FIT image: load secure FPGA

Adrian Fiergolski adrian.fiergolski at fastree3d.com
Mon Feb 7 13:24:23 CET 2022


Hi Jorge and Oleksandr,

Thank you for sharing all the links. I found there a lot of inspiration 
to meet my target of using encrypted bitfiles.

I have also shared with the community a patch, on top of your changes, 
adding encrypted bitfile support in u-boot.

Regards,

Adrian

On 19.01.2022 18:48, Oleksandr Suvorov wrote:
> Hi Adrian,
>
> On Wed, Jan 19, 2022 at 7:23 PM Jorge Ramirez-Ortiz, Foundries
> <jorge at foundries.io> wrote:
>> On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote:
>>> On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote:
>>>> On 19/01/22, Adrian Fiergolski wrote:
>>>>> Hi Jorge,
>>>> hi Adrian,
>>>>
>>>>> Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's
>>>>> FSBL)? Is it documented somewhere? Any configuration files/yocto recipes?
>>>> somewhere there:
>>>> https://github.com/foundriesio/meta-lmp
>>>>
>>>>> Have you managed to resolve problem of the bitstream loaded in such a case
>>>>> by SPL?
>>>>>
>>>> Yes. I wrote the docs here below:
>>>> https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html
>>>>
>>> this might help you as well if you use OP-TEE and require RPMB access.
>>>
>>> https://github.com/OP-TEE/optee_os/pull/4874
>>>
>>>
>> forgot to add, the PR to load the bistream was followed up by Oleksandr (in copy).
>> but not totally sure if it was merged yet as Simon asked for tests and those might be pending.
> You can try this solution for the Xilinx u-boot 2020.07
> https://github.com/foundriesio/u-boot/pull/116
> or this one for the mainline u-boot:
> https://patchwork.ozlabs.org/project/uboot/list/?series=276743
>
>>>>> I need to use an encrypted bitstream. However, it required the use of
>>>>> DeviceKeys in post-boot state which eventually requires secure boot.
>>>>>
>>>>> Regards,
>>>> hope that helps
>>>>
>>>>> Adrian


More information about the U-Boot mailing list