[RFC PATCH 2/4] fpga: Add new properties to support user-key encrypted bitstream loading
Nava kishore Manne
navam at xilinx.com
Thu May 13 03:54:58 PDT 2021
Hi Rob,
Please find my response inline.
> -----Original Message-----
> From: Rob Herring <robh at kernel.org>
> Sent: Thursday, May 13, 2021 8:01 AM
> To: Nava kishore Manne <navam at xilinx.com>
> Cc: mdf at kernel.org; trix at redhat.com; Michal Simek <michals at xilinx.com>;
> arnd at arndb.de; Rajan Vaja <RAJANV at xilinx.com>;
> gregkh at linuxfoundation.org; linus.walleij at linaro.org; Amit Sunil Dhamne
> <amitsuni at xlnx.xilinx.com>; Tejas Patel <tejasp at xlnx.xilinx.com>;
> zou_wei at huawei.com; Manish Narani <MNARANI at xilinx.com>; Sai Krishna
> Potthuri <lakshmis at xilinx.com>; Jiaying Liang <jliang at xilinx.com>; linux-
> fpga at vger.kernel.org; devicetree at vger.kernel.org; linux-
> kernel at vger.kernel.org; linux-arm-kernel at lists.infradead.org; git
> <git at xilinx.com>; chinnikishore369 at gmail.com
> Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support user-key
> encrypted bitstream loading
>
> On Tue, May 04, 2021 at 03:52:25PM +0530, Nava kishore Manne wrote:
> > This patch Adds ‘encrypted-key-name’ and
> > ‘encrypted-user-key-fpga-config’ properties to support user-key
> > encrypted bitstream loading use case.
> >
> > Signed-off-by: Nava kishore Manne <nava.manne at xilinx.com>
> > ---
> > Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > index d787d57491a1..957dc6cbcd9e 100644
> > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > @@ -177,6 +177,9 @@ Optional properties:
> > it indicates that the FPGA has already been programmed with this
> image.
> > If this property is in an overlay targeting a FPGA region, it is a
> > request to program the FPGA with that image.
> > +- encrypted-key-name : should contain the name of an encrypted key file
> located
> > + on the firmware search path. It will be used to decrypt the FPGA
> image
> > + file.
> > - fpga-bridges : should contain a list of phandles to FPGA Bridges that must
> be
> > controlled during FPGA programming along with the parent FPGA
> bridge.
> > This property is optional if the FPGA Manager handles the bridges.
> > @@ -187,6 +190,8 @@ Optional properties:
> > - external-fpga-config : boolean, set if the FPGA has already been
> configured
> > prior to OS boot up.
> > - encrypted-fpga-config : boolean, set if the bitstream is encrypted
> > +- encrypted-user-key-fpga-config : boolean, set if the bitstream is
> encrypted
> > + with user key.
>
> What's the relationship with encrypted-fpga-config? Both present or
> mutually exclusive? Couldn't this be implied by encrypted-key-name being
> present?
>
In Encryption we have two kinds of use case one is Encrypted Bitstream loading with Device-key and
Other one is Encrypted Bitstream loading with User-key. encrypted-fpga-config and encrypted-user-key-fpga-config
are mutually exclusive. To differentiate both the use cases I have added this new flag and Aes Key file(encrypted-key-name)
is needed only for encrypted-user-key-fpga-config use cases.
Regards,
Navakishore.
More information about the linux-arm-kernel
mailing list