From patchwork Tue Nov 2 13:49:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oleksandr Suvorov X-Patchwork-Id: 1549696 X-Patchwork-Delegate: monstr@monstr.eu Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=Tc5ZQcZm; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HkBB46fBCz9sVc for ; Wed, 3 Nov 2021 00:50:36 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 77CCB8314A; Tue, 2 Nov 2021 14:50:16 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="Tc5ZQcZm"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 398BD82EEC; Tue, 2 Nov 2021 14:50:13 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0882D83383 for ; Tue, 2 Nov 2021 14:50:03 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=oleksandr.suvorov@foundries.io Received: by mail-lf1-x12f.google.com with SMTP id bi35so43057005lfb.9 for ; Tue, 02 Nov 2021 06:50:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7vRvNBrdfXytmrUFAOrIXJ2BJifRBhsOg9R1vUAlfsI=; b=Tc5ZQcZmoVG+zObA1w8ZUdnOlQxZrdc7fsRx2bJpgP+TNc7s4kv+uq+bJi1ClZ7LAl e9GeGjKzOtG6KFntCEYZGQpfd3mmwvmveQl720SXHcSSowE7ZQs9ECzJs5rF2RAWpirs psH9CBI797fCQfAKXyc66RftQyvHkf8Te4+peTDNNiyT3Z6ei0czAeJNfcyJPXhwcJyO 73h0BO6Vi2lGBL0skATdwSwzfi8Qq5aAJgwXx9lCRWFZvkBXIMiDv22bqDYfg/0BDNha hfV29NoY4sfGtK033Z1DUu+9WHEOLlafygwcxP6dpnws3OzSxt3iB/k9nEBbHpwh8P3E i9XQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7vRvNBrdfXytmrUFAOrIXJ2BJifRBhsOg9R1vUAlfsI=; b=Pv1QD3FBgPaFVTqpRQOwx/hLvssanABahyVDYMWWQ7KhGqm4edgRujQa8VwaKfxcgY BwiFMmBuPAtsRn9SrwLDzk4nT3GU7ETwcEBPHILxSgysHdRnHXVubXqujypqRmqQrx6g sRvs7J4oR5TcCU1qIBPVDG7iODprlawa99rfvKqH5BmW9S6RDp5h9x+kPnm15XPVPqhN 8gmxl79Aoywj9eVslz8QVnfL2FeHnhhhOE1dj6Z+Y0WHQMZE2/YZtumXv7IoXxdRsD8b W4J5nr/GMPrKu48hK7VNTlbLLDrEa2p1QV6Mxv0i00R7avurrUkMXxVwlMWODNsxpFHr E8Ag== X-Gm-Message-State: AOAM532LhtSVtQAn2GycZfZHnSYLvyK6cddZHgZu0uDE7MHMALUXCElX 9OLwKdvRAG4F6HMeDmnplWzS4lAhcO6Yrw== X-Google-Smtp-Source: ABdhPJyul/0CDTbqfbsxE1GH1BT97JQ6OnYBtrCHOL3M5cBKh6f+zvJCzffm4feRp0xYitYkea6o1Q== X-Received: by 2002:a05:6512:220e:: with SMTP id h14mr6564977lfu.638.1635861001913; Tue, 02 Nov 2021 06:50:01 -0700 (PDT) Received: from localhost.localdomain ([83.218.251.13]) by smtp.gmail.com with ESMTPSA id w6sm216292ljw.89.2021.11.02.06.50.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Nov 2021 06:50:01 -0700 (PDT) From: Oleksandr Suvorov To: u-boot@lists.denx.de Cc: Ricardo Salveti , Igor Opaniuk , Jorge Ramirez-Ortiz , Oleksandr Suvorov , Alexandru Gagniuc , Bin Meng , Heiko Schocher , Jagan Teki , Klaus Heinrich Kiwi , Michal Simek , Sean Anderson , Simon Glass , Steffen Jaeckel Subject: [PATCH v3 3/3] fpga: zynqmp: support loading authenticated images Date: Tue, 2 Nov 2021 15:49:45 +0200 Message-Id: <20211102134945.135159-4-oleksandr.suvorov@foundries.io> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20211102134945.135159-3-oleksandr.suvorov@foundries.io> References: <20211102134945.135159-1-oleksandr.suvorov@foundries.io> <20211102134945.135159-2-oleksandr.suvorov@foundries.io> <20211102134945.135159-3-oleksandr.suvorov@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Add supporting new compatible string "u-boot,zynqmp-fpga-ddrauth" to handle loading authenticated images (DDR). Based on solution by Jorge Ramirez-Ortiz Signed-off-by: Oleksandr Suvorov Co-developed-by: Ricardo Salveti Signed-off-by: Ricardo Salveti Tested-by: Ricardo Salveti --- Changes in v3: - remove the patch which introduced CMD_SPL_FPGA_LOAD_SECURE. - fix mixing definitions/declarations. - replace strcmp() calls with more secure strncmp(). - document the "u-boot,zynqmp-fpga-ddrauth" compatible string. - fix code style by check-patch recommendations. Changes in v2: - add function fit_fpga_load() to simplify calls of fpga_load() from contexts without a compatible attribute. - move all ZynqMP-specific logic to drivers/fpga/zynqmppl.c - prepare for passing a "compatible" FDT property to any fpga driver. common/Kconfig.boot | 4 ++-- doc/uImage.FIT/source_file_format.txt | 5 ++++- drivers/fpga/zynqmppl.c | 21 +++++++++++++++++++++ 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/common/Kconfig.boot b/common/Kconfig.boot index a8d4be23a9..f879654174 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -198,8 +198,8 @@ config SPL_LOAD_FIT 1. "loadables" images, other than FDTs, which do not have a "load" property will not be loaded. This limitation also applies to FPGA images with the correct "compatible" string. - 2. For FPGA images, only the "compatible" = "u-boot,fpga-legacy" - loading method is supported. + 2. For FPGA images, the supported "compatible" list is in the + doc/uImage.FIT/source_file_format.txt. 3. FDTs are only loaded for images with an "os" property of "u-boot". "linux" images are also supported with Falcon boot mode. diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt index f93ac6d1c7..461e2af2a8 100644 --- a/doc/uImage.FIT/source_file_format.txt +++ b/doc/uImage.FIT/source_file_format.txt @@ -184,7 +184,10 @@ the '/images' node should have the following layout: Mandatory for types: "firmware", and "kernel". - compatible : compatible method for loading image. Mandatory for types: "fpga", and images that do not specify a load address. - To use the generic fpga loading routine, use "u-boot,fpga-legacy". + Supported compatible methods: + "u-boot,fpga-legacy" - the generic fpga loading routine. + "u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for + Xilinx Zynq UltraScale+ (ZymqMP) device. Optional nodes: - hash-1 : Each hash sub-node represents separate hash or checksum diff --git a/drivers/fpga/zynqmppl.c b/drivers/fpga/zynqmppl.c index 8ff12bf50a..ce25381890 100644 --- a/drivers/fpga/zynqmppl.c +++ b/drivers/fpga/zynqmppl.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include @@ -209,6 +210,26 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize, u32 buf_lo, buf_hi; u32 ret_payload[PAYLOAD_ARG_CNT]; bool xilfpga_old = false; + fpga_desc *fdesc = container_of((void *)desc, fpga_desc, devdesc); + + if (fdesc && fdesc->compatible && + !strcmp(fdesc->compatible, "u-boot,zynqmp-fpga-ddrauth")) { +#if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE) + struct fpga_secure_info info = { 0 }; + + if (!desc->operations->loads) { + printf("%s: Missing load operation\n", __func__); + return FPGA_FAIL; + } + /* DDR authentication */ + info.authflag = 1; + info.encflag = 2; + return desc->operations->loads(desc, buf, bsize, &info); +#else + printf("No support for %s\n", fdesc->compatible); + return FPGA_FAIL; +#endif + } if (zynqmp_firmware_version() <= PMUFW_V1_0) { puts("WARN: PMUFW v1.0 or less is detected\n");