[PATCH v8 14/14] fpga: zynqmp: support loading encrypted bitfiles

From: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
To: u-boot@lists.denx.de
Cc: Michal Simek <michal.simek@xilinx.com>,
	Adrian Fiergolski <adrian.fiergolski@fastree3d.com>,
	Ricardo Salveti <ricardo@foundries.io>,
	Jorge Ramirez-Ortiz <jorge@foundries.io>,
	Igor Opaniuk <igor.opaniuk@foundries.io>,
	Oleksandr Suvorov <oleksandr.suvorov@foundries.io>,
	Michal Simek <michal.simek@amd.com>
Subject: [PATCH v8 14/14] fpga: zynqmp: support loading encrypted bitfiles
Date: Wed,  1 Jun 2022 02:08:39 +0300	[thread overview]
Message-ID: <20220531230839.183690-15-oleksandr.suvorov@foundries.io> (raw)
In-Reply-To: <20220531230839.183690-14-oleksandr.suvorov@foundries.io>

From: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>

Add supporting new compatible string "u-boot,zynqmp-fpga-enc" to handle
loading encrypted bitfiles.

This feature requires encrypted FSBL,as according to UG1085:
"The CSU automatically locks out the AES key, stored in either BBRAM or eFUSEs,
 as a key source to the AES engine if the FSBL is not encrypted. This prevents
 using the BBRAM or eFUSE as the key source to the AES engine during run-time
 applications."

Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
---

Changes in v8:
- Michal Simek's suggestions addressed:
-- introduce the compatible flags in xilinx_desc;
-- pass a binary compatible flag instead of "compatible" property to
   an FPGA driver.
- Optimize a zynqmp_load() function.

Changes in v7:
- apply Michal Simek's suggestions
  As I applied changes on Oleksandr's patches, I indicated it by
  specifying myself as co-author in the commits logs. I am not sure
  if that is the convention of marking it.

Changes in v6:
- add support for the encrypted bitfiles.

Changes in v5:
- replace ifdef with if() where it's possible.

Changes in v4:
- change interface to xilinx_desc->operations->open() callback.
- fix a bug from previous version of the patchset in dereferencing
  of a parent fpga_desc structure.

Changes in v3:
- remove the patch which introduced CMD_SPL_FPGA_LOAD_SECURE.
- fix mixing definitions/declarations.
- replace strcmp() calls with more secure strncmp().
- document the "u-boot,zynqmp-fpga-ddrauth" compatible string.
- fix code style by check-patch recommendations.

Changes in v2:
- add function fit_fpga_load() to simplify calls of fpga_load()
  from contexts without a compatible attribute.
- move all ZynqMP-specific logic to drivers/fpga/zynqmppl.c
- prepare for passing a "compatible" FDT property to any fpga driver.

 doc/uImage.FIT/source_file_format.txt | 2 ++
 drivers/fpga/zynqmppl.c               | 8 ++++++++
 include/fpga.h                        | 1 +
 include/xilinx.h                      | 1 +
 include/zynqmppl.h                    | 2 +-
 5 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt
index 461e2af2a84..68701118409 100644
--- a/doc/uImage.FIT/source_file_format.txt
+++ b/doc/uImage.FIT/source_file_format.txt
@@ -188,6 +188,8 @@ the '/images' node should have the following layout:
     "u-boot,fpga-legacy" - the generic fpga loading routine.
     "u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for
     Xilinx Zynq UltraScale+ (ZymqMP) device.
+    "u-boot,zynqmp-fpga-enc" - encrypted FPGA bitstream for Xilinx Zynq
+    UltraScale+ (ZynqMP) device.
 
   Optional nodes:
   - hash-1 : Each hash sub-node represents separate hash or checksum
diff --git a/drivers/fpga/zynqmppl.c b/drivers/fpga/zynqmppl.c
index 76efc4b4a90..9087909dfe5 100644
--- a/drivers/fpga/zynqmppl.c
+++ b/drivers/fpga/zynqmppl.c
@@ -250,6 +250,11 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf,
 		info.authflag = ZYNQMP_FPGA_AUTH_DDR;
 		info.encflag = FPGA_NO_ENC_OR_NO_AUTH;
 		return desc->operations->loads(desc, buf, bsize, &info);
+	case FPGA_XILINX_ZYNQMP_ENC:
+		/* Encryption using device key */
+		info.authflag = FPGA_NO_ENC_OR_NO_AUTH;
+		info.encflag = FPGA_ENC_DEV_KEY;
+		return desc->operations->loads(desc, buf, bsize, &info);
 	default:
 		puts("Unsupported bitstream type\n");
 		return FPGA_FAIL;
@@ -353,6 +358,9 @@ static int zynqmp_str2flag(xilinx_desc *desc, const char *str)
 	if (!strncmp(str, "u-boot,zynqmp-fpga-ddrauth", 26))
 		return FPGA_XILINX_ZYNQMP_DDRAUTH;
 
+	if (!strncmp(str, "u-boot,zynqmp-fpga-enc", 22))
+		return FPGA_XILINX_ZYNQMP_ENC;
+
 	return 0;
 }
 
diff --git a/include/fpga.h b/include/fpga.h
index 13b1bbee3ca..a4e16401da7 100644
--- a/include/fpga.h
+++ b/include/fpga.h
@@ -20,6 +20,7 @@
 /* device numbers must be non-negative */
 #define FPGA_INVALID_DEVICE	-1
 
+#define FPGA_ENC_DEV_KEY	0
 #define FPGA_ENC_USR_KEY	1
 #define FPGA_NO_ENC_OR_NO_AUTH	2
 
diff --git a/include/xilinx.h b/include/xilinx.h
index ffd95ad7225..a62f6fd074f 100644
--- a/include/xilinx.h
+++ b/include/xilinx.h
@@ -40,6 +40,7 @@ typedef enum {			/* typedef xilinx_family */
 /* FPGA bitstream supported types */
 #define FPGA_LEGACY			BIT(0)
 #define FPGA_XILINX_ZYNQMP_DDRAUTH	BIT(1)
+#define FPGA_XILINX_ZYNQMP_ENC		BIT(2)
 
 typedef struct {		/* typedef xilinx_desc */
 	xilinx_family family;	/* part type */
diff --git a/include/zynqmppl.h b/include/zynqmppl.h
index c4d7a41220d..44d6933f82b 100644
--- a/include/zynqmppl.h
+++ b/include/zynqmppl.h
@@ -27,6 +27,6 @@ extern struct xilinx_fpga_op zynqmp_op;
 
 #define XILINX_ZYNQMP_DESC \
 { xilinx_zynqmp, csu_dma, 1, &zynqmp_op, 0, &zynqmp_op, NULL, \
-	(FPGA_LEGACY | FPGA_XILINX_ZYNQMP_DDRAUTH) }
+	(FPGA_LEGACY | FPGA_XILINX_ZYNQMP_DDRAUTH | FPGA_XILINX_ZYNQMP_ENC) }
 
 #endif /* _ZYNQMPPL_H_ */
-- 
2.36.1

