From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6361AC4332F for ; Sat, 7 May 2022 22:20:19 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3901683B46; Sun, 8 May 2022 00:20:16 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="k9bJiN1c"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1950D83B44; Sun, 8 May 2022 00:20:14 +0200 (CEST) Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 926D683B34 for ; Sun, 8 May 2022 00:20:10 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=cryosay@gmail.com Received: by mail-pj1-x1030.google.com with SMTP id t11-20020a17090ad50b00b001d95bf21996so13892364pju.2 for ; Sat, 07 May 2022 15:20:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PVYLF5vwuXH8wS8KbMecZLKe0pHaIU8gVc3U3ynS+RY=; b=k9bJiN1cNau74BTfpaePiXRM+og+eT8ryqdMeehDC+rYJjC5jj43S8eI/8CfKoQOgA 7uFdKgj0Hp1pFHOVO9RTzO3uhimMVOLdLeQznbcaEY2cseib78R52146xwgHTQvK6KtY mn68sZiD5ccsWJZLNF41cTJCHdlGPSSa/Hj1AZCBhu7zOzNNTQW2BbM+zYNXb3zwl32P zkb2B50iCNFQGEZXHyErBtUMdUd+oGOwUL6hccQnx2yNOzuEhYmyf2mTfY3F0ccs0Sr4 mKDySASRg2WCBmsbE8KuYrypz0T6dHRpaGD349rkH4vu2JZIAQnOmxgaOey5LLJe4NjB F7vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PVYLF5vwuXH8wS8KbMecZLKe0pHaIU8gVc3U3ynS+RY=; b=Nncy9hrt+NcP6LsWdN7daId2pzAzdLk218TO+MmaNs5lUTbIE7mAA6/kCh0COD2N53 6Vd+mAdo0FnXS6MgX50BcYBhXkaP9UGAqEjvExAdGKsQ9u7E6lDBdz01mWPiu7GNZIfc mq0hXJTRjn6eDnCIF7PxD4+Woi7WnCHIP467SZVVImJ/jC4VbUIdXX2QKwHz6k3Xe8nN LH9906PXjSm4hEGac0korrMqgS6My6/INNR0A9jRWnJQOu+iF7iHK8++27H+PsNLUMwf 9rs/XtWHSexs8NmW+H79bSKDB2R6nduDR7V8WIV2PPFFDw0+9Zxr+Sw6CQMTPXd7tKwF iY+w== X-Gm-Message-State: AOAM531KsKkqaD5cMsiT73EPSEhdXRZrOfDzpJ1vQmEjziLZSmVzQ9/Z YeWGKKp7wwNnFJcrLjpkYSK2AfJ9agTJ9krhalU= X-Google-Smtp-Source: ABdhPJy2oV7HA/T6/KHuVoeAb+L7tJv+J5ZeuWaJtN05PJulRSHcUCDrxzqt3esypoinK/TLrGYItkxkCj31OA5+WkU= X-Received: by 2002:a17:902:9884:b0:15f:4eb:8e76 with SMTP id s4-20020a170902988400b0015f04eb8e76mr1714357plp.57.1651962008457; Sat, 07 May 2022 15:20:08 -0700 (PDT) MIME-Version: 1.0 References: <20220411180046.1505209-1-adrian.fiergolski@fastree3d.com> <20220411180046.1505209-7-adrian.fiergolski@fastree3d.com> <3291358c-4159-d6ff-067e-34fbfb4aa7ba@xilinx.com> In-Reply-To: <3291358c-4159-d6ff-067e-34fbfb4aa7ba@xilinx.com> From: Oleksandr Suvorov Date: Sun, 8 May 2022 01:19:57 +0300 Message-ID: Subject: Re: [PATCH v7 6/7] fpga: zynqmp: support loading authenticated images To: Michal Simek Cc: Adrian Fiergolski , U-Boot Mailing List , Oleksandr Suvorov , Ricardo Salveti , Igor Opaniuk , Jorge Ramirez-Ortiz , Alexandru Gagniuc , Bin Meng , Heiko Schocher , Jagan Teki , Klaus Heinrich Kiwi , Sean Anderson , Simon Glass , Steffen Jaeckel Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Hi Michal, On Tue, May 3, 2022 at 10:56 AM Michal Simek wrote: > > > > On 4/11/22 20:00, Adrian Fiergolski wrote: > > From: Oleksandr Suvorov > > > > Add supporting new compatible string "u-boot,zynqmp-fpga-ddrauth" to > > handle loading authenticated images (DDR). > > > > Based on solution by Jorge Ramirez-Ortiz > > Signed-off-by: Oleksandr Suvorov > > Co-developed-by: Ricardo Salveti > > Signed-off-by: Ricardo Salveti > > Tested-by: Ricardo Salveti > > Co-developed-by: Adrian Fiergolski > > Signed-off-by: Adrian Fiergolski > > --- > > boot/Kconfig | 4 ++-- > > doc/uImage.FIT/source_file_format.txt | 5 ++++- > > drivers/fpga/zynqmppl.c | 21 +++++++++++++++++++++ > > 3 files changed, 27 insertions(+), 3 deletions(-) > > > > diff --git a/boot/Kconfig b/boot/Kconfig > > index b83a4e8400..f7faafb29f 100644 > > --- a/boot/Kconfig > > +++ b/boot/Kconfig > > @@ -209,8 +209,8 @@ config SPL_LOAD_FIT > > 1. "loadables" images, other than FDTs, which do not have a "load" > > property will not be loaded. This limitation also applies to FPGA > > images with the correct "compatible" string. > > - 2. For FPGA images, only the "compatible" = "u-boot,fpga-legacy" > > - loading method is supported. > > + 2. For FPGA images, the supported "compatible" list is in the > > + doc/uImage.FIT/source_file_format.txt. > > 3. FDTs are only loaded for images with an "os" property of "u-boot". > > "linux" images are also supported with Falcon boot mode. > > > > diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt > > index f93ac6d1c7..461e2af2a8 100644 > > --- a/doc/uImage.FIT/source_file_format.txt > > +++ b/doc/uImage.FIT/source_file_format.txt > > @@ -184,7 +184,10 @@ the '/images' node should have the following layout: > > Mandatory for types: "firmware", and "kernel". > > - compatible : compatible method for loading image. > > Mandatory for types: "fpga", and images that do not specify a load address. > > - To use the generic fpga loading routine, use "u-boot,fpga-legacy". > > + Supported compatible methods: > > + "u-boot,fpga-legacy" - the generic fpga loading routine. > > + "u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for > > + Xilinx Zynq UltraScale+ (ZymqMP) device. > > > > Optional nodes: > > - hash-1 : Each hash sub-node represents separate hash or checksum > > diff --git a/drivers/fpga/zynqmppl.c b/drivers/fpga/zynqmppl.c > > index c7f9f4ae84..0ce641e495 100644 > > --- a/drivers/fpga/zynqmppl.c > > +++ b/drivers/fpga/zynqmppl.c > > @@ -9,6 +9,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -210,6 +211,26 @@ static int zynqmp_load(xilinx_desc **desc_ptr, const void *buf, size_t bsize, > > u32 ret_payload[PAYLOAD_ARG_CNT]; > > bool xilfpga_old = false; > > xilinx_desc *desc = *desc_ptr; > > + fpga_desc *fdesc = container_of((void *)desc_ptr, fpga_desc, devdesc); > > + > > + if (fdesc && fdesc->compatible && > > + !strcmp(fdesc->compatible, "u-boot,zynqmp-fpga-ddrauth")) { > > I think you should use directly here what you have in 7/7. It means to check > that it is not fpga-legacy. Thanks, fixed. The fix will be introduced in the next patchset version. > > > + struct fpga_secure_info info = { 0 }; > > + > > + if (!CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)) { > > + printf("No support for %s\n", fdesc->compatible); > > + return FPGA_FAIL; > > + } > > + > > + if (!desc->operations->loads) { > > + printf("%s: Missing load operation\n", __func__); > > + return FPGA_FAIL; > > + } > > + /* DDR authentication */ > > + info.authflag = 1; > > + info.encflag = 2; > > + return desc->operations->loads(desc, buf, bsize, &info); > > + } > > > > if (zynqmp_firmware_version() <= PMUFW_V1_0) { > > puts("WARN: PMUFW v1.0 or less is detected\n"); > > Before you start to deal with secure bitstreams you should also likely check > this PMUFW checking before you call loads. Michal, this code block (for earlier PMUFW) does: 1. Set a flag ZYNQMP_FPGA_BIT_NS. According to a description of the commit 19ed4b697b9732e0a5097bd233fba7e24dfe9146, ZYNQMP_FPGA_BIT_NS bit should be set only for nonsecure bitstream. So not needed for zynqmp_loads(). 2. Prepare a pointer to a bitstream size (bsizeptr) instead of value (bsize). For secure bitstream, a key address is already used instead. 3. Validate a bitstream data and placement with zynqmp_validate_bitstream(). I've not found enough information about validating non-secure/secure bitstreams. Could you confirm the function zynqmp_validate_bitstream() can be used to validate both legacy and secure bitstreams? Thanks, Oleksandr. > > Thanks, > Michal -- Best regards Oleksandr Oleksandr Suvorov cryosay@gmail.com