From b524f8fb1e94a8e649ba06a7cb87e6dcaa96ebc3 Mon Sep 17 00:00:00 2001
From: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Date: Fri, 22 Jul 2022 17:16:14 +0300
Subject: [PATCH] fpga: zynqmp: support loading encrypted bitfiles

Add supporting new compatible string "u-boot,zynqmp-fpga-enc" to
handle loading encrypted bitfiles.

This feature requires encrypted FSBL, as according to UG1085:
"The CSU automatically locks out the AES key, stored in either BBRAM
 or eFUSEs, as a key source to the AES engine if the FSBL is not
 encrypted. This prevents using the BBRAM or eFUSE as the key source
 to the AES engine during run-time applications."

Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Link: https://lore.kernel.org/r/20220722141614.297383-14-oleksandr.suvorov@foundries.io
Signed-off-by: Michal Simek <michal.simek@amd.com>
---
 doc/uImage.FIT/source_file_format.txt | 2 ++
 drivers/fpga/zynqmppl.c               | 8 ++++++++
 include/fpga.h                        | 1 +
 include/xilinx.h                      | 1 +
 include/zynqmppl.h                    | 4 +++-
 5 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt
index 461e2af2a8..6870111840 100644
--- a/doc/uImage.FIT/source_file_format.txt
+++ b/doc/uImage.FIT/source_file_format.txt
@@ -188,6 +188,8 @@ the '/images' node should have the following layout:
     "u-boot,fpga-legacy" - the generic fpga loading routine.
     "u-boot,zynqmp-fpga-ddrauth" - signed non-encrypted FPGA bitstream for
     Xilinx Zynq UltraScale+ (ZymqMP) device.
+    "u-boot,zynqmp-fpga-enc" - encrypted FPGA bitstream for Xilinx Zynq
+    UltraScale+ (ZynqMP) device.
 
   Optional nodes:
   - hash-1 : Each hash sub-node represents separate hash or checksum
diff --git a/drivers/fpga/zynqmppl.c b/drivers/fpga/zynqmppl.c
index fc55d7a388..d1491da02c 100644
--- a/drivers/fpga/zynqmppl.c
+++ b/drivers/fpga/zynqmppl.c
@@ -257,6 +257,11 @@ static int zynqmp_load(xilinx_desc *desc, const void *buf, size_t bsize,
 		info.authflag = ZYNQMP_FPGA_AUTH_DDR;
 		info.encflag = FPGA_NO_ENC_OR_NO_AUTH;
 		return desc->operations->loads(desc, buf, bsize, &info);
+	case FPGA_XILINX_ZYNQMP_ENC:
+		/* Encryption using device key */
+		info.authflag = FPGA_NO_ENC_OR_NO_AUTH;
+		info.encflag = FPGA_ENC_DEV_KEY;
+		return desc->operations->loads(desc, buf, bsize, &info);
 #endif
 	default:
 		printf("Unsupported bitstream type %d\n", flags);
@@ -360,6 +365,9 @@ static int __maybe_unused zynqmp_str2flag(xilinx_desc *desc, const char *str)
 #if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)
 	if (!strncmp(str, "u-boot,zynqmp-fpga-ddrauth", 26))
 		return FPGA_XILINX_ZYNQMP_DDRAUTH;
+
+	if (!strncmp(str, "u-boot,zynqmp-fpga-enc", 22))
+		return FPGA_XILINX_ZYNQMP_ENC;
 #endif
 	return 0;
 }
diff --git a/include/fpga.h b/include/fpga.h
index 13b1bbee3c..a4e16401da 100644
--- a/include/fpga.h
+++ b/include/fpga.h
@@ -20,6 +20,7 @@
 /* device numbers must be non-negative */
 #define FPGA_INVALID_DEVICE	-1
 
+#define FPGA_ENC_DEV_KEY	0
 #define FPGA_ENC_USR_KEY	1
 #define FPGA_NO_ENC_OR_NO_AUTH	2
 
diff --git a/include/xilinx.h b/include/xilinx.h
index 97ee12cec4..e4e2979798 100644
--- a/include/xilinx.h
+++ b/include/xilinx.h
@@ -40,6 +40,7 @@ typedef enum {			/* typedef xilinx_family */
 /* FPGA bitstream supported types */
 #define FPGA_LEGACY			BIT(0)
 #define FPGA_XILINX_ZYNQMP_DDRAUTH	BIT(1)
+#define FPGA_XILINX_ZYNQMP_ENC		BIT(2)
 
 typedef struct {		/* typedef xilinx_desc */
 	xilinx_family family;	/* part type */
diff --git a/include/zynqmppl.h b/include/zynqmppl.h
index 87ccd2f394..acf75a8f07 100644
--- a/include/zynqmppl.h
+++ b/include/zynqmppl.h
@@ -26,7 +26,9 @@
 extern struct xilinx_fpga_op zynqmp_op;
 
 #if CONFIG_IS_ENABLED(FPGA_LOAD_SECURE)
-#define ZYNQMP_FPGA_FLAGS	(FPGA_LEGACY | FPGA_XILINX_ZYNQMP_DDRAUTH)
+#define ZYNQMP_FPGA_FLAGS	(FPGA_LEGACY | \
+				 FPGA_XILINX_ZYNQMP_DDRAUTH | \
+				 FPGA_XILINX_ZYNQMP_ENC)
 #else
 #define ZYNQMP_FPGA_FLAGS	(FPGA_LEGACY)
 #endif
-- 
2.39.5