* [PATCH 0/4] fpga: zynq: encrypted bitstreams plus one
@ 2017-02-27 15:18 Alan Tull
2017-02-27 15:18 ` [PATCH 1/4] fpga: fix sparse warnings in fpga-mgr and fpga-bridge Alan Tull
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Alan Tull @ 2017-02-27 15:18 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: Moritz Fischer, Alan Tull, linux-kernel, linux-fpga
Hi Greg,
Please take these patches that have been reviewed on the
lkml and linux-fpga lists. Dihn's patch fixes minor sparse
warnings. Moritz's patch adds some functionality for Zynq.
Thanks,
Alan
Dinh Nguyen (1):
fpga: fix sparse warnings in fpga-mgr and fpga-bridge
Moritz Fischer (3):
fpga: Add flag to indicate bitstream needs decrypting
fpga: zynq: Add support for encrypted bitstreams
fpga: region: Add fpga-region property 'encrypted-fpga-config'
.../devicetree/bindings/fpga/fpga-region.txt | 1 +
drivers/fpga/fpga-bridge.c | 2 +-
drivers/fpga/fpga-mgr.c | 2 +-
drivers/fpga/fpga-region.c | 8 +++++--
drivers/fpga/zynq-fpga.c | 28 +++++++++++++++++++---
include/linux/fpga/fpga-mgr.h | 1 +
6 files changed, 35 insertions(+), 7 deletions(-)
--
2.7.4
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/4] fpga: fix sparse warnings in fpga-mgr and fpga-bridge
2017-02-27 15:18 [PATCH 0/4] fpga: zynq: encrypted bitstreams plus one Alan Tull
@ 2017-02-27 15:18 ` Alan Tull
2017-02-27 15:19 ` [PATCH 2/4] fpga: Add flag to indicate bitstream needs decrypting Alan Tull
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Alan Tull @ 2017-02-27 15:18 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Moritz Fischer, Alan Tull, linux-kernel, linux-fpga, Dinh Nguyen
From: Dinh Nguyen <dinguyen@kernel.org>
Fix up these sparse warnings:
drivers/fpga/fpga-mgr.c:189:21: warning: symbol '__fpga_mgr_get' was not
declared. Should it be static?
drivers/fpga/fpga-bridge.c:30:12: warning: symbol 'bridge_list_lock' was
not declared. Should it be static?
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Acked-by: Moritz Fischer <mdf@kernel.org>
Signed-off-by: Alan Tull <atull@kernel.org>
---
drivers/fpga/fpga-bridge.c | 2 +-
drivers/fpga/fpga-mgr.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/fpga/fpga-bridge.c b/drivers/fpga/fpga-bridge.c
index 33ee83e..e04a899 100644
--- a/drivers/fpga/fpga-bridge.c
+++ b/drivers/fpga/fpga-bridge.c
@@ -27,7 +27,7 @@ static DEFINE_IDA(fpga_bridge_ida);
static struct class *fpga_bridge_class;
/* Lock for adding/removing bridges to linked lists*/
-spinlock_t bridge_list_lock;
+static spinlock_t bridge_list_lock;
static int fpga_bridge_of_node_match(struct device *dev, const void *data)
{
diff --git a/drivers/fpga/fpga-mgr.c b/drivers/fpga/fpga-mgr.c
index 86d2cb2..188ffef 100644
--- a/drivers/fpga/fpga-mgr.c
+++ b/drivers/fpga/fpga-mgr.c
@@ -361,7 +361,7 @@ static struct attribute *fpga_mgr_attrs[] = {
};
ATTRIBUTE_GROUPS(fpga_mgr);
-struct fpga_manager *__fpga_mgr_get(struct device *dev)
+static struct fpga_manager *__fpga_mgr_get(struct device *dev)
{
struct fpga_manager *mgr;
int ret = -ENODEV;
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/4] fpga: Add flag to indicate bitstream needs decrypting
2017-02-27 15:18 [PATCH 0/4] fpga: zynq: encrypted bitstreams plus one Alan Tull
2017-02-27 15:18 ` [PATCH 1/4] fpga: fix sparse warnings in fpga-mgr and fpga-bridge Alan Tull
@ 2017-02-27 15:19 ` Alan Tull
2017-02-27 15:19 ` [PATCH 3/4] fpga: zynq: Add support for encrypted bitstreams Alan Tull
2017-02-27 15:19 ` [PATCH 4/4] fpga: region: Add fpga-region property 'encrypted-fpga-config' Alan Tull
3 siblings, 0 replies; 5+ messages in thread
From: Alan Tull @ 2017-02-27 15:19 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Moritz Fischer, Alan Tull, linux-kernel, linux-fpga, Moritz Fischer
From: Moritz Fischer <mdf@kernel.org>
Add a flag that is passed to the write_init() callback, indicating
that the bitstream is encrypted.
The low-level driver will deal with the flag, or return an error,
if encrypted bitstreams are not supported.
Signed-off-by: Moritz Fischer <mdf@kernel.org>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Alan Tull <atull@kernel.org>
---
include/linux/fpga/fpga-mgr.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/linux/fpga/fpga-mgr.h b/include/linux/fpga/fpga-mgr.h
index 57beb5d..e2ef94f 100644
--- a/include/linux/fpga/fpga-mgr.h
+++ b/include/linux/fpga/fpga-mgr.h
@@ -70,6 +70,7 @@ enum fpga_mgr_states {
*/
#define FPGA_MGR_PARTIAL_RECONFIG BIT(0)
#define FPGA_MGR_EXTERNAL_CONFIG BIT(1)
+#define FPGA_MGR_ENCRYPTED_BITSTREAM BIT(2)
/**
* struct fpga_image_info - information specific to a FPGA image
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/4] fpga: zynq: Add support for encrypted bitstreams
2017-02-27 15:18 [PATCH 0/4] fpga: zynq: encrypted bitstreams plus one Alan Tull
2017-02-27 15:18 ` [PATCH 1/4] fpga: fix sparse warnings in fpga-mgr and fpga-bridge Alan Tull
2017-02-27 15:19 ` [PATCH 2/4] fpga: Add flag to indicate bitstream needs decrypting Alan Tull
@ 2017-02-27 15:19 ` Alan Tull
2017-02-27 15:19 ` [PATCH 4/4] fpga: region: Add fpga-region property 'encrypted-fpga-config' Alan Tull
3 siblings, 0 replies; 5+ messages in thread
From: Alan Tull @ 2017-02-27 15:19 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Moritz Fischer, Alan Tull, linux-kernel, linux-fpga, Moritz Fischer
From: Moritz Fischer <mdf@kernel.org>
Add support for encrypted bitstreams. For this to work the system
must be booted in secure mode.
In order for on-the-fly decryption to work, the PCAP clock rate
needs to be lowered via the PCAP_RATE_EN bit.
Signed-off-by: Moritz Fischer <mdf@kernel.org>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Alan Tull <atull@kernel.org>
---
drivers/fpga/zynq-fpga.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c
index 34cb981..70b15b3 100644
--- a/drivers/fpga/zynq-fpga.c
+++ b/drivers/fpga/zynq-fpga.c
@@ -72,6 +72,10 @@
#define CTRL_PCAP_PR_MASK BIT(27)
/* Enable PCAP */
#define CTRL_PCAP_MODE_MASK BIT(26)
+/* Lower rate to allow decrypt on the fly */
+#define CTRL_PCAP_RATE_EN_MASK BIT(25)
+/* System booted in secure mode */
+#define CTRL_SEC_EN_MASK BIT(7)
/* Miscellaneous Control Register bit definitions */
/* Internal PCAP loopback */
@@ -266,6 +270,17 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr,
if (err)
return err;
+ /* check if bitstream is encrypted & and system's still secure */
+ if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM) {
+ ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
+ if (!(ctrl & CTRL_SEC_EN_MASK)) {
+ dev_err(&mgr->dev,
+ "System not secure, can't use crypted bitstreams\n");
+ err = -EINVAL;
+ goto out_err;
+ }
+ }
+
/* don't globally reset PL if we're doing partial reconfig */
if (!(info->flags & FPGA_MGR_PARTIAL_RECONFIG)) {
if (!zynq_fpga_has_sync(buf, count)) {
@@ -337,12 +352,19 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr,
/* set configuration register with following options:
* - enable PCAP interface
- * - set throughput for maximum speed
+ * - set throughput for maximum speed (if bistream not crypted)
* - set CPU in user mode
*/
ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
- zynq_fpga_write(priv, CTRL_OFFSET,
- (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl));
+ if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM)
+ zynq_fpga_write(priv, CTRL_OFFSET,
+ (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK
+ | CTRL_PCAP_RATE_EN_MASK | ctrl));
+ else
+ zynq_fpga_write(priv, CTRL_OFFSET,
+ (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK
+ | ctrl));
+
/* We expect that the command queue is empty right now. */
status = zynq_fpga_read(priv, STATUS_OFFSET);
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 4/4] fpga: region: Add fpga-region property 'encrypted-fpga-config'
2017-02-27 15:18 [PATCH 0/4] fpga: zynq: encrypted bitstreams plus one Alan Tull
` (2 preceding siblings ...)
2017-02-27 15:19 ` [PATCH 3/4] fpga: zynq: Add support for encrypted bitstreams Alan Tull
@ 2017-02-27 15:19 ` Alan Tull
3 siblings, 0 replies; 5+ messages in thread
From: Alan Tull @ 2017-02-27 15:19 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Moritz Fischer, Alan Tull, linux-kernel, linux-fpga, Moritz Fischer
From: Moritz Fischer <mdf@kernel.org>
Add fpga-region property to allow passing the fact that the bitstream is
encrypted to the fpga-region and ultimately to the low-level driver.
Signed-off-by: Moritz Fischer <mdf@kernel.org>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Alan Tull <atull@kernel.org>
---
Documentation/devicetree/bindings/fpga/fpga-region.txt | 1 +
drivers/fpga/fpga-region.c | 8 ++++++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt
index 3b32ba1..81bf3ad 100644
--- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
+++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
@@ -186,6 +186,7 @@ Optional properties:
otherwise full reconfiguration is done.
- external-fpga-config : boolean, set if the FPGA has already been configured
prior to OS boot up.
+- encrypted-fpga-config : boolean, set if the bitstream is encrypted
- region-unfreeze-timeout-us : The maximum time in microseconds to wait for
bridges to successfully become enabled after the region has been
programmed.
diff --git a/drivers/fpga/fpga-region.c b/drivers/fpga/fpga-region.c
index 3222fdb..2fe2a52 100644
--- a/drivers/fpga/fpga-region.c
+++ b/drivers/fpga/fpga-region.c
@@ -337,8 +337,9 @@ static int child_regions_with_firmware(struct device_node *overlay)
* The overlay must add either firmware-name or external-fpga-config property
* to the FPGA Region.
*
- * firmware-name : program the FPGA
- * external-fpga-config : FPGA is already programmed
+ * firmware-name : program the FPGA
+ * external-fpga-config : FPGA is already programmed
+ * encrypted-fpga-config : FPGA bitstream is encrypted
*
* The overlay can add other FPGA regions, but child FPGA regions cannot have a
* firmware-name property since those regions don't exist yet.
@@ -373,6 +374,9 @@ static int fpga_region_notify_pre_apply(struct fpga_region *region,
if (of_property_read_bool(nd->overlay, "external-fpga-config"))
info->flags |= FPGA_MGR_EXTERNAL_CONFIG;
+ if (of_property_read_bool(nd->overlay, "encrypted-fpga-config"))
+ info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM;
+
of_property_read_string(nd->overlay, "firmware-name", &firmware_name);
of_property_read_u32(nd->overlay, "region-unfreeze-timeout-us",
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-02-27 15:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-27 15:18 [PATCH 0/4] fpga: zynq: encrypted bitstreams plus one Alan Tull
2017-02-27 15:18 ` [PATCH 1/4] fpga: fix sparse warnings in fpga-mgr and fpga-bridge Alan Tull
2017-02-27 15:19 ` [PATCH 2/4] fpga: Add flag to indicate bitstream needs decrypting Alan Tull
2017-02-27 15:19 ` [PATCH 3/4] fpga: zynq: Add support for encrypted bitstreams Alan Tull
2017-02-27 15:19 ` [PATCH 4/4] fpga: region: Add fpga-region property 'encrypted-fpga-config' Alan Tull
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).