From patchwork Thu Dec 8 23:02:18 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Srivatsa, Anusha" X-Patchwork-Id: 9467267 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6B40D60459 for ; Thu, 8 Dec 2016 23:02:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5DC9E1FF65 for ; Thu, 8 Dec 2016 23:02:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 52A8928624; Thu, 8 Dec 2016 23:02:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CFFB71FF65 for ; Thu, 8 Dec 2016 23:02:39 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id EBC166E894; Thu, 8 Dec 2016 23:02:30 +0000 (UTC) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by gabe.freedesktop.org (Postfix) with ESMTPS id 34D4C6E1CD for ; Thu, 8 Dec 2016 23:02:27 +0000 (UTC) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP; 08 Dec 2016 15:02:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,321,1477983600"; d="scan'208";a="38379259" Received: from anusha.jf.intel.com ([10.7.198.162]) by orsmga004.jf.intel.com with ESMTP; 08 Dec 2016 15:02:26 -0800 From: anushasr To: intel-gfx@lists.freedesktop.org Date: Thu, 8 Dec 2016 15:02:18 -0800 Message-Id: <1481238139-9509-8-git-send-email-anusha.srivatsa@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1481238139-9509-1-git-send-email-anusha.srivatsa@intel.com> References: <1481238139-9509-1-git-send-email-anusha.srivatsa@intel.com> Cc: Alex Dai , Peter Antoine Subject: [Intel-gfx] [PATCH 7/8] drm/i915/huc: Support HuC authentication X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" X-Virus-Scanned: ClamAV using ClamSMTP From: Peter Antoine The HuC authentication is done by host2guc call. The HuC RSA keys are sent to GuC for authentication. v2: rebased on top of drm-intel-nightly. changed name format and upped version 1.7. v3: rebased on top of drm-intel-nightly. v4: changed wait_for_automic to wait_for v5: rebased. v7: rebased. v8: rebased. v9: rebased. Rename intel_huc_auh() to intel_guc_auth_huc() and place the prototype in intel_guc.h,correct the comments. v10: rebased. v11: rebased. v12: rebased on top of drm-tip v13: rebased. Moved intel_guc_auth_huc from i915_guc_submission.c to intel_uc.c.Update dev to dev_priv in intel_guc_auth_huc(). Renamed HOST2GUC_ACTION_AUTHENTICATE_HUC TO INTEL_GUC_ACTION_ AUTHENTICATE_HUC Tested-by: Xiang Haihao Signed-off-by: Anusha Srivatsa Signed-off-by: Alex Dai Signed-off-by: Peter Antoine Reviewed-by: Arkadiusz Hiler --- drivers/gpu/drm/i915/intel_guc_fwif.h | 1 + drivers/gpu/drm/i915/intel_guc_loader.c | 2 ++ drivers/gpu/drm/i915/intel_uc.c | 61 +++++++++++++++++++++++++++++++++ drivers/gpu/drm/i915/intel_uc.h | 1 + 4 files changed, 65 insertions(+) diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h b/drivers/gpu/drm/i915/intel_guc_fwif.h index c1e7faf..94a974d 100644 --- a/drivers/gpu/drm/i915/intel_guc_fwif.h +++ b/drivers/gpu/drm/i915/intel_guc_fwif.h @@ -504,6 +504,7 @@ enum intel_guc_action { INTEL_GUC_ACTION_EXIT_S_STATE = 0x502, INTEL_GUC_ACTION_SLPC_REQUEST = 0x3003, INTEL_GUC_ACTION_UK_LOG_ENABLE_LOGGING = 0x0E000, + INTEL_GUC_ACTION_AUTHENTICATE_HUC = 0x4000, INTEL_GUC_ACTION_LIMIT }; diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c b/drivers/gpu/drm/i915/intel_guc_loader.c index b971351..89d092b 100644 --- a/drivers/gpu/drm/i915/intel_guc_loader.c +++ b/drivers/gpu/drm/i915/intel_guc_loader.c @@ -529,6 +529,8 @@ int intel_guc_setup(struct drm_i915_private *dev_priv) intel_uc_fw_status_repr(guc_fw->fetch_status), intel_uc_fw_status_repr(guc_fw->load_status)); + intel_guc_auth_huc(dev_priv); + if (i915.enable_guc_submission) { if (i915.guc_log_level >= 0) gen9_enable_guc_interrupts(dev_priv); diff --git a/drivers/gpu/drm/i915/intel_uc.c b/drivers/gpu/drm/i915/intel_uc.c index 8ae6795..445b9ad 100644 --- a/drivers/gpu/drm/i915/intel_uc.c +++ b/drivers/gpu/drm/i915/intel_uc.c @@ -138,3 +138,64 @@ int intel_guc_log_control(struct intel_guc *guc, u32 control_val) return intel_guc_send(guc, action, ARRAY_SIZE(action)); } + +/** + * intel_guc_auth_huc() - authenticate ucode + * @dev: the drm device + * + * Triggers a HuC fw authentication request to the GuC via host-2-guc + * interface. + */ +void intel_guc_auth_huc(struct drm_i915_private *dev_priv) +{ + struct intel_guc *guc = &dev_priv->guc; + struct intel_huc *huc = &dev_priv->huc; + struct i915_vma *vma; + int ret; + u32 data[2]; + + /* Bypass the case where there is no HuC firmware */ + if (huc->huc_fw.fetch_status == UC_FIRMWARE_NONE || + huc->huc_fw.load_status == UC_FIRMWARE_NONE) + return; + + if (guc->guc_fw.load_status != UC_FIRMWARE_SUCCESS) { + DRM_ERROR("HuC: GuC fw wasn't loaded. Can't authenticate"); + return; + } + + if (huc->huc_fw.load_status != UC_FIRMWARE_SUCCESS) { + DRM_ERROR("HuC: fw wasn't loaded. Nothing to authenticate"); + return; + } + + vma = i915_gem_object_ggtt_pin(huc->huc_fw.uc_fw_obj, NULL, 0, 0, 0); + if (IS_ERR(vma)) { + DRM_DEBUG_DRIVER("pin failed %d\n", (int)PTR_ERR(vma)); + return; + } + + + /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */ + I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE); + + /* Specify auth action and where public signature is. */ + data[0] = INTEL_GUC_ACTION_AUTHENTICATE_HUC; + data[1] = i915_ggtt_offset(vma) + huc->huc_fw.rsa_offset; + + ret = intel_guc_send(guc, data, ARRAY_SIZE(data)); + if (ret) { + DRM_ERROR("HuC: GuC did not ack Auth request\n"); + goto out; + } + + /* Check authentication status, it should be done by now */ + ret = wait_for((I915_READ(HUC_STATUS2) & HUC_FW_VERIFIED) > 0, 50); + if (ret) { + DRM_ERROR("HuC: Authentication failed\n"); + goto out; + } + +out: + i915_vma_unpin(vma); +} diff --git a/drivers/gpu/drm/i915/intel_uc.h b/drivers/gpu/drm/i915/intel_uc.h index ac92946..1db8bc2 100644 --- a/drivers/gpu/drm/i915/intel_uc.h +++ b/drivers/gpu/drm/i915/intel_uc.h @@ -196,6 +196,7 @@ int intel_guc_sample_forcewake(struct intel_guc *guc); int intel_guc_log_flush_complete(struct intel_guc *guc); int intel_guc_log_flush(struct intel_guc *guc); int intel_guc_log_control(struct intel_guc *guc, u32 control_val); +void intel_guc_auth_huc(struct drm_i915_private *dev_priv); /* intel_guc_loader.c */ extern void intel_guc_init(struct drm_i915_private *dev_priv);