fpga: zynqmp: support loading encrypted bitfiles

Add supporting new compatible string "u-boot,zynqmp-fpga-enc" to
handle loading encrypted bitfiles.

This feature requires encrypted FSBL, as according to UG1085:
"The CSU automatically locks out the AES key, stored in either BBRAM
 or eFUSEs, as a key source to the AES engine if the FSBL is not
 encrypted. This prevents using the BBRAM or eFUSE as the key source
 to the AES engine during run-time applications."

Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Link: https://lore.kernel.org/r/20220722141614.297383-14-oleksandr.suvorov@foundries.io
Signed-off-by: Michal Simek <michal.simek@amd.com>
This commit is contained in:
Adrian Fiergolski 2022-07-22 17:16:14 +03:00 committed by Michal Simek
parent a3a1afb747
commit b524f8fb1e
5 changed files with 15 additions and 1 deletions

View file

@ -188,6 +188,8 @@ the '/images' node should have the following layout:
"u-boot,fpga-legacy" - the generic fpga loading routine.
"u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for
Xilinx Zynq UltraScale+ (ZymqMP) device.
"u-boot,zynqmp-fpga-enc" - encrypted FPGA bitstream for Xilinx Zynq
UltraScale+ (ZynqMP) device.
Optional nodes:
- hash-1 : Each hash sub-node represents separate hash or checksum

View file

@ -257,6 +257,11 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize,
info.authflag = ZYNQMP_FPGA_AUTH_DDR;
info.encflag = FPGA_NO_ENC_OR_NO_AUTH;
return desc->operations->loads(desc, buf, bsize, &info);
case FPGA_XILINX_ZYNQMP_ENC:
/* Encryption using device key */
info.authflag = FPGA_NO_ENC_OR_NO_AUTH;
info.encflag = FPGA_ENC_DEV_KEY;
return desc->operations->loads(desc, buf, bsize, &info);
#endif
default:
printf("Unsupported bitstream type %d\n", flags);
@ -360,6 +365,9 @@ static int __maybe_unused zynqmp_str2flag(xilinx_desc *desc, const char *str)
#if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)
if (!strncmp(str, "u-boot,zynqmp-fpga-ddrauth", 26))
return FPGA_XILINX_ZYNQMP_DDRAUTH;
if (!strncmp(str, "u-boot,zynqmp-fpga-enc", 22))
return FPGA_XILINX_ZYNQMP_ENC;
#endif
return 0;
}

View file

@ -20,6 +20,7 @@
/* device numbers must be non-negative */
#define FPGA_INVALID_DEVICE -1
#define FPGA_ENC_DEV_KEY 0
#define FPGA_ENC_USR_KEY 1
#define FPGA_NO_ENC_OR_NO_AUTH 2

View file

@ -40,6 +40,7 @@ typedef enum { /* typedef xilinx_family */
/* FPGA bitstream supported types */
#define FPGA_LEGACY BIT(0)
#define FPGA_XILINX_ZYNQMP_DDRAUTH BIT(1)
#define FPGA_XILINX_ZYNQMP_ENC BIT(2)
typedef struct { /* typedef xilinx_desc */
xilinx_family family; /* part type */

View file

@ -26,7 +26,9 @@
extern struct xilinx_fpga_op zynqmp_op;
#if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)
#define ZYNQMP_FPGA_FLAGS (FPGA_LEGACY | FPGA_XILINX_ZYNQMP_DDRAUTH)
#define ZYNQMP_FPGA_FLAGS (FPGA_LEGACY | \
FPGA_XILINX_ZYNQMP_DDRAUTH | \
FPGA_XILINX_ZYNQMP_ENC)
#else
#define ZYNQMP_FPGA_FLAGS (FPGA_LEGACY)
#endif