* FIT image: load secure FPGA
@ 2021-10-04 20:32 Jorge Ramirez-Ortiz, Foundries
2021-10-04 20:54 ` Alex G.
2022-01-19 16:03 ` Adrian Fiergolski
0 siblings, 2 replies; 13+ messages in thread
From: Jorge Ramirez-Ortiz, Foundries @ 2021-10-04 20:32 UTC (permalink / raw)
To: michal.simek, trini, sjg; +Cc: u-boot, ricardo, mike, igor.opaniuk
Hello,
We are enabling secure boot on Zynqmp with SPL.
The issue however is that during secure boot, the bootrom not only
validates the first loader (SPL and PMUFW combo) but it will also
expect a signed bitstream during load(FPGA).
Since currently the SPL load of an FPGA image from FIT does not
support loading images for authentication (fpga_loads), I'd like to
discuss how to best implement such support.
A pretty standard file.its description of the FPGA loadable looks like
this:
fpga {
description = "FPGA binary";
data = /incbin/("${DEPLOY_DIR_IMAGE}/${SPL_FPGA_BINARY}");
type = "fpga";
arch = "${UBOOT_ARCH}";
compression = "none";
load = <${fpgaloadaddr}>;
hash-1 {
algo = "${FIT_HASH_ALG}";
};
};
We could extend imagetool.h struct image_tool_params to add more
params or perhpas just define different 'types' of fpga?
Something like:
"fpga"
"fpga-auth" : authenticated
"fpga-enc" : encrypted
"fpga-sec" : encrypted and authenticated
Then it would be a matter of modifying
https://github.com/u-boot/u-boot/blob/master/common/spl/spl_fit.c#L572
any thoughts?
TIA
Jorge
^ permalink raw reply [flat|nested] 13+ messages in thread* Re: FIT image: load secure FPGA 2021-10-04 20:32 FIT image: load secure FPGA Jorge Ramirez-Ortiz, Foundries @ 2021-10-04 20:54 ` Alex G. 2021-10-05 5:45 ` Jorge Ramirez-Ortiz, Foundries 2022-01-19 16:03 ` Adrian Fiergolski 1 sibling, 1 reply; 13+ messages in thread From: Alex G. @ 2021-10-04 20:54 UTC (permalink / raw) To: Jorge Ramirez-Ortiz, Foundries, michal.simek, trini, sjg Cc: u-boot, ricardo, mike, igor.opaniuk On 10/4/21 3:32 PM, Jorge Ramirez-Ortiz, Foundries wrote: > Hello, > > We are enabling secure boot on Zynqmp with SPL. > > The issue however is that during secure boot, the bootrom not only > validates the first loader (SPL and PMUFW combo) but it will also > expect a signed bitstream during load(FPGA). > > Since currently the SPL load of an FPGA image from FIT does not > support loading images for authentication (fpga_loads), I'd like to > discuss how to best implement such support. What do you mean by "loading images for authentication" ? > > A pretty standard file.its description of the FPGA loadable looks like > this: > > fpga { > description = "FPGA binary"; > data = /incbin/("${DEPLOY_DIR_IMAGE}/${SPL_FPGA_BINARY}"); > type = "fpga"; > arch = "${UBOOT_ARCH}"; > compression = "none"; > load = <${fpgaloadaddr}>; > hash-1 { > algo = "${FIT_HASH_ALG}"; > }; > }; > > We could extend imagetool.h struct image_tool_params to add more > params or perhpas just define different 'types' of fpga? Check "4) '/images' node" in doc/uImage.FIT/source_file_format.txt The intent is to give either: * loadaddr="$(addr)" : copy image to $(addr), Done * compatible="": Use this driver to upload the FPGA It seems to me like the right way to go is to make a new compatible="" FPGA loader is for fpga_load(): fpga { description = "FPGA binary"; data = /incbin/("${YOCTO_BS_PATH}"); type = "fpga"; compression = "none"; compatible = "zynqmp-fancy-fpga", hash-1 { algo = "${FIT_HASHISH}"; }; }; > Something like: > "fpga" > "fpga-auth" : authenticated > "fpga-enc" : encrypted > "fpga-sec" : encrypted and authenticated Can these properties be inferred from the FPGA image? If not, they could be required when using a new fpga loader. I don't think they should be added to "fpga-legacy". Alex > Then it would be a matter of modifying > https://github.com/u-boot/u-boot/blob/master/common/spl/spl_fit.c#L572 > > any thoughts? > > TIA > Jorge > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2021-10-04 20:54 ` Alex G. @ 2021-10-05 5:45 ` Jorge Ramirez-Ortiz, Foundries 2021-10-05 6:08 ` Jorge Ramirez-Ortiz, Foundries 0 siblings, 1 reply; 13+ messages in thread From: Jorge Ramirez-Ortiz, Foundries @ 2021-10-05 5:45 UTC (permalink / raw) To: Alex G. Cc: Jorge Ramirez-Ortiz, Foundries, michal.simek, trini, sjg, u-boot, ricardo, mike, igor.opaniuk On 04/10/21, Alex G. wrote: > On 10/4/21 3:32 PM, Jorge Ramirez-Ortiz, Foundries wrote: > > Hello, > > hi Alex, > > We are enabling secure boot on Zynqmp with SPL. > > > > The issue however is that during secure boot, the bootrom not only > > validates the first loader (SPL and PMUFW combo) but it will also > > expect a signed bitstream during load(FPGA). > > > > Since currently the SPL load of an FPGA image from FIT does not > > support loading images for authentication (fpga_loads), I'd like to > > discuss how to best implement such support. > > What do you mean by "loading images for authentication" ? right, it eventually means executing fpga_loads insted of fpga_load ( a function that will provide additional params to the PMUFW. "loads" will load FPGA bitstreams that are either signed, encrypted or both. When they are only signed, they are first authenticated by the PMUFW and then loaded. > > > > A pretty standard file.its description of the FPGA loadable looks like > > this: > > > > fpga { > > description = "FPGA binary"; > > data = /incbin/("${DEPLOY_DIR_IMAGE}/${SPL_FPGA_BINARY}"); > > type = "fpga"; > > arch = "${UBOOT_ARCH}"; > > compression = "none"; > > load = <${fpgaloadaddr}>; > > hash-1 { > > algo = "${FIT_HASH_ALG}"; > > }; > > }; > > > > We could extend imagetool.h struct image_tool_params to add more > > params or perhpas just define different 'types' of fpga? > > > Check "4) '/images' node" > in doc/uImage.FIT/source_file_format.txt > > The intent is to give either: > * loadaddr="$(addr)" : copy image to $(addr), Done > * compatible="": Use this driver to upload the FPGA > > It seems to me like the right way to go is to make a new compatible="" FPGA > loader is for fpga_load(): > > fpga { > description = "FPGA binary"; > data = /incbin/("${YOCTO_BS_PATH}"); > type = "fpga"; > compression = "none"; > compatible = "zynqmp-fancy-fpga", so you think we should capture on compatible the characteristics of the FPGA image? > hash-1 { > algo = "${FIT_HASHISH}"; > }; > }; > > > > Something like: > > "fpga" > > "fpga-auth" : authenticated > > "fpga-enc" : encrypted > > "fpga-sec" : encrypted and authenticated > > Can these properties be inferred from the FPGA image? If not, they could be > required when using a new fpga loader. I don't think they should be added to > "fpga-legacy". maybe.. with a bit of boot header parsing... But doing so would deviate from the current approach making it somewhat inconsistent: ie, there is no a common "fpga load" command but instead we have "fpga load" and "fpga loads" as separate commands so perhaps the parsing is not that obvious or it would have been done differently. I'd rather follow the current approach and just explicitly qualify the bitstream. > > Alex > > > Then it would be a matter of modifying > > https://github.com/u-boot/u-boot/blob/master/common/spl/spl_fit.c#L572 > > > > any thoughts? > > > > TIA > > Jorge > > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2021-10-05 5:45 ` Jorge Ramirez-Ortiz, Foundries @ 2021-10-05 6:08 ` Jorge Ramirez-Ortiz, Foundries 2021-10-05 12:14 ` Michal Simek 0 siblings, 1 reply; 13+ messages in thread From: Jorge Ramirez-Ortiz, Foundries @ 2021-10-05 6:08 UTC (permalink / raw) To: Jorge Ramirez-Ortiz, Foundries Cc: Alex G., michal.simek, trini, sjg, u-boot, ricardo, mike, igor.opaniuk On 05/10/21, Jorge Ramirez-Ortiz, Foundries wrote: > On 04/10/21, Alex G. wrote: > > On 10/4/21 3:32 PM, Jorge Ramirez-Ortiz, Foundries wrote: > > > Hello, > > > > > hi Alex, > > > > We are enabling secure boot on Zynqmp with SPL. > > > > > > The issue however is that during secure boot, the bootrom not only > > > validates the first loader (SPL and PMUFW combo) but it will also > > > expect a signed bitstream during load(FPGA). > > > > > > Since currently the SPL load of an FPGA image from FIT does not > > > support loading images for authentication (fpga_loads), I'd like to > > > discuss how to best implement such support. > > > > What do you mean by "loading images for authentication" ? > > right, it eventually means executing fpga_loads insted of fpga_load ( > a function that will provide additional params to the PMUFW. > > "loads" will load FPGA bitstreams that are either signed, encrypted or > both. When they are only signed, they are first authenticated by the > PMUFW and then loaded. > > > > > > > A pretty standard file.its description of the FPGA loadable looks like > > > this: > > > > > > fpga { > > > description = "FPGA binary"; > > > data = /incbin/("${DEPLOY_DIR_IMAGE}/${SPL_FPGA_BINARY}"); > > > type = "fpga"; > > > arch = "${UBOOT_ARCH}"; > > > compression = "none"; > > > load = <${fpgaloadaddr}>; > > > hash-1 { > > > algo = "${FIT_HASH_ALG}"; > > > }; > > > }; > > > > > > We could extend imagetool.h struct image_tool_params to add more > > > params or perhpas just define different 'types' of fpga? > > > > > > Check "4) '/images' node" > > in doc/uImage.FIT/source_file_format.txt > > > > The intent is to give either: > > * loadaddr="$(addr)" : copy image to $(addr), Done > > * compatible="": Use this driver to upload the FPGA > > > > It seems to me like the right way to go is to make a new compatible="" FPGA > > loader is for fpga_load(): > > > > fpga { > > description = "FPGA binary"; > > data = /incbin/("${YOCTO_BS_PATH}"); > > type = "fpga"; > > compression = "none"; > > compatible = "zynqmp-fancy-fpga", > > so you think we should capture on compatible the characteristics of the FPGA image? um, right, makes sense then, thanks. - compatible : compatible method for loading image. Mandatory for types: "fpga", and images that do not specify a load address. To use the generic fpga loading routine, use "u-boot,fpga-legacy" > > > hash-1 { > > algo = "${FIT_HASHISH}"; > > }; > > }; > > > > > > > Something like: > > > "fpga" > > > "fpga-auth" : authenticated > > > "fpga-enc" : encrypted > > > "fpga-sec" : encrypted and authenticated > > > > Can these properties be inferred from the FPGA image? If not, they could be > > required when using a new fpga loader. I don't think they should be added to > > "fpga-legacy". > > maybe.. with a bit of boot header parsing... But doing so would > deviate from the current approach making it somewhat inconsistent: ie, > there is no a common "fpga load" command but instead we have "fpga > load" and "fpga loads" as separate commands so perhaps the parsing is > not that obvious or it would have been done differently. > I'd rather follow the current approach and just explicitly qualify the > bitstream. > > > > > > > Alex > > > > > Then it would be a matter of modifying > > > https://github.com/u-boot/u-boot/blob/master/common/spl/spl_fit.c#L572 > > > > > > any thoughts? > > > > > > TIA > > > Jorge > > > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2021-10-05 6:08 ` Jorge Ramirez-Ortiz, Foundries @ 2021-10-05 12:14 ` Michal Simek 0 siblings, 0 replies; 13+ messages in thread From: Michal Simek @ 2021-10-05 12:14 UTC (permalink / raw) To: Jorge Ramirez-Ortiz, Foundries Cc: Alex G., michal.simek, trini, sjg, u-boot, ricardo, mike, igor.opaniuk Hi, On 10/5/21 8:08 AM, Jorge Ramirez-Ortiz, Foundries wrote: > On 05/10/21, Jorge Ramirez-Ortiz, Foundries wrote: >> On 04/10/21, Alex G. wrote: >>> On 10/4/21 3:32 PM, Jorge Ramirez-Ortiz, Foundries wrote: >>>> Hello, >>>> >> >> hi Alex, >> >>>> We are enabling secure boot on Zynqmp with SPL. >>>> >>>> The issue however is that during secure boot, the bootrom not only >>>> validates the first loader (SPL and PMUFW combo) but it will also >>>> expect a signed bitstream during load(FPGA). >>>> >>>> Since currently the SPL load of an FPGA image from FIT does not >>>> support loading images for authentication (fpga_loads), I'd like to >>>> discuss how to best implement such support. >>> >>> What do you mean by "loading images for authentication" ? >> >> right, it eventually means executing fpga_loads insted of fpga_load ( >> a function that will provide additional params to the PMUFW. >> >> "loads" will load FPGA bitstreams that are either signed, encrypted or >> both. When they are only signed, they are first authenticated by the >> PMUFW and then loaded. >> >>>> >>>> A pretty standard file.its description of the FPGA loadable looks like >>>> this: >>>> >>>> fpga { >>>> description = "FPGA binary"; >>>> data = /incbin/("${DEPLOY_DIR_IMAGE}/${SPL_FPGA_BINARY}"); >>>> type = "fpga"; >>>> arch = "${UBOOT_ARCH}"; >>>> compression = "none"; >>>> load = <${fpgaloadaddr}>; >>>> hash-1 { >>>> algo = "${FIT_HASH_ALG}"; >>>> }; >>>> }; >>>> >>>> We could extend imagetool.h struct image_tool_params to add more >>>> params or perhpas just define different 'types' of fpga? >>> >>> >>> Check "4) '/images' node" >>> in doc/uImage.FIT/source_file_format.txt >>> >>> The intent is to give either: >>> * loadaddr="$(addr)" : copy image to $(addr), Done >>> * compatible="": Use this driver to upload the FPGA >>> >>> It seems to me like the right way to go is to make a new compatible="" FPGA >>> loader is for fpga_load(): >>> >>> fpga { >>> description = "FPGA binary"; >>> data = /incbin/("${YOCTO_BS_PATH}"); >>> type = "fpga"; >>> compression = "none"; >>> compatible = "zynqmp-fancy-fpga", >> >> so you think we should capture on compatible the characteristics of the FPGA image? > > > um, right, makes sense then, thanks. > > - compatible : compatible method for loading image. > Mandatory for types: "fpga", and images that do not specify a load address. > To use the generic fpga loading routine, use "u-boot,fpga-legacy" > >> >>> hash-1 { >>> algo = "${FIT_HASHISH}"; >>> }; >>> }; >>> >>> >>>> Something like: >>>> "fpga" >>>> "fpga-auth" : authenticated >>>> "fpga-enc" : encrypted >>>> "fpga-sec" : encrypted and authenticated >>> >>> Can these properties be inferred from the FPGA image? If not, they could be >>> required when using a new fpga loader. I don't think they should be added to >>> "fpga-legacy". >> >> maybe.. with a bit of boot header parsing... But doing so would >> deviate from the current approach making it somewhat inconsistent: ie, >> there is no a common "fpga load" command but instead we have "fpga >> load" and "fpga loads" as separate commands so perhaps the parsing is >> not that obvious or it would have been done differently. >> I'd rather follow the current approach and just explicitly qualify the >> bitstream. >> In past when I was adding support for bitstreams in 2016 by commit 62afc601883e ("image: Add boot_get_fpga() to load fpga with bootm") you can see that the problem was sort of the same as this one. But with handling different bitstream types. Because there are two types of bistreams in bin format and bit format. At that time I solved it by calling function in bit format first. If failed in bin format. And by comparing sizes it was determined if bitstream is in bit or bin format. I would say that this algorithm is not valid anymore because you can also have compressed bistreams which are smaller then device itself but still they are full bistreams. That being said I think when new types should be defined we should also optimized origin code for fpga loading to cover also partial bistreams and bistreams in bin and bit formats. Thanks, Michal ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2021-10-04 20:32 FIT image: load secure FPGA Jorge Ramirez-Ortiz, Foundries 2021-10-04 20:54 ` Alex G. @ 2022-01-19 16:03 ` Adrian Fiergolski 2022-01-19 16:44 ` Jorge Ramirez-Ortiz, Foundries 1 sibling, 1 reply; 13+ messages in thread From: Adrian Fiergolski @ 2022-01-19 16:03 UTC (permalink / raw) To: Jorge Ramirez-Ortiz, Foundries, michal.simek, trini, sjg Cc: u-boot, ricardo, mike, igor.opaniuk Hi Jorge, Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's FSBL)? Is it documented somewhere? Any configuration files/yocto recipes? Have you managed to resolve problem of the bitstream loaded in such a case by SPL? I need to use an encrypted bitstream. However, it required the use of DeviceKeys in post-boot state which eventually requires secure boot. Regards, Adrian On 04.10.2021 22:32, Jorge Ramirez-Ortiz, Foundries wrote: > Hello, > > We are enabling secure boot on Zynqmp with SPL. > > The issue however is that during secure boot, the bootrom not only > validates the first loader (SPL and PMUFW combo) but it will also > expect a signed bitstream during load(FPGA). > > Since currently the SPL load of an FPGA image from FIT does not > support loading images for authentication (fpga_loads), I'd like to > discuss how to best implement such support. > > A pretty standard file.its description of the FPGA loadable looks like > this: > > fpga { > description = "FPGA binary"; > data = /incbin/("${DEPLOY_DIR_IMAGE}/${SPL_FPGA_BINARY}"); > type = "fpga"; > arch = "${UBOOT_ARCH}"; > compression = "none"; > load = <${fpgaloadaddr}>; > hash-1 { > algo = "${FIT_HASH_ALG}"; > }; > }; > > We could extend imagetool.h struct image_tool_params to add more > params or perhpas just define different 'types' of fpga? > > Something like: > "fpga" > "fpga-auth" : authenticated > "fpga-enc" : encrypted > "fpga-sec" : encrypted and authenticated > > Then it would be a matter of modifying > https://github.com/u-boot/u-boot/blob/master/common/spl/spl_fit.c#L572 > > any thoughts? > > TIA > Jorge ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2022-01-19 16:03 ` Adrian Fiergolski @ 2022-01-19 16:44 ` Jorge Ramirez-Ortiz, Foundries 2022-01-19 16:51 ` Jorge Ramirez-Ortiz, Foundries 0 siblings, 1 reply; 13+ messages in thread From: Jorge Ramirez-Ortiz, Foundries @ 2022-01-19 16:44 UTC (permalink / raw) To: Adrian Fiergolski Cc: Jorge Ramirez-Ortiz, Foundries, michal.simek, trini, sjg, u-boot, ricardo, mike, igor.opaniuk On 19/01/22, Adrian Fiergolski wrote: > Hi Jorge, hi Adrian, > > Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's > FSBL)? Is it documented somewhere? Any configuration files/yocto recipes? somewhere there: https://github.com/foundriesio/meta-lmp > Have you managed to resolve problem of the bitstream loaded in such a case > by SPL? > Yes. I wrote the docs here below: https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html > I need to use an encrypted bitstream. However, it required the use of > DeviceKeys in post-boot state which eventually requires secure boot. > > Regards, hope that helps > > Adrian > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2022-01-19 16:44 ` Jorge Ramirez-Ortiz, Foundries @ 2022-01-19 16:51 ` Jorge Ramirez-Ortiz, Foundries 2022-01-19 17:22 ` Jorge Ramirez-Ortiz, Foundries 0 siblings, 1 reply; 13+ messages in thread From: Jorge Ramirez-Ortiz, Foundries @ 2022-01-19 16:51 UTC (permalink / raw) To: Jorge Ramirez-Ortiz, Foundries Cc: Adrian Fiergolski, michal.simek, trini, sjg, u-boot, ricardo, mike, igor.opaniuk On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > On 19/01/22, Adrian Fiergolski wrote: > > Hi Jorge, > > hi Adrian, > > > > > Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's > > FSBL)? Is it documented somewhere? Any configuration files/yocto recipes? > > somewhere there: > https://github.com/foundriesio/meta-lmp > > > Have you managed to resolve problem of the bitstream loaded in such a case > > by SPL? > > > > Yes. I wrote the docs here below: > https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html > this might help you as well if you use OP-TEE and require RPMB access. https://github.com/OP-TEE/optee_os/pull/4874 > > > I need to use an encrypted bitstream. However, it required the use of > > DeviceKeys in post-boot state which eventually requires secure boot. > > > > Regards, > > hope that helps > > > > > Adrian > > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2022-01-19 16:51 ` Jorge Ramirez-Ortiz, Foundries @ 2022-01-19 17:22 ` Jorge Ramirez-Ortiz, Foundries 2022-01-19 17:48 ` Oleksandr Suvorov 0 siblings, 1 reply; 13+ messages in thread From: Jorge Ramirez-Ortiz, Foundries @ 2022-01-19 17:22 UTC (permalink / raw) To: Jorge Ramirez-Ortiz, Foundries Cc: Adrian Fiergolski, michal.simek, trini, sjg, u-boot, ricardo, mike, igor.opaniuk, oleksandr.suvorov On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > > On 19/01/22, Adrian Fiergolski wrote: > > > Hi Jorge, > > > > hi Adrian, > > > > > > > > Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's > > > FSBL)? Is it documented somewhere? Any configuration files/yocto recipes? > > > > somewhere there: > > https://github.com/foundriesio/meta-lmp > > > > > Have you managed to resolve problem of the bitstream loaded in such a case > > > by SPL? > > > > > > > Yes. I wrote the docs here below: > > https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html > > > > this might help you as well if you use OP-TEE and require RPMB access. > > https://github.com/OP-TEE/optee_os/pull/4874 > > forgot to add, the PR to load the bistream was followed up by Oleksandr (in copy). but not totally sure if it was merged yet as Simon asked for tests and those might be pending. > > > > > > I need to use an encrypted bitstream. However, it required the use of > > > DeviceKeys in post-boot state which eventually requires secure boot. > > > > > > Regards, > > > > hope that helps > > > > > > > > Adrian > > > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2022-01-19 17:22 ` Jorge Ramirez-Ortiz, Foundries @ 2022-01-19 17:48 ` Oleksandr Suvorov 2022-02-07 12:24 ` Adrian Fiergolski 0 siblings, 1 reply; 13+ messages in thread From: Oleksandr Suvorov @ 2022-01-19 17:48 UTC (permalink / raw) To: Adrian Fiergolski Cc: Jorge Ramirez-Ortiz, Foundries, Michal Simek, Tom Rini, Simon Glass, U-Boot Mailing List, Ricardo Salveti, Michael Scott, Igor Opaniuk, Oleksandr Suvorov Hi Adrian, On Wed, Jan 19, 2022 at 7:23 PM Jorge Ramirez-Ortiz, Foundries <jorge@foundries.io> wrote: > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > > > On 19/01/22, Adrian Fiergolski wrote: > > > > Hi Jorge, > > > > > > hi Adrian, > > > > > > > > > > > Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's > > > > FSBL)? Is it documented somewhere? Any configuration files/yocto recipes? > > > > > > somewhere there: > > > https://github.com/foundriesio/meta-lmp > > > > > > > Have you managed to resolve problem of the bitstream loaded in such a case > > > > by SPL? > > > > > > > > > > Yes. I wrote the docs here below: > > > https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html > > > > > > > this might help you as well if you use OP-TEE and require RPMB access. > > > > https://github.com/OP-TEE/optee_os/pull/4874 > > > > > > forgot to add, the PR to load the bistream was followed up by Oleksandr (in copy). > but not totally sure if it was merged yet as Simon asked for tests and those might be pending. You can try this solution for the Xilinx u-boot 2020.07 https://github.com/foundriesio/u-boot/pull/116 or this one for the mainline u-boot: https://patchwork.ozlabs.org/project/uboot/list/?series=276743 > > > > I need to use an encrypted bitstream. However, it required the use of > > > > DeviceKeys in post-boot state which eventually requires secure boot. > > > > > > > > Regards, > > > > > > hope that helps > > > > > > > > > > > Adrian -- Best regards Oleksandr Oleksandr Suvorov cryosay@gmail.com ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2022-01-19 17:48 ` Oleksandr Suvorov @ 2022-02-07 12:24 ` Adrian Fiergolski 2022-02-09 7:51 ` Jorge Ramirez-Ortiz, Foundries 0 siblings, 1 reply; 13+ messages in thread From: Adrian Fiergolski @ 2022-02-07 12:24 UTC (permalink / raw) To: Oleksandr Suvorov, Jorge Ramirez-Ortiz, Foundries Cc: Michal Simek, Tom Rini, Simon Glass, U-Boot Mailing List, Ricardo Salveti, Michael Scott, Igor Opaniuk, Oleksandr Suvorov Hi Jorge and Oleksandr, Thank you for sharing all the links. I found there a lot of inspiration to meet my target of using encrypted bitfiles. I have also shared with the community a patch, on top of your changes, adding encrypted bitfile support in u-boot. Regards, Adrian On 19.01.2022 18:48, Oleksandr Suvorov wrote: > Hi Adrian, > > On Wed, Jan 19, 2022 at 7:23 PM Jorge Ramirez-Ortiz, Foundries > <jorge@foundries.io> wrote: >> On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: >>> On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: >>>> On 19/01/22, Adrian Fiergolski wrote: >>>>> Hi Jorge, >>>> hi Adrian, >>>> >>>>> Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's >>>>> FSBL)? Is it documented somewhere? Any configuration files/yocto recipes? >>>> somewhere there: >>>> https://github.com/foundriesio/meta-lmp >>>> >>>>> Have you managed to resolve problem of the bitstream loaded in such a case >>>>> by SPL? >>>>> >>>> Yes. I wrote the docs here below: >>>> https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html >>>> >>> this might help you as well if you use OP-TEE and require RPMB access. >>> >>> https://github.com/OP-TEE/optee_os/pull/4874 >>> >>> >> forgot to add, the PR to load the bistream was followed up by Oleksandr (in copy). >> but not totally sure if it was merged yet as Simon asked for tests and those might be pending. > You can try this solution for the Xilinx u-boot 2020.07 > https://github.com/foundriesio/u-boot/pull/116 > or this one for the mainline u-boot: > https://patchwork.ozlabs.org/project/uboot/list/?series=276743 > >>>>> I need to use an encrypted bitstream. However, it required the use of >>>>> DeviceKeys in post-boot state which eventually requires secure boot. >>>>> >>>>> Regards, >>>> hope that helps >>>> >>>>> Adrian ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2022-02-07 12:24 ` Adrian Fiergolski @ 2022-02-09 7:51 ` Jorge Ramirez-Ortiz, Foundries 2022-02-09 12:20 ` Adrian Fiergolski 0 siblings, 1 reply; 13+ messages in thread From: Jorge Ramirez-Ortiz, Foundries @ 2022-02-09 7:51 UTC (permalink / raw) To: Adrian Fiergolski Cc: Oleksandr Suvorov, Jorge Ramirez-Ortiz, Foundries, Michal Simek, Tom Rini, Simon Glass, U-Boot Mailing List, Ricardo Salveti, Michael Scott, Igor Opaniuk, Oleksandr Suvorov On 07/02/22, Adrian Fiergolski wrote: > Hi Jorge and Oleksandr, > > Thank you for sharing all the links. I found there a lot of inspiration to > meet my target of using encrypted bitfiles. thanks Adrian. Glad to hear that > > I have also shared with the community a patch, on top of your changes, > adding encrypted bitfile support in u-boot. awesome. btw how is the bitstream decrypted? I didnt look into that, I suppose there is probably a doc somewhere? > > Regards, > > Adrian > > On 19.01.2022 18:48, Oleksandr Suvorov wrote: > > Hi Adrian, > > > > On Wed, Jan 19, 2022 at 7:23 PM Jorge Ramirez-Ortiz, Foundries > > <jorge@foundries.io> wrote: > > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > > > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > > > > > On 19/01/22, Adrian Fiergolski wrote: > > > > > > Hi Jorge, > > > > > hi Adrian, > > > > > > > > > > > Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's > > > > > > FSBL)? Is it documented somewhere? Any configuration files/yocto recipes? > > > > > somewhere there: > > > > > https://github.com/foundriesio/meta-lmp > > > > > > > > > > > Have you managed to resolve problem of the bitstream loaded in such a case > > > > > > by SPL? > > > > > > > > > > > Yes. I wrote the docs here below: > > > > > https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html > > > > > > > > > this might help you as well if you use OP-TEE and require RPMB access. > > > > > > > > https://github.com/OP-TEE/optee_os/pull/4874 > > > > > > > > > > > forgot to add, the PR to load the bistream was followed up by Oleksandr (in copy). > > > but not totally sure if it was merged yet as Simon asked for tests and those might be pending. > > You can try this solution for the Xilinx u-boot 2020.07 > > https://github.com/foundriesio/u-boot/pull/116 > > or this one for the mainline u-boot: > > https://patchwork.ozlabs.org/project/uboot/list/?series=276743 > > > > > > > > I need to use an encrypted bitstream. However, it required the use of > > > > > > DeviceKeys in post-boot state which eventually requires secure boot. > > > > > > > > > > > > Regards, > > > > > hope that helps > > > > > > > > > > > Adrian ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: FIT image: load secure FPGA 2022-02-09 7:51 ` Jorge Ramirez-Ortiz, Foundries @ 2022-02-09 12:20 ` Adrian Fiergolski 0 siblings, 0 replies; 13+ messages in thread From: Adrian Fiergolski @ 2022-02-09 12:20 UTC (permalink / raw) To: Jorge Ramirez-Ortiz, Foundries Cc: Oleksandr Suvorov, Michal Simek, Tom Rini, Simon Glass, U-Boot Mailing List, Ricardo Salveti, Michael Scott, Igor Opaniuk, Oleksandr Suvorov Hi, On 09.02.2022 08:51, Jorge Ramirez-Ortiz, Foundries wrote: > >> I have also shared with the community a patch, on top of your changes, >> adding encrypted bitfile support in u-boot. > > awesome. btw how is the bitstream decrypted? I didnt look into that, I > suppose there is probably a doc somewhere? > It uses ZynqMP's CSU, AES-GCM and device keys (stored either in BBRAM or eFuses). It's described in UG1085 under the Loading bitstream (in encrypt only secure boot mode) subchapter. Regards, Adrian ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2022-02-09 12:20 UTC | newest] Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-10-04 20:32 FIT image: load secure FPGA Jorge Ramirez-Ortiz, Foundries 2021-10-04 20:54 ` Alex G. 2021-10-05 5:45 ` Jorge Ramirez-Ortiz, Foundries 2021-10-05 6:08 ` Jorge Ramirez-Ortiz, Foundries 2021-10-05 12:14 ` Michal Simek 2022-01-19 16:03 ` Adrian Fiergolski 2022-01-19 16:44 ` Jorge Ramirez-Ortiz, Foundries 2022-01-19 16:51 ` Jorge Ramirez-Ortiz, Foundries 2022-01-19 17:22 ` Jorge Ramirez-Ortiz, Foundries 2022-01-19 17:48 ` Oleksandr Suvorov 2022-02-07 12:24 ` Adrian Fiergolski 2022-02-09 7:51 ` Jorge Ramirez-Ortiz, Foundries 2022-02-09 12:20 ` Adrian Fiergolski
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.