subject:"\[U\-Boot\] \[PATCH v2\] xilinx\: zynq\: Add support to secure images"

Re: [U-Boot] [PATCH v2] xilinx: zynq: Add support to secure images

2018-06-08 Thread Michal Simek

On 7.6.2018 09:28, Siva Durga Prasad Paladugu wrote:
> This patch basically adds two new commands for loadig secure
> images/bitstreams.
> 1. zynq rsa adds support to load secure image which can be both
>authenticated or encrypted or both authenticated and encrypted
>image in xilinx bootimage(BOOT.bin) format.
> 2. zynq aes command adds support to decrypted and load encrypted
>image either back to DDR or it can load an encrypted bitsream
>to PL directly by decrypting it. The image has to be encrypted
>using xilinx bootgen tool and to get only the encrypted
>image from tool use -split option while invoking bootgen.
> 
> Signed-off-by: Siva Durga Prasad Paladugu 
> ---
> Changes from v1:
> - Defined two config synbols for RSA and AES separately
>   and used them wherever required.
> - Used U_BOOT_CMD_KENT as per comment
> - Cleared DEVCFG_CTRL_PCAP_RATE_EN_MASK once decryption is
>   done.
> 
> Changes from RFC:
> - Moved zynqaes to board/xilinx/zynq/cmds.c and renamed as
>   "zynq aes".
> - Moved boot image parsing code to a separate file.
> - Squashed in to a single patch.
> - Fixed coding style comments.
> ---
>  arch/arm/Kconfig |   1 +
>  board/xilinx/zynq/Kconfig|  32 +++
>  board/xilinx/zynq/Makefile   |   5 +
>  board/xilinx/zynq/bootimg.c  | 143 +++
>  board/xilinx/zynq/cmds.c | 556 
> +++
>  drivers/fpga/zynqpl.c|  67 ++
>  include/u-boot/rsa-mod-exp.h |   4 +
>  include/zynq_bootimg.h   |  33 +++
>  include/zynqpl.h |   5 +
>  lib/rsa/rsa-mod-exp.c|  52 
>  10 files changed, 898 insertions(+)
>  create mode 100644 board/xilinx/zynq/Kconfig
>  create mode 100644 board/xilinx/zynq/bootimg.c
>  create mode 100644 board/xilinx/zynq/cmds.c
>  create mode 100644 include/zynq_bootimg.h
> 
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index 3e05f79..e78e1a4 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -1428,6 +1428,7 @@ source "board/toradex/colibri_pxa270/Kconfig"
>  source "board/vscom/baltos/Kconfig"
>  source "board/woodburn/Kconfig"
>  source "board/work-microwave/work_92105/Kconfig"
> +source "board/xilinx/zynq/Kconfig"
>  source "board/xilinx/zynqmp/Kconfig"
>  source "board/zipitz2/Kconfig"
>  
> diff --git a/board/xilinx/zynq/Kconfig b/board/xilinx/zynq/Kconfig
> new file mode 100644
> index 000..e665c8d
> --- /dev/null
> +++ b/board/xilinx/zynq/Kconfig
> @@ -0,0 +1,32 @@
> +# Copyright (c) 2018, Xilinx, Inc.
> +#
> +# SPDX-License-Identifier: GPL-2.0
> +
> +if ARCH_ZYNQ
> +
> +config CMD_ZYNQ
> + bool "Enable Zynq specific commands"
> + default y
> + help
> +   Enables Zynq specific commands.
> +
> +config CMD_ZYNQ_AES
> + bool "Enable zynq aes command for decryption of encrypted images"
> + depends on CMD_ZYNQ
> + help
> +   Decrypts the encrypted image present in source address
> +   and places the decrypted image at destination address.
> +
> +config CMD_ZYNQ_RSA
> + bool "Enable zynq rsa command for loading secure images"
> + default y
> + depends on CMD_ZYNQ
> + select CMD_ZYNQ_AES
> + help
> +   Enabling this will support zynq secure image verification.
> +   The secure image is a xilinx specific BOOT.BIN with
> +   either authentication or encryption or both encryption
> +   and authentication feature enabled while generating
> +   BOOT.BIN using Xilinx bootgen tool.
> +
> +endif
> diff --git a/board/xilinx/zynq/Makefile b/board/xilinx/zynq/Makefile
> index 5a76a26..f4996fa 100644
> --- a/board/xilinx/zynq/Makefile
> +++ b/board/xilinx/zynq/Makefile
> @@ -18,6 +18,11 @@ $(warning Put custom ps7_init_gpl.c/h to 
> board/xilinx/zynq/custom_hw_platform/))
>  endif
>  endif
>  
> +ifndef CONFIG_SPL_BUILD
> +obj-$(CONFIG_CMD_ZYNQ) += cmds.o
> +obj-$(CONFIG_CMD_ZYNQ_RSA) += bootimg.o
> +endif
> +
>  obj-$(CONFIG_SPL_BUILD) += $(init-objs)
>  
>  # Suppress "warning: function declaration isn't a prototype"
> diff --git a/board/xilinx/zynq/bootimg.c b/board/xilinx/zynq/bootimg.c
> new file mode 100644
> index 000..b069e2b
> --- /dev/null
> +++ b/board/xilinx/zynq/bootimg.c
> @@ -0,0 +1,143 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright (C) 2018 Xilinx, Inc.
> + */
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +DECLARE_GLOBAL_DATA_PTR;
> +
> +#define ZYNQ_IMAGE_PHDR_OFFSET   0x09C
> +#define ZYNQ_IMAGE_FSBL_LEN_OFFSET   0x040
> +#define ZYNQ_PART_HDR_CHKSUM_WORD_COUNT  0x0F
> +#define ZYNQ_PART_HDR_WORD_COUNT 0x10
> +#define ZYNQ_MAXIMUM_IMAGE_WORD_LEN  0x4000
> +#define MD5_CHECKSUM_SIZE16
> +
> +struct headerarray {
> + u32 fields[16];
> +};
> +
> +/*
> + * Check whether the given partition is last partition or not
> + */
> +static int zynq_islastpartition(struct headerarray *head)
> +{
> + int index;
> +
> + debug("%s\n", __func__);
> + if

[U-Boot] [PATCH v2] xilinx: zynq: Add support to secure images

2018-06-07 Thread Siva Durga Prasad Paladugu

This patch basically adds two new commands for loadig secure
images/bitstreams.
1. zynq rsa adds support to load secure image which can be both
   authenticated or encrypted or both authenticated and encrypted
   image in xilinx bootimage(BOOT.bin) format.
2. zynq aes command adds support to decrypted and load encrypted
   image either back to DDR or it can load an encrypted bitsream
   to PL directly by decrypting it. The image has to be encrypted
   using xilinx bootgen tool and to get only the encrypted
   image from tool use -split option while invoking bootgen.

Signed-off-by: Siva Durga Prasad Paladugu 
---
Changes from v1:
- Defined two config synbols for RSA and AES separately
  and used them wherever required.
- Used U_BOOT_CMD_KENT as per comment
- Cleared DEVCFG_CTRL_PCAP_RATE_EN_MASK once decryption is
  done.

Changes from RFC:
- Moved zynqaes to board/xilinx/zynq/cmds.c and renamed as
  "zynq aes".
- Moved boot image parsing code to a separate file.
- Squashed in to a single patch.
- Fixed coding style comments.
---
 arch/arm/Kconfig |   1 +
 board/xilinx/zynq/Kconfig|  32 +++
 board/xilinx/zynq/Makefile   |   5 +
 board/xilinx/zynq/bootimg.c  | 143 +++
 board/xilinx/zynq/cmds.c | 556 +++
 drivers/fpga/zynqpl.c|  67 ++
 include/u-boot/rsa-mod-exp.h |   4 +
 include/zynq_bootimg.h   |  33 +++
 include/zynqpl.h |   5 +
 lib/rsa/rsa-mod-exp.c|  52 
 10 files changed, 898 insertions(+)
 create mode 100644 board/xilinx/zynq/Kconfig
 create mode 100644 board/xilinx/zynq/bootimg.c
 create mode 100644 board/xilinx/zynq/cmds.c
 create mode 100644 include/zynq_bootimg.h

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 3e05f79..e78e1a4 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1428,6 +1428,7 @@ source "board/toradex/colibri_pxa270/Kconfig"
 source "board/vscom/baltos/Kconfig"
 source "board/woodburn/Kconfig"
 source "board/work-microwave/work_92105/Kconfig"
+source "board/xilinx/zynq/Kconfig"
 source "board/xilinx/zynqmp/Kconfig"
 source "board/zipitz2/Kconfig"

diff --git a/board/xilinx/zynq/Kconfig b/board/xilinx/zynq/Kconfig
new file mode 100644
index 000..e665c8d
--- /dev/null
+++ b/board/xilinx/zynq/Kconfig
@@ -0,0 +1,32 @@
+# Copyright (c) 2018, Xilinx, Inc.
+#
+# SPDX-License-Identifier: GPL-2.0
+
+if ARCH_ZYNQ
+
+config CMD_ZYNQ
+   bool "Enable Zynq specific commands"
+   default y
+   help
+ Enables Zynq specific commands.
+
+config CMD_ZYNQ_AES
+   bool "Enable zynq aes command for decryption of encrypted images"
+   depends on CMD_ZYNQ
+   help
+ Decrypts the encrypted image present in source address
+ and places the decrypted image at destination address.
+
+config CMD_ZYNQ_RSA
+   bool "Enable zynq rsa command for loading secure images"
+   default y
+   depends on CMD_ZYNQ
+   select CMD_ZYNQ_AES
+   help
+ Enabling this will support zynq secure image verification.
+ The secure image is a xilinx specific BOOT.BIN with
+ either authentication or encryption or both encryption
+ and authentication feature enabled while generating
+ BOOT.BIN using Xilinx bootgen tool.
+
+endif
diff --git a/board/xilinx/zynq/Makefile b/board/xilinx/zynq/Makefile
index 5a76a26..f4996fa 100644
--- a/board/xilinx/zynq/Makefile
+++ b/board/xilinx/zynq/Makefile
@@ -18,6 +18,11 @@ $(warning Put custom ps7_init_gpl.c/h to 
board/xilinx/zynq/custom_hw_platform/))
 endif
 endif

+ifndef CONFIG_SPL_BUILD
+obj-$(CONFIG_CMD_ZYNQ) += cmds.o
+obj-$(CONFIG_CMD_ZYNQ_RSA) += bootimg.o
+endif
+
 obj-$(CONFIG_SPL_BUILD) += $(init-objs)

 # Suppress "warning: function declaration isn't a prototype"
diff --git a/board/xilinx/zynq/bootimg.c b/board/xilinx/zynq/bootimg.c
new file mode 100644
index 000..b069e2b
--- /dev/null
+++ b/board/xilinx/zynq/bootimg.c
@@ -0,0 +1,143 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2018 Xilinx, Inc.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+DECLARE_GLOBAL_DATA_PTR;
+
+#define ZYNQ_IMAGE_PHDR_OFFSET 0x09C
+#define ZYNQ_IMAGE_FSBL_LEN_OFFSET 0x040
+#define ZYNQ_PART_HDR_CHKSUM_WORD_COUNT0x0F
+#define ZYNQ_PART_HDR_WORD_COUNT   0x10
+#define ZYNQ_MAXIMUM_IMAGE_WORD_LEN0x4000
+#define MD5_CHECKSUM_SIZE  16
+
+struct headerarray {
+   u32 fields[16];
+};
+
+/*
+ * Check whether the given partition is last partition or not
+ */
+static int zynq_islastpartition(struct headerarray *head)
+{
+   int index;
+
+   debug("%s\n", __func__);
+   if (head->fields[ZYNQ_PART_HDR_CHKSUM_WORD_COUNT] != 0x)
+   return -1;
+
+   for (index = 0; index < ZYNQ_PART_HDR_WORD_COUNT - 1; index++) {
+   if (head->fields[index] != 0x0)
+   return -1;
+   }
+
+   return 0;
+}
+
+/*
+ * Get the partition count from the

Re: [U-Boot] [PATCH v2] xilinx: zynq: Add support to secure images

[U-Boot] [PATCH v2] xilinx: zynq: Add support to secure images

2 matches

Site Navigation

Mail list logo

Footer information