Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp364473pxb; Thu, 19 Nov 2020 03:21:50 -0800 (PST) X-Google-Smtp-Source: ABdhPJy1kOkYPnS34eHy6JYzf9NlO+fneEpVGV7U+Vwx6npgYUhglV+hsBUR5ZL+P3lgbxBYlhZ4 X-Received: by 2002:a50:fb07:: with SMTP id d7mr4756268edq.169.1605784910531; Thu, 19 Nov 2020 03:21:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605784910; cv=none; d=google.com; s=arc-20160816; b=C+W+Tao+ntz8z2I3WFQcRrisxJQ7hrM1O4Ntk7YII1rOQIaDTSq7VfxKUQ1VfVnoXV PjDLHQS0GY5lGxHAon0Ph7maJjB9t5mAeq4+fzHaE/+8rFeMlzyWwWF5QylgJtnj7CQs 7GA+snLuHcidlIReV7PtnvcVuoJppd6fxwsTYT3GYXF18tdiAyh8ZxOTonMwTnNtYYml eTSSv14X4LjFOmwlOAnCXfPn9oCnc8HHAT1SMMf+t328sbceozqIqIJzpholUWuTni1J A1CZDecbk5LeF3o1stSwKseouJK4GqA15SzYlwK7jsaRmYh1Et52FfiZqcxKTRFfqFwA xnug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :ironport-sdr:ironport-sdr; bh=9RAPwnQN+o4+QUGGWM2CebOeEjhYkl20p0pjLDGt9wE=; b=jDs1tBa9OhucTD9GQ5nWIlv0l0lgxbN75DqJ18DFVhNjnbSqv0nAUg9e05nkW2oVWZ x49EWKu3I97OgAqZVJR3VYkr5VbrSTUv2lk++wokbnGjO+FhOhKcwa6IgCYWGjPfsNXV JbTTDzKjHom296ldWHZi2j/H3HtXiYHlCVc+WZZOaa06sTBcbtHPK55DxKpEvQ2I42NN g2omrlEjgtzaFLIAD9wnuvNevhCRTmSmm9KP/nsRhxrjYArG6+SWvHTSx1FQsZo2Kgeq kly446b1QP3DVRA6ypFcrsZwcPfhkJa4t1MBLyYZl2FqTBIEeZ448xBj9TcGVXdKAE7L wzvA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hb26si16551465ejb.603.2020.11.19.03.21.26; Thu, 19 Nov 2020 03:21:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726052AbgKSLSr (ORCPT + 99 others); Thu, 19 Nov 2020 06:18:47 -0500 Received: from mga05.intel.com ([192.55.52.43]:55916 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725783AbgKSLSq (ORCPT ); Thu, 19 Nov 2020 06:18:46 -0500 IronPort-SDR: qOYJml+ztwsf1rY0oniHS63qagCKKe0opzTH0/4LksQDA+J+q14Alxn0h31pRzpqLDI/mRxOn8 T/8ydZsrUfdQ== X-IronPort-AV: E=McAfee;i="6000,8403,9809"; a="255982109" X-IronPort-AV: E=Sophos;i="5.77,490,1596524400"; d="scan'208";a="255982109" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Nov 2020 03:18:45 -0800 IronPort-SDR: mrD7v+9BfN/icmiIRjGjnsi3DZPzwG1S08a5tdc9OCSc1Nigtkp53nE+LGxDwNAUAvgThA8nLY jzxYNKfmWqfw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,490,1596524400"; d="scan'208";a="476785500" Received: from yilunxu-optiplex-7050.sh.intel.com (HELO localhost) ([10.239.159.141]) by orsmga004.jf.intel.com with ESMTP; 19 Nov 2020 03:18:42 -0800 Date: Thu, 19 Nov 2020 19:14:30 +0800 From: Xu Yilun To: Richard Gong Cc: Moritz Fischer , trix@redhat.com, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org, dinguyen@kernel.org, sridhar.rajagopal@intel.com, Richard Gong Subject: Re: [PATCHv1 3/4] dt-bindings: fpga: add authenticate-fpga-config property Message-ID: <20201119111430.GB26472@yilunxu-OptiPlex-7050> References: <1605204403-6663-1-git-send-email-richard.gong@linux.intel.com> <1605204403-6663-4-git-send-email-richard.gong@linux.intel.com> <20201115192106.GB283592@epycbox.lan> <20201116024758.GA6810@yilunxu-OptiPlex-7050> <20201117022453.GA12837@yilunxu-OptiPlex-7050> <20201118054718.GB14665@yilunxu-OptiPlex-7050> <1713a966-5b0f-4e65-70ee-793d09e53cec@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1713a966-5b0f-4e65-70ee-793d09e53cec@linux.intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 18, 2020 at 07:38:31AM -0600, Richard Gong wrote: > > > On 11/17/20 11:47 PM, Xu Yilun wrote: > >On Tue, Nov 17, 2020 at 09:39:55AM -0600, Richard Gong wrote: > >> > >> > >>On 11/16/20 8:24 PM, Xu Yilun wrote: > >>>On Mon, Nov 16, 2020 at 08:14:52AM -0600, Richard Gong wrote: > >>>> > >>>>Hi Yilun, > >>>> > >>>>On 11/15/20 8:47 PM, Xu Yilun wrote: > >>>>>On Sun, Nov 15, 2020 at 11:21:06AM -0800, Moritz Fischer wrote: > >>>>>>Hi Richard, > >>>>>> > >>>>>>On Thu, Nov 12, 2020 at 12:06:42PM -0600, richard.gong@linux.intel.com wrote: > >>>>>>>From: Richard Gong > >>>>>>> > >>>>>>>Add authenticate-fpga-config property for FPGA bitstream authentication. > >>>>>>> > >>>>>>>Signed-off-by: Richard Gong > >>>>>>>--- > >>>>>>> Documentation/devicetree/bindings/fpga/fpga-region.txt | 1 + > >>>>>>> 1 file changed, 1 insertion(+) > >>>>>>> > >>>>>>>diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt > >>>>>>>index e811cf8..7a512bc 100644 > >>>>>>>--- a/Documentation/devicetree/bindings/fpga/fpga-region.txt > >>>>>>>+++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt > >>>>>>>@@ -187,6 +187,7 @@ Optional properties: > >>>>>>> - external-fpga-config : boolean, set if the FPGA has already been configured > >>>>>>> prior to OS boot up. > >>>>>>> - encrypted-fpga-config : boolean, set if the bitstream is encrypted > >>>>>>>+- authenticate-fpga-config : boolean, set if do bitstream authentication > >>>>>>It is unclear to me from the description whether this entails > >>>>>>authentication + reconfiguration or just authentication. > >>>>>> > >>>>>>If the latter is the case this should probably be described as such. > >>>>> > >>>>>If it is just authentication, do we still need to disable bridges in > >>>>>fpga_region_program_fpga? > >>>>> > >>>> > >>>>Yes. > >>>> > >>>>Except for the actual configuration of the device, the authentication > >>>>feature is the same as FPGA configuration. > >>> > >>>FPGA Bridges gate bus signals between a host and FPGA. So the FPGA > >>>region could not be accessed by host when doing configuration. But for > >>>this authentication, we are just writing the flash, we don't actually > >>>touch the FPGA soft logic. The host should still be able to operate on > >>>the old logic before reboot, is it? > >>> > >>Yes, it's feasible in theory but doesn't make much sense in practice. I > >>prefer to keep fpga_region_program_fpga() unchanged. > > > >I'm thinking of the case of inband reprograming, that the QSPI flash > >controller itself is embedded in FPGA soft logic, then maybe host still > >need to access FPGA on authentication. > > We can decide whether we should update fpga_region_program_fpga() function > when you update for inband reprogramming case. Sure, we could think about it later. Thanks, Yilun > > Regards, > Richard > > > >Thanks, > >Yilun > > > >>>> > >>>>>I'm wondering if the FPGA functionalities could still be working when > >>>>>the authenticating is ongoing, or when the authenticating is failed. > >>>>> > >>>> > >>>> > >>>> > >>>>>Thanks, > >>>>>Yilun > >>>>> > >>>>>> > >>>>>>> - region-unfreeze-timeout-us : The maximum time in microseconds to wait for > >>>>>>> bridges to successfully become enabled after the region has been > >>>>>>> programmed. > >>>>>>>-- > >>>>>>>2.7.4 > >>>>>>> > >>>>>> > >>>>>>Thanks