[PATCH v12 13/13] fpga: zynqmp: support loading encrypted bitfiles

[Oleksandr Suvorov <oleksandr.suvorov@foundries.io>]

From: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>

Add supporting new compatible string "u-boot,zynqmp-fpga-enc" to
handle loading encrypted bitfiles.

This feature requires encrypted FSBL, as according to UG1085:
"The CSU automatically locks out the AES key, stored in either BBRAM
 or eFUSEs, as a key source to the AES engine if the FSBL is not
 encrypted. This prevents using the BBRAM or eFUSE as the key source
 to the AES engine during run-time applications."

Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
---

Changes in v12:
- reduce the size of SPL if FPGA_LOAD_SECURE disabled.

Changes in v11:
- add Tested-by records.

Changes in v10:
- Support ENC images only if FPGA_LOAD_SECURE enabled.

Changes in v9:
- remove an alien commit from a patchset :)

Changes in v8:
- Michal Simek's suggestions addressed:
-- introduce the compatible flags in xilinx_desc;
-- pass a binary compatible flag instead of "compatible" property to
   an FPGA driver.
- Optimize a zynqmp_load() function.

Changes in v7:
- apply Michal Simek's suggestions
  As I applied changes on Oleksandr's patches, I indicated it by
  specifying myself as co-author in the commits logs. I am not sure
  if that is the convention of marking it.

Changes in v6:
- add support for the encrypted bitfiles.

Changes in v5:
- replace ifdef with if() where it's possible.

Changes in v4:
- change interface to xilinx_desc->operations->open() callback.
- fix a bug from previous version of the patchset in dereferencing
  of a parent fpga_desc structure.

Changes in v3:
- remove the patch which introduced CMD_SPL_FPGA_LOAD_SECURE.
- fix mixing definitions/declarations.
- replace strcmp() calls with more secure strncmp().
- document the "u-boot,zynqmp-fpga-ddrauth" compatible string.
- fix code style by check-patch recommendations.

Changes in v2:
- add function fit_fpga_load() to simplify calls of fpga_load()
  from contexts without a compatible attribute.
- move all ZynqMP-specific logic to drivers/fpga/zynqmppl.c
- prepare for passing a "compatible" FDT property to any fpga driver.

 doc/uImage.FIT/source_file_format.txt | 2 ++
 drivers/fpga/zynqmppl.c               | 8 ++++++++
 include/fpga.h                        | 1 +
 include/xilinx.h                      | 1 +
 include/zynqmppl.h                    | 4 +++-
 5 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt
index 461e2af2a84..68701118409 100644
--- a/doc/uImage.FIT/source_file_format.txt
+++ b/doc/uImage.FIT/source_file_format.txt
@@ -188,6 +188,8 @@ the '/images' node should have the following layout:
     "u-boot,fpga-legacy" - the generic fpga loading routine.
     "u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for
     Xilinx Zynq UltraScale+ (ZymqMP) device.
+    "u-boot,zynqmp-fpga-enc" - encrypted FPGA bitstream for Xilinx Zynq
+    UltraScale+ (ZynqMP) device.
 
   Optional nodes:
   - hash-1 : Each hash sub-node represents separate hash or checksum
diff --git a/drivers/fpga/zynqmppl.c b/drivers/fpga/zynqmppl.c
index 200076c8c6a..a6c8dcdcdcc 100644
--- a/drivers/fpga/zynqmppl.c
+++ b/drivers/fpga/zynqmppl.c
@@ -256,6 +256,11 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize,
 		info.authflag = ZYNQMP_FPGA_AUTH_DDR;
 		info.encflag = FPGA_NO_ENC_OR_NO_AUTH;
 		return desc->operations->loads(desc, buf, bsize, &info);
+	case FPGA_XILINX_ZYNQMP_ENC:
+		/* Encryption using device key */
+		info.authflag = FPGA_NO_ENC_OR_NO_AUTH;
+		info.encflag = FPGA_ENC_DEV_KEY;
+		return desc->operations->loads(desc, buf, bsize, &info);
 	default:
 		printf("Unsupported bitstream type %d\n", flags);
 		return FPGA_FAIL;
@@ -358,6 +363,9 @@ static int __maybe_unused zynqmp_str2flag(xilinx_desc *desc, const char *str)
 #if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)
 	if (!strncmp(str, "u-boot,zynqmp-fpga-ddrauth", 26))
 		return FPGA_XILINX_ZYNQMP_DDRAUTH;
+
+	if (!strncmp(str, "u-boot,zynqmp-fpga-enc", 22))
+		return FPGA_XILINX_ZYNQMP_ENC;
 #endif
 	return 0;
 }
diff --git a/include/fpga.h b/include/fpga.h
index 13b1bbee3ca..a4e16401da7 100644
--- a/include/fpga.h
+++ b/include/fpga.h
@@ -20,6 +20,7 @@
 /* device numbers must be non-negative */
 #define FPGA_INVALID_DEVICE	-1
 
+#define FPGA_ENC_DEV_KEY	0
 #define FPGA_ENC_USR_KEY	1
 #define FPGA_NO_ENC_OR_NO_AUTH	2
 
diff --git a/include/xilinx.h b/include/xilinx.h
index 97ee12cec42..e4e29797988 100644
--- a/include/xilinx.h
+++ b/include/xilinx.h
@@ -40,6 +40,7 @@ typedef enum {			/* typedef xilinx_family */
 /* FPGA bitstream supported types */
 #define FPGA_LEGACY			BIT(0)
 #define FPGA_XILINX_ZYNQMP_DDRAUTH	BIT(1)
+#define FPGA_XILINX_ZYNQMP_ENC		BIT(2)
 
 typedef struct {		/* typedef xilinx_desc */
 	xilinx_family family;	/* part type */
diff --git a/include/zynqmppl.h b/include/zynqmppl.h
index 87ccd2f394c..acf75a8f079 100644
--- a/include/zynqmppl.h
+++ b/include/zynqmppl.h
@@ -26,7 +26,9 @@
 extern struct xilinx_fpga_op zynqmp_op;
 
 #if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)
-#define ZYNQMP_FPGA_FLAGS	(FPGA_LEGACY | FPGA_XILINX_ZYNQMP_DDRAUTH)
+#define ZYNQMP_FPGA_FLAGS	(FPGA_LEGACY | \
+				 FPGA_XILINX_ZYNQMP_DDRAUTH | \
+				 FPGA_XILINX_ZYNQMP_ENC)
 #else
 #define ZYNQMP_FPGA_FLAGS	(FPGA_LEGACY)
 #endif
-- 
2.36.1