fpga: zynqmp: Add secure bitstream loading for ZynqMP
authorSiva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Thu, 31 May 2018 09:40:23 +0000 (15:10 +0530)
committerMichal Simek <michal.simek@xilinx.com>
Fri, 1 Jun 2018 09:37:31 +0000 (11:37 +0200)
This patch adds support for loading secure bitstreams on ZynqMP
platforms. The secure bitstream images has to be generated using
Xilinx bootgen tool.

Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
arch/arm/include/asm/arch-zynqmp/sys_proto.h
configs/xilinx_zynqmp_zcu102_rev1_0_defconfig
drivers/fpga/xilinx.c
drivers/fpga/zynqmppl.c
include/xilinx.h
include/zynqmppl.h

index 6056bc6c0c56b72390421b51aa32eaf5ff70c17c..773b930512bc2d0c7eb6ca1b809c6ef3ef183273 100644 (file)
 #define ZYNQMP_SIP_SVC_PM_SECURE_IMG_LOAD      0xC200002D
 #define KEY_PTR_LEN    32
 
+#define ZYNQMP_FPGA_BIT_AUTH_DDR       1
+#define ZYNQMP_FPGA_BIT_AUTH_OCM       2
+#define ZYNQMP_FPGA_BIT_ENC_USR_KEY    3
+#define ZYNQMP_FPGA_BIT_ENC_DEV_KEY    4
 #define ZYNQMP_FPGA_BIT_NS             5
 
+#define ZYNQMP_FPGA_AUTH_DDR   1
+
 enum {
        IDCODE,
        VERSION,
index 4cb3959f3626b655e1baddcfb64009839187b403..1379f14e013b073cbed4ace3cd99ef9e20b9e81e 100644 (file)
@@ -31,6 +31,7 @@ CONFIG_CMD_DFU=y
 # CONFIG_CMD_FLASH is not set
 CONFIG_CMD_FPGA_LOADBP=y
 CONFIG_CMD_FPGA_LOADP=y
+CONFIG_CMD_FPGA_LOAD_SECURE=y
 CONFIG_CMD_GPIO=y
 CONFIG_CMD_GPT=y
 CONFIG_CMD_I2C=y
index 724304a5451d359eaa8b4c8f8c0ca311fc0766ad..f5135504eeb60748d0e073e678710644fb437489 100644 (file)
@@ -171,6 +171,24 @@ int xilinx_loadfs(xilinx_desc *desc, const void *buf, size_t bsize,
 }
 #endif
 
+#if defined(CONFIG_CMD_FPGA_LOAD_SECURE)
+int xilinx_loads(xilinx_desc *desc, const void *buf, size_t bsize,
+                struct fpga_secure_info *fpga_sec_info)
+{
+       if (!xilinx_validate(desc, (char *)__func__)) {
+               printf("%s: Invalid device descriptor\n", __func__);
+               return FPGA_FAIL;
+       }
+
+       if (!desc->operations || !desc->operations->loads) {
+               printf("%s: Missing loads operation\n", __func__);
+               return FPGA_FAIL;
+       }
+
+       return desc->operations->loads(desc, buf, bsize, fpga_sec_info);
+}
+#endif
+
 int xilinx_dump(xilinx_desc *desc, const void *buf, size_t bsize)
 {
        if (!xilinx_validate (desc, (char *)__FUNCTION__)) {
index b57623b6a7567044b513a6e9a53955c0f4ceecbb..03ffa8c11f2c7d11887199b904c4174772960aef 100644 (file)
@@ -223,6 +223,51 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize,
        return ret;
 }
 
+#if defined(CONFIG_CMD_FPGA_LOAD_SECURE) && !defined(CONFIG_SPL_BUILD)
+static int zynqmp_loads(xilinx_desc *desc, const void *buf, size_t bsize,
+                       struct fpga_secure_info *fpga_sec_info)
+{
+       int ret;
+       u32 buf_lo, buf_hi;
+       u32 ret_payload[PAYLOAD_ARG_CNT];
+       u8 flag = 0;
+
+       flush_dcache_range((ulong)buf, (ulong)buf +
+                          ALIGN(bsize, CONFIG_SYS_CACHELINE_SIZE));
+
+       if (!fpga_sec_info->encflag)
+               flag |= BIT(ZYNQMP_FPGA_BIT_ENC_DEV_KEY);
+
+       if (fpga_sec_info->userkey_addr &&
+           fpga_sec_info->encflag == FPGA_ENC_USR_KEY) {
+               flush_dcache_range((ulong)fpga_sec_info->userkey_addr,
+                                  (ulong)fpga_sec_info->userkey_addr +
+                                  ALIGN(KEY_PTR_LEN,
+                                        CONFIG_SYS_CACHELINE_SIZE));
+               flag |= BIT(ZYNQMP_FPGA_BIT_ENC_USR_KEY);
+       }
+
+       if (!fpga_sec_info->authflag)
+               flag |= BIT(ZYNQMP_FPGA_BIT_AUTH_OCM);
+
+       if (fpga_sec_info->authflag == ZYNQMP_FPGA_AUTH_DDR)
+               flag |= BIT(ZYNQMP_FPGA_BIT_AUTH_DDR);
+
+       buf_lo = lower_32_bits((ulong)buf);
+       buf_hi = upper_32_bits((ulong)buf);
+
+       ret = invoke_smc(ZYNQMP_SIP_SVC_PM_FPGA_LOAD, buf_lo, buf_hi,
+                        (u32)(uintptr_t)fpga_sec_info->userkey_addr,
+                        flag, ret_payload);
+       if (ret)
+               puts("PL FPGA LOAD fail\n");
+       else
+               puts("Bitstream successfully loaded\n");
+
+       return ret;
+}
+#endif
+
 static int zynqmp_pcap_info(xilinx_desc *desc)
 {
        int ret;
@@ -238,5 +283,8 @@ static int zynqmp_pcap_info(xilinx_desc *desc)
 
 struct xilinx_fpga_op zynqmp_op = {
        .load = zynqmp_load,
+#if defined CONFIG_CMD_FPGA_LOAD_SECURE
+       .loads = zynqmp_loads,
+#endif
        .info = zynqmp_pcap_info,
 };
index 9429f51b48aeeb82606012b3b36ca34fc93ffb3e..af40befa52de5999c40913847abb556a42382c82 100644 (file)
@@ -48,6 +48,8 @@ typedef struct {              /* typedef xilinx_desc */
 struct xilinx_fpga_op {
        int (*load)(xilinx_desc *, const void *, size_t, bitstream_type);
        int (*loadfs)(xilinx_desc *, const void *, size_t, fpga_fs_info *);
+       int (*loads)(xilinx_desc *desc, const void *buf, size_t bsize,
+                    struct fpga_secure_info *fpga_sec_info);
        int (*dump)(xilinx_desc *, const void *, size_t);
        int (*info)(xilinx_desc *);
 };
@@ -60,6 +62,8 @@ int xilinx_dump(xilinx_desc *desc, const void *buf, size_t bsize);
 int xilinx_info(xilinx_desc *desc);
 int xilinx_loadfs(xilinx_desc *desc, const void *buf, size_t bsize,
                  fpga_fs_info *fpga_fsinfo);
+int xilinx_loads(xilinx_desc *desc, const void *buf, size_t bsize,
+                struct fpga_secure_info *fpga_sec_info);
 
 /* Board specific implementation specific function types
  *********************************************************************/
index a0f4e68a0c193e361726e465ad983d2356deb648..5214db99fba769b2ae8dbeba111cefacc7f2cced 100644 (file)
@@ -16,6 +16,9 @@
 #define ZYNQMP_FPGA_OP_LOAD                    (1 << 1)
 #define ZYNQMP_FPGA_OP_DONE                    (1 << 2)
 
+#define ZYNQMP_FPGA_FLAG_AUTHENTICATED         BIT(2)
+#define ZYNQMP_FPGA_FLAG_ENCRYPTED             BIT(3)
+
 #define ZYNQMP_CSU_IDCODE_DEVICE_CODE_SHIFT    15
 #define ZYNQMP_CSU_IDCODE_DEVICE_CODE_MASK     (0xf << \
                                        ZYNQMP_CSU_IDCODE_DEVICE_CODE_SHIFT)