Thread (12 messages) 12 messages, 3 authors, 2021-06-08

RE: [PATCH 1/2] fpga: mgr: Adds secure BitStream loading support

From: Nava kishore Manne <hidden>
Date: 2021-05-04 09:43:38
Also in: linux-arm-kernel, linux-fpga, lkml 

Ping!

-----Original Message-----
From: Nava kishore Manne <redacted>
Sent: Thursday, April 15, 2021 11:28 AM
To: Moritz Fischer <mdf@kernel.org>
Cc: trix@redhat.com; robh+dt@kernel.org; Michal Simek
[off-list ref]; linux-fpga@vger.kernel.org;
devicetree@vger.kernel.org; linux-arm-kernel@lists.infradead.org; linux-
kernel@vger.kernel.org; git [off-list ref]; chinnikishore369@gmail.com
Subject: RE: [PATCH 1/2] fpga: mgr: Adds secure BitStream loading support

Hi Moritz,

	Thanks for providing the review comments.
Please find my response inline.
quoted
-----Original Message-----
From: Moritz Fischer <mdf@kernel.org>
Sent: Thursday, March 4, 2021 4:42 AM
To: Moritz Fischer <mdf@kernel.org>
Cc: Nava kishore Manne <redacted>; trix@redhat.com;
robh+dt@kernel.org; Michal Simek [off-list ref]; linux-
fpga@vger.kernel.org; devicetree@vger.kernel.org; linux-arm-
kernel@lists.infradead.org; linux-kernel@vger.kernel.org; git
[off-list ref]; chinnikishore369@gmail.com
Subject: Re: [PATCH 1/2] fpga: mgr: Adds secure BitStream loading
support

Hi Nava,

On Thu, Jan 21, 2021 at 09:17:10PM -0800, Moritz Fischer wrote:
quoted
On Mon, Jan 18, 2021 at 08:20:57AM +0530, Nava kishore Manne wrote:
quoted
This commit adds secure flags to the framework to support secure
BitStream Loading.

Signed-off-by: Nava kishore Manne <redacted>
---
 drivers/fpga/of-fpga-region.c | 10 ++++++++++
include/linux/fpga/fpga-mgr.h | 12 ++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/drivers/fpga/of-fpga-region.c
b/drivers/fpga/of-fpga-region.c index e405309baadc..3a5eb4808888
100644
--- a/drivers/fpga/of-fpga-region.c
+++ b/drivers/fpga/of-fpga-region.c
@@ -228,6 +228,16 @@ static struct fpga_image_info
*of_fpga_region_parse_ov(
quoted
quoted
 	if (of_property_read_bool(overlay, "encrypted-fpga-config"))
 		info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM;

+	if (of_property_read_bool(overlay, "userkey-encrypted-fpga-
config"))
quoted
quoted
+		info->flags |=
FPGA_MGR_USERKEY_ENCRYPTED_BITSTREAM;
quoted
Can this just be encrypted-fpga-config/FPGA_MGR_ENCRYPTED?
quoted
+
+	if (of_property_read_bool(overlay, "ddrmem-authenticated-fpga-
config"))
quoted
quoted
+		info->flags |= FPGA_MGR_DDR_MEM_AUTH_BITSTREAM;
+
+	if (of_property_read_bool(overlay,
+				  "securemem-authenticated-fpga-config"))
+		info->flags |= FPGA_MGR_SECURE_MEM_AUTH_BITSTREAM;
Shouldn't all these get binding docs? I remember Richard adding
authentication support for an Intel platform, too and I'd like to
avoid adding random bindings per vendor.

Would it be possible to have an 'authentication method / type' that is
more extensible with different methods maybe?
Yes, I agree this flags should not be a vendor specific we should make it as
generic.
can we have flags something like below .
1) authenticated-fpga-config --> By default it uses kernel memory(DDR) to
authenticate the image(FPGA_MGR_MEM_AUTH_BITSTREAM)
2) authenticated-onchip-fpga-config --> It uses the On chip memory to
authenticate the image ( FPGA_MGR_AUTH_ON_CHIP_BITSTREAM)

if you have any other thoughts let me know will try to adopt the same...


Regards,
Navakishore.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help