lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231122-exert-gleeful-e4476851c489@spud>
Date:   Wed, 22 Nov 2023 16:50:37 +0000
From:   Conor Dooley <conor@...nel.org>
To:     Nava kishore Manne <nava.kishore.manne@....com>
Cc:     mdf@...nel.org, hao.wu@...el.com, yilun.xu@...el.com,
        trix@...hat.com, robh+dt@...nel.org,
        krzysztof.kozlowski+dt@...aro.org, conor+dt@...nel.org,
        michal.simek@....com, mathieu.poirier@...aro.org,
        ben.levinsky@....com, sai.krishna.potthuri@....com,
        tanmay.shah@....com, dhaval.r.shah@....com, arnd@...db.de,
        shubhrajyoti.datta@....com, linux-fpga@...r.kernel.org,
        devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [RFC PATCH 1/3] dt-bindings: fpga: Add support for user-key
 encrypted bitstream loading

On Wed, Nov 22, 2023 at 11:14:02AM +0530, Nava kishore Manne wrote:
> Adds ‘encrypted-key-name’ property to support user-key encrypted
> bitstream loading use case.
> 
> Signed-off-by: Nava kishore Manne <nava.kishore.manne@....com>
> ---
>  .../devicetree/bindings/fpga/fpga-region.txt  | 32 +++++++++++++++++++

Is there a reason that this has not yet been converted to yaml?

>  1 file changed, 32 insertions(+)
> 
> diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> index 528df8a0e6d8..309334558b3f 100644
> --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
> +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
> @@ -177,6 +177,9 @@ Optional properties:
>  	it indicates that the FPGA has already been programmed with this image.
>  	If this property is in an overlay targeting an FPGA region, it is a
>  	request to program the FPGA with that image.
> +- encrypted-key-name : should contain the name of an encrypted key file located
> +	on the firmware search path. It will be used to decrypt the FPGA image
> +	file with user-key.

I might be misreading things, but your driver code seems to assume that
this is an aes key. Nothing here seems to document that this is supposed
to be a key of a particular type.

Cheers,
Conor.

>  - fpga-bridges : should contain a list of phandles to FPGA Bridges that must be
>  	controlled during FPGA programming along with the parent FPGA bridge.
>  	This property is optional if the FPGA Manager handles the bridges.
> @@ -459,6 +462,35 @@ programming is the FPGA based bridge of fpga_region1.
>  	};
>  };
>  
> +Device Tree Example: Configure/Reconfigure Encrypted Image With User Key
> +========================================================================
> +
> +Users can encrypt FPGA configuration Images with their own key. While decrypting
> +the configuration Image the user needs to provide the same key.
> +"encrypted-key-name" Specifies the name of the FPGA image encrypted key file on
> +the firmware search path. The search path is described in the firmware class
> +documentation.
> +
> +/dts-v1/;
> +/plugin/;
> +
> +&fpga_region0 {
> +	#address-cells = <1>;
> +	#size-cells = <1>;
> +
> +	firmware-name = "soc_image2.rbf";
> +	encrypted-key-name = "key.nky";
> +
> +	gpio@...40 {
> +		compatible = "altr,pio-1.0";
> +		reg = <0x10040 0x20>;
> +		clocks = <0x2>;
> +		altr,ngpio = <0x4>;
> +		#gpio-cells = <0x2>;
> +		gpio-controller;
> +	};
> +};
> +
>  Constraints
>  ===========
>  
> -- 
> 2.25.1
> 

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ