[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAL_Jsq+mHsrgQOrT48gaoqBOUuMf5mxeVauM74RDxELiA8fXKg@mail.gmail.com>
Date: Thu, 13 May 2021 09:34:43 -0500
From: Rob Herring <robh@...nel.org>
To: Nava kishore Manne <navam@...inx.com>
Cc: "mdf@...nel.org" <mdf@...nel.org>,
"trix@...hat.com" <trix@...hat.com>,
Michal Simek <michals@...inx.com>,
"arnd@...db.de" <arnd@...db.de>, Rajan Vaja <RAJANV@...inx.com>,
"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"linus.walleij@...aro.org" <linus.walleij@...aro.org>,
Amit Sunil Dhamne <amitsuni@...x.xilinx.com>,
Tejas Patel <tejasp@...x.xilinx.com>,
"zou_wei@...wei.com" <zou_wei@...wei.com>,
Manish Narani <MNARANI@...inx.com>,
Sai Krishna Potthuri <lakshmis@...inx.com>,
Jiaying Liang <jliang@...inx.com>,
"linux-fpga@...r.kernel.org" <linux-fpga@...r.kernel.org>,
"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>, git <git@...inx.com>,
"chinnikishore369@...il.com" <chinnikishore369@...il.com>
Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support user-key
encrypted bitstream loading
On Thu, May 13, 2021 at 5:55 AM Nava kishore Manne <navam@...inx.com> wrote:
>
> Hi Rob,
>
> Please find my response inline.
>
> > -----Original Message-----
> > From: Rob Herring <robh@...nel.org>
> > Sent: Thursday, May 13, 2021 8:01 AM
> > To: Nava kishore Manne <navam@...inx.com>
> > Cc: mdf@...nel.org; trix@...hat.com; Michal Simek <michals@...inx.com>;
> > arnd@...db.de; Rajan Vaja <RAJANV@...inx.com>;
> > gregkh@...uxfoundation.org; linus.walleij@...aro.org; Amit Sunil Dhamne
> > <amitsuni@...x.xilinx.com>; Tejas Patel <tejasp@...x.xilinx.com>;
> > zou_wei@...wei.com; Manish Narani <MNARANI@...inx.com>; Sai Krishna
> > Potthuri <lakshmis@...inx.com>; Jiaying Liang <jliang@...inx.com>; linux-
> > fpga@...r.kernel.org; devicetree@...r.kernel.org; linux-
> > kernel@...r.kernel.org; linux-arm-kernel@...ts.infradead.org; git
> > <git@...inx.com>; chinnikishore369@...il.com
> > Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support user-key
> > encrypted bitstream loading
> >
> > On Tue, May 04, 2021 at 03:52:25PM +0530, Nava kishore Manne wrote:
> > > This patch Adds ‘encrypted-key-name’ and
> > > ‘encrypted-user-key-fpga-config’ properties to support user-key
> > > encrypted bitstream loading use case.
> > >
> > > Signed-off-by: Nava kishore Manne <nava.manne@...inx.com>
> > > ---
> > > Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++
> > > 1 file changed, 5 insertions(+)
> > >
> > > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > > b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > > index d787d57491a1..957dc6cbcd9e 100644
> > > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > > @@ -177,6 +177,9 @@ Optional properties:
> > > it indicates that the FPGA has already been programmed with this
> > image.
> > > If this property is in an overlay targeting a FPGA region, it is a
> > > request to program the FPGA with that image.
> > > +- encrypted-key-name : should contain the name of an encrypted key file
> > located
> > > + on the firmware search path. It will be used to decrypt the FPGA
> > image
> > > + file.
> > > - fpga-bridges : should contain a list of phandles to FPGA Bridges that must
> > be
> > > controlled during FPGA programming along with the parent FPGA
> > bridge.
> > > This property is optional if the FPGA Manager handles the bridges.
> > > @@ -187,6 +190,8 @@ Optional properties:
> > > - external-fpga-config : boolean, set if the FPGA has already been
> > configured
> > > prior to OS boot up.
> > > - encrypted-fpga-config : boolean, set if the bitstream is encrypted
> > > +- encrypted-user-key-fpga-config : boolean, set if the bitstream is
> > encrypted
> > > + with user key.
> >
> > What's the relationship with encrypted-fpga-config? Both present or
> > mutually exclusive? Couldn't this be implied by encrypted-key-name being
> > present?
> >
>
> In Encryption we have two kinds of use case one is Encrypted Bitstream loading with Device-key and
> Other one is Encrypted Bitstream loading with User-key. encrypted-fpga-config and encrypted-user-key-fpga-config
> are mutually exclusive. To differentiate both the use cases I have added this new flag and Aes Key file(encrypted-key-name)
> is needed only for encrypted-user-key-fpga-config use cases.
If encrypted-key-name is required for a user key, then why do you need
encrypted-user-key-fpga-config also?
IOW, why have 3 properties (that's 9 possible combinations) for 2 modes?
Rob
Powered by blists - more mailing lists