On 07/02/22, Adrian Fiergolski wrote: > Hi Jorge and Oleksandr, > > Thank you for sharing all the links. I found there a lot of inspiration to > meet my target of using encrypted bitfiles.
thanks Adrian. Glad to hear that > > I have also shared with the community a patch, on top of your changes, > adding encrypted bitfile support in u-boot. awesome. btw how is the bitstream decrypted? I didnt look into that, I suppose there is probably a doc somewhere? > > Regards, > > Adrian > > On 19.01.2022 18:48, Oleksandr Suvorov wrote: > > Hi Adrian, > > > > On Wed, Jan 19, 2022 at 7:23 PM Jorge Ramirez-Ortiz, Foundries > > <jo...@foundries.io> wrote: > > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > > > > On 19/01/22, Jorge Ramirez-Ortiz, Foundries wrote: > > > > > On 19/01/22, Adrian Fiergolski wrote: > > > > > > Hi Jorge, > > > > > hi Adrian, > > > > > > > > > > > Have you succeeded to enable secure boot on ZynqMP with SPL (not > > > > > > Xilinx's > > > > > > FSBL)? Is it documented somewhere? Any configuration files/yocto > > > > > > recipes? > > > > > somewhere there: > > > > > https://github.com/foundriesio/meta-lmp > > > > > > > > > > > Have you managed to resolve problem of the bitstream loaded in such > > > > > > a case > > > > > > by SPL? > > > > > > > > > > > Yes. I wrote the docs here below: > > > > > https://docs.foundries.io/latest/reference-manual/security/authentication-xilinx.html > > > > > > > > > this might help you as well if you use OP-TEE and require RPMB access. > > > > > > > > https://github.com/OP-TEE/optee_os/pull/4874 > > > > > > > > > > > forgot to add, the PR to load the bistream was followed up by Oleksandr > > > (in copy). > > > but not totally sure if it was merged yet as Simon asked for tests and > > > those might be pending. > > You can try this solution for the Xilinx u-boot 2020.07 > > https://github.com/foundriesio/u-boot/pull/116 > > or this one for the mainline u-boot: > > https://patchwork.ozlabs.org/project/uboot/list/?series=276743 > > > > > > > > I need to use an encrypted bitstream. However, it required the use > > > > > > of > > > > > > DeviceKeys in post-boot state which eventually requires secure boot. > > > > > > > > > > > > Regards, > > > > > hope that helps > > > > > > > > > > > Adrian
