lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 4 May 2021 09:43:32 +0000
From:   Nava kishore Manne <navam@...inx.com>
To:     Moritz Fischer <mdf@...nel.org>
CC:     "trix@...hat.com" <trix@...hat.com>,
        "robh+dt@...nel.org" <robh+dt@...nel.org>,
        Michal Simek <michals@...inx.com>,
        "linux-fpga@...r.kernel.org" <linux-fpga@...r.kernel.org>,
        "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        git <git@...inx.com>,
        "chinnikishore369@...il.com" <chinnikishore369@...il.com>
Subject: RE: [PATCH 1/2] fpga: mgr: Adds secure BitStream loading support

Ping!

> -----Original Message-----
> From: Nava kishore Manne <navam@...inx.com>
> Sent: Thursday, April 15, 2021 11:28 AM
> To: Moritz Fischer <mdf@...nel.org>
> Cc: trix@...hat.com; robh+dt@...nel.org; Michal Simek
> <michals@...inx.com>; linux-fpga@...r.kernel.org;
> devicetree@...r.kernel.org; linux-arm-kernel@...ts.infradead.org; linux-
> kernel@...r.kernel.org; git <git@...inx.com>; chinnikishore369@...il.com
> Subject: RE: [PATCH 1/2] fpga: mgr: Adds secure BitStream loading support
> 
> Hi Moritz,
> 
> 	Thanks for providing the review comments.
> Please find my response inline.
> 
> > -----Original Message-----
> > From: Moritz Fischer <mdf@...nel.org>
> > Sent: Thursday, March 4, 2021 4:42 AM
> > To: Moritz Fischer <mdf@...nel.org>
> > Cc: Nava kishore Manne <navam@...inx.com>; trix@...hat.com;
> > robh+dt@...nel.org; Michal Simek <michals@...inx.com>; linux-
> > fpga@...r.kernel.org; devicetree@...r.kernel.org; linux-arm-
> > kernel@...ts.infradead.org; linux-kernel@...r.kernel.org; git
> > <git@...inx.com>; chinnikishore369@...il.com
> > Subject: Re: [PATCH 1/2] fpga: mgr: Adds secure BitStream loading
> > support
> >
> > Hi Nava,
> >
> > On Thu, Jan 21, 2021 at 09:17:10PM -0800, Moritz Fischer wrote:
> > > On Mon, Jan 18, 2021 at 08:20:57AM +0530, Nava kishore Manne wrote:
> > > > This commit adds secure flags to the framework to support secure
> > > > BitStream Loading.
> > > >
> > > > Signed-off-by: Nava kishore Manne <nava.manne@...inx.com>
> > > > ---
> > > >  drivers/fpga/of-fpga-region.c | 10 ++++++++++
> > > > include/linux/fpga/fpga-mgr.h | 12 ++++++++++++
> > > >  2 files changed, 22 insertions(+)
> > > >
> > > > diff --git a/drivers/fpga/of-fpga-region.c
> > > > b/drivers/fpga/of-fpga-region.c index e405309baadc..3a5eb4808888
> > > > 100644
> > > > --- a/drivers/fpga/of-fpga-region.c
> > > > +++ b/drivers/fpga/of-fpga-region.c
> > > > @@ -228,6 +228,16 @@ static struct fpga_image_info
> > *of_fpga_region_parse_ov(
> > > >  	if (of_property_read_bool(overlay, "encrypted-fpga-config"))
> > > >  		info->flags |= FPGA_MGR_ENCRYPTED_BITSTREAM;
> > > >
> > > > +	if (of_property_read_bool(overlay, "userkey-encrypted-fpga-
> > config"))
> > > > +		info->flags |=
> > FPGA_MGR_USERKEY_ENCRYPTED_BITSTREAM;
> > >
> > > Can this just be encrypted-fpga-config/FPGA_MGR_ENCRYPTED?
> > > > +
> > > > +	if (of_property_read_bool(overlay, "ddrmem-authenticated-fpga-
> > config"))
> > > > +		info->flags |= FPGA_MGR_DDR_MEM_AUTH_BITSTREAM;
> > > > +
> > > > +	if (of_property_read_bool(overlay,
> > > > +				  "securemem-authenticated-fpga-config"))
> > > > +		info->flags |= FPGA_MGR_SECURE_MEM_AUTH_BITSTREAM;
> > Shouldn't all these get binding docs? I remember Richard adding
> > authentication support for an Intel platform, too and I'd like to
> > avoid adding random bindings per vendor.
> >
> > Would it be possible to have an 'authentication method / type' that is
> > more extensible with different methods maybe?
> >
> Yes, I agree this flags should not be a vendor specific we should make it as
> generic.
> can we have flags something like below .
> 1) authenticated-fpga-config --> By default it uses kernel memory(DDR) to
> authenticate the image(FPGA_MGR_MEM_AUTH_BITSTREAM)
> 2) authenticated-onchip-fpga-config --> It uses the On chip memory to
> authenticate the image ( FPGA_MGR_AUTH_ON_CHIP_BITSTREAM)
> 
> if you have any other thoughts let me know will try to adopt the same...
> 
> 
> Regards,
> Navakishore.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ