lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 27 May 2021 10:50:36 +0000
From:   Nava kishore Manne <navam@...inx.com>
To:     Rob Herring <robh@...nel.org>
CC:     "mdf@...nel.org" <mdf@...nel.org>,
        "trix@...hat.com" <trix@...hat.com>,
        Michal Simek <michals@...inx.com>,
        "arnd@...db.de" <arnd@...db.de>, Rajan Vaja <RAJANV@...inx.com>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "linus.walleij@...aro.org" <linus.walleij@...aro.org>,
        Amit Sunil Dhamne <amitsuni@...x.xilinx.com>,
        Tejas Patel <tejasp@...x.xilinx.com>,
        "zou_wei@...wei.com" <zou_wei@...wei.com>,
        Manish Narani <MNARANI@...inx.com>,
        Sai Krishna Potthuri <lakshmis@...inx.com>,
        Jiaying Liang <jliang@...inx.com>,
        "linux-fpga@...r.kernel.org" <linux-fpga@...r.kernel.org>,
        "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>, git <git@...inx.com>,
        "chinnikishore369@...il.com" <chinnikishore369@...il.com>
Subject: RE: [RFC PATCH 2/4] fpga: Add new properties to support user-key
 encrypted bitstream loading

Hi Rob,

	Please find my response inline.

> -----Original Message-----
> From: Rob Herring <robh@...nel.org>
> Sent: Thursday, May 13, 2021 8:05 PM
> To: Nava kishore Manne <navam@...inx.com>
> Cc: mdf@...nel.org; trix@...hat.com; Michal Simek <michals@...inx.com>;
> arnd@...db.de; Rajan Vaja <RAJANV@...inx.com>;
> gregkh@...uxfoundation.org; linus.walleij@...aro.org; Amit Sunil Dhamne
> <amitsuni@...x.xilinx.com>; Tejas Patel <tejasp@...x.xilinx.com>;
> zou_wei@...wei.com; Manish Narani <MNARANI@...inx.com>; Sai Krishna
> Potthuri <lakshmis@...inx.com>; Jiaying Liang <jliang@...inx.com>; linux-
> fpga@...r.kernel.org; devicetree@...r.kernel.org; linux-
> kernel@...r.kernel.org; linux-arm-kernel@...ts.infradead.org; git
> <git@...inx.com>; chinnikishore369@...il.com
> Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support user-key
> encrypted bitstream loading
> 
> On Thu, May 13, 2021 at 5:55 AM Nava kishore Manne <navam@...inx.com>
> wrote:
> >
> > Hi Rob,
> >
> >         Please find my response inline.
> >
> > > -----Original Message-----
> > > From: Rob Herring <robh@...nel.org>
> > > Sent: Thursday, May 13, 2021 8:01 AM
> > > To: Nava kishore Manne <navam@...inx.com>
> > > Cc: mdf@...nel.org; trix@...hat.com; Michal Simek
> > > <michals@...inx.com>; arnd@...db.de; Rajan Vaja
> <RAJANV@...inx.com>;
> > > gregkh@...uxfoundation.org; linus.walleij@...aro.org; Amit Sunil
> > > Dhamne <amitsuni@...x.xilinx.com>; Tejas Patel
> > > <tejasp@...x.xilinx.com>; zou_wei@...wei.com; Manish Narani
> > > <MNARANI@...inx.com>; Sai Krishna Potthuri <lakshmis@...inx.com>;
> > > Jiaying Liang <jliang@...inx.com>; linux- fpga@...r.kernel.org;
> > > devicetree@...r.kernel.org; linux- kernel@...r.kernel.org;
> > > linux-arm-kernel@...ts.infradead.org; git <git@...inx.com>;
> > > chinnikishore369@...il.com
> > > Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support
> > > user-key encrypted bitstream loading
> > >
> > > On Tue, May 04, 2021 at 03:52:25PM +0530, Nava kishore Manne wrote:
> > > > This patch Adds ‘encrypted-key-name’ and
> > > > ‘encrypted-user-key-fpga-config’ properties to support user-key
> > > > encrypted bitstream loading use case.
> > > >
> > > > Signed-off-by: Nava kishore Manne <nava.manne@...inx.com>
> > > > ---
> > > >  Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++
> > > >  1 file changed, 5 insertions(+)
> > > >
> > > > diff --git
> > > > a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > > > b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > > > index d787d57491a1..957dc6cbcd9e 100644
> > > > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > > > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> > > > @@ -177,6 +177,9 @@ Optional properties:
> > > >     it indicates that the FPGA has already been programmed with
> > > > this
> > > image.
> > > >     If this property is in an overlay targeting a FPGA region, it is a
> > > >     request to program the FPGA with that image.
> > > > +- encrypted-key-name : should contain the name of an encrypted
> > > > +key file
> > > located
> > > > +   on the firmware search path. It will be used to decrypt the
> > > > + FPGA
> > > image
> > > > +   file.
> > > >  - fpga-bridges : should contain a list of phandles to FPGA
> > > > Bridges that must
> > > be
> > > >     controlled during FPGA programming along with the parent FPGA
> > > bridge.
> > > >     This property is optional if the FPGA Manager handles the bridges.
> > > > @@ -187,6 +190,8 @@ Optional properties:
> > > >  - external-fpga-config : boolean, set if the FPGA has already
> > > > been
> > > configured
> > > >     prior to OS boot up.
> > > >  - encrypted-fpga-config : boolean, set if the bitstream is
> > > > encrypted
> > > > +- encrypted-user-key-fpga-config : boolean, set if the bitstream
> > > > +is
> > > encrypted
> > > > +   with user key.
> > >
> > > What's the relationship with encrypted-fpga-config? Both present or
> > > mutually exclusive? Couldn't this be implied by encrypted-key-name
> > > being present?
> > >
> >
> > In Encryption we have two kinds of use case one is Encrypted Bitstream
> > loading with Device-key and Other one is Encrypted Bitstream loading
> > with User-key. encrypted-fpga-config and
> > encrypted-user-key-fpga-config are mutually exclusive. To differentiate
> both the use cases I have added this new flag and Aes Key file(encrypted-key-
> name) is needed only for encrypted-user-key-fpga-config use cases.
> 
> If encrypted-key-name is required for a user key, then why do you need
> encrypted-user-key-fpga-config also?
> 
> IOW, why have 3 properties (that's 9 possible combinations) for 2 modes?
> 

Agree, we can use encrypted-key-name for user-key use cases instead of having both encrypted-key-name and encrypted-user-key-fpga-config flags.
Will fix this issue in v2.

Regards,
Navakishore.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ