[Intel-gfx] [PATCH v3 5/6] drm/i915/huc: Support HuC authentication

Fri Jul 29 11:33:58 UTC 2016

On 06/07/16 15:24, Peter Antoine wrote:
> The HuC authentication is done by host2guc call. The HuC RSA keys
> are sent to GuC for authentication.
>
> v2: rebased on top of drm-intel-nightly.
>     changed name format and upped version 1.7.
> v3: rebased on top of drm-intel-nightly.
>
> Signed-off-by: Alex Dai <yu.dai at intel.com>
> Signed-off-by: Peter Antoine <peter.antoine at intel.com>
> ---
>  drivers/gpu/drm/i915/i915_guc_submission.c | 65 ++++++++++++++++++++++++++++++
>  drivers/gpu/drm/i915/intel_guc_fwif.h      |  1 +
>  drivers/gpu/drm/i915/intel_guc_loader.c    |  2 +
>  3 files changed, 68 insertions(+)

No obvious problems here.

Reviewed-by: Dave Gordon <david.s.gordon at intel.com>

> diff --git a/drivers/gpu/drm/i915/i915_guc_submission.c b/drivers/gpu/drm/i915/i915_guc_submission.c
> index 5f88500..1ec16a4 100644
> --- a/drivers/gpu/drm/i915/i915_guc_submission.c
> +++ b/drivers/gpu/drm/i915/i915_guc_submission.c
> @@ -25,6 +25,7 @@
>  #include <linux/circ_buf.h>
>  #include "i915_drv.h"
>  #include "intel_guc.h"
> +#include "intel_huc.h"
>
>  /**
>   * DOC: GuC-based command submission
> @@ -1076,3 +1077,67 @@ int intel_guc_resume(struct drm_device *dev)
>
>  	return host2guc_action(guc, data, ARRAY_SIZE(data));
>  }
> +
> +/**
> + * intel_huc_auth() - authenticate ucode
> + * @dev: the drm device
> + *
> + * Triggers a HuC fw authentication request to the GuC via host-2-guc
> + * interface.
> + */
> +void intel_huc_auth(struct drm_device *dev)
> +{
> +	struct drm_i915_private *dev_priv = dev->dev_private;
> +	struct intel_guc *guc = &dev_priv->guc;
> +	struct intel_huc *huc = &dev_priv->huc;
> +	int ret;
> +	u32 data[2];
> +
> +	/* Bypass the case where there is no HuC firmware */
> +	if (huc->huc_fw.fetch_status == UC_FIRMWARE_NONE ||
> +	    huc->huc_fw.load_status == UC_FIRMWARE_NONE)
> +		return;
> +
> +	if (guc->guc_fw.load_status != UC_FIRMWARE_SUCCESS) {
> +		DRM_ERROR("HuC: GuC fw wasn't loaded. Can't authenticate");
> +		return;
> +	}
> +
> +	if (huc->huc_fw.load_status != UC_FIRMWARE_SUCCESS) {
> +		DRM_ERROR("HuC: fw wasn't loaded. Nothing to authenticate");
> +		return;
> +	}
> +
> +	ret = i915_gem_obj_ggtt_pin(huc->huc_fw.uc_fw_obj, 0, 0);
> +	if (ret) {
> +		DRM_ERROR("HuC: Pin failed");
> +		return;
> +	}
> +
> +	/* Invalidate GuC TLB to let GuC take the latest updates to GTT. */
> +	I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE);
> +
> +	/* Specify auth action and where public signature is. It's stored
> +	 * at the beginning of the gem object, before the fw bits
> +	 */
> +	data[0] = HOST2GUC_ACTION_AUTHENTICATE_HUC;
> +	data[1] = i915_gem_obj_ggtt_offset(huc->huc_fw.uc_fw_obj) +
> +			huc->huc_fw.rsa_offset;
> +
> +	ret = host2guc_action(guc, data, ARRAY_SIZE(data));
> +	if (ret) {
> +		DRM_ERROR("HuC: GuC did not ack Auth request\n");
> +		goto out;
> +	}
> +
> +	/* Check authentication status, it should be done by now */
> +	ret = wait_for_atomic(
> +		(I915_READ(HUC_STATUS2) & HUC_FW_VERIFIED) > 0, 50);
> +	if (ret) {
> +		DRM_ERROR("HuC: Authentication failed\n");
> +		goto out;
> +	}
> +
> +out:
> +	i915_gem_object_ggtt_unpin(huc->huc_fw.uc_fw_obj);
> +}
> diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h b/drivers/gpu/drm/i915/intel_guc_fwif.h
> index a69ee36..c5a6227 100644
> --- a/drivers/gpu/drm/i915/intel_guc_fwif.h
> +++ b/drivers/gpu/drm/i915/intel_guc_fwif.h
> @@ -437,6 +437,7 @@ enum host2guc_action {
>  	HOST2GUC_ACTION_ENTER_S_STATE = 0x501,
>  	HOST2GUC_ACTION_EXIT_S_STATE = 0x502,
>  	HOST2GUC_ACTION_SLPC_REQUEST = 0x3003,
> +	HOST2GUC_ACTION_AUTHENTICATE_HUC = 0x4000,
>  	HOST2GUC_ACTION_LIMIT
>  };
>
> diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c b/drivers/gpu/drm/i915/intel_guc_loader.c
> index d76451c..e3d2e69 100644
> --- a/drivers/gpu/drm/i915/intel_guc_loader.c
> +++ b/drivers/gpu/drm/i915/intel_guc_loader.c
> @@ -495,6 +495,8 @@ int intel_guc_setup(struct drm_device *dev)
>  		intel_uc_fw_status_repr(guc_fw->fetch_status),
>  		intel_uc_fw_status_repr(guc_fw->load_status));
>
> +	intel_huc_auth(dev);
> +
>  	if (i915.enable_guc_submission) {
>  		err = i915_guc_submission_enable(dev_priv);
>  		if (err)
>