From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753042AbdBUNzl (ORCPT ); Tue, 21 Feb 2017 08:55:41 -0500 Received: from mail-co1nam03on0089.outbound.protection.outlook.com ([104.47.40.89]:10688 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752478AbdBUNzb (ORCPT ); Tue, 21 Feb 2017 08:55:31 -0500 Authentication-Results: spf=pass (sender IP is 149.199.60.83) smtp.mailfrom=xilinx.com; kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=bestguesspass action=none header.from=xilinx.com; Subject: Re: [PATCH v2 2/3] fpga: zynq: Add support for encrypted bitstreams To: , References: <1487624123-13579-1-git-send-email-mdf@kernel.org> <1487624123-13579-2-git-send-email-mdf@kernel.org> CC: Alan Tull , Michal Simek , =?UTF-8?Q?S=c3=b6ren_Brinkmann?= , From: Michal Simek Message-ID: <29bc6189-479e-c063-ef35-4ba99c5a1d56@xilinx.com> Date: Tue, 21 Feb 2017 14:55:18 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 In-Reply-To: <1487624123-13579-2-git-send-email-mdf@kernel.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-RCIS-Action: ALLOW X-TM-AS-Product-Ver: IMSS-7.1.0.1224-8.1.0.1062-22898.006 X-TM-AS-User-Approved-Sender: Yes;Yes X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:149.199.60.83;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(6009001)(7916002)(39450400003)(39860400002)(39840400002)(39410400002)(39850400002)(2980300002)(438002)(199003)(24454002)(189002)(9170700003)(626004)(6246003)(54906002)(36386004)(4001350100001)(8676002)(83506001)(81166006)(63266004)(31686004)(92566002)(77096006)(189998001)(5660300001)(2870700001)(4326007)(65826007)(2906002)(36756003)(2950100002)(9786002)(6666003)(31696002)(356003)(86362001)(305945005)(50466002)(33646002)(8936002)(64126003)(23676002)(106466001)(54356999)(76176999)(65956001)(53546006)(47776003)(50986999)(65806001)(38730400002)(229853002)(107986001);DIR:OUT;SFP:1101;SCL:1;SRVR:BY2PR02MB1379;H:xsj-pvapsmtpgw01;FPR:;SPF:Pass;MLV:nspm;A:1;MX:1;PTR:unknown-60-83.xilinx.com;LANG:en; X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02FT062;1:gDdBNT2/iUvaDVD4h1PLzgLRHt5Fe7nqloqERh7zgLX905x1RrCKDTHNaew9Z8EeGyMFXrMmyycYEIBelHhMNFUzpzSEJg5rZX9wkT3gap8ez5vOI7HzGyUBw6TqCwjcvThuaEk/OSIaA4jotQsZgOLbmRD3TjprcyND2lqSz/VvcbJIoe2yroRdUVRq+FausmjwpgVlQXQgcJhDgB8Zmfz8DZhkn7Kd9iiNAd/m8FIlwBpBPkjWS3IF4u7SF965VWEM7gt2BK67FKUl3TqhcKWrrjZR3xDBZyB38rQ9Lyl3oJooAIxePHZo7iyEM8P2gsob99gIc9luV0usfvRvy0hKqBIhnQfFxKp+hgZ4uivSU1u5I/O5YKVHjp6NrUu4PDHoo3TngGVNxdW2nGt8T0o0pjP2bKxcvZ9mcit+TC9T7E0aJCpcqTU729vVm1R110T3W8QCnlTNKXZn8+V5wLtUFfa0AO3yynn+lyYZz/Tn85zTG/Mhktuxig/Z6Gwy/pUeAqgYW2a5UZeqCQ+Z8T+SmSmIPiFmHd5+aE2CnDA= X-MS-Office365-Filtering-Correlation-Id: 8a406719-ae5c-4d80-de31-08d45a614b21 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(8251501002);SRVR:BY2PR02MB1379; X-Microsoft-Exchange-Diagnostics: 1;BY2PR02MB1379;3:DA2ULfDrt/A23K1HQZgsm8e9IXq7dQZ4jNWSooJO5I8C5gpnxk6QOo5giddbNK9beePusyFJZEZhMg0d/pRWNS7M4Io5krIcu3Rh9SsjPOkTIlN18KK+xVxG+uZT0DnHAVygjVIzxrkL6cvGPf2Cv9zw+MS6zg438lD0nsxzLI4uNDGHvNo3Djr2jx4cjVgvroYzJ/4L7IT9tv66vaXN61GruhFzQ2RAfUXFdTBuH2AchKm4MgsFm7cPzIrAtMYB7VV57XYLuv6G/wpBI8xsI7+uoedLLTBueLUFMBTW9GiRCySuZhboNLMIN5Rw4eVSOmwggMNs4/LHdEvZnDziEzFCwVZbNtToywlb2VN8ELIzpa6Y4A/dq358qkqWjdKsFBUrkOg87mAW7ODK+zg42A==;25:yfa7BmZspHNQDGDU12eylQecQJWDVd0ei4oHCvDbCNSZGOd7DvSNPoOYghzlV5wH0Zb5+u/z6yv2qWYzhsEzq1R4JEqYlaXSLO1lifl2NNVTIkPAOj1l8wbiv4jMJpfJe5ECI/d/crAO0R0oLn8VScmcdQcOgkoW8TxtVjwTkN3cPvCjyY/iamS4nNmvrXsN/p89/SOnFfDVKEZ5mJJofcsXWAUG3SuKHuwHJdYqJ2eIywT01iYmvmWsyxQP6ylj+vdyhxEz3pTfGYbid+8DLdU3kddAcWj6F3W9CDP7qGf+llsBH8qiiuIGl0dOT5xmSn/tS4ei0cIJYtQjTjtq2q3KDwrHpGLCYsUFejy1GAKPRSaPcwbI4cLO83o2xIXLzgfqxraijMZhfTpyxIPkBz7Eh0mgR5u1KFJnzgPAu7XZ5fM5A+V2IHvfmquBFyQBBU7IsbzckYXK4fUcaa5Wrw== X-Microsoft-Exchange-Diagnostics: 1;BY2PR02MB1379;31:+70NcFdIqqZuM0zNOEB7jddm0SlxwqVV9POsDpLjol3CF993kPaKSEdyNHkpDdvDobzykB2Qv6KR4Q+F7j+80IxlRzu5Dybsog2/187Cb8PCITifsrpJd1uBFdRPuepy0W1VPWo7Gh06BZt3h/0QV2DFsNBlB1//Ujd9/YS2m5IIW5QaZDNltLDt9ITIN0msOXSE+cZCnVPytuJqACmVTN7DvGprhuRU/SHem/sVVWUGE/OTPeZO4X0qMzrWOeU/M8Ig9tCVUrOuFeKmAcl1KA==;20:WTA8uVwmcBVh2lmClJAj8TudNZBqmN2X0SyjT7QfaVHqissDA8H/CXunIg6uGrQ7JCm/zZnDtfhcYs8HUi133wA9llGHxJ7vRXF0EhmNRKOuufL7SmQiTZWePXQkuVVRoDTiR6YgIW/s3R7r1OPsWgoMBjb31QMHMRHBNJw/Z608S37rdA67yiIaLZqdOOxMWxUaGUs0soArX8TQ4h6ZzFbDKymDT5SCMg6sLQmJ1mRly8x5bWBoLSf4DnsY5ZwCv9xBsuRIGyQ5aOh6gFfxx7WAxjrK6v42Tx5pUT50WQAs077FlQ0g9g41TmAHzNLOKJkFuU8rgowSRwhN5Lk0jtolV0B5JSZKhIn1Hp1u72SPWYJm27fnYZIBJSAyirZj6Or3xOAgZJ78nRGHsnuyiQOZpm0UNd0/BkFohwnj0BqFC5C+wlQ0FWp17R1LOLFdIkGELvNj311S6nqWHgqhvjZ5p//l0Kax9xP6oAlwaxxYJ4EsGf8/kc0O4Z4ZmlHg X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(192813158149592); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(13023025)(13024025)(13018025)(8121501046)(5005006)(13015025)(13017025)(3002001)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(20161123558025)(6072148);SRVR:BY2PR02MB1379;BCL:0;PCL:0;RULEID:;SRVR:BY2PR02MB1379; X-Microsoft-Exchange-Diagnostics: 1;BY2PR02MB1379;4:nY4IsTNb0TPvjawIVVhasU3q1S3X6fLbi6f7VfxbTLijBMdFJthJYOH3lqFo0lz5Cv2x9413dwrK9jKlVs73JmOp8tyEsslzcj6SO7FwMrPunWN3QdpMA/vAYH0SIIYcZMoCP0ybf05jq2WM6n2bGw2fKTI9wKP8wUtUWNtqxItvMQ+mWlDYgy5/IX6fnFWuhRWQ6Zq+tepDJxpZIkyjaiNVnXmgJc8+DY7s/8SGZHxXFl7wLYa+CR8JbOHP8AFZbW0sVMMUb3CoZyKCEh9N057Vdm+3yexR69DDO3Lo7aOMxl8+fk31jk2IXK/pp7bS5Uwx+YMHwhAm6QCV/mZi+LOVZ1ziBfdIfCH5uCQysAQaOl5Lt+oc1P+I9t7YUE/aRxmMVej5+10p3zYi/rzfyCILY2Wz3zpHZgK3wN5QSBW5JYwtSIvAe+y8n/cu9WBBbOhiqMbq4Hihfp9aInVqw3gHlfSBzUaDLAldXZOQrqxzf7K8WoSPzhCDqJEj8qp8I4rs6KfP2A4kbEa0z7lQbJhJ3KcQNvFcVEw5Dj4KILbA0ypd409G04G6685/YqNQMofZQSFzmPhuxLs1ud2g3QdC+iEUxxnTU2a2iFX69XDV354FQTqU1UyYjLEZmK/hlW19Sgm8RGSR/Fo9xr8zSuo0xwjpTnaTg1wYz30AnEa2r3gZoAzVHc/Zj65Zm2hdmjSHKsfETYEQqxx5+WmENfnvt2Bg6wfZ1Opb+DG0F5WeOhm92ICFYurQ55c3UHuMUTzQug17ax2jQFFqV5eFA/X9t8OZ+vQhPOcjtPLeE1Q= X-Forefront-PRVS: 0225B0D5BC X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjAyTUIxMzc5OzIzOnJtYVNZTmk1Nll2d2hGcFh5TEp5YXdsOFcy?= =?utf-8?B?WFVveE5JV2NPV0tCemtOT3c0OWpiYXFvd05KWitNMmJ5Tld2VTI2OWNiVFFB?= =?utf-8?B?RFpjMm5mOUtkeUlKbXlTUmdLU1JsQnNTSFd2dUNpRVZleFpPK1lRYks4RXZ6?= =?utf-8?B?NFlIRUNiaEdZUTM0alpjbFhDeWZwRWlPamhLRGZtYkNOV1liNDYxYXZRYXNE?= =?utf-8?B?TWw1ZFRNbENSUmVWSkkwaktIL2I4dDlDUmhkbkNQSW1ONWMvckc3SGNEcDZU?= =?utf-8?B?cnplZHN0eWdJU3E3YXNKTFp1Mm5wQ1J6MDhlMmwyMWg4cmU4cmJwclR0SlBo?= =?utf-8?B?RXNmUG5CcWJGeTVvWjNZelg2Qk92ZG9CbDFjcXhPT1U1RTE4aEg4dUdPc212?= =?utf-8?B?ZGxoMzg1cG9xYWhtV3Yydm1PQ0Y2anYzWTYvOHVTWDMrMDcrbkoxVTY0TjJp?= =?utf-8?B?SEFtMllpcUVKUWtGajhyU2ZyN3NMNTZWY2tCbGFoSm5kWVg5UzZkbzBBR1dT?= =?utf-8?B?VmxDdXdwa3FVMlR5dHNjM2Q0WVNqVlY5UjhRdWZGMWxhbVZxZ0FuNFJzZ095?= =?utf-8?B?dTZFby92UCtueGs5VWs0VEtDQ2pZTEhtT1FSUkdSaS9GOWZlV09rdzI2S1lK?= =?utf-8?B?elVWWThFemZQQ2QrNGdLQ3dSYnBRZSt3VTcyYVlrV2FMaEhWNjc3OXJZWDI4?= =?utf-8?B?cmJCVVBVd3RxVnovc3ppUFBhRTlBQWd0cGlPSFpsbmpITStqNHdiQWxDaGZa?= =?utf-8?B?US9LQ1RPQjdXS2cwdVdlNE9XbFpoalFNYW42c1dVcFpCRi9QejBtTGZCRWhw?= =?utf-8?B?dmtrNkRrcUhJa0JqMXFqa0drcTVlM1pSWEtENzQxWW52NC9aa0xWQTROcGFH?= =?utf-8?B?NUgyT0IweGFuaWxZeGpjUmhPY3hvbEFzL2x5bTdMWTFXYU9NeEJqQnF4aUxi?= =?utf-8?B?OFRRSE1RTGM4THJXVitOY3FjSHViaEx0UWxNN2RLbG91QnNRVC92T1pmeHRh?= =?utf-8?B?U3VTNEJkbTJuSjJLWVAvNXdWRjVzSjF1aVk2TTFOMjk1UG94SEJvOXVna2pu?= =?utf-8?B?dm5OSEJNWEZkSWFZditOdkpqRG9nTmdTTW1FQkNUN0FOOHRFVU1CSjJIMnYx?= =?utf-8?B?aE9YNUlQZDdWS1NEOHhqc1I5bDR4NVlkdUFVRzhsN09VWHlId2NUUnZWM2pE?= =?utf-8?B?MEk1Mmg3NndNK2FOUnZ0V1RFMXJZVXREZkN5aGI1cVFoOGVEaVMxOW4rb1Fa?= =?utf-8?B?VHR5N3pOdk1xT2RKWE40b1JVNnhnM2dkQytCZ2VCalRQaURCMC9rNllJSVg2?= =?utf-8?B?RlV2WFlUaXhsSjRBcWZoSThadDJ1MEZ3L3YvWis1TzhHU1g1dFB6WnlUYzdS?= =?utf-8?B?MUpDZ0U5NGtrcmJxSGpmZ3VWMXBLcGM4SG1GTlJ5R0I4ZFd3RVNxSE8wZUpJ?= =?utf-8?B?Zkx2bmRXK2pveDd0TTJSZm5JLzJSN1plaDJtY2xWVDJTOEJpYkdGWFpTdWky?= =?utf-8?B?R25EcVg0dWQ1VGdaN0ROVUwrQWlWRGpZOUVUOU5ySE5VRzREUWduZTRiaWIz?= =?utf-8?B?VThHSzVteTkyaWlOM0QwQ2c5cnNESUFJaVVzalI4cEdvdU92Z2NaSW5Ud21K?= =?utf-8?B?VEZNQ3hDYlhzQ3RWQ0IvRUtkUDJTU0FnZDA3dkFzZjVtUlBvRVZJSnh4YzBh?= =?utf-8?B?K2tQR3pjQmpxN0hnaVJmbjA4bytlNnBybGxZNnRuaTlibUpRd1BXazZwUlg1?= =?utf-8?B?YXhOOWgvakl5MElpbERObDlNNUpKZkZ4WWZ1Y3NkdVNjU1lZckFxeXdObmRO?= =?utf-8?Q?9la6OWF0oAYLS?= X-Microsoft-Exchange-Diagnostics: 1;BY2PR02MB1379;6:A/DpK1xrrRhcOVXkB10v7vsoFgtH3+Vt9IJpPmb5jEQPnx1tfGtbXJJ/c1mwLD2OHYNv0FDLoEr+O+oydixDcumIHp5NYhYI3rr92OTng7SpjjUJfNHKAfGsXmNIJ1KcmI83LcGBChTTEkiaI/2VdykyjWzt8qVcRorYxkTIp8OIC4snwqkVN4ESE+M7deLpjRPJ64lhinT66+yrLOFu+WizNiXDaEooVOXxG03WtZXA98u0ALKzHSWlOlYrFPkVqtFj6GbMNgRKONqZcC1greS254tu1rSLFqg4QyhPVm8xpsHnnfMSCQo/crdF7RLGSiQAQ4Qc9jNbGs5g9uyDghZlnMrcsbzWfebRxu+zlcDpuH/pZ6ozOcGfsSiKsnYH15oyLsnhk+ffpNkjOSLR4uNenmyld9nFEyAJQzXvhCs=;5:9CpDb2R5Atk603+8yYMP/JYUmD3bSlbZssqNnGnvQKJyYyAKjyQ9ZijcIaHEAqt9h10klepyx1UgJ/V6heko/hz4XIea8GjkoFD1kqHk7O5+Q7DqOR+34TyxoeZRpxvPBUg7V2kYEC/bC97ljzGmUwg8I4SY9idHwYHMMkOeaDM=;24:YQemU5uHQ58E/WkafqWbXSHYnn7MnOb3ALe4+9G4plNC665lO03cRz5Hbyd05B7a04FY+URS8lLpMxHev0Li6xomZe/NoF6nhiZKwr9MhMk= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BY2PR02MB1379;7:Sa7bpPKPJ+O+80xzh/p0+nY+xZCgAfYLiqBez7HAFpZcHN7eNvLZqRwlVdY22KWMkQ+iwgvcX667dnuTExDDwlpPji9Ty24Y07zXjG8GEAAIzbO+wb262BKi4eirjdwGZpM/ly1h9vvM9SDj4122IAVrXvIRxVnNURsAn2zH4q2JoLrKNsZ+qnDxcPG714wkeJFsZou1TCyM6RhEuW5i4QiqkTluGhw0IKT5chVcVVmE9p2MuJyFaDndXC+BkmdsGNZYnP/aJhlHbRFVJ0hNXrvk48MIZ6I3egbFdy5zT/q9/mxH/Gc8DAiNJOf/41lqynmlDASAx/KMwDkbSgcmug== X-OriginatorOrg: xilinx.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Feb 2017 13:55:28.2420 (UTC) X-MS-Exchange-CrossTenant-Id: 657af505-d5df-48d0-8300-c31994686c5c X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=657af505-d5df-48d0-8300-c31994686c5c;Ip=[149.199.60.83];Helo=[xsj-pvapsmtpgw01] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR02MB1379 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 20.2.2017 21:55, mdf@kernel.org wrote: > From: Moritz Fischer > > Add support for encrypted bitstreams. For this to work the system > must be booted in secure mode. > > In order for on-the-fly decryption to work, the PCAP clock rate > needs to be lowered via the PCAP_RATE_EN bit. > > Signed-off-by: Moritz Fischer > Cc: Alan Tull > Cc: Michal Simek > Cc: Sören Brinkmann > Cc: linux-kernel@vger.kernel.org > Cc: linux-fpga@vger.kernel.org > --- > > Changes from v1: > - Renamed flag from FPGA_MGR_DECRYPT_BITSTREAM->FPGA_MGR_ENCRYPTED_BITSTREAM > > --- > drivers/fpga/zynq-fpga.c | 28 +++++++++++++++++++++++++--- > 1 file changed, 25 insertions(+), 3 deletions(-) > > diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c > index 34cb981..70b15b3 100644 > --- a/drivers/fpga/zynq-fpga.c > +++ b/drivers/fpga/zynq-fpga.c > @@ -72,6 +72,10 @@ > #define CTRL_PCAP_PR_MASK BIT(27) > /* Enable PCAP */ > #define CTRL_PCAP_MODE_MASK BIT(26) > +/* Lower rate to allow decrypt on the fly */ > +#define CTRL_PCAP_RATE_EN_MASK BIT(25) > +/* System booted in secure mode */ > +#define CTRL_SEC_EN_MASK BIT(7) > > /* Miscellaneous Control Register bit definitions */ > /* Internal PCAP loopback */ > @@ -266,6 +270,17 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, > if (err) > return err; > > + /* check if bitstream is encrypted & and system's still secure */ > + if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM) { > + ctrl = zynq_fpga_read(priv, CTRL_OFFSET); > + if (!(ctrl & CTRL_SEC_EN_MASK)) { > + dev_err(&mgr->dev, > + "System not secure, can't use crypted bitstreams\n"); > + err = -EINVAL; > + goto out_err; > + } > + } > + > /* don't globally reset PL if we're doing partial reconfig */ > if (!(info->flags & FPGA_MGR_PARTIAL_RECONFIG)) { > if (!zynq_fpga_has_sync(buf, count)) { > @@ -337,12 +352,19 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, > > /* set configuration register with following options: > * - enable PCAP interface > - * - set throughput for maximum speed > + * - set throughput for maximum speed (if bistream not crypted) > * - set CPU in user mode > */ > ctrl = zynq_fpga_read(priv, CTRL_OFFSET); > - zynq_fpga_write(priv, CTRL_OFFSET, > - (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl)); > + if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM) > + zynq_fpga_write(priv, CTRL_OFFSET, > + (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK > + | CTRL_PCAP_RATE_EN_MASK | ctrl)); > + else > + zynq_fpga_write(priv, CTRL_OFFSET, > + (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK > + | ctrl)); > + > > /* We expect that the command queue is empty right now. */ > status = zynq_fpga_read(priv, STATUS_OFFSET); > Acked-by: Michal Simek Thanks, Michal From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Return-Path: Subject: Re: [PATCH v2 2/3] fpga: zynq: Add support for encrypted bitstreams References: <1487624123-13579-1-git-send-email-mdf@kernel.org> <1487624123-13579-2-git-send-email-mdf@kernel.org> From: Michal Simek Message-ID: <29bc6189-479e-c063-ef35-4ba99c5a1d56@xilinx.com> Date: Tue, 21 Feb 2017 14:55:18 +0100 MIME-Version: 1.0 In-Reply-To: <1487624123-13579-2-git-send-email-mdf@kernel.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit To: mdf@kernel.org, linux-fpga@vger.kernel.org Cc: Alan Tull , Michal Simek , =?UTF-8?Q?S=c3=b6ren_Brinkmann?= , linux-kernel@vger.kernel.org List-ID: On 20.2.2017 21:55, mdf@kernel.org wrote: > From: Moritz Fischer > > Add support for encrypted bitstreams. For this to work the system > must be booted in secure mode. > > In order for on-the-fly decryption to work, the PCAP clock rate > needs to be lowered via the PCAP_RATE_EN bit. > > Signed-off-by: Moritz Fischer > Cc: Alan Tull > Cc: Michal Simek > Cc: Sören Brinkmann > Cc: linux-kernel@vger.kernel.org > Cc: linux-fpga@vger.kernel.org > --- > > Changes from v1: > - Renamed flag from FPGA_MGR_DECRYPT_BITSTREAM->FPGA_MGR_ENCRYPTED_BITSTREAM > > --- > drivers/fpga/zynq-fpga.c | 28 +++++++++++++++++++++++++--- > 1 file changed, 25 insertions(+), 3 deletions(-) > > diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c > index 34cb981..70b15b3 100644 > --- a/drivers/fpga/zynq-fpga.c > +++ b/drivers/fpga/zynq-fpga.c > @@ -72,6 +72,10 @@ > #define CTRL_PCAP_PR_MASK BIT(27) > /* Enable PCAP */ > #define CTRL_PCAP_MODE_MASK BIT(26) > +/* Lower rate to allow decrypt on the fly */ > +#define CTRL_PCAP_RATE_EN_MASK BIT(25) > +/* System booted in secure mode */ > +#define CTRL_SEC_EN_MASK BIT(7) > > /* Miscellaneous Control Register bit definitions */ > /* Internal PCAP loopback */ > @@ -266,6 +270,17 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, > if (err) > return err; > > + /* check if bitstream is encrypted & and system's still secure */ > + if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM) { > + ctrl = zynq_fpga_read(priv, CTRL_OFFSET); > + if (!(ctrl & CTRL_SEC_EN_MASK)) { > + dev_err(&mgr->dev, > + "System not secure, can't use crypted bitstreams\n"); > + err = -EINVAL; > + goto out_err; > + } > + } > + > /* don't globally reset PL if we're doing partial reconfig */ > if (!(info->flags & FPGA_MGR_PARTIAL_RECONFIG)) { > if (!zynq_fpga_has_sync(buf, count)) { > @@ -337,12 +352,19 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, > > /* set configuration register with following options: > * - enable PCAP interface > - * - set throughput for maximum speed > + * - set throughput for maximum speed (if bistream not crypted) > * - set CPU in user mode > */ > ctrl = zynq_fpga_read(priv, CTRL_OFFSET); > - zynq_fpga_write(priv, CTRL_OFFSET, > - (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl)); > + if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM) > + zynq_fpga_write(priv, CTRL_OFFSET, > + (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK > + | CTRL_PCAP_RATE_EN_MASK | ctrl)); > + else > + zynq_fpga_write(priv, CTRL_OFFSET, > + (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK > + | ctrl)); > + > > /* We expect that the command queue is empty right now. */ > status = zynq_fpga_read(priv, STATUS_OFFSET); > Acked-by: Michal Simek Thanks, Michal