Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp927170pxb; Tue, 9 Feb 2021 16:59:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJzkmAgKzEuiGToEYjAMBg0zvZhptDdkTvokpZz5CQVzXwwOp/7UlVGIa7gXtA8bDxsQ6yd2 X-Received: by 2002:a17:906:e092:: with SMTP id gh18mr368032ejb.389.1612918769443; Tue, 09 Feb 2021 16:59:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612918769; cv=none; d=google.com; s=arc-20160816; b=xTOeQ+Pr9uuupjfsBEV+uug1R5CFsqtcbTCOnVpIU5BwhSd3tUqmihB7t7P/pNHjuF PP5xcDBZoUt7UedECARDjvo8Swn8nqZX8EfMMReAJ8AodYLm3W9ESpZZFHpvO1EPTL0k aZ13h6xXRUZ/Hy7UuNEkish4m/uv59xe2dAa9nPuKINF6xk7FT5QZclIOcKOjc6HSz2L j2Eoj3lHqQ6Yqnqmy1GxLiSqJ4ZDW3bzESceotMXAGQddF3M4ERodee5umM3Jdq2qQRY +YX279+8K+xzw3vQQjqJtKT6N8v8K6Msf4ZDrjBBcLo9jKQUq5tG8Hn4UG1uLa2Aqc7i bOAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:ironport-sdr:ironport-sdr; bh=2ddjLVoTouX4BpeWNJ63kDuqmdcnNQB6iYK5Dhas6Uo=; b=Uz/yKzpxXo4apqCzVuXdxPFB4MaQngpKvhLpPxFeq2Z6th7PqeQFIv5cLaEdBT99Q5 wGvhME4kadaX2WymVePRletWzRbuvChist32EdkcyOuwWXpRKde8QC61/muBks4sQ2Zr ZR65YcY3VwvPY3iVn/NLyTRzvfuqnMkgq3iq3mRegqjFKStE1l9EBj+b85SpN0eKyzcx km3OrVqinlh7+sR6a0VxRS8yjEODpodtFSrpqChPPu6s9CAM6O9lAAiIg9AQOWNMLhO3 w6JWS1wtkv7tQu3kKCkLzQ2vo4ErV0IF/mxNMw2qRJuT5TvzU+vlrGEmdqQGRcD2YJON grkA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id de1si283974edb.555.2021.02.09.16.59.06; Tue, 09 Feb 2021 16:59:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234293AbhBJA6d (ORCPT + 99 others); Tue, 9 Feb 2021 19:58:33 -0500 Received: from mga01.intel.com ([192.55.52.88]:21286 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233860AbhBIWJA (ORCPT ); Tue, 9 Feb 2021 17:09:00 -0500 IronPort-SDR: YXYBG1uAtILW3lXdhyMcX7ybpk6PGVy1pdJuKEPdJ6ygFWyASi8LQw1eG2N17rucQCMKwIJeVI 1soRlI5IRAGg== X-IronPort-AV: E=McAfee;i="6000,8403,9890"; a="201058922" X-IronPort-AV: E=Sophos;i="5.81,166,1610438400"; d="scan'208";a="201058922" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Feb 2021 14:02:11 -0800 IronPort-SDR: pt5sIP/qzXvCKkqpXKwTVzob2sXr5JNAGnQCMp00GryNKfNyi5mY6HzcvXfVC8rWpGEgJtqi9Z 8XQPLl2wbkxA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,166,1610438400"; d="scan'208";a="361959976" Received: from marshy.an.intel.com ([10.122.105.143]) by orsmga006.jf.intel.com with ESMTP; 09 Feb 2021 14:02:10 -0800 From: richard.gong@linux.intel.com To: mdf@kernel.org, trix@redhat.com, gregkh@linuxfoundation.org, linux-fpga@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Richard Gong Subject: [PATCHv5 5/7] fpga: of-fpga-region: add authenticate-fpga-config property Date: Tue, 9 Feb 2021 16:20:31 -0600 Message-Id: <1612909233-13867-6-git-send-email-richard.gong@linux.intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1612909233-13867-1-git-send-email-richard.gong@linux.intel.com> References: <1612909233-13867-1-git-send-email-richard.gong@linux.intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Richard Gong Add authenticate-fpga-config property to support FPGA bitstream authentication, which makes sure a signed bitstream has valid signatures. Signed-off-by: Richard Gong --- v5: no change v4: add additional checks to make sure *only* authenticate v3: no change v2: changed in alphabetical order --- drivers/fpga/of-fpga-region.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/drivers/fpga/of-fpga-region.c b/drivers/fpga/of-fpga-region.c index e405309..5074479 100644 --- a/drivers/fpga/of-fpga-region.c +++ b/drivers/fpga/of-fpga-region.c @@ -218,15 +218,25 @@ static struct fpga_image_info *of_fpga_region_parse_ov( info->overlay = overlay; - /* Read FPGA region properties from the overlay */ - if (of_property_read_bool(overlay, "partial-fpga-config")) - info->flags |= FPGA_MGR_PARTIAL_RECONFIG; + /* + * Read FPGA region properties from the overlay. + * + * First check the integrity of the bitstream. If the + * authentication is passed, the user can perform other + * operations. + */ + if (of_property_read_bool(overlay, "authenticate-fpga-config")) { + info->flags |= FPGA_MGR_BITSTREAM_AUTHENTICATE; + } else { + if (of_property_read_bool(overlay, "partial-fpga-config")) + info->flags |= FPGA_MGR_PARTIAL_RECONFIG; - if (of_property_read_bool(overlay, "external-fpga-config")) - info->flags |= FPGA_MGR_EXTERNAL_CONFIG; + if (of_property_read_bool(overlay, "external-fpga-config")) + info->flags |= FPGA_MGR_EXTERNAL_CONFIG; - if (of_property_read_bool(overlay, "encrypted-fpga-config")) - info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM; + if (of_property_read_bool(overlay, "encrypted-fpga-config")) + info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM; + } if (!of_property_read_string(overlay, "firmware-name", &firmware_name)) { -- 2.7.4