[U-Boot] [RFC PATCH] fpga: zynq: Add encrypted bitstream support with auto detect - Stefan.Herbrechtsmeier at weidmueller.com

From: Stefan.Herbrechtsmeier at weidmueller.com <Stefan.Herbrechtsmeier@weidmueller.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [RFC PATCH] fpga: zynq: Add encrypted bitstream support with auto detect
Date: Mon, 11 Jun 2018 16:03:03 +0000	[thread overview]
Message-ID: <531ADB0D40411F4DAE16FC92133DDBF15B4233F7@SRVDE355.weidmueller.com> (raw)
In-Reply-To: <BN1PR02MB101282453EC4F712BF794A1D9780@BN1PR02MB101.namprd02.prod.outlook.com>

Hi Siva,

> -----Ursprüngliche Nachricht-----
> Von: Siva Durga Prasad Paladugu [mailto:sivadur at xilinx.com]
> Gesendet: Montag, 11. Juni 2018 13:40
> An: stefan at herbrechtsmeier.net
> Cc: Herbrechtsmeier Dr.-Ing. , Stefan
> <Stefan.Herbrechtsmeier@weidmueller.com>; u-boot at lists.denx.de;
> Michal Simek <michal.simek@xilinx.com>; monstr at monstr.eu
> Betreff: RE: [RFC PATCH] fpga: zynq: Add encrypted bitstream support with
> auto detect
>
> Interesting, I got your point. First of all,  Could you please let me know on
> how do you created the encrypted bitstream?

I use bootgen with the split option and the following bif file:

bootgen -image u-boot-spl-aes.bif -o i u-boot-spl-aes.bin -w on -encrypt efuse -split bin

image:
{
        [aeskeyfile]efuse.nky
        [pskfile]psk.pem
        [sskfile]ssk.pem
        [bootloader, encryption=aes, authentication=rsa]u-boot-spl.elf
        [encryption=aes]fpga.bit
}

> I hope this is not the Xilinx bootgen flow(may be through other Xilinx flow)

To my knowledge you could only use bootgen because Xilinx doesn't documented the encryption even if I would like to integrate the encryption into mkimage.

> because, I don't think bootgen will update these fields while creating
> encrypted bitstream( need to re confirm on this) and my flow targets the
> Xilinx bootgen flow.

This fields are part of the encrypted binary bitstream and are needed for the fpga configuration via the pcap. They are documented inside the 'ug470_7Series_Config.pdf'.

> Please let know your comments on this, based on which, will try to review
> and test your patch.

Let me know if you need more information or help.

Regards

Stefan Herbrechtsmeier
Software Developer Embedded Systems

Weidmüller - Your partner in Industrial Connectivity
We look forward to sharing ideas with you - Let's connect.

Weidmueller Interface GmbH & Co. KG
Klingenbergstraße 16, 32758 Detmold, Germany
Email: Stefan.Herbrechtsmeier at weidmueller.com - Web: www.weidmueller.com

________________________________
Kommanditgesellschaft - Sitz: Detmold - Amtsgericht Lemgo HRA 2790 -
Komplementärin: Weidmüller Interface Führungsgesellschaft mbH -
Sitz: Detmold - Amtsgericht Lemgo HRB 3924;
Geschäftsführer: José Carlos Álvarez Tobar, Elke Eckstein, Jörg Timmermann;
USt-ID-Nr. DE124599660