lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20231122054404.3764288-2-nava.kishore.manne@amd.com>
Date:   Wed, 22 Nov 2023 11:14:02 +0530
From:   Nava kishore Manne <nava.kishore.manne@....com>
To:     <mdf@...nel.org>, <hao.wu@...el.com>, <yilun.xu@...el.com>,
        <trix@...hat.com>, <robh+dt@...nel.org>,
        <krzysztof.kozlowski+dt@...aro.org>, <conor+dt@...nel.org>,
        <michal.simek@....com>, <mathieu.poirier@...aro.org>,
        <ben.levinsky@....com>, <sai.krishna.potthuri@....com>,
        <tanmay.shah@....com>, <nava.kishore.manne@....com>,
        <dhaval.r.shah@....com>, <arnd@...db.de>,
        <shubhrajyoti.datta@....com>, <linux-fpga@...r.kernel.org>,
        <devicetree@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>
Subject: [RFC PATCH 1/3] dt-bindings: fpga: Add support for user-key encrypted bitstream loading

Adds ‘encrypted-key-name’ property to support user-key encrypted
bitstream loading use case.

Signed-off-by: Nava kishore Manne <nava.kishore.manne@....com>
---
 .../devicetree/bindings/fpga/fpga-region.txt  | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt b/Documentation/devicetree/bindings/fpga/fpga-region.txt
index 528df8a0e6d8..309334558b3f 100644
--- a/Documentation/devicetree/bindings/fpga/fpga-region.txt
+++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt
@@ -177,6 +177,9 @@ Optional properties:
 	it indicates that the FPGA has already been programmed with this image.
 	If this property is in an overlay targeting an FPGA region, it is a
 	request to program the FPGA with that image.
+- encrypted-key-name : should contain the name of an encrypted key file located
+	on the firmware search path. It will be used to decrypt the FPGA image
+	file with user-key.
 - fpga-bridges : should contain a list of phandles to FPGA Bridges that must be
 	controlled during FPGA programming along with the parent FPGA bridge.
 	This property is optional if the FPGA Manager handles the bridges.
@@ -459,6 +462,35 @@ programming is the FPGA based bridge of fpga_region1.
 	};
 };
 
+Device Tree Example: Configure/Reconfigure Encrypted Image With User Key
+========================================================================
+
+Users can encrypt FPGA configuration Images with their own key. While decrypting
+the configuration Image the user needs to provide the same key.
+"encrypted-key-name" Specifies the name of the FPGA image encrypted key file on
+the firmware search path. The search path is described in the firmware class
+documentation.
+
+/dts-v1/;
+/plugin/;
+
+&fpga_region0 {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	firmware-name = "soc_image2.rbf";
+	encrypted-key-name = "key.nky";
+
+	gpio@...40 {
+		compatible = "altr,pio-1.0";
+		reg = <0x10040 0x20>;
+		clocks = <0x2>;
+		altr,ngpio = <0x4>;
+		#gpio-cells = <0x2>;
+		gpio-controller;
+	};
+};
+
 Constraints
 ===========
 
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ