mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-10 07:04:28 +00:00
fpga: zynqmp: support loading encrypted bitfiles
Add supporting new compatible string "u-boot,zynqmp-fpga-enc" to handle loading encrypted bitfiles. This feature requires encrypted FSBL, as according to UG1085: "The CSU automatically locks out the AES key, stored in either BBRAM or eFUSEs, as a key source to the AES engine if the FSBL is not encrypted. This prevents using the BBRAM or eFUSE as the key source to the AES engine during run-time applications." Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com> Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com> Link: https://lore.kernel.org/r/20220722141614.297383-14-oleksandr.suvorov@foundries.io Signed-off-by: Michal Simek <michal.simek@amd.com>
This commit is contained in:
parent
a3a1afb747
commit
b524f8fb1e
5 changed files with 15 additions and 1 deletions
|
@ -188,6 +188,8 @@ the '/images' node should have the following layout:
|
|||
"u-boot,fpga-legacy" - the generic fpga loading routine.
|
||||
"u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for
|
||||
Xilinx Zynq UltraScale+ (ZymqMP) device.
|
||||
"u-boot,zynqmp-fpga-enc" - encrypted FPGA bitstream for Xilinx Zynq
|
||||
UltraScale+ (ZynqMP) device.
|
||||
|
||||
Optional nodes:
|
||||
- hash-1 : Each hash sub-node represents separate hash or checksum
|
||||
|
|
|
@ -257,6 +257,11 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize,
|
|||
info.authflag = ZYNQMP_FPGA_AUTH_DDR;
|
||||
info.encflag = FPGA_NO_ENC_OR_NO_AUTH;
|
||||
return desc->operations->loads(desc, buf, bsize, &info);
|
||||
case FPGA_XILINX_ZYNQMP_ENC:
|
||||
/* Encryption using device key */
|
||||
info.authflag = FPGA_NO_ENC_OR_NO_AUTH;
|
||||
info.encflag = FPGA_ENC_DEV_KEY;
|
||||
return desc->operations->loads(desc, buf, bsize, &info);
|
||||
#endif
|
||||
default:
|
||||
printf("Unsupported bitstream type %d\n", flags);
|
||||
|
@ -360,6 +365,9 @@ static int __maybe_unused zynqmp_str2flag(xilinx_desc *desc, const char *str)
|
|||
#if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)
|
||||
if (!strncmp(str, "u-boot,zynqmp-fpga-ddrauth", 26))
|
||||
return FPGA_XILINX_ZYNQMP_DDRAUTH;
|
||||
|
||||
if (!strncmp(str, "u-boot,zynqmp-fpga-enc", 22))
|
||||
return FPGA_XILINX_ZYNQMP_ENC;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
/* device numbers must be non-negative */
|
||||
#define FPGA_INVALID_DEVICE -1
|
||||
|
||||
#define FPGA_ENC_DEV_KEY 0
|
||||
#define FPGA_ENC_USR_KEY 1
|
||||
#define FPGA_NO_ENC_OR_NO_AUTH 2
|
||||
|
||||
|
|
|
@ -40,6 +40,7 @@ typedef enum { /* typedef xilinx_family */
|
|||
/* FPGA bitstream supported types */
|
||||
#define FPGA_LEGACY BIT(0)
|
||||
#define FPGA_XILINX_ZYNQMP_DDRAUTH BIT(1)
|
||||
#define FPGA_XILINX_ZYNQMP_ENC BIT(2)
|
||||
|
||||
typedef struct { /* typedef xilinx_desc */
|
||||
xilinx_family family; /* part type */
|
||||
|
|
|
@ -26,7 +26,9 @@
|
|||
extern struct xilinx_fpga_op zynqmp_op;
|
||||
|
||||
#if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)
|
||||
#define ZYNQMP_FPGA_FLAGS (FPGA_LEGACY | FPGA_XILINX_ZYNQMP_DDRAUTH)
|
||||
#define ZYNQMP_FPGA_FLAGS (FPGA_LEGACY | \
|
||||
FPGA_XILINX_ZYNQMP_DDRAUTH | \
|
||||
FPGA_XILINX_ZYNQMP_ENC)
|
||||
#else
|
||||
#define ZYNQMP_FPGA_FLAGS (FPGA_LEGACY)
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue