fpga: zynqmp: support loading encrypted bitfiles
Add supporting new compatible string "u-boot,zynqmp-fpga-enc" to
handle loading encrypted bitfiles.
This feature requires encrypted FSBL, as according to UG1085:
"The CSU automatically locks out the AES key, stored in either BBRAM
or eFUSEs, as a key source to the AES engine if the FSBL is not
encrypted. This prevents using the BBRAM or eFUSE as the key source
to the AES engine during run-time applications."
Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Link: https://lore.kernel.org/r/20220722141614.297383-14-oleksandr.suvorov@foundries.io
Signed-off-by: Michal Simek <michal.simek@amd.com>
diff --git a/drivers/fpga/zynqmppl.c b/drivers/fpga/zynqmppl.c
index fc55d7a..d1491da 100644
--- a/drivers/fpga/zynqmppl.c
+++ b/drivers/fpga/zynqmppl.c
@@ -257,6 +257,11 @@
info.authflag = ZYNQMP_FPGA_AUTH_DDR;
info.encflag = FPGA_NO_ENC_OR_NO_AUTH;
return desc->operations->loads(desc, buf, bsize, &info);
+ case FPGA_XILINX_ZYNQMP_ENC:
+ /* Encryption using device key */
+ info.authflag = FPGA_NO_ENC_OR_NO_AUTH;
+ info.encflag = FPGA_ENC_DEV_KEY;
+ return desc->operations->loads(desc, buf, bsize, &info);
#endif
default:
printf("Unsupported bitstream type %d\n", flags);
@@ -360,6 +365,9 @@
#if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)
if (!strncmp(str, "u-boot,zynqmp-fpga-ddrauth", 26))
return FPGA_XILINX_ZYNQMP_DDRAUTH;
+
+ if (!strncmp(str, "u-boot,zynqmp-fpga-enc", 22))
+ return FPGA_XILINX_ZYNQMP_ENC;
#endif
return 0;
}