Zynq Ultrascale+ MPSoC Secure Driver for Linux

Table Of Content

Introduction

This Secure driver provides an interface to secure_load firmware APIs to load a secure partition. 

HW IP Features

NA

Features supported in driver

  • Sysfs interface to load the secure partition.
  • Sysfs interface to load the AES key used to decrypt the secure partition.

Kernel Configuration

Firmware driver is by default enabled for ZynqMP platform. The following config options should be enabled in order to build the ZynqMP firmware driver.

Please note as the data provided in user space will be located in virtual space, linux driver before handing off to ATF converts the data buffers to physical address.


The following config option should be enabled to load secure partition from the Linux.

Test Procedure

Create a primary boot image with PMUFW, FSBL, U-boot and ATF. Example .bif is provided below.

Create single partition image (authenticated or encrypted or authenticated + encrypted). The example .bif is provided below.

Expected Output:

Points to be noted :

  • To view the error code PMU should be built with PM_LOG_LEVEL set to 2
  • If load address is not specified in single partition bin , after decryption the image overrides the source.
  • If load address is specified in the bif , decrypted image will be stored in the load address.
  • Please make sure to release the kernel memory after reading the decrypted image from the load address using below command.
    echo 1 > /sys/devices/platform/securefw/secure_load_done

Mainline status

  • This driver is currently not available in mainline kernel.

Change Log

2019.1 

Summary 

  • zynqmp: firmware: Adds a driver for loading secure partition from Linux

Commits

Initial commit

  • 386d33zynqmp: firmware: Adds a driver for loading secure partition from Linux

Bug fixes 

  • 9d4968 firmware: xilinx: Handle error pointer correctly
  • b1331d zynqmp-secure: Fix for crash seen with secure image loading
  • 07bb52 firmware: zynqmp-secure: Correct error handling for secure_load
  • 6a6344 drivers: Defer probe if firmware is not ready
  • 3f9e46drivers: xilinx: Reorganize firmware driver for zynqmp

Related Links

https://github.com/Xilinx/linux-xlnx/blob/master/drivers/firmware/xilinx/zynqmp-secure.c