FIT image: load secure FPGA

Oleksandr Suvorov cryosay at gmail.com
Wed Jan 19 18:48:45 CET 2022


Hi Adrian,

On Wed, Jan 19, 2022 at 7:23 PM Jorge Ramirez-Ortiz, Foundries
<jorge at foundries.io> wrote:
>
> On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote:
> > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote:
> > > On 19/01/22, Adrian Fiergolski wrote:
> > > > Hi Jorge,
> > >
> > > hi Adrian,
> > >
> > > >
> > > > Have you succeeded to enable secure boot on ZynqMP with SPL (not Xilinx's
> > > > FSBL)? Is it documented somewhere? Any configuration files/yocto recipes?
> > >
> > > somewhere there:
> > > https://github.com/foundriesio/meta-lmp
> > >
> > > > Have you managed to resolve problem of the bitstream loaded in such a case
> > > > by SPL?
> > > >
> > >
> > > Yes. I wrote the docs here below:
> > > https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html
> > >
> >
> > this might help you as well if you use OP-TEE and require RPMB access.
> >
> > https://github.com/OP-TEE/optee_os/pull/4874
> >
> >
>
> forgot to add, the PR to load the bistream was followed up by Oleksandr (in copy).
> but not totally sure if it was merged yet as Simon asked for tests and those might be pending.

You can try this solution for the Xilinx u-boot 2020.07
https://github.com/foundriesio/u-boot/pull/116
or this one for the mainline u-boot:
https://patchwork.ozlabs.org/project/uboot/list/?series=276743

> > > > I need to use an encrypted bitstream. However, it required the use of
> > > > DeviceKeys in post-boot state which eventually requires secure boot.
> > > >
> > > > Regards,
> > >
> > > hope that helps
> > >
> > > >
> > > > Adrian

-- 
Best regards
Oleksandr

Oleksandr Suvorov
cryosay at gmail.com


More information about the U-Boot mailing list