On Wed, Jun 09, 2021 at 11:22:30AM +0530, Nava kishore Manne wrote:
> This patch Adds ‘encrypted-key-name’ property to
> support user-key encrypted bitstream loading
> use case.
>
> Signed-off-by: Nava kishore Manne <[email protected]>
> ---
> Changes for v2:
> -Both DT properties ie; encrypted-key-name and encrypted-user-key-fpga-config
> are targeted to use for the same use cases but ideally encrypted-key-name
> is enough to serve the purpose so updated the file to remove the unwanted
> encrypted-user-key-fpga-config property as suggested by Rob.
>
> Documentation/devicetree/bindings/fpga/fpga-region.txt | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> index d787d57491a1..0de4a1c54650 100644
> --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> @@ -177,6 +177,9 @@ Optional properties:
> it indicates that the FPGA has already been programmed with this image.
> If this property is in an overlay targeting a FPGA region, it is a
> request to program the FPGA with that image.
> +- encrypted-key-name : should contain the name of an encrypted key file located
> + on the firmware search path. It will be used to decrypt the FPGA image
> + file with user-key.
What is the format this "user-key" is in? Where is the documentation
for how to use this type of thing?
thanks,
greg k-h
Hi Greg,
Thanks for providing the review comments.
Please find my response inline.
> -----Original Message-----
> From: Greg KH <[email protected]>
> Sent: Wednesday, June 9, 2021 3:26 PM
> To: Nava kishore Manne <[email protected]>
> Cc: [email protected]; Michal Simek <[email protected]>;
> [email protected]; [email protected]; [email protected]; Rajan Vaja
> <[email protected]>; Amit Sunil Dhamne <[email protected]>;
> Tejas Patel <[email protected]>; [email protected]; Sai Krishna
> Potthuri <[email protected]>; Ravi Patel <[email protected]>;
> [email protected]; Jiaying Liang <[email protected]>;
> [email protected]; [email protected]; linux-
> [email protected]; [email protected]; git <[email protected]>;
> [email protected]
> Subject: Re: [RFC v2 2/4] fpga: Add new property to support user-key
> encrypted bitstream loading
>
> On Wed, Jun 09, 2021 at 11:22:30AM +0530, Nava kishore Manne wrote:
> > This patch Adds ‘encrypted-key-name’ property to support user-key
> > encrypted bitstream loading use case.
> >
> > Signed-off-by: Nava kishore Manne <[email protected]>
> > ---
> > Changes for v2:
> > -Both DT properties ie; encrypted-key-name and encrypted-user-
> key-fpga-config
> > are targeted to use for the same use cases but ideally encrypted-
> key-name
> > is enough to serve the purpose so updated the file to remove the
> unwanted
> > encrypted-user-key-fpga-config property as suggested by Rob.
> >
> > Documentation/devicetree/bindings/fpga/fpga-region.txt | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > index d787d57491a1..0de4a1c54650 100644
> > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > @@ -177,6 +177,9 @@ Optional properties:
> > it indicates that the FPGA has already been programmed with this
> image.
> > If this property is in an overlay targeting a FPGA region, it is a
> > request to program the FPGA with that image.
> > +- encrypted-key-name : should contain the name of an encrypted key file
> located
> > + on the firmware search path. It will be used to decrypt the FPGA
> image
> > + file with user-key.
>
> What is the format this "user-key" is in? Where is the documentation for
> how to use this type of thing?
>
Will fix user key format issues in v3.
Will update this binding doc with user key encrypted bitstream loading use case info.
Use case info:
Reconfiguration with encrypted image using AES key
In this case, the FPGA Manager will decrypt the configuration data and
placed it into the programmable logic. To decrypt the configuration data
it uses AES key provided by the user.
DT Overlay contains:
/dts-v1/;
/plugin/;
&fpga_region0 {
#address-cells = <1>;
#size-cells = <1>;
firmware-name = "versal-gpio.bin";
encrypted-key-name = “Aes-key.nky”
gpio1: gpio@40000000 {
compatible = "xlnx,xps-gpio-1.00.a";
reg = <0x40000000 0x10000>;
gpio-controller;
#gpio-cells = <0x2>;
xlnx,gpio-width= <0x6>;
};
};
Regards,
Navakishore.