Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3885575pxb; Mon, 1 Feb 2021 07:10:31 -0800 (PST) X-Google-Smtp-Source: ABdhPJwAeRVa8RX7MnLNMAcCOKa3vkPAjCIsZcK5ceJOaC9SCRzo/uLPCvJmeOPlUVvvQagBjIs0 X-Received: by 2002:a17:907:35d1:: with SMTP id ap17mr10342106ejc.79.1612192231534; Mon, 01 Feb 2021 07:10:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612192231; cv=none; d=google.com; s=arc-20160816; b=LQ2SUlz4LOZPKJq8aGY8ibs3YVIIj0IX18Xynk6oviAFCIU0z0vp3ti6lDX13TC6D+ E61JkvC3ftn81wrhxVtzFcT9ylGzFnNu4ckWSfFkrmgd7aCSikKz6YQ93YJmPM51KLwz w+84rLk9f1iayQ4XMzE4FPQYAWXTkhaBaODcDpZiV24DjjOp+auMo6OelpHgqo87I0fy 5FscGQsqT/cf5n6m3GaOiRPxMcAp0LJCo4IMMdkLDpeJ6Sv6IY1RvxwUUFzGKo2BA1CA hjNe+jYz67H3UvWIO4jZb2WB2LyXGFu3oqT0C9N/3hYLPMYIBKwylxkWQs7/VapAtWLV rEJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:ironport-sdr:ironport-sdr; bh=Z60OnGgrFDIwK87IxKJy8HYqrn2sggviEWyR+IcT7fo=; b=PMM5UFXlTdIPZmW17t9UsfK/PVwakuPE0Qeg9whaRAbyFuwSHfrmkDS7g5eodZyNrh hC0iLJMnjHnxi9O847h5YyzgxHdQEr16YR3vbgWrCEn0US+Ba7FxRP55KJdsEf91NXUS uQ593IFZT+/OCG739dGVZTyzEc9axTvtFWM9a+O9ltSe9bNow75ZpHKWEnG8dn7rfO0g Y0Q682XeSCZ8az8VozpOeYRq4d+42CKhlPo8Tc17fO6anfkbG/fKd/m6m4ayAWO6AYyh iSMAXOjABoEiywN+QiT+bhv570oeWYt2LN55uYa5a33YWIwRrP0AcCmgLy19JiDVZ/xz jgMQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j1si240581ejx.113.2021.02.01.07.10.05; Mon, 01 Feb 2021 07:10:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231398AbhBAPH4 (ORCPT + 99 others); Mon, 1 Feb 2021 10:07:56 -0500 Received: from mga06.intel.com ([134.134.136.31]:33905 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231145AbhBAPGK (ORCPT ); Mon, 1 Feb 2021 10:06:10 -0500 IronPort-SDR: hT1p50H6dFYeoxBfyQvqS1990ehXj8+iLezFHiSPAkUl0m5qinOCLtEdNVfCg7dfwQGdBMxc94 R5cu2/qNJVBg== X-IronPort-AV: E=McAfee;i="6000,8403,9882"; a="242214682" X-IronPort-AV: E=Sophos;i="5.79,392,1602572400"; d="scan'208";a="242214682" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Feb 2021 07:02:32 -0800 IronPort-SDR: 3vXLgtQeRyuKoXukZd7xaTR2EL4ACw0mYIM4eZ0PtTG76DyRQA9xM1znI4Ki0QyoWFaDKX6PdZ PRYpqVZ9FkTw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.79,392,1602572400"; d="scan'208";a="369891577" Received: from marshy.an.intel.com ([10.122.105.143]) by fmsmga008.fm.intel.com with ESMTP; 01 Feb 2021 07:02:31 -0800 From: richard.gong@linux.intel.com To: mdf@kernel.org, trix@redhat.com, gregkh@linuxfoundation.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Richard Gong Subject: [PATCHv4 4/6] fpga: of-fpga-region: add authenticate-fpga-config property Date: Mon, 1 Feb 2021 09:21:57 -0600 Message-Id: <1612192919-4069-5-git-send-email-richard.gong@linux.intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1612192919-4069-1-git-send-email-richard.gong@linux.intel.com> References: <1612192919-4069-1-git-send-email-richard.gong@linux.intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Richard Gong Add authenticate-fpga-config property to support FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v4: add additional checks to make sure *only* authenticate v3: no change v2: changed in alphabetical order --- drivers/fpga/of-fpga-region.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/drivers/fpga/of-fpga-region.c b/drivers/fpga/of-fpga-region.c index e405309..5074479 100644 --- a/drivers/fpga/of-fpga-region.c +++ b/drivers/fpga/of-fpga-region.c @@ -218,15 +218,25 @@ static struct fpga_image_info *of_fpga_region_parse_ov( info->overlay = overlay; - /* Read FPGA region properties from the overlay */ - if (of_property_read_bool(overlay, "partial-fpga-config")) - info->flags |= FPGA_MGR_PARTIAL_RECONFIG; + /* + * Read FPGA region properties from the overlay. + * + * First check the integrity of the bitstream. If the + * authentication is passed, the user can perform other + * operations. + */ + if (of_property_read_bool(overlay, "authenticate-fpga-config")) { + info->flags |= FPGA_MGR_BITSTREAM_AUTHENTICATE; + } else { + if (of_property_read_bool(overlay, "partial-fpga-config")) + info->flags |= FPGA_MGR_PARTIAL_RECONFIG; - if (of_property_read_bool(overlay, "external-fpga-config")) - info->flags |= FPGA_MGR_EXTERNAL_CONFIG; + if (of_property_read_bool(overlay, "external-fpga-config")) + info->flags |= FPGA_MGR_EXTERNAL_CONFIG; - if (of_property_read_bool(overlay, "encrypted-fpga-config")) - info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM; + if (of_property_read_bool(overlay, "encrypted-fpga-config")) + info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM; + } if (!of_property_read_string(overlay, "firmware-name", &firmware_name)) { -- 2.7.4