patches.socfpga/0047-fpga-zynq-Add-support-for-encrypted-bitstreams.patch - pub/scm/linux/kernel/git/geert/ltsi-kernel - Git at Google

 From 478e30d8b329c3c6212e903e6ba68997e2f0582a Mon Sep 17 00:00:00 2001
 From: Moritz Fischer <mdf@kernel.org>
 Date: Mon, 27 Feb 2017 09:19:01 -0600
 Subject: [PATCH 047/103] fpga: zynq: Add support for encrypted bitstreams

 Add support for encrypted bitstreams. For this to work the system
 must be booted in secure mode.

 In order for on-the-fly decryption to work, the PCAP clock rate
 needs to be lowered via the PCAP_RATE_EN bit.

 Signed-off-by: Moritz Fischer <mdf@kernel.org>
 Acked-by: Michal Simek <michal.simek@xilinx.com>
 Signed-off-by: Alan Tull <atull@kernel.org>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  drivers/fpga/zynq-fpga.c |   28 +++++++++++++++++++++++++---
  1 file changed, 25 insertions(+), 3 deletions(-)

 --- a/drivers/fpga/zynq-fpga.c
 +++ b/drivers/fpga/zynq-fpga.c
 @@ -72,6 +72,10 @@
  #define CTRL_PCAP_PR_MASK		BIT(27)
  /* Enable PCAP */
  #define CTRL_PCAP_MODE_MASK		BIT(26)
 +/* Lower rate to allow decrypt on the fly */
 +#define CTRL_PCAP_RATE_EN_MASK		BIT(25)
 +/* System booted in secure mode */
 +#define CTRL_SEC_EN_MASK		BIT(7)

  /* Miscellaneous Control Register bit definitions */
  /* Internal PCAP loopback */
 @@ -266,6 +270,17 @@ static int zynq_fpga_ops_write_init(stru
  	if (err)
  		return err;

 +	/* check if bitstream is encrypted & and system's still secure */
 +	if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM) {
 +		ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
 +		if (!(ctrl & CTRL_SEC_EN_MASK)) {
 +			dev_err(&mgr->dev,
 +				"System not secure, can't use crypted bitstreams\n");
 +			err = -EINVAL;
 +			goto out_err;
 +		}
 +	}
 +
  	/* don't globally reset PL if we're doing partial reconfig */
  	if (!(info->flags & FPGA_MGR_PARTIAL_RECONFIG)) {
  		if (!zynq_fpga_has_sync(buf, count)) {
 @@ -337,12 +352,19 @@ static int zynq_fpga_ops_write_init(stru

  	/* set configuration register with following options:
  	 * - enable PCAP interface
 -	 * - set throughput for maximum speed
 +	 * - set throughput for maximum speed (if bistream not crypted)
  	 * - set CPU in user mode
  	 */
  	ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
 -	zynq_fpga_write(priv, CTRL_OFFSET,
 -			(CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl));
 +	if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM)
 +		zynq_fpga_write(priv, CTRL_OFFSET,
 +				(CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK
 +				 | CTRL_PCAP_RATE_EN_MASK | ctrl));
 +	else
 +		zynq_fpga_write(priv, CTRL_OFFSET,
 +				(CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK
 +				 | ctrl));
 +

  	/* We expect that the command queue is empty right now. */
  	status = zynq_fpga_read(priv, STATUS_OFFSET);
	From 478e30d8b329c3c6212e903e6ba68997e2f0582a Mon Sep 17 00:00:00 2001
	From: Moritz Fischer <mdf@kernel.org>
	Date: Mon, 27 Feb 2017 09:19:01 -0600
	Subject: [PATCH 047/103] fpga: zynq: Add support for encrypted bitstreams

	Add support for encrypted bitstreams. For this to work the system
	must be booted in secure mode.

	In order for on-the-fly decryption to work, the PCAP clock rate
	needs to be lowered via the PCAP_RATE_EN bit.

	Signed-off-by: Moritz Fischer <mdf@kernel.org>
	Acked-by: Michal Simek <michal.simek@xilinx.com>
	Signed-off-by: Alan Tull <atull@kernel.org>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	drivers/fpga/zynq-fpga.c \| 28 +++++++++++++++++++++++++---
	1 file changed, 25 insertions(+), 3 deletions(-)

	--- a/drivers/fpga/zynq-fpga.c
	+++ b/drivers/fpga/zynq-fpga.c
	@@ -72,6 +72,10 @@
	#define CTRL_PCAP_PR_MASK BIT(27)
	/* Enable PCAP */
	#define CTRL_PCAP_MODE_MASK BIT(26)
	+/* Lower rate to allow decrypt on the fly */
	+#define CTRL_PCAP_RATE_EN_MASK BIT(25)
	+/* System booted in secure mode */
	+#define CTRL_SEC_EN_MASK BIT(7)

	/* Miscellaneous Control Register bit definitions */
	/* Internal PCAP loopback */
	@@ -266,6 +270,17 @@ static int zynq_fpga_ops_write_init(stru
	if (err)
	return err;

	+ /* check if bitstream is encrypted & and system's still secure */
	+ if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM) {
	+ ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
	+ if (!(ctrl & CTRL_SEC_EN_MASK)) {
	+ dev_err(&mgr->dev,
	+ "System not secure, can't use crypted bitstreams\n");
	+ err = -EINVAL;
	+ goto out_err;
	+ }
	+ }
	+
	/* don't globally reset PL if we're doing partial reconfig */
	if (!(info->flags & FPGA_MGR_PARTIAL_RECONFIG)) {
	if (!zynq_fpga_has_sync(buf, count)) {
	@@ -337,12 +352,19 @@ static int zynq_fpga_ops_write_init(stru

	/* set configuration register with following options:
	* - enable PCAP interface
	- * - set throughput for maximum speed
	+ * - set throughput for maximum speed (if bistream not crypted)
	* - set CPU in user mode
	*/
	ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
	- zynq_fpga_write(priv, CTRL_OFFSET,
	- (CTRL_PCAP_PR_MASK \| CTRL_PCAP_MODE_MASK \| ctrl));
	+ if (info->flags & FPGA_MGR_ENCRYPTED_BITSTREAM)
	+ zynq_fpga_write(priv, CTRL_OFFSET,
	+ (CTRL_PCAP_PR_MASK \| CTRL_PCAP_MODE_MASK
	+ \| CTRL_PCAP_RATE_EN_MASK \| ctrl));
	+ else
	+ zynq_fpga_write(priv, CTRL_OFFSET,
	+ (CTRL_PCAP_PR_MASK \| CTRL_PCAP_MODE_MASK
	+ \| ctrl));
	+

	/* We expect that the command queue is empty right now. */
	status = zynq_fpga_read(priv, STATUS_OFFSET);