All of lore.kernel.org
 help / color / mirror / Atom feed
From: mdf@kernel.org
To: linux-fpga@vger.kernel.org
Cc: "Moritz Fischer" <mdf@kernel.org>, "Alan Tull" <atull@kernel.org>,
	"Michal Simek" <michal.simek@xilinx.com>,
	"Sören Brinkmann" <soren.brinkmann@xilinx.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH v2 2/3] fpga: zynq: Add support for encrypted bitstreams
Date: Mon, 20 Feb 2017 12:55:22 -0800	[thread overview]
Message-ID: <1487624123-13579-2-git-send-email-mdf@kernel.org> (raw)
In-Reply-To: <1487624123-13579-1-git-send-email-mdf@kernel.org>

From: Moritz Fischer <mdf@kernel.org>

Add support for encrypted bitstreams. For this to work the system
must be booted in secure mode.

In order for on-the-fly decryption to work, the PCAP clock rate
needs to be lowered via the PCAP_RATE_EN bit.

Signed-off-by: Moritz Fischer <mdf@kernel.org>
Cc: Alan Tull <atull@kernel.org>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Sören Brinkmann <soren.brinkmann@xilinx.com>
Cc: linux-kernel@vger.kernel.org
Cc: linux-fpga@vger.kernel.org
---

Changes from v1:
- Renamed flag from FPGA_MGR_DECRYPT_BITSTREAM->FPGA_MGR_ENCRYPTED_BITSTREAM

---
 drivers/fpga/zynq-fpga.c | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c
index 34cb981..70b15b3 100644
--- a/drivers/fpga/zynq-fpga.c
+++ b/drivers/fpga/zynq-fpga.c
@@ -72,6 +72,10 @@
 #define CTRL_PCAP_PR_MASK		BIT(27)
 /* Enable PCAP */
 #define CTRL_PCAP_MODE_MASK		BIT(26)
+/* Lower rate to allow decrypt on the fly */
+#define CTRL_PCAP_RATE_EN_MASK		BIT(25)
+/* System booted in secure mode */
+#define CTRL_SEC_EN_MASK		BIT(7)
 
 /* Miscellaneous Control Register bit definitions */
 /* Internal PCAP loopback */
@@ -266,6 +270,17 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr,
 	if (err)
 		return err;
 
+	/* check if bitstream is encrypted & and system's still secure */
+	if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM) {
+		ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
+		if (!(ctrl & CTRL_SEC_EN_MASK)) {
+			dev_err(&mgr->dev,
+				"System not secure, can't use crypted bitstreams\n");
+			err = -EINVAL;
+			goto out_err;
+		}
+	}
+
 	/* don't globally reset PL if we're doing partial reconfig */
 	if (!(info->flags & FPGA_MGR_PARTIAL_RECONFIG)) {
 		if (!zynq_fpga_has_sync(buf, count)) {
@@ -337,12 +352,19 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr,
 
 	/* set configuration register with following options:
 	 * - enable PCAP interface
-	 * - set throughput for maximum speed
+	 * - set throughput for maximum speed (if bistream not crypted)
 	 * - set CPU in user mode
 	 */
 	ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
-	zynq_fpga_write(priv, CTRL_OFFSET,
-			(CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl));
+	if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM)
+		zynq_fpga_write(priv, CTRL_OFFSET,
+				(CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK
+				 | CTRL_PCAP_RATE_EN_MASK | ctrl));
+	else
+		zynq_fpga_write(priv, CTRL_OFFSET,
+				(CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK
+				 | ctrl));
+
 
 	/* We expect that the command queue is empty right now. */
 	status = zynq_fpga_read(priv, STATUS_OFFSET);
-- 
2.7.4

  reply	other threads:[~2017-02-20 20:55 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-20 20:55 [PATCH v2 1/3] fpga: Add flag to indicate bitstream needs decrypting mdf
2017-02-20 20:55 ` mdf [this message]
2017-02-21 13:55   ` [PATCH v2 2/3] fpga: zynq: Add support for encrypted bitstreams Michal Simek
2017-02-21 13:55     ` Michal Simek
2017-02-21 16:36     ` Alan Tull
2017-02-20 20:55 ` [PATCH v2 3/3] fpga: region: Add fpga-region property 'encrypted-fpga-config' mdf
2017-02-21 13:55   ` Michal Simek
2017-02-21 13:55     ` Michal Simek
2017-02-21 16:36     ` Alan Tull
2017-02-21 13:55 ` [PATCH v2 1/3] fpga: Add flag to indicate bitstream needs decrypting Michal Simek
2017-02-21 13:55   ` Michal Simek
2017-02-21 16:35   ` Alan Tull
2017-02-21 18:26     ` Alan Tull
2017-02-21 18:36       ` Michal Simek
2017-02-21 18:38         ` Alan Tull
2017-02-22  7:15       ` Greg Kroah-Hartman
2017-02-22  8:22         ` Michal Simek
2017-02-22 13:04           ` Greg Kroah-Hartman
2017-02-22 13:24             ` Michal Simek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1487624123-13579-2-git-send-email-mdf@kernel.org \
    --to=mdf@kernel.org \
    --cc=atull@kernel.org \
    --cc=linux-fpga@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=michal.simek@xilinx.com \
    --cc=soren.brinkmann@xilinx.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.