lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  9 Feb 2021 16:20:32 -0600
From:   richard.gong@...ux.intel.com
To:     mdf@...nel.org, trix@...hat.com, gregkh@...uxfoundation.org,
        linux-fpga@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     Richard Gong <richard.gong@...el.com>
Subject: [PATCHv5 6/7] dt-bindings: fpga: add authenticate-fpga-config property

From: Richard Gong <richard.gong@...el.com>

Add authenticate-fpga-config property for FPGA bitstream authentication,
which makes sure a signed bitstream has valid signatures.

Signed-off-by: Richard Gong <richard.gong@...el.com>
---
v5: rewrite the description to highlight two things with
    authenticate-fpga-config flag
v4: explain authenticate-fpga-config flag further
v3: no change
v2: put authenticate-fpga-config above partial-fpga-config
    update commit messages
---
 Documentation/devicetree/bindings/fpga/fpga-region.txt | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt
index e811cf8..dca0e37 100644
--- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
+++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
@@ -182,6 +182,16 @@ Optional properties:
 	This property is optional if the FPGA Manager handles the bridges.
         If the fpga-region is  the child of a fpga-bridge, the list should not
         contain the parent bridge.
+- authenticate-fpga-config : boolean, set if do bitstream authentication only.
+	If 'authenticate-fpga-config' is added then adding a new node or another
+	operation is not allowed.
+	Flag authenticate-fpga-config is used to check the integrity of the
+	bitstream.
+	Except for the actual configuration of the device, the authentication
+	works in the same way as FPGA configuration. If the authentication passes,
+	other operations such as full or partial reconfiguration can be performed.
+	When the bitstream into QSPI flash memory at device is programmed, it is
+	expected that there will be no issue when starting the device.
 - partial-fpga-config : boolean, set if partial reconfiguration is to be done,
 	otherwise full reconfiguration is done.
 - external-fpga-config : boolean, set if the FPGA has already been configured
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ