Thread (9 messages) 9 messages, 3 authors, 2021-05-27

RE: [RFC PATCH 2/4] fpga: Add new properties to support user-key encrypted bitstream loading

From: Nava kishore Manne <hidden>
Date: 2021-05-27 10:50:42
Also in: linux-devicetree, linux-fpga, lkml 

Hi Rob,

	Please find my response inline.

-----Original Message-----
From: Rob Herring <robh@kernel.org>
Sent: Thursday, May 13, 2021 8:05 PM
To: Nava kishore Manne <redacted>
Cc: mdf@kernel.org; trix@redhat.com; Michal Simek <redacted>;
arnd@arndb.de; Rajan Vaja [off-list ref];
gregkh@linuxfoundation.org; linus.walleij@linaro.org; Amit Sunil Dhamne
[off-list ref]; Tejas Patel [off-list ref];
zou_wei@huawei.com; Manish Narani [off-list ref]; Sai Krishna
Potthuri [off-list ref]; Jiaying Liang [off-list ref]; linux-
fpga@vger.kernel.org; devicetree@vger.kernel.org; linux-
kernel@vger.kernel.org; linux-arm-kernel@lists.infradead.org; git
[off-list ref]; chinnikishore369@gmail.com
Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support user-key
encrypted bitstream loading

On Thu, May 13, 2021 at 5:55 AM Nava kishore Manne [off-list ref]
wrote:
quoted
Hi Rob,

        Please find my response inline.
quoted
-----Original Message-----
From: Rob Herring <robh@kernel.org>
Sent: Thursday, May 13, 2021 8:01 AM
To: Nava kishore Manne <redacted>
Cc: mdf@kernel.org; trix@redhat.com; Michal Simek
[off-list ref]; arnd@arndb.de; Rajan Vaja
[off-list ref];
quoted
quoted
gregkh@linuxfoundation.org; linus.walleij@linaro.org; Amit Sunil
Dhamne [off-list ref]; Tejas Patel
[off-list ref]; zou_wei@huawei.com; Manish Narani
[off-list ref]; Sai Krishna Potthuri [off-list ref];
Jiaying Liang [off-list ref]; linux- fpga@vger.kernel.org;
devicetree@vger.kernel.org; linux- kernel@vger.kernel.org;
linux-arm-kernel@lists.infradead.org; git [off-list ref];
chinnikishore369@gmail.com
Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support
user-key encrypted bitstream loading

On Tue, May 04, 2021 at 03:52:25PM +0530, Nava kishore Manne wrote:
quoted
This patch Adds ‘encrypted-key-name’ and
‘encrypted-user-key-fpga-config’ properties to support user-key
encrypted bitstream loading use case.

Signed-off-by: Nava kishore Manne <redacted>
---
 Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git
a/Documentation/devicetree/bindings/fpga/fpga-region.txt
b/Documentation/devicetree/bindings/fpga/fpga-region.txt
index d787d57491a1..957dc6cbcd9e 100644
--- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
+++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
@@ -177,6 +177,9 @@ Optional properties:
    it indicates that the FPGA has already been programmed with
this
image.
quoted
    If this property is in an overlay targeting a FPGA region, it is a
    request to program the FPGA with that image.
+- encrypted-key-name : should contain the name of an encrypted
+key file
located
quoted
+   on the firmware search path. It will be used to decrypt the
+ FPGA
image
quoted
+   file.
 - fpga-bridges : should contain a list of phandles to FPGA
Bridges that must
be
quoted
    controlled during FPGA programming along with the parent FPGA
bridge.
quoted
    This property is optional if the FPGA Manager handles the bridges.
@@ -187,6 +190,8 @@ Optional properties:
 - external-fpga-config : boolean, set if the FPGA has already
been
configured
quoted
    prior to OS boot up.
 - encrypted-fpga-config : boolean, set if the bitstream is
encrypted
+- encrypted-user-key-fpga-config : boolean, set if the bitstream
+is
encrypted
quoted
+   with user key.
What's the relationship with encrypted-fpga-config? Both present or
mutually exclusive? Couldn't this be implied by encrypted-key-name
being present?
In Encryption we have two kinds of use case one is Encrypted Bitstream
loading with Device-key and Other one is Encrypted Bitstream loading
with User-key. encrypted-fpga-config and
encrypted-user-key-fpga-config are mutually exclusive. To differentiate
both the use cases I have added this new flag and Aes Key file(encrypted-key-
name) is needed only for encrypted-user-key-fpga-config use cases.

If encrypted-key-name is required for a user key, then why do you need
encrypted-user-key-fpga-config also?

IOW, why have 3 properties (that's 9 possible combinations) for 2 modes?
Agree, we can use encrypted-key-name for user-key use cases instead of having both encrypted-key-name and encrypted-user-key-fpga-config flags.
Will fix this issue in v2.

Regards,
Navakishore.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help