From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DA11C433F5 for ; Tue, 5 Oct 2021 06:09:11 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 65A6960F6F for ; Tue, 5 Oct 2021 06:09:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 65A6960F6F Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D3E5081197; Tue, 5 Oct 2021 08:09:07 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="l1ajeE5a"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 23D6F80D28; Tue, 5 Oct 2021 08:09:01 +0200 (CEST) Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1EB428081B for ; Tue, 5 Oct 2021 08:08:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wm1-x331.google.com with SMTP id b136-20020a1c808e000000b0030d60716239so1876565wmd.4 for ; Mon, 04 Oct 2021 23:08:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=DS+QkewBoiVBzcqtBq4xU25SA4qWFTgYzOJX6Vgwtmk=; b=l1ajeE5aPkY5oQrCRYrzYMJe1UK6MotTSkHwK8sgewLIkNsrcZWs6koIW3penRPNLV a3h02EOx2D/BY/oL/LS43C7WVbozrnYX4j9eiNdEmVxz2Bt9tsUheiQceJQRWGJHZvTq j5HxrRD1LR+soi0zajbFfst/n/7/NBKwe8RHRq0Fk9bwoBpjsLlVmRsGpag0zhEhHsgL inJjMEnACcaY76+BhETWJmA5dfbehuzm+6fykNHOYAuBvuxz/exixr6xQisoAdiN21C8 nLBWc9foW5rZiR4LZxkNBcpDaNKhZ2hy3IG9yfPHR66xH0k0WVfUwSieiMJxxhf9BcWo fnaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=DS+QkewBoiVBzcqtBq4xU25SA4qWFTgYzOJX6Vgwtmk=; b=o+hPoXeZ9640WsPJT64WAWbk0yiAvMCqa+sk+K+k7gSQgl2BmSmK31ikA+eSHIg1Pw eQ2KYFbrA0OSbeieElNjbfIjf4XyjtzvwfVBNO+CN79tVetpK0qyk0HAPOqBV+VjWJE8 sdzq6ahhg+SK1OBVFVvGomaQ+31CA4EZZ9lOlwUoxOMMGs9nf3wgmladjFRj9+mITZM+ gZzZUUUMeyD0OLnaD6s9g9Qh8jTEiztecnPeYZubnzsDRb4Cp/L7fmj5knQJv2itLimq cVMpOILTmjqWP2T8FlvSORPvvKREzUgzXaURgJa1rx8QvNkeIecISdY3ZqEMms4AcJWy dLjg== X-Gm-Message-State: AOAM533+8XZcwsKAQgqyNHuv2qWuhEJN3ew94yDyFG3H2PQUsL/Aksxj hn4SkTTibfCJ5uidTjFydcvdKA== X-Google-Smtp-Source: ABdhPJw9QKCOeiUVX3meJKUxj6itLeXUBZq4EEKqkMubN4iJUIy+ErJUajb4xNM8UVcUzOzQTelnrQ== X-Received: by 2002:a1c:9ad4:: with SMTP id c203mr1414036wme.41.1633414136661; Mon, 04 Oct 2021 23:08:56 -0700 (PDT) Received: from trex (197.red-79-154-202.dynamicip.rima-tde.net. [79.154.202.197]) by smtp.gmail.com with ESMTPSA id x21sm740596wmc.14.2021.10.04.23.08.55 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 04 Oct 2021 23:08:56 -0700 (PDT) From: "Jorge Ramirez-Ortiz, Foundries" X-Google-Original-From: "Jorge Ramirez-Ortiz, Foundries" Date: Tue, 5 Oct 2021 08:08:55 +0200 To: "Jorge Ramirez-Ortiz, Foundries" Cc: "Alex G." , michal.simek@xilinx.com, trini@konsulko.com, sjg@chromium.org, u-boot@lists.denx.de, ricardo@foundries.io, mike@foundries.io, igor.opaniuk@foundries.io Subject: Re: FIT image: load secure FPGA Message-ID: <20211005060855.GA9066@trex> References: <20211004203226.GA4704@trex> <20211005054543.GA4478@trex> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211005054543.GA4478@trex> User-Agent: Mutt/1.9.4 (2018-02-28) X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 05/10/21, Jorge Ramirez-Ortiz, Foundries wrote: > On 04/10/21, Alex G. wrote: > > On 10/4/21 3:32 PM, Jorge Ramirez-Ortiz, Foundries wrote: > > > Hello, > > > > > hi Alex, > > > > We are enabling secure boot on Zynqmp with SPL. > > > > > > The issue however is that during secure boot, the bootrom not only > > > validates the first loader (SPL and PMUFW combo) but it will also > > > expect a signed bitstream during load(FPGA). > > > > > > Since currently the SPL load of an FPGA image from FIT does not > > > support loading images for authentication (fpga_loads), I'd like to > > > discuss how to best implement such support. > > > > What do you mean by "loading images for authentication" ? > > right, it eventually means executing fpga_loads insted of fpga_load ( > a function that will provide additional params to the PMUFW. > > "loads" will load FPGA bitstreams that are either signed, encrypted or > both. When they are only signed, they are first authenticated by the > PMUFW and then loaded. > > > > > > > A pretty standard file.its description of the FPGA loadable looks like > > > this: > > > > > > fpga { > > > description = "FPGA binary"; > > > data = /incbin/("${DEPLOY_DIR_IMAGE}/${SPL_FPGA_BINARY}"); > > > type = "fpga"; > > > arch = "${UBOOT_ARCH}"; > > > compression = "none"; > > > load = <${fpgaloadaddr}>; > > > hash-1 { > > > algo = "${FIT_HASH_ALG}"; > > > }; > > > }; > > > > > > We could extend imagetool.h struct image_tool_params to add more > > > params or perhpas just define different 'types' of fpga? > > > > > > Check "4) '/images' node" > > in doc/uImage.FIT/source_file_format.txt > > > > The intent is to give either: > > * loadaddr="$(addr)" : copy image to $(addr), Done > > * compatible="": Use this driver to upload the FPGA > > > > It seems to me like the right way to go is to make a new compatible="" FPGA > > loader is for fpga_load(): > > > > fpga { > > description = "FPGA binary"; > > data = /incbin/("${YOCTO_BS_PATH}"); > > type = "fpga"; > > compression = "none"; > > compatible = "zynqmp-fancy-fpga", > > so you think we should capture on compatible the characteristics of the FPGA image? um, right, makes sense then, thanks. - compatible : compatible method for loading image. Mandatory for types: "fpga", and images that do not specify a load address. To use the generic fpga loading routine, use "u-boot,fpga-legacy" > > > hash-1 { > > algo = "${FIT_HASHISH}"; > > }; > > }; > > > > > > > Something like: > > > "fpga" > > > "fpga-auth" : authenticated > > > "fpga-enc" : encrypted > > > "fpga-sec" : encrypted and authenticated > > > > Can these properties be inferred from the FPGA image? If not, they could be > > required when using a new fpga loader. I don't think they should be added to > > "fpga-legacy". > > maybe.. with a bit of boot header parsing... But doing so would > deviate from the current approach making it somewhat inconsistent: ie, > there is no a common "fpga load" command but instead we have "fpga > load" and "fpga loads" as separate commands so perhaps the parsing is > not that obvious or it would have been done differently. > I'd rather follow the current approach and just explicitly qualify the > bitstream. > > > > > > > Alex > > > > > Then it would be a matter of modifying > > > https://github.com/u-boot/u-boot/blob/master/common/spl/spl_fit.c#L572 > > > > > > any thoughts? > > > > > > TIA > > > Jorge > > >