Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp727683pxb;
        Tue, 2 Feb 2021 16:53:03 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwWqJjQe25P580PqJVtuXTbJApYNExGw55Ph0i6U32EcOkes6pBFi6bQ+h/QEz3Oo8znS7L
X-Received: by 2002:a17:906:80b:: with SMTP id e11mr609660ejd.269.1612313583278;
        Tue, 02 Feb 2021 16:53:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612313583; cv=none;
        d=google.com; s=arc-20160816;
        b=DjIlcOXjAaLXvwiANK3uhHyGbt6Hwvvx9nnFbaeH7wqg5jRdjBaOUY7iUewTOaVEKS
         KwqS5d6nDoHgjpHHlAZhfG1Lgedg7Ne6hkY0iFH24+UYWO0FKSLueUfAnTL1QJgV/k3j
         EfRsfLweu0nSu/IYG5F1RMJCgbzGXNMUCl8MOrDSr0qVzG13izLr9saxpFaSznCHLIlL
         zA118UNkFI2vXdh8Sbf3Sv7SZz2nULDAev2zQ1KOwRUva2cSUM2jF6jFbzwASK1Xsvi6
         9XIuYaiPvhQXlI2sI8mV/M2tQeVysnW6CNAsb13fJ4cR0JNZNZMpzJrIoxLNdENUS1JL
         ayMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject:ironport-sdr:ironport-sdr;
        bh=PHoVHKRFmEiVlLAnQwTxc7cL4woe6a7VmNTun4G3344=;
        b=YPEKuulqumDNpgAPpVN2n7ZZeLN8ImDx8Yvkm0FF26bWgKN+gVG8I8SjcHO0X4qDk6
         4ojpNVROlZOWyDzfGIHRfjFLmNr0oyhSd766/QICr73JxqmFI+T3rbRR8lrLBaQBIoDT
         QIPoASLBRL9MmlVnxb7u8xQCTuG2fQxiQ1zIn1bWJGFw8WSTw+79rOC7hhZiDlbNMDaz
         ie8owxNCLap3Lm3Gio+GXzFYdPqLIJouV73jssMB4wkdZrSs6Uj8sUKVxmGA/ClxVMBg
         Yhxo407oJlTw9ppOaNipJjDzwN2ZSJF/YoB2ZZUWwKdbZASZhVwjh0zBDXs+8OqV0w6X
         WGjw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bc7si223920edb.41.2021.02.02.16.52.39;
        Tue, 02 Feb 2021 16:53:03 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232405AbhBBVnO (ORCPT <rfc822;lizhiguo.at@gmail.com>
        + 99 others); Tue, 2 Feb 2021 16:43:14 -0500
Received: from mga09.intel.com ([134.134.136.24]:64619 "EHLO mga09.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S234114AbhBBVmq (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 2 Feb 2021 16:42:46 -0500
IronPort-SDR: JcAYSx8dS08FD+BlSjmtlAgeGrVnvrEStZ59bxq/TKikXQG/deoC0XLcaZVY9qp8NlOpxKVQ/V
 DwDgWz7pk61A==
X-IronPort-AV: E=McAfee;i="6000,8403,9883"; a="181081895"
X-IronPort-AV: E=Sophos;i="5.79,396,1602572400"; 
   d="scan'208";a="181081895"
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Feb 2021 13:40:59 -0800
IronPort-SDR: asmWp1QY24TIDG7pef9yM7XBm68sR8mtJyGYqbxJfxtwO2nGiDRsrz4Il07yUK/wCjTvZ41CW2
 VM++/ccXZJ2Q==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.79,396,1602572400"; 
   d="scan'208";a="370961433"
Received: from marshy.an.intel.com (HELO [10.122.105.143]) ([10.122.105.143])
  by fmsmga008.fm.intel.com with ESMTP; 02 Feb 2021 13:40:58 -0800
Subject: Re: [PATCHv4 5/6] dt-bindings: fpga: add authenticate-fpga-config
 property
To:     Moritz Fischer <mdf@kernel.org>
Cc:     trix@redhat.com, gregkh@linuxfoundation.org,
        linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org,
        Richard Gong <richard.gong@intel.com>
References: <1612192919-4069-1-git-send-email-richard.gong@linux.intel.com>
 <1612192919-4069-6-git-send-email-richard.gong@linux.intel.com>
 <YBjUyc2ea51S4Wzp@epycbox.lan>
From:   Richard Gong <richard.gong@linux.intel.com>
Message-ID: <9752d0eb-962a-f308-24a3-aedd4fecf25d@linux.intel.com>
Date:   Tue, 2 Feb 2021 16:01:37 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <YBjUyc2ea51S4Wzp@epycbox.lan>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


Hi Moritz,

On 2/1/21 10:27 PM, Moritz Fischer wrote:
> On Mon, Feb 01, 2021 at 09:21:58AM -0600, richard.gong@linux.intel.com wrote:
>> From: Richard Gong <richard.gong@intel.com>
>>
>> Add authenticate-fpga-config property for FPGA bitstream authentication,
>> which makes sure a signed bitstream has valid signatures.
>>
>> Signed-off-by: Richard Gong <richard.gong@intel.com>
>> ---
>> v4: explain authenticate-fpga-config flag further
>> v3: no change
>> v2: put authenticate-fpga-config above partial-fpga-config
>>      update commit messages
>> ---
>>   Documentation/devicetree/bindings/fpga/fpga-region.txt | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt
>> index e811cf8..e2740b6 100644
>> --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
>> +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
>> @@ -182,6 +182,10 @@ Optional properties:
>>   	This property is optional if the FPGA Manager handles the bridges.
>>           If the fpga-region is  the child of a fpga-bridge, the list should not
>>           contain the parent bridge.
>> +- authenticate-fpga-config : boolean, set if do bitstream authentication only.
>> +	flag authenticate-fpga-config is used to first check the integrity of
>> +	the bitstream. If the authentication is passed, the user can perform
>> +	other operations.
>  From the other commits it looks like it *also* writes to QSPI? If so
> please document that.
> 
> If not, feel free to ignore :)
> 
> Maybe I would highlight two things:
> a) If you add 'authenticate-fpga-config' you are not allowed to add new
>     nodes
> b) If you add 'authenticate-fpga-config' you are not alllowed to add
>     other operations

How about the descriptions below?

- authenticate-fpga-config : boolean, set if do bitstream authentication 
only.
If 'authenticate-fpga-config' is added then adding a new node or another 
operation is not allowed.
Flag authenticate-fpga-config is used to check the integrity of the 
bitstream.
Except for the actual configuration of the device, the authentication 
works in the same way as FPGA configuration. If the authentication 
passes, other operations such as full or partial reconfiguration can be 
performed. When the bitstream into QSPI flash memory at device is 
programmed, it is expected that there will be no issue when starting the 
device.

>>   - partial-fpga-config : boolean, set if partial reconfiguration is to be done,
>>   	otherwise full reconfiguration is done.
>>   - external-fpga-config : boolean, set if the FPGA has already been configured
>> -- 
>> 2.7.4
>>
> Thanks,
> Moritz
> 
Regards,
Richard