Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753420AbcKHWFK (ORCPT ); Tue, 8 Nov 2016 17:05:10 -0500 Received: from mail-sn1nam02on0044.outbound.protection.outlook.com ([104.47.36.44]:24544 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751944AbcKHWFI (ORCPT ); Tue, 8 Nov 2016 17:05:08 -0500 X-Greylist: delayed 7176 seconds by postgrey-1.27 at vger.kernel.org; Tue, 08 Nov 2016 17:05:08 EST Authentication-Results: spf=pass (sender IP is 149.199.60.100) smtp.mailfrom=xilinx.com; ni.com; dkim=none (message not signed) header.d=none;ni.com; dmarc=bestguesspass action=none header.from=xilinx.com; X-IncomingTopHeaderMarker: OriginalChecksum:;UpperCasedChecksum:;SizeAsReceived:1772;Count:21 Date: Tue, 8 Nov 2016 10:32:17 -0800 From: =?utf-8?B?U8O2cmVu?= Brinkmann To: Moritz Fischer CC: , , , , , Subject: Re: [PATCH 3/4] fpga mgr: zynq: Add support for encrypted bitstreams Message-ID: <20161108183217.GV14444@xsjsorenbubuntu> References: <20161107001326.7395-1-moritz.fischer@ettus.com> <20161107001326.7395-4-moritz.fischer@ettus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20161107001326.7395-4-moritz.fischer@ettus.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-RCIS-Action: ALLOW X-TM-AS-Product-Ver: IMSS-7.1.0.1224-8.0.0.1202-22686.005 X-TM-AS-User-Approved-Sender: Yes;Yes X-IncomingHeaderCount: 21 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:149.199.60.100;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(6009001)(7916002)(2980300002)(438002)(189002)(24454002)(199003)(377424004)(626004)(50466002)(106466001)(4326007)(305945005)(85182001)(2870700001)(5660300001)(83506001)(87936001)(2906002)(586003)(63266004)(1076002)(85202003)(9786002)(92566002)(76506005)(8936002)(57986006)(76176999)(54356999)(9686002)(81156014)(77096005)(47776003)(110136003)(81166006)(8676002)(23676002)(50986999)(189998001)(33716001)(36386004)(7846002)(4001350100001)(2950100002)(6916009)(33656002)(356003)(18370500001)(107986001)(5001870100001);DIR:OUT;SFP:1101;SCL:1;SRVR:CO1PR02MB014;H:xsj-pvapsmtpgw02;FPR:;SPF:Pass;PTR:unknown-60-100.xilinx.com,xapps1.xilinx.com;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: 1;SN1NAM02FT006;1:7xQ3IkcgO5S3vA0sZwIfcsZGxs6sIrQZ8g6gqv9TBN8uTf7S8Q0cYXd1PNgOoaewfGQhAaJu1obyh3lLENxK/KzpmCRFp7MjcNf2S3EzwUUACnAZx46nd/t9d2qrkCLYx6tuSVlrYCZjDd0k5mF3KtAF/n7t8xMisCvpacpwle7U1AijBkzG7rNz3TwAKxcNKQACUHRkgqfpwqaxfKKPlUO4s7FB4+xa9zU2AXCq+8syqgl9qnJspNb6yMs+mv958PBIlqK5CTtCKOuSDbzBCvZfUMFRJZQEYFW94O9ZIgwsLt+xga+NcAbFyPHN9kHMvvIr1IHRBwo+q6qAgm4UjyK3GKbAXMP9el8ta8wUgF2Nu1G9l1gjeZx1g6a/asvD5vt15+q2qhBNotXwhIOUQmCQE++QF6STobvow98Yj+Xz0Mhxhpdhyxy5C9f5UK4sgwFgORH155RjeT8tqDxlSZLT7H9fTSzkZ2rhQltXZQsBBmKZbbrAj/alPF+tG78AaRppORjW/drZrh/0Ej8i4ojcNlAG4xDx+HJBAr+YR6bxuqQBy5WW5P/zD1yWRjx/wvV9QxkVZ8lzJqztmlo/p0YbSDqGeEGsUpoyZqmcgZ5nhKXd1VyEZSwA0kVerpqm X-MS-Office365-Filtering-Correlation-Id: 3320c598-35b8-40ac-4552-08d408059599 X-Microsoft-Exchange-Diagnostics: 1;CO1PR02MB014;2:Bceg5h5t8PYkteJkksjOn1pP7K0BG24eiAZnXursEHlfVxi37whxsc8wXq6RdRe/keWMwWMxhBHJiGg0o6FPbCo0xK+x5IaOSGwvwb728D29PP6aky/XsZMZmE2PC59mrnnkQWzyzLkBqIkvUmO1zGKOYpfrWyUtW+oFevVsVDtLNZdfoxFd6E5U+JhHPS7g0QZ3/yOhnEylDRAz6JCkLQ==;3:uf0cek4EICx8qCxw+YzFTNLGITOI32FrveF9OU1dyd8QuNBGoo+eRdIeOq8/a2jtAu4f/lK/CxoV8iUKTdu5iMqzGpC/WmuWxvgl2PFaXyQgZDsbhPXDeW+Na8ToagSlRUE8d7ZIzuyl4DE9uKBBsGPQeZAcO/1D104Ke1cC6wkKyCBT6Q1wsK9ao+7CjtbLKHvPfipc+wL5Ps4J5QAlN+qdlNJyE/DoU7QCh2U8kHCaWhKP/GnT3Rjjlb2k7OjtowZVTGScg90br/eNcNvq2wTnY4l+wQApNzrXmCiN2KM= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(8251501002);SRVR:CO1PR02MB014; X-Microsoft-Exchange-Diagnostics: 1;CO1PR02MB014;25:rjl+IbjKRp7ZLjkedhpmWcIQX862Xyg/+3T66Jtrdum6il0lzgDmwm8pG56OW8zl92gcNGECVrftmySQCNHrAeAYzs+RMlpvg6ZpVAdKiJ+Rxfe7pBOZuPTHrk077ft94J6l2p+vhu6MkGWLHVp0OyrqFWP5kl++T2lc8FN4qh0EV4ppthWvWtAlu7RUAImqefe7EfYLZAlXXxpaaO/c4ioPLo+nwWI2xy0R9yGdK1+2O6lxKgH5YRG0IbPz0NffvFL9frBuoHray4osRIrGA4Y/vLtANdyaccX+2at8s6TD6v55gXIxSqElY9EC82YOT6VmkGE+rLz4MbVn/uR4wqhbHJZKsqZ0igZVeWFv35Gi/5vrwBZJxWG4BjytAEZeYujF++adxbch60OM11E/nbXvBdt2Un0vYqFTjPFqmFidroJYlxOQmnwAMvlaSrH8;31:ypL9BfxxsGnDtmHiWiicUSRyMpRLt4tFfOVfTBmZ3m7fG1u2xA6ZTTyvXQOYtyR2UwyyaGPkAAvSt85CylX57FXBO1xaE8mwyjupKWrVKnTZo0Mb/n6yA88bAa7Xkq+GbUlCbyWSBBEzyqGSGAhP1Railb1fpdM3MtKtW8DNnJ1dgTJa5alduYopkczbNM3ySWuEEDLOMwQVLSZsEr8uMSDdr4qkg9EK1NZDyz5Z6GE89p514whty/+B5qngZoCCmG77h5K+y1Q+iBrjdDCF4A== X-Microsoft-Exchange-Diagnostics: 1;CO1PR02MB014;20:PrfCrZZqK+Gwhp7dsP9BwZeh7mE5SJKJcWJxfPu5Ebz4W9A0vUNNVV1KuzMkg+ooVcEd6mEzSFti8/7okF5wtGqszbcvTTU7bCcxqSGXzDQtTHQoeZHJat8gDRJRPkwaSu6oEOHkqxm/S8wqn88yvEU+0UCoca8nrgJ8tAc+YJZUVSWaoThufs+m1AOaMuBtH+GlMBkdRQ9UOJbiMVhvvCGv4bOrzaUBdJ8IBLLirkTfBTtP7m1GtZZ9N9JDq05fnunIII6xDHNKnOfqr6TSUQllOTwJQSd+TKKpQ77TvgvuKAv2e8oP/H6utdP4CBnJbU0bg4Uk8wVmUi+zJcCl3Pj0eCf0rrPWfCKSWxSV9y0BPD9Ri59Q/bEV37xmGhfmbkICxNDaJCB8+N/9eqiSh4gcbTg1ujXokridb6L9Z0nKDwG8uiN58GYzaDSfXa/6rgs0EHgmkPzRlj4eQf9NeJ48DvZdeJHmDzGqBXqnFyRQ222fH+Mb9jNEYTTbzBHg X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(80048183373757)(258649278758335)(192813158149592); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(13017025)(13015025)(13018025)(13024025)(13023025)(8121501046)(5005006)(3002001)(10201501046)(6055026);SRVR:CO1PR02MB014;BCL:0;PCL:0;RULEID:;SRVR:CO1PR02MB014; X-Microsoft-Exchange-Diagnostics: 1;CO1PR02MB014;4:QV5UokB6JNIFQs9Ee0gHm8aXyLA1be7aISxq0aAJIIYIEKJ0KXrkr12OO7ifTctQsjz/wIMf7o8T43Nq16L3qSVoFHHmVAxeOdumbxJFE9QS/UZ83C2uqkblBNTDljkbIGC8gnAJPuZ2qIfi5uTLRfxoey/dTOlVtrsRSsU2COobUNV019T3iQnNvxitU2h0cmXJ3T3gj7edtEpRaKmpp6Kqtf9ClcBC/anr3t2p2AspVSNI5KvvYw4m23+8y37/uagDIakCoAGL5dQ+JATgZj1jIlFvg5fRf7zUdqaJba1JbjeFkWzk8uS0OotIW1GzdsKd2o+ESOKDGHl+KSarmsQjQJi7T+Qutxr0zlBOpsacAELgAnpovP28VJpAF8d53PLFc6kRO8cxhNfAbY1BC0NG9/V0CZGJ8kFEgO9SltxPTIWtWjR74ER0xu05ZscX7rERtQkUHJy3BMMiVeVfBfdDc8xqwNV5W/Cq0av5M4M+OM8htDy/iFOfFb0BRk6nWpTBmmevOnOpj9cjIeccf8AS/mvAgw8wSE6V5QSVS5NdELO7RE+ABrrStS7S+OIMNwtjemIOITtEZU5IhsY7nRA9BAPTi+lAkzNNT5GAHaezbfCROIPel05dFSsntVtncy771IN1pjbuBF+0QWuk/A== X-Forefront-PRVS: 01208B1E18 X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDTzFQUjAyTUIwMTQ7MjM6SnJ6NzZhSkl5d1hLbXFUNGsraTZ1MDRERnJw?= =?utf-8?B?NUN0NlF2czVVc3hsbS8wQlNzMCtUWjBObXpDcUVXek5qU2o3S0Q1UzltTnJF?= =?utf-8?B?L1ovdHQ2WjVpaytFaEllcGNadjc5QXVkRy8zaEQ3dlkyUVkzcWgwWkgwM3FP?= =?utf-8?B?N3ZFcWxpSlZzbDBrOWYrbE1YbWZDUllLRHlJSUc0aU51bGp2TDAxb0JHbHM0?= =?utf-8?B?VW9raDZhV3ovSmxhRXJ4aThCYkJva3NHWTZ4aU1vZjVrUTdJcGVZVFpYaUUw?= =?utf-8?B?OG42SmdRRzVxVHA0dDBpdUg1bit0QlJYbkNUVFJBanFVNUtDdUN0UktlaE8w?= =?utf-8?B?Y0FDdjhCcUwzeTFadndVR1dPZ1lqVDhtNmZqc1NybjNFb0p1QllUNForRDlT?= =?utf-8?B?QjNXQnFIL3ZQcDVVUGxFbWFUVS9xVlN0SEpQT3JJbm0veEJNR2ZxNEFLYnVH?= =?utf-8?B?OW5mQjViNEw1VDJxQnFEQTAyT3ZURTJadmRzY2dxamhnMTRyK1BibEFvOHJU?= =?utf-8?B?Q0w5YS8xQjREQU1NZ2k0Rlk5R3h6UmZMVWsvRzZyc2JwenpjcG8xazRMUDZN?= =?utf-8?B?Z0ZNam1lL1h4bFBSZlR0Mmt0amRMdStZcEptSW82M29WSWFPcWJuaGI0UmYx?= =?utf-8?B?ak9IaTN3ai9NY3NCaFJWNG9aT0pIUmMxZktCN1dhTzdHQVIyd3VtN2oyOHNG?= =?utf-8?B?SHZrNG9LSDRSdnN3VS90ZGJUaHkzcWpWYVpROEhINFBPOCtGTk8wbHRCcDNq?= =?utf-8?B?UlpPMTgzdGNxSnpVMlc3RGNoM3lPcnhzYVFrcVB2R1JxRjVWYVFWWlZ6UENj?= =?utf-8?B?dFc2M0w0OGRaL2lZMk5CMUNxcnEwaVg3UTVpdUk0TVpDOGlUSmNCc1ZtOVcy?= =?utf-8?B?K0xKWWlCQlFZNlY2bXk2aXgvNEE4Z0VhdUMyVDBXUytrVFF3VW1IKzlVaDZB?= =?utf-8?B?QkRJd2NabjMwRzNwS1I0cXNIcHRGa252dWJYUXVGbEJsTDgwNDNmV1FKSW8w?= =?utf-8?B?cnVVVzRucFRMWVJwcHBqeU1RbkNvRk1NUG13Rmd0WXU0Qk9kWHBjMGI4dTJY?= =?utf-8?B?NWFxTnpib3BxMW91NmpHQ1o2OC9LWlk3YW5zcHhZdkpwQVhiNGVjNFFneFNi?= =?utf-8?B?QWo4N0tJRytvM2c5MUZKY2FyQ3Y4MEtCeEtTQkc2QmxUb3J0UVdmbzNHZGxH?= =?utf-8?B?SWNNL21IdTF3T2hVa0tJUndjS1l0NE1BTWorVW01UkpkZzR3Y0JMRXFZdE5R?= =?utf-8?B?TlVPYklJWDdrSG40cW9DdVV3VGZES2ZWalJ6bTUrZDZ3THBHemxOeVJhUzVX?= =?utf-8?B?cFdGS085dGYzMFg0MVpYeldKenVtY0lWSjBaVUV4cW1CbU5MY2xpbFJ2SEh0?= =?utf-8?B?bnhrR3NOcUtlcittZXFkZmFuckQvZWJUZDBoN0toeHI4ZW9SWk5ZTFh4MnZB?= =?utf-8?B?dWk2aXNjVzdVUndLTDkvbnp5d3Z0UEFFRHZ6cGFxbTIrNS9BZ3NSWEZYMTdt?= =?utf-8?B?OXpyL1JuRGd4U1lCdmRaeXhPQ0pqdHFvZjN4ZkNpT3ppQzE5eVk2SW9rbndV?= =?utf-8?B?RE9aSGlPL1F6OVlWWGNTT1RuUGxGNzc2TkY4bTFLa3FoL1FwVnlKR0pha3gv?= =?utf-8?B?LzJKcWZYQlhIMTRkSzFqR0dGbDVWbU9sSVg0Nmpxb2ZhNkZYSXQ5UUE9PQ==?= X-Microsoft-Exchange-Diagnostics: 1;CO1PR02MB014;6:BweEgDwsPatqx9oQzIvJD3/5bxhY4kiuCK8aFo3G33aAZAlgy8T5SvhP+0B1Z2Ay8Cf5YGzHvcNS4RsBpFTuGcIx5lz1V5nkmIDdr4Z8Yz+hLtQG748TFMpyaTfNZAdADk8suRIkx0iKHeA2eKzpDSWHH3VRuQYm+mfjl3Lj0CUidtkpqkjJQMu7wctHcQkQTHiONfWurt40V3OdePifZXxiaVmebKgSXIXOFgwfKZ86wfaW7afYitKRx3HMf+t2b8wf3Bfsyp8OrDrGesFBgBlcWgcIXEr+mkwdQBh416NThnPDDJeBtbvzFjMZKhn1k/v2iD+kYdEKkvT6zWvLwpHslBXrg1+i0Edd/UJD2Ig=;5:nbGDp+8Fr7MZCMJDrYZhWm9KQ2fVRMs7C94FfZ0qoY8d4XSx0e3d7hyCMSQsTlp+8qsgYdCQwrMIm6qxnubs6mV1O0uwqU5Mc81wAiC3GNgrcsaBinmj1YTmEF8n8nXKkNDIzwCZWww31r7ViqOdSA==;24:wz544Nzp/Z1nb+3eJ2pp/bwRKYgsOv0sZdYbA2EWRkncW8OBUMXw4SOxyK+qUS7912aSsC22hAzRB5GY7tlYX3C1Plt6xW6dTvFa7Xod/dw= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CO1PR02MB014;7:gT0L0nX6uWQRQesm4Wpgdx0qkCYXwUUShAWURgGHEZLuUGxuXnf5GwfboQ++b74IRMoFhvcYC55tlqXUsjKatTaXu4M/VZPlEDZeYsEyMMB4s/kXWbhLXDyGxO4CO2Vjv1ObGLBJr37WC1UlAMCCmBkqT4SJHgryQZLDcGXlRhAMl8ISc0bk53njiNB5UftODegE35I5lmTK3G/OafOl5dl0ZDhAcU6pH5o7vvsIeb1nJV97IC0YNPdShceE3oO9Q3r06NljBcb4sh3aqA1k7prY9LkvNU9/D0uolBTYyvlb+NOTllvyXsKGzo5Bs44UijOiS30jLBjqWhGC7TgZaD2I4XTPheDkCKCcykbisI0= X-OriginatorOrg: xilinx.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Nov 2016 18:32:24.0353 (UTC) X-MS-Exchange-CrossTenant-Id: 657af505-d5df-48d0-8300-c31994686c5c X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=657af505-d5df-48d0-8300-c31994686c5c;Ip=[149.199.60.100];Helo=[xsj-pvapsmtpgw02] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR02MB014 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3481 Lines: 94 On Sun, 2016-11-06 at 17:13:25 -0700, Moritz Fischer wrote: > Add new flag FPGA_MGR_DECRYPT_BISTREAM as well as a matching > capability FPGA_MGR_CAP_DECRYPT to allow for on-the-fly > decryption of an encrypted bitstream. > > If the system is not booted in secure mode AES & HMAC units > are disabled by the boot ROM, therefore the capability > is not available. > > Signed-off-by: Moritz Fischer > Cc: Alan Tull > Cc: Michal Simek > Cc: Sören Brinkmann > Cc: linux-kernel@vger.kernel.org > Cc: linux-arm-kernel@lists.infradead.org > --- > drivers/fpga/fpga-mgr.c | 7 +++++++ > drivers/fpga/zynq-fpga.c | 21 +++++++++++++++++++-- > include/linux/fpga/fpga-mgr.h | 2 ++ > 3 files changed, 28 insertions(+), 2 deletions(-) > > diff --git a/drivers/fpga/fpga-mgr.c b/drivers/fpga/fpga-mgr.c > index 98230b7..e4d08e1 100644 > --- a/drivers/fpga/fpga-mgr.c > +++ b/drivers/fpga/fpga-mgr.c > @@ -61,6 +61,12 @@ int fpga_mgr_buf_load(struct fpga_manager *mgr, u32 flags, const char *buf, > return -ENOTSUPP; > } > > + if (flags & FPGA_MGR_DECRYPT_BITSTREAM && > + !fpga_mgr_has_cap(FPGA_MGR_CAP_DECRYPT, mgr->caps)) { > + dev_err(dev, "Bitstream decryption not supported\n"); > + return -ENOTSUPP; > + } > + > /* > * Call the low level driver's write_init function. This will do the > * device-specific things to get the FPGA into the state where it is > @@ -170,6 +176,7 @@ static const char * const state_str[] = { > static const char * const cap_str[] = { > [FPGA_MGR_CAP_FULL_RECONF] = "Full reconfiguration", > [FPGA_MGR_CAP_PARTIAL_RECONF] = "Partial reconfiguration", > + [FPGA_MGR_CAP_DECRYPT] = "Decrypt bitstream on the fly", > }; > > static ssize_t name_show(struct device *dev, > diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c > index 1d37ff0..0aa4705 100644 > --- a/drivers/fpga/zynq-fpga.c > +++ b/drivers/fpga/zynq-fpga.c > @@ -71,6 +71,10 @@ > #define CTRL_PCAP_PR_MASK BIT(27) > /* Enable PCAP */ > #define CTRL_PCAP_MODE_MASK BIT(26) > +/* Needed to reduce clock rate for secure config */ > +#define CTRL_PCAP_RATE_EN_MASK BIT(25) > +/* System booted in secure mode */ > +#define CTRL_SEC_EN_MASK BIT(7) > > /* Miscellaneous Control Register bit definitions */ > /* Internal PCAP loopback */ > @@ -252,12 +256,20 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, u32 flags, > > /* set configuration register with following options: > * - enable PCAP interface > - * - set throughput for maximum speed > + * - set throughput for maximum speed (if we're not decrypting) > * - set CPU in user mode > */ > ctrl = zynq_fpga_read(priv, CTRL_OFFSET); > - zynq_fpga_write(priv, CTRL_OFFSET, > + if (flags & FPGA_MGR_DECRYPT_BITSTREAM) { > + zynq_fpga_write(priv, CTRL_OFFSET, > + (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | > + CTRL_PCAP_RATE_EN_MASK | ctrl)); > + > + } else { > + ctrl &= ~CTRL_PCAP_RATE_EN_MASK; > + zynq_fpga_write(priv, CTRL_OFFSET, > (CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl)); > + } Minor nit: Assuming that there may be more caps to check to come, wouldn't it be slightly easier to write this in a way like?: if (flags & SOME_FLAG) ctrl |= FOO; if (flags & SOME_OTHER_FLAG) ctrl |= BAR; zynq_fpga_write(priv, CTRL_OFFSET, ctrl); i.e. moving the fpga_write outside of the conditionals. Sören