[U-Boot] [RFC PATCH] fpga: zynq: Add encrypted bitstream support with auto detect

[Siva Durga Prasad Paladugu <sivadur@xilinx.com>]

Hi Stefan,

Yes, I checked and it looks fine functionally, I even tested it. Otherthan this, I have few comments on this which I am going to reply to your RFC patch mail.

Thanks,
Siva

> -----Original Message-----
> From: Siva Durga Prasad Paladugu
> Sent: Tuesday, June 12, 2018 9:18 AM
> To: Stefan.Herbrechtsmeier at weidmueller.com;
> stefan at herbrechtsmeier.net
> Cc: u-boot at lists.denx.de; michal.simek at xilinx.com; monstr at monstr.eu
> Subject: RE: [RFC PATCH] fpga: zynq: Add encrypted bitstream support with
> auto detect
> 
> Hi Stefan,
> 
> > -----Original Message-----
> > From: Stefan.Herbrechtsmeier at weidmueller.com
> > [mailto:Stefan.Herbrechtsmeier at weidmueller.com]
> > Sent: Monday, June 11, 2018 9:33 PM
> > To: Siva Durga Prasad Paladugu <sivadur@xilinx.com>;
> > stefan at herbrechtsmeier.net
> > Cc: u-boot at lists.denx.de; michal.simek at xilinx.com; monstr at monstr.eu
> > Subject: AW: [RFC PATCH] fpga: zynq: Add encrypted bitstream support
> > with auto detect
> >
> > Hi Siva,
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Siva Durga Prasad Paladugu [mailto:sivadur at xilinx.com]
> > > Gesendet: Montag, 11. Juni 2018 13:40
> > > An: stefan at herbrechtsmeier.net
> > > Cc: Herbrechtsmeier Dr.-Ing. , Stefan
> > > <Stefan.Herbrechtsmeier@weidmueller.com>; u-boot at lists.denx.de;
> > Michal
> > > Simek <michal.simek@xilinx.com>; monstr at monstr.eu
> > > Betreff: RE: [RFC PATCH] fpga: zynq: Add encrypted bitstream support
> > > with auto detect
> > >
> > > Interesting, I got your point. First of all,  Could you please let
> > > me know on how do you created the encrypted bitstream?
> >
> > I use bootgen with the split option and the following bif file:
> >
> > bootgen -image u-boot-spl-aes.bif -o i u-boot-spl-aes.bin -w on
> > -encrypt efuse -split bin
> >
> > image:
> > {
> >         [aeskeyfile]efuse.nky
> >         [pskfile]psk.pem
> >         [sskfile]ssk.pem
> >         [bootloader, encryption=aes, authentication=rsa]u-boot-spl.elf
> >         [encryption=aes]fpga.bit
> > }
> >
> > > I hope this is not the Xilinx bootgen flow(may be through other
> > > Xilinx
> > > flow)
> >
> > To my knowledge you could only use bootgen because Xilinx doesn't
> > documented the encryption even if I would like to integrate the
> > encryption into mkimage.
> >
> > > because, I don't think bootgen will update these fields while
> > > creating encrypted bitstream( need to re confirm on this) and my
> > > flow targets the Xilinx bootgen flow.
> >
> > This fields are part of the encrypted binary bitstream and are needed
> > for the fpga configuration via the pcap. They are documented inside
> > the 'ug470_7Series_Config.pdf'.
> >
> > > Please let know your comments on this, based on which, will try to
> > > review and test your patch.
> >
> > Let me know if you need more information or help.
> 
> Thanks for the clarity, let me check on it and come back.
> Let me also look in to modify secure patch if required as per this.
> 
> Thanks,
> Siva
> 
> >
> > Regards
> >
> > Stefan Herbrechtsmeier
> > Software Developer Embedded Systems
> >
> > Weidmüller - Your partner in Industrial Connectivity We look forward
> > to sharing ideas with you - Let's connect.
> >
> > Weidmueller Interface GmbH & Co. KG
> > Klingenbergstraße 16, 32758 Detmold, Germany
> > Email: Stefan.Herbrechtsmeier at weidmueller.com - Web:
> > www.weidmueller.com
> >
> >
> > ________________________________
> > Kommanditgesellschaft - Sitz: Detmold - Amtsgericht Lemgo HRA 2790 -
> > Komplementärin: Weidmüller Interface Führungsgesellschaft mbH -
> > Sitz: Detmold - Amtsgericht Lemgo HRB 3924;
> > Geschäftsführer: José Carlos Álvarez Tobar, Elke Eckstein, Jörg
> > Timmermann; USt-ID-Nr. DE124599660