[U-Boot] [RFC PATCH] fpga: zynq: Add encrypted bitstream support with auto detect

Siva Durga Prasad Paladugu sivadur at xilinx.com
Tue Jun 12 03:48:03 UTC 2018


Hi Stefan,

> -----Original Message-----
> From: Stefan.Herbrechtsmeier at weidmueller.com
> [mailto:Stefan.Herbrechtsmeier at weidmueller.com]
> Sent: Monday, June 11, 2018 9:33 PM
> To: Siva Durga Prasad Paladugu <sivadur at xilinx.com>;
> stefan at herbrechtsmeier.net
> Cc: u-boot at lists.denx.de; michal.simek at xilinx.com; monstr at monstr.eu
> Subject: AW: [RFC PATCH] fpga: zynq: Add encrypted bitstream support
> with auto detect
> 
> Hi Siva,
> 
> > -----Ursprüngliche Nachricht-----
> > Von: Siva Durga Prasad Paladugu [mailto:sivadur at xilinx.com]
> > Gesendet: Montag, 11. Juni 2018 13:40
> > An: stefan at herbrechtsmeier.net
> > Cc: Herbrechtsmeier Dr.-Ing. , Stefan
> > <Stefan.Herbrechtsmeier at weidmueller.com>; u-boot at lists.denx.de;
> Michal
> > Simek <michal.simek at xilinx.com>; monstr at monstr.eu
> > Betreff: RE: [RFC PATCH] fpga: zynq: Add encrypted bitstream support
> > with auto detect
> >
> > Interesting, I got your point. First of all,  Could you please let me
> > know on how do you created the encrypted bitstream?
> 
> I use bootgen with the split option and the following bif file:
> 
> bootgen -image u-boot-spl-aes.bif -o i u-boot-spl-aes.bin -w on -encrypt
> efuse -split bin
> 
> image:
> {
>         [aeskeyfile]efuse.nky
>         [pskfile]psk.pem
>         [sskfile]ssk.pem
>         [bootloader, encryption=aes, authentication=rsa]u-boot-spl.elf
>         [encryption=aes]fpga.bit
> }
> 
> > I hope this is not the Xilinx bootgen flow(may be through other Xilinx
> > flow)
> 
> To my knowledge you could only use bootgen because Xilinx doesn't
> documented the encryption even if I would like to integrate the encryption
> into mkimage.
> 
> > because, I don't think bootgen will update these fields while creating
> > encrypted bitstream( need to re confirm on this) and my flow targets
> > the Xilinx bootgen flow.
> 
> This fields are part of the encrypted binary bitstream and are needed for the
> fpga configuration via the pcap. They are documented inside the
> 'ug470_7Series_Config.pdf'.
> 
> > Please let know your comments on this, based on which, will try to
> > review and test your patch.
> 
> Let me know if you need more information or help.

Thanks for the clarity, let me check on it and come back. 
Let me also look in to modify secure patch if required as per this.

Thanks,
Siva
 
> 
> Regards
> 
> Stefan Herbrechtsmeier
> Software Developer Embedded Systems
> 
> Weidmüller - Your partner in Industrial Connectivity We look forward to
> sharing ideas with you - Let's connect.
> 
> Weidmueller Interface GmbH & Co. KG
> Klingenbergstraße 16, 32758 Detmold, Germany
> Email: Stefan.Herbrechtsmeier at weidmueller.com - Web:
> www.weidmueller.com
> 
> 
> ________________________________
> Kommanditgesellschaft - Sitz: Detmold - Amtsgericht Lemgo HRA 2790 -
> Komplementärin: Weidmüller Interface Führungsgesellschaft mbH -
> Sitz: Detmold - Amtsgericht Lemgo HRB 3924;
> Geschäftsführer: José Carlos Álvarez Tobar, Elke Eckstein, Jörg
> Timmermann; USt-ID-Nr. DE124599660


More information about the U-Boot mailing list