Message ID | 20220722141614.297383-13-oleksandr.suvorov@foundries.io |
---|---|
State | Deferred |
Delegated to: | Tom Rini |
Headers | show |
Series | fpga: zynqmp: Adding support of loading authenticated images | expand |
On 7/22/22 16:16, Oleksandr Suvorov wrote: > Add supporting new compatible string "u-boot,zynqmp-fpga-ddrauth" to > handle loading authenticated images (DDR). > > Based on solution by Jorge Ramirez-Ortiz <jorge@foundries.io> > Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> > Tested-by: Ricardo Salveti <ricardo@foundries.io> > --- > > (no changes since v11) > > Changes in v11: > - Fix treating an incoming FPGA image with empty flags parameter as > legacy. > > Changes in v10: > - Support DDR images only if FPGA_LOAD_SECURE enabled. > > boot/Kconfig | 4 ++-- > doc/uImage.FIT/source_file_format.txt | 5 ++++- > drivers/fpga/zynqmppl.c | 31 ++++++++++++++++++++++----- > include/xilinx.h | 1 + > include/zynqmppl.h | 4 ++++ > 5 files changed, 37 insertions(+), 8 deletions(-) > > diff --git a/boot/Kconfig b/boot/Kconfig > index 17438b566d5..59d0c65c944 100644 > --- a/boot/Kconfig > +++ b/boot/Kconfig > @@ -210,8 +210,8 @@ config SPL_LOAD_FIT > 1. "loadables" images, other than FDTs, which do not have a "load" > property will not be loaded. This limitation also applies to FPGA > images with the correct "compatible" string. > - 2. For FPGA images, only the "compatible" = "u-boot,fpga-legacy" > - loading method is supported. > + 2. For FPGA images, the supported "compatible" list is in the > + doc/uImage.FIT/source_file_format.txt. > 3. FDTs are only loaded for images with an "os" property of "u-boot". > "linux" images are also supported with Falcon boot mode. > > diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt > index f93ac6d1c7b..461e2af2a84 100644 > --- a/doc/uImage.FIT/source_file_format.txt > +++ b/doc/uImage.FIT/source_file_format.txt > @@ -184,7 +184,10 @@ the '/images' node should have the following layout: > Mandatory for types: "firmware", and "kernel". > - compatible : compatible method for loading image. > Mandatory for types: "fpga", and images that do not specify a load address. > - To use the generic fpga loading routine, use "u-boot,fpga-legacy". > + Supported compatible methods: > + "u-boot,fpga-legacy" - the generic fpga loading routine. > + "u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for > + Xilinx Zynq UltraScale+ (ZymqMP) device. > > Optional nodes: > - hash-1 : Each hash sub-node represents separate hash or checksum > diff --git a/drivers/fpga/zynqmppl.c b/drivers/fpga/zynqmppl.c > index feaf34fff11..200076c8c6a 100644 > --- a/drivers/fpga/zynqmppl.c > +++ b/drivers/fpga/zynqmppl.c > @@ -9,6 +9,7 @@ > #include <common.h> > #include <compiler.h> > #include <cpu_func.h> > +#include <fpga.h> > #include <log.h> > #include <zynqmppl.h> > #include <zynqmp_firmware.h> > @@ -202,9 +203,12 @@ static int zynqmp_validate_bitstream(xilinx_desc *desc, const void *buf, > #if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE) > static int zynqmp_check_compatible(xilinx_desc *desc, int flags) > { > - /* If no flags set, the image is legacy */ > + /* > + * If no flags set, the image may be legacy, but we need to > + * signal caller this situation with specific error code. > + */ > if (!flags) > - return 0; > + return -ENODATA; > > /* For legacy bitstream images no need for other methods exist */ > if ((flags & desc->flags) && flags == FPGA_LEGACY) > @@ -217,7 +221,7 @@ static int zynqmp_check_compatible(xilinx_desc *desc, int flags) > if (desc->operations->loads && (flags & desc->flags)) > return 0; > > - return FPGA_FAIL; > + return -ENODEV; > } > #endif > > @@ -231,8 +235,9 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize, > u32 buf_lo, buf_hi; > u32 bsize_req = (u32)bsize; > u32 ret_payload[PAYLOAD_ARG_CNT]; > - > #if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE) > + struct fpga_secure_info info = { 0 }; > + > ret = zynqmp_check_compatible(desc, flags); > if (ret) { > if (ret != -ENODATA) { > @@ -242,6 +247,19 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize, > /* If flags is not set, the image treats as legacy */ > flags = FPGA_LEGACY; > } > + > + switch (flags) { > + case FPGA_LEGACY: > + break; /* Handle the legacy image later in this function */ #if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE) should be here. But I have added it myself. > + case FPGA_XILINX_ZYNQMP_DDRAUTH: > + /* DDR authentication */ > + info.authflag = ZYNQMP_FPGA_AUTH_DDR; > + info.encflag = FPGA_NO_ENC_OR_NO_AUTH; > + return desc->operations->loads(desc, buf, bsize, &info); and #endif here. M
diff --git a/boot/Kconfig b/boot/Kconfig index 17438b566d5..59d0c65c944 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -210,8 +210,8 @@ config SPL_LOAD_FIT 1. "loadables" images, other than FDTs, which do not have a "load" property will not be loaded. This limitation also applies to FPGA images with the correct "compatible" string. - 2. For FPGA images, only the "compatible" = "u-boot,fpga-legacy" - loading method is supported. + 2. For FPGA images, the supported "compatible" list is in the + doc/uImage.FIT/source_file_format.txt. 3. FDTs are only loaded for images with an "os" property of "u-boot". "linux" images are also supported with Falcon boot mode. diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt index f93ac6d1c7b..461e2af2a84 100644 --- a/doc/uImage.FIT/source_file_format.txt +++ b/doc/uImage.FIT/source_file_format.txt @@ -184,7 +184,10 @@ the '/images' node should have the following layout: Mandatory for types: "firmware", and "kernel". - compatible : compatible method for loading image. Mandatory for types: "fpga", and images that do not specify a load address. - To use the generic fpga loading routine, use "u-boot,fpga-legacy". + Supported compatible methods: + "u-boot,fpga-legacy" - the generic fpga loading routine. + "u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for + Xilinx Zynq UltraScale+ (ZymqMP) device. Optional nodes: - hash-1 : Each hash sub-node represents separate hash or checksum diff --git a/drivers/fpga/zynqmppl.c b/drivers/fpga/zynqmppl.c index feaf34fff11..200076c8c6a 100644 --- a/drivers/fpga/zynqmppl.c +++ b/drivers/fpga/zynqmppl.c @@ -9,6 +9,7 @@ #include <common.h> #include <compiler.h> #include <cpu_func.h> +#include <fpga.h> #include <log.h> #include <zynqmppl.h> #include <zynqmp_firmware.h> @@ -202,9 +203,12 @@ static int zynqmp_validate_bitstream(xilinx_desc *desc, const void *buf, #if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE) static int zynqmp_check_compatible(xilinx_desc *desc, int flags) { - /* If no flags set, the image is legacy */ + /* + * If no flags set, the image may be legacy, but we need to + * signal caller this situation with specific error code. + */ if (!flags) - return 0; + return -ENODATA; /* For legacy bitstream images no need for other methods exist */ if ((flags & desc->flags) && flags == FPGA_LEGACY) @@ -217,7 +221,7 @@ static int zynqmp_check_compatible(xilinx_desc *desc, int flags) if (desc->operations->loads && (flags & desc->flags)) return 0; - return FPGA_FAIL; + return -ENODEV; } #endif @@ -231,8 +235,9 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize, u32 buf_lo, buf_hi; u32 bsize_req = (u32)bsize; u32 ret_payload[PAYLOAD_ARG_CNT]; - #if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE) + struct fpga_secure_info info = { 0 }; + ret = zynqmp_check_compatible(desc, flags); if (ret) { if (ret != -ENODATA) { @@ -242,6 +247,19 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize, /* If flags is not set, the image treats as legacy */ flags = FPGA_LEGACY; } + + switch (flags) { + case FPGA_LEGACY: + break; /* Handle the legacy image later in this function */ + case FPGA_XILINX_ZYNQMP_DDRAUTH: + /* DDR authentication */ + info.authflag = ZYNQMP_FPGA_AUTH_DDR; + info.encflag = FPGA_NO_ENC_OR_NO_AUTH; + return desc->operations->loads(desc, buf, bsize, &info); + default: + printf("Unsupported bitstream type %d\n", flags); + return FPGA_FAIL; + } #endif if (zynqmp_firmware_version() <= PMUFW_V1_0) { @@ -337,7 +355,10 @@ static int __maybe_unused zynqmp_str2flag(xilinx_desc *desc, const char *str) { if (!strncmp(str, "u-boot,fpga-legacy", 18)) return FPGA_LEGACY; - +#if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE) + if (!strncmp(str, "u-boot,zynqmp-fpga-ddrauth", 26)) + return FPGA_XILINX_ZYNQMP_DDRAUTH; +#endif return 0; } diff --git a/include/xilinx.h b/include/xilinx.h index e5f6db33fa2..97ee12cec42 100644 --- a/include/xilinx.h +++ b/include/xilinx.h @@ -39,6 +39,7 @@ typedef enum { /* typedef xilinx_family */ /* FPGA bitstream supported types */ #define FPGA_LEGACY BIT(0) +#define FPGA_XILINX_ZYNQMP_DDRAUTH BIT(1) typedef struct { /* typedef xilinx_desc */ xilinx_family family; /* part type */ diff --git a/include/zynqmppl.h b/include/zynqmppl.h index 8401a850afb..87ccd2f394c 100644 --- a/include/zynqmppl.h +++ b/include/zynqmppl.h @@ -25,6 +25,10 @@ extern struct xilinx_fpga_op zynqmp_op; +#if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE) +#define ZYNQMP_FPGA_FLAGS (FPGA_LEGACY | FPGA_XILINX_ZYNQMP_DDRAUTH) +#else #define ZYNQMP_FPGA_FLAGS (FPGA_LEGACY) +#endif #endif /* _ZYNQMPPL_H_ */