RE: [RFC v2 2/4] fpga: Add new property to support user-key encrypted bitstream loading
From: Nava kishore Manne
Date: Fri Jul 09 2021 - 04:49:04 EST
Hi Greg,
Thanks for providing the review comments.
Please find my response inline.
> -----Original Message-----
> From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> Sent: Wednesday, June 9, 2021 3:26 PM
> To: Nava kishore Manne <navam@xxxxxxxxxx>
> Cc: robh+dt@xxxxxxxxxx; Michal Simek <michals@xxxxxxxxxx>;
> mdf@xxxxxxxxxx; trix@xxxxxxxxxx; arnd@xxxxxxxx; Rajan Vaja
> <RAJANV@xxxxxxxxxx>; Amit Sunil Dhamne <amitsuni@xxxxxxxxxxxxxxx>;
> Tejas Patel <tejasp@xxxxxxxxxxxxxxx>; zou_wei@xxxxxxxxxx; Sai Krishna
> Potthuri <lakshmis@xxxxxxxxxx>; Ravi Patel <RAVIPATE@xxxxxxxxxx>;
> iwamatsu@xxxxxxxxxxx; Jiaying Liang <jliang@xxxxxxxxxx>;
> devicetree@xxxxxxxxxxxxxxx; linux-arm-kernel@xxxxxxxxxxxxxxxxxxx; linux-
> kernel@xxxxxxxxxxxxxxx; linux-fpga@xxxxxxxxxxxxxxx; git <git@xxxxxxxxxx>;
> chinnikishore369@xxxxxxxxx
> Subject: Re: [RFC v2 2/4] fpga: Add new property to support user-key
> encrypted bitstream loading
>
> On Wed, Jun 09, 2021 at 11:22:30AM +0530, Nava kishore Manne wrote:
> > This patch Adds ‘encrypted-key-name’ property to support user-key
> > encrypted bitstream loading use case.
> >
> > Signed-off-by: Nava kishore Manne <nava.manne@xxxxxxxxxx>
> > ---
> > Changes for v2:
> > -Both DT properties ie; encrypted-key-name and encrypted-user-
> key-fpga-config
> > are targeted to use for the same use cases but ideally encrypted-
> key-name
> > is enough to serve the purpose so updated the file to remove the
> unwanted
> > encrypted-user-key-fpga-config property as suggested by Rob.
> >
> > Documentation/devicetree/bindings/fpga/fpga-region.txt | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > index d787d57491a1..0de4a1c54650 100644
> > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > @@ -177,6 +177,9 @@ Optional properties:
> > it indicates that the FPGA has already been programmed with this
> image.
> > If this property is in an overlay targeting a FPGA region, it is a
> > request to program the FPGA with that image.
> > +- encrypted-key-name : should contain the name of an encrypted key file
> located
> > + on the firmware search path. It will be used to decrypt the FPGA
> image
> > + file with user-key.
>
> What is the format this "user-key" is in? Where is the documentation for
> how to use this type of thing?
>
Will fix user key format issues in v3.
Will update this binding doc with user key encrypted bitstream loading use case info.
Use case info:
Reconfiguration with encrypted image using AES key
In this case, the FPGA Manager will decrypt the configuration data and
placed it into the programmable logic. To decrypt the configuration data
it uses AES key provided by the user.
DT Overlay contains:
/dts-v1/;
/plugin/;
&fpga_region0 {
#address-cells = <1>;
#size-cells = <1>;
firmware-name = "versal-gpio.bin";
encrypted-key-name = “Aes-key.nky”
gpio1: gpio@40000000 {
compatible = "xlnx,xps-gpio-1.00.a";
reg = <0x40000000 0x10000>;
gpio-controller;
#gpio-cells = <0x2>;
xlnx,gpio-width= <0x6>;
};
};
Regards,
Navakishore.