cmd: fpga: Add support to load secure bitstreams

This patch adds support to load secure bitstreams(authenticated or
encrypted or both). As of now, this feature is added and tested only
for xilinx bitstreams and the secure bitstream was generated using
xilinx bootgen tool, but the command is defined in more generic way.

Command example to load authenticated and device key
encrypted bitstream is as follows
"fpga loads 0 100000 2000000 0 1"

Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This commit is contained in:
Siva Durga Prasad Paladugu
2018-05-31 15:10:22 +05:30
committed by Michal Simek
parent f5953610bf
commit cedd48e2cd
4 changed files with 108 additions and 1 deletions

View File

@@ -27,6 +27,7 @@ enum {
FPGA_LOADP,
FPGA_LOADBP,
FPGA_LOADFS,
FPGA_LOADS,
};
/* ------------------------------------------------------------------------- */
@@ -54,6 +55,11 @@ int do_fpga(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
fpga_fs_info fpga_fsinfo;
fpga_fsinfo.fstype = FS_TYPE_ANY;
#endif
#if defined(CONFIG_CMD_FPGA_LOAD_SECURE)
struct fpga_secure_info fpga_sec_info;
memset(&fpga_sec_info, 0, sizeof(fpga_sec_info));
#endif
if (devstr)
dev = (int) simple_strtoul(devstr, NULL, 16);
@@ -79,6 +85,19 @@ int do_fpga(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
fpga_fsinfo.filename = argv[8];
argc = 5;
break;
#endif
#if defined(CONFIG_CMD_FPGA_LOAD_SECURE)
case FPGA_LOADS:
if (argc < 7)
return CMD_RET_USAGE;
if (argc == 8)
fpga_sec_info.userkey_addr = (u8 *)(uintptr_t)
simple_strtoull(argv[7],
NULL, 16);
fpga_sec_info.encflag = (u8)simple_strtoul(argv[6], NULL, 16);
fpga_sec_info.authflag = (u8)simple_strtoul(argv[5], NULL, 16);
argc = 5;
break;
#endif
default:
break;
@@ -150,6 +169,22 @@ int do_fpga(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
if (!fpga_fsinfo.interface || !fpga_fsinfo.dev_part ||
!fpga_fsinfo.filename)
wrong_parms = 1;
break;
#endif
#if defined(CONFIG_CMD_FPGA_LOAD_SECURE)
case FPGA_LOADS:
if (fpga_sec_info.authflag >= FPGA_NO_ENC_OR_NO_AUTH &&
fpga_sec_info.encflag >= FPGA_NO_ENC_OR_NO_AUTH) {
puts("ERR: use <fpga load> for NonSecure bitstream\n");
wrong_parms = 1;
}
if (fpga_sec_info.encflag == FPGA_ENC_USR_KEY &&
!fpga_sec_info.userkey_addr) {
wrong_parms = 1;
puts("ERR:User key not provided\n");
}
break;
#endif
case FPGA_LOAD:
case FPGA_LOADP:
@@ -206,6 +241,12 @@ int do_fpga(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
break;
#endif
#if defined(CONFIG_CMD_FPGA_LOAD_SECURE)
case FPGA_LOADS:
rc = fpga_loads(dev, fpga_data, data_size, &fpga_sec_info);
break;
#endif
#if defined(CONFIG_CMD_FPGA_LOADMK)
case FPGA_LOADMK:
switch (genimg_get_format(fpga_data)) {
@@ -339,6 +380,10 @@ static int fpga_get_op(char *opstr)
#endif
else if (!strcmp("dump", opstr))
op = FPGA_DUMP;
#if defined(CONFIG_CMD_FPGA_LOAD_SECURE)
else if (!strcmp("loads", opstr))
op = FPGA_LOADS;
#endif
if (op == FPGA_NONE)
printf("Unknown fpga operation \"%s\"\n", opstr);
@@ -346,7 +391,7 @@ static int fpga_get_op(char *opstr)
return op;
}
#if defined(CONFIG_CMD_FPGA_LOADFS)
#if defined(CONFIG_CMD_FPGA_LOADFS) || defined(CONFIG_CMD_FPGA_LOAD_SECURE)
U_BOOT_CMD(fpga, 9, 1, do_fpga,
#else
U_BOOT_CMD(fpga, 6, 1, do_fpga,
@@ -381,4 +426,19 @@ U_BOOT_CMD(fpga, 6, 1, do_fpga,
"\tsubimage unit name in the form of addr:<subimg_uname>"
#endif
#endif
#if defined(CONFIG_CMD_FPGA_LOAD_SECURE)
"Load encrypted bitstream (Xilinx only)\n"
" loads [dev] [address] [size] [auth-OCM-0/DDR-1/noauth-2]\n"
" [enc-devkey(0)/userkey(1)/nenc(2) [Userkey address]\n"
"Loads the secure bistreams(authenticated/encrypted/both\n"
"authenticated and encrypted) of [size] from [address].\n"
"The auth-OCM/DDR flag specifies to perform authentication\n"
"in OCM or in DDR. 0 for OCM, 1 for DDR, 2 for no authentication.\n"
"The enc flag specifies which key to be used for decryption\n"
"0-device key, 1-user key, 2-no encryption.\n"
"The optional Userkey address specifies from which address key\n"
"has to be used for decryption if user key is selected.\n"
"NOTE: the sceure bitstream has to be created using xilinx\n"
"bootgen tool only.\n"
#endif
);