 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Subject: Re: [PATCH v7 6/7] fpga: zynqmp: support loading authenticated images Content-Language: en-US To: Adrian Fiergolski , CC: , , , , , , , , , , , , References: <20220411180046.1505209-1-adrian.fiergolski@fastree3d.com> <20220411180046.1505209-7-adrian.fiergolski@fastree3d.com> From: Michal Simek In-Reply-To: <20220411180046.1505209-7-adrian.fiergolski@fastree3d.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 67cb5756-687e-4187-1acc-08da2cda56bb X-MS-TrafficTypeDiagnostic: MW4PR02MB7186:EE_ X-Microsoft-Antispam-PRVS: X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vBzRjWqmbRm73mxXJx9vlC+eQtGq0H23bjSHt+MyeFYoRB48mBQSYAD5drMA1+nXdYoErrAypYSNLLd7b7xA14gsh8N9X//l1LrUVk8W44/RxJgP49jTPeudCixjEmbrInUnltQXGjuSWJToNYpvgVzGabBzZXF9UjmQ9soGMS7o+UT2x9fOGumzztFEl+CnlYQs+d78V3H9c5gMZUSmJmEZXqM3ESWOrAchmx1JqEADXOyJZFhDcMD3FURClWibf+Pzq9qIe43QjH21SnEbu9k5T1Cirkg5zFnzIONg9Y7l2azn9O24rViA8hN9JROIJxNVCtKwko9G9Vrto4bTj0NhkNYw6Eu5xWjRUdmM0o7LLgaoriLRmxgRpul/Xzotutpg+bYckXh8LxRw2Gwk2OwO28iu0jT9AoLzY1ZL6IbvNujDWJHjSy4Qiv7RB8paszXX1pwA01orAs+bpuViPG9vtot+6vO1yQ1p7n7POor5Won2hy4piYvPLYxz11Y/DFFVUOvWXupdTJXUfTjRJPdmVQDZ71VQsSQy3BBMM0GB/xNc89QNbgmcNimpeGmsmuVPKsk1Kr34zA4g+tUr6YeAkA14ZArPjrF4BxhVX8kVkk4AHLV2D6X6KfvUgYqXXjCg5E3eUUT3Yn+S7KSh3/uBrE8aPww0LJTz7wja5SkNqmzgKfz2c4hZ24zEjqTnvA+ShNTqQratfPN3ZERxWP4nVBu6/PEMmIBkIUxtoyc= X-Forefront-Antispam-Report: CIP:149.199.62.198; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:xsj-pvapexch02.xlnx.xilinx.com; PTR:unknown-62-198.xilinx.com; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(36756003)(70206006)(31686004)(70586007)(4326008)(82310400005)(40460700003)(54906003)(83380400001)(2906002)(53546011)(110136005)(36860700001)(316002)(356005)(8676002)(7636003)(336012)(508600001)(426003)(47076005)(7416002)(5660300002)(9786002)(8936002)(6666004)(44832011)(2616005)(186003)(31696002)(26005)(50156003)(43740500002); DIR:OUT; SFP:1101; X-OriginatorOrg: xilinx.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 May 2022 07:55:49.5160 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 67cb5756-687e-4187-1acc-08da2cda56bb X-MS-Exchange-CrossTenant-Id: 657af505-d5df-48d0-8300-c31994686c5c X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=657af505-d5df-48d0-8300-c31994686c5c; Ip=[149.199.62.198]; Helo=[xsj-pvapexch02.xlnx.xilinx.com] X-MS-Exchange-CrossTenant-AuthSource: SN1NAM02FT0024.eop-nam02.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR02MB7186 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean On 4/11/22 20:00, Adrian Fiergolski wrote: > From: Oleksandr Suvorov > > Add supporting new compatible string "u-boot,zynqmp-fpga-ddrauth" to > handle loading authenticated images (DDR). > > Based on solution by Jorge Ramirez-Ortiz > Signed-off-by: Oleksandr Suvorov > Co-developed-by: Ricardo Salveti > Signed-off-by: Ricardo Salveti > Tested-by: Ricardo Salveti > Co-developed-by: Adrian Fiergolski > Signed-off-by: Adrian Fiergolski > --- > boot/Kconfig | 4 ++-- > doc/uImage.FIT/source_file_format.txt | 5 ++++- > drivers/fpga/zynqmppl.c | 21 +++++++++++++++++++++ > 3 files changed, 27 insertions(+), 3 deletions(-) > > diff --git a/boot/Kconfig b/boot/Kconfig > index b83a4e8400..f7faafb29f 100644 > --- a/boot/Kconfig > +++ b/boot/Kconfig > @@ -209,8 +209,8 @@ config SPL_LOAD_FIT > 1. "loadables" images, other than FDTs, which do not have a "load" > property will not be loaded. This limitation also applies to FPGA > images with the correct "compatible" string. > - 2. For FPGA images, only the "compatible" = "u-boot,fpga-legacy" > - loading method is supported. > + 2. For FPGA images, the supported "compatible" list is in the > + doc/uImage.FIT/source_file_format.txt. > 3. FDTs are only loaded for images with an "os" property of "u-boot". > "linux" images are also supported with Falcon boot mode. > > diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt > index f93ac6d1c7..461e2af2a8 100644 > --- a/doc/uImage.FIT/source_file_format.txt > +++ b/doc/uImage.FIT/source_file_format.txt > @@ -184,7 +184,10 @@ the '/images' node should have the following layout: > Mandatory for types: "firmware", and "kernel". > - compatible : compatible method for loading image. > Mandatory for types: "fpga", and images that do not specify a load address. > - To use the generic fpga loading routine, use "u-boot,fpga-legacy". > + Supported compatible methods: > + "u-boot,fpga-legacy" - the generic fpga loading routine. > + "u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for > + Xilinx Zynq UltraScale+ (ZymqMP) device. > > Optional nodes: > - hash-1 : Each hash sub-node represents separate hash or checksum > diff --git a/drivers/fpga/zynqmppl.c b/drivers/fpga/zynqmppl.c > index c7f9f4ae84..0ce641e495 100644 > --- a/drivers/fpga/zynqmppl.c > +++ b/drivers/fpga/zynqmppl.c > @@ -9,6 +9,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -210,6 +211,26 @@ static int zynqmp_load(xilinx_desc **desc_ptr, const void *buf, size_t bsize, > u32 ret_payload[PAYLOAD_ARG_CNT]; > bool xilfpga_old = false; > xilinx_desc *desc = *desc_ptr; > + fpga_desc *fdesc = container_of((void *)desc_ptr, fpga_desc, devdesc); > + > + if (fdesc && fdesc->compatible && > + !strcmp(fdesc->compatible, "u-boot,zynqmp-fpga-ddrauth")) { I think you should use directly here what you have in 7/7. It means to check that it is not fpga-legacy. > + struct fpga_secure_info info = { 0 }; > + > + if (!CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)) { > + printf("No support for %s\n", fdesc->compatible); > + return FPGA_FAIL; > + } > + > + if (!desc->operations->loads) { > + printf("%s: Missing load operation\n", __func__); > + return FPGA_FAIL; > + } > + /* DDR authentication */ > + info.authflag = 1; > + info.encflag = 2; > + return desc->operations->loads(desc, buf, bsize, &info); > + } > > if (zynqmp_firmware_version() <= PMUFW_V1_0) { > puts("WARN: PMUFW v1.0 or less is detected\n"); Before you start to deal with secure bitstreams you should also likely check this PMUFW checking before you call loads. Thanks, Michal