On Thu, May 13, 2021 at 5:55 AM Nava kishore Manne <navam@xxxxxxxxxx> wrote: > > Hi Rob, > > Please find my response inline. > > > -----Original Message----- > > From: Rob Herring <robh@xxxxxxxxxx> > > Sent: Thursday, May 13, 2021 8:01 AM > > To: Nava kishore Manne <navam@xxxxxxxxxx> > > Cc: mdf@xxxxxxxxxx; trix@xxxxxxxxxx; Michal Simek <michals@xxxxxxxxxx>; > > arnd@xxxxxxxx; Rajan Vaja <RAJANV@xxxxxxxxxx>; > > gregkh@xxxxxxxxxxxxxxxxxxx; linus.walleij@xxxxxxxxxx; Amit Sunil Dhamne > > <amitsuni@xxxxxxxxxxxxxxx>; Tejas Patel <tejasp@xxxxxxxxxxxxxxx>; > > zou_wei@xxxxxxxxxx; Manish Narani <MNARANI@xxxxxxxxxx>; Sai Krishna > > Potthuri <lakshmis@xxxxxxxxxx>; Jiaying Liang <jliang@xxxxxxxxxx>; linux- > > fpga@xxxxxxxxxxxxxxx; devicetree@xxxxxxxxxxxxxxx; linux- > > kernel@xxxxxxxxxxxxxxx; linux-arm-kernel@xxxxxxxxxxxxxxxxxxx; git > > <git@xxxxxxxxxx>; chinnikishore369@xxxxxxxxx > > Subject: Re: [RFC PATCH 2/4] fpga: Add new properties to support user-key > > encrypted bitstream loading > > > > On Tue, May 04, 2021 at 03:52:25PM +0530, Nava kishore Manne wrote: > > > This patch Adds ‘encrypted-key-name’ and > > > ‘encrypted-user-key-fpga-config’ properties to support user-key > > > encrypted bitstream loading use case. > > > > > > Signed-off-by: Nava kishore Manne <nava.manne@xxxxxxxxxx> > > > --- > > > Documentation/devicetree/bindings/fpga/fpga-region.txt | 5 +++++ > > > 1 file changed, 5 insertions(+) > > > > > > diff --git a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > index d787d57491a1..957dc6cbcd9e 100644 > > > --- a/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > +++ b/Documentation/devicetree/bindings/fpga/fpga-region.txt > > > @@ -177,6 +177,9 @@ Optional properties: > > > it indicates that the FPGA has already been programmed with this > > image. > > > If this property is in an overlay targeting a FPGA region, it is a > > > request to program the FPGA with that image. > > > +- encrypted-key-name : should contain the name of an encrypted key file > > located > > > + on the firmware search path. It will be used to decrypt the FPGA > > image > > > + file. > > > - fpga-bridges : should contain a list of phandles to FPGA Bridges that must > > be > > > controlled during FPGA programming along with the parent FPGA > > bridge. > > > This property is optional if the FPGA Manager handles the bridges. > > > @@ -187,6 +190,8 @@ Optional properties: > > > - external-fpga-config : boolean, set if the FPGA has already been > > configured > > > prior to OS boot up. > > > - encrypted-fpga-config : boolean, set if the bitstream is encrypted > > > +- encrypted-user-key-fpga-config : boolean, set if the bitstream is > > encrypted > > > + with user key. > > > > What's the relationship with encrypted-fpga-config? Both present or > > mutually exclusive? Couldn't this be implied by encrypted-key-name being > > present? > > > > In Encryption we have two kinds of use case one is Encrypted Bitstream loading with Device-key and > Other one is Encrypted Bitstream loading with User-key. encrypted-fpga-config and encrypted-user-key-fpga-config > are mutually exclusive. To differentiate both the use cases I have added this new flag and Aes Key file(encrypted-key-name) > is needed only for encrypted-user-key-fpga-config use cases. If encrypted-key-name is required for a user key, then why do you need encrypted-user-key-fpga-config also? IOW, why have 3 properties (that's 9 possible combinations) for 2 modes? Rob
