From patchwork Mon Nov  7 00:13:25 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Moritz Fischer <moritz.fischer@ettus.com>
X-Patchwork-Id: 9414207
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	0CBFA6022E for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon,  7 Nov 2016 00:16:27 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F27AE28EB9
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon,  7 Nov 2016 00:16:26 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E6D0528EBB; Mon,  7 Nov 2016 00:16:26 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.9])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8740F28EB9
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon,  7 Nov 2016 00:16:26 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux))
	id 1c3Xab-0004sT-Ru; Mon, 07 Nov 2016 00:15:05 +0000
Received: from mail-pf0-x22b.google.com ([2607:f8b0:400e:c00::22b])
	by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat
	Linux)) id 1c3XZc-0004Kb-RA
	for linux-arm-kernel@lists.infradead.org;
	Mon, 07 Nov 2016 00:14:07 +0000
Received: by mail-pf0-x22b.google.com with SMTP id i88so81116605pfk.2
	for <linux-arm-kernel@lists.infradead.org>;
	Sun, 06 Nov 2016 16:13:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=ettus-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=q/FcxhMhK2rgUcuE4PTahN4BZLReZeyBzf8feGViBeg=;
	b=omIQV70p1yIsxhnSQYVetPIgtLXTsItFlct/aUmKsDAGlXxYRT/ZDSSRac4mFk0B9L
	8QKUYkvPIAEfPmK6ctGdGxAyWgIn/CkExv9GDIe1icnjBUdcU05W6cBEP5zgY+31o/1p
	WhvU4jonYUpemA3X4PMIOoLujB+5OyDQuY2KfYxzFkDmDzbjKLwYKKOj/CVYLI6e6Dgn
	YNp8By4fNTLLNid4IYzEnpqnRA9FgWHkvqpZrpncLHugcqHMGbHXvPGYOX/I/z82iI1q
	pDDJGdaPZRRXBdmOYxZx4Bst+J9VH2Qw4mM/t0RqM11fdyS9Kmz12NBR4BHZmk7qIDxo
	MK3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=q/FcxhMhK2rgUcuE4PTahN4BZLReZeyBzf8feGViBeg=;
	b=PxpLwVmkYv6IxVj4rjP7hi2BcH2ssIzNGOe/9KDtuQEN0pZs9uxyay6HPrw5KtlvNN
	0kCvlN89jThl++11ud6OE7bptXIM1HtGAsKcr038WWGa6oL/j1MESZhFj3obrNxRFt+e
	TzBkvl2usLmlxm+SQqh9XqW6SVEK6rXMsHJzmGgwpdBDsKg9w14gELV0aW63L3OJSu2U
	wvGOZ8W1FOFtZcx0bTw03a1CtYSvK7Hc6ucRS4hV15FOXaljjv8eZCdM/zqc5cindIi2
	YOL70Dt45P/YKko0+o6/OSe1lhScIjCYD/aoJSZU41LbwdjGNi5nlR4X1TuMGPhgDBAM
	y7ng==
X-Gm-Message-State: 
 ABUngvcqNgOYl183wfgongo7TEYZYb/Moa3DJS6xY5r8QgqMQUPG3Cg/bXZKg8uGWlt9iT3d
X-Received: by 10.99.95.86 with SMTP id t83mr6689594pgb.0.1478477623356;
	Sun, 06 Nov 2016 16:13:43 -0800 (PST)
Received: from archbook.lan ([2601:647:4b00:de01::921])
	by smtp.gmail.com with ESMTPSA id
	t5sm35117798pfb.58.2016.11.06.16.13.42
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sun, 06 Nov 2016 16:13:42 -0800 (PST)
From: Moritz Fischer <moritz.fischer@ettus.com>
To: linux-kernel@vger.kernel.org
Subject: [PATCH 3/4] fpga mgr: zynq: Add support for encrypted bitstreams
Date: Sun,  6 Nov 2016 17:13:25 -0700
Message-Id: <20161107001326.7395-4-moritz.fischer@ettus.com>
X-Mailer: git-send-email 2.10.0
In-Reply-To: <20161107001326.7395-1-moritz.fischer@ettus.com>
References: <20161107001326.7395-1-moritz.fischer@ettus.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20161106_161405_171300_7B56E7BD 
X-CRM114-Status: GOOD (  17.30  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Moritz Fischer <moritz.fischer@ettus.com>, julia@ni.com,
	atull@opensource.altera.com, michal.simek@xilinx.com,
	soren.brinkmann@xilinx.com, moritz.fischer.private@gmail.com,
	linux-arm-kernel@lists.infradead.org
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

Add new flag FPGA_MGR_DECRYPT_BISTREAM as well as a matching
capability FPGA_MGR_CAP_DECRYPT to allow for on-the-fly
decryption of an encrypted bitstream.

If the system is not booted in secure mode AES & HMAC units
are disabled by the boot ROM, therefore the capability
is not available.

Signed-off-by: Moritz Fischer <moritz.fischer@ettus.com>
Cc: Alan Tull <atull@opensource.altera.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Sören Brinkmann <soren.brinkmann@xilinx.com>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
---
 drivers/fpga/fpga-mgr.c       |  7 +++++++
 drivers/fpga/zynq-fpga.c      | 21 +++++++++++++++++++--
 include/linux/fpga/fpga-mgr.h |  2 ++
 3 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/drivers/fpga/fpga-mgr.c b/drivers/fpga/fpga-mgr.c
index 98230b7..e4d08e1 100644
--- a/drivers/fpga/fpga-mgr.c
+++ b/drivers/fpga/fpga-mgr.c
@@ -61,6 +61,12 @@ int fpga_mgr_buf_load(struct fpga_manager *mgr, u32 flags, const char *buf,
 		return -ENOTSUPP;
 	}
 
+	if (flags & FPGA_MGR_DECRYPT_BITSTREAM &&
+	    !fpga_mgr_has_cap(FPGA_MGR_CAP_DECRYPT, mgr->caps)) {
+		dev_err(dev, "Bitstream decryption not supported\n");
+		return -ENOTSUPP;
+	}
+
 	/*
 	 * Call the low level driver's write_init function.  This will do the
 	 * device-specific things to get the FPGA into the state where it is
@@ -170,6 +176,7 @@ static const char * const state_str[] = {
 static const char * const cap_str[] = {
 	[FPGA_MGR_CAP_FULL_RECONF] = "Full reconfiguration",
 	[FPGA_MGR_CAP_PARTIAL_RECONF] = "Partial reconfiguration",
+	[FPGA_MGR_CAP_DECRYPT] = "Decrypt bitstream on the fly",
 };
 
 static ssize_t name_show(struct device *dev,
diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c
index 1d37ff0..0aa4705 100644
--- a/drivers/fpga/zynq-fpga.c
+++ b/drivers/fpga/zynq-fpga.c
@@ -71,6 +71,10 @@
 #define CTRL_PCAP_PR_MASK		BIT(27)
 /* Enable PCAP */
 #define CTRL_PCAP_MODE_MASK		BIT(26)
+/* Needed to reduce clock rate for secure config */
+#define CTRL_PCAP_RATE_EN_MASK		BIT(25)
+/* System booted in secure mode */
+#define CTRL_SEC_EN_MASK		BIT(7)
 
 /* Miscellaneous Control Register bit definitions */
 /* Internal PCAP loopback */
@@ -252,12 +256,20 @@ static int zynq_fpga_ops_write_init(struct fpga_manager *mgr, u32 flags,
 
 	/* set configuration register with following options:
 	 * - enable PCAP interface
-	 * - set throughput for maximum speed
+	 * - set throughput for maximum speed (if we're not decrypting)
 	 * - set CPU in user mode
 	 */
 	ctrl = zynq_fpga_read(priv, CTRL_OFFSET);
-	zynq_fpga_write(priv, CTRL_OFFSET,
+	if (flags & FPGA_MGR_DECRYPT_BITSTREAM) {
+		zynq_fpga_write(priv, CTRL_OFFSET,
+			(CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK |
+			 CTRL_PCAP_RATE_EN_MASK | ctrl));
+
+	} else {
+		ctrl &= ~CTRL_PCAP_RATE_EN_MASK;
+		zynq_fpga_write(priv, CTRL_OFFSET,
 			(CTRL_PCAP_PR_MASK | CTRL_PCAP_MODE_MASK | ctrl));
+	}
 
 	/* check that we have room in the command queue */
 	status = zynq_fpga_read(priv, STATUS_OFFSET);
@@ -412,6 +424,7 @@ static int zynq_fpga_probe(struct platform_device *pdev)
 	struct resource *res;
 	fpga_mgr_cap_mask_t caps;
 	int err;
+	u32 tmp;
 
 	priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
 	if (!priv)
@@ -466,6 +479,10 @@ static int zynq_fpga_probe(struct platform_device *pdev)
 	fpga_mgr_cap_set(FPGA_MGR_CAP_FULL_RECONF, caps);
 	fpga_mgr_cap_set(FPGA_MGR_CAP_PARTIAL_RECONF, caps);
 
+	/* only works if we booted in secure mode */
+	tmp = zynq_fpga_read(priv, CTRL_OFFSET);
+	if (tmp & CTRL_SEC_EN_MASK)
+		fpga_mgr_cap_set(FPGA_MGR_CAP_DECRYPT, caps);
 
 	err = fpga_mgr_register(dev, "Xilinx Zynq FPGA Manager",
 				&zynq_fpga_ops, caps, priv);
diff --git a/include/linux/fpga/fpga-mgr.h b/include/linux/fpga/fpga-mgr.h
index 9bb96a5..aabe258 100644
--- a/include/linux/fpga/fpga-mgr.h
+++ b/include/linux/fpga/fpga-mgr.h
@@ -68,10 +68,12 @@ enum fpga_mgr_states {
  */
 #define FPGA_MGR_PARTIAL_RECONFIG	BIT(0)
 #define FPGA_MGR_FULL_RECONFIG		BIT(1)
+#define FPGA_MGR_DECRYPT_BITSTREAM	BIT(2)
 
 enum fpga_mgr_capability {
 	FPGA_MGR_CAP_PARTIAL_RECONF,
 	FPGA_MGR_CAP_FULL_RECONF,
+	FPGA_MGR_CAP_DECRYPT,
 
 /* last capability type for creation of the capabilities mask */
 	FPGA_MGR_CAP_END,