[Intel-gfx] [PATCH v7 5/6] drm/i915/huc: Support HuC authentication
Peter Antoine
peter.antoine at intel.com
Fri Sep 2 08:08:43 UTC 2016
The HuC authentication is done by host2guc call. The HuC RSA keys
are sent to GuC for authentication.
v2: rebased on top of drm-intel-nightly.
changed name format and upped version 1.7.
v3: rebased on top of drm-intel-nightly.
v4: changed wait_for_automic to wait_for
v5: rebased.
v7: rebased.
Signed-off-by: Alex Dai <yu.dai at intel.com>
Signed-off-by: Peter Antoine <peter.antoine at intel.com>
Reviewed-by: Dave Gordon <david.s.gordon at intel.com>
---
drivers/gpu/drm/i915/i915_guc_submission.c | 65 ++++++++++++++++++++++++++++++
drivers/gpu/drm/i915/intel_guc_fwif.h | 1 +
drivers/gpu/drm/i915/intel_guc_loader.c | 2 +
3 files changed, 68 insertions(+)
diff --git a/drivers/gpu/drm/i915/i915_guc_submission.c b/drivers/gpu/drm/i915/i915_guc_submission.c
index a3f889a..d774fa6 100644
--- a/drivers/gpu/drm/i915/i915_guc_submission.c
+++ b/drivers/gpu/drm/i915/i915_guc_submission.c
@@ -25,6 +25,7 @@
#include <linux/circ_buf.h>
#include "i915_drv.h"
#include "intel_guc.h"
+#include "intel_huc.h"
/**
* DOC: GuC-based command submission
@@ -1095,3 +1096,67 @@ int intel_guc_resume(struct drm_device *dev)
return host2guc_action(guc, data, ARRAY_SIZE(data));
}
+
+/**
+ * intel_huc_auth() - authenticate ucode
+ * @dev: the drm device
+ *
+ * Triggers a HuC fw authentication request to the GuC via host-2-guc
+ * interface.
+ */
+void intel_huc_auth(struct drm_device *dev)
+{
+ struct drm_i915_private *dev_priv = dev->dev_private;
+ struct intel_guc *guc = &dev_priv->guc;
+ struct intel_huc *huc = &dev_priv->huc;
+ struct i915_vma *vma;
+ int ret;
+ u32 data[2];
+
+ /* Bypass the case where there is no HuC firmware */
+ if (huc->huc_fw.fetch_status == UC_FIRMWARE_NONE ||
+ huc->huc_fw.load_status == UC_FIRMWARE_NONE)
+ return;
+
+ if (guc->guc_fw.load_status != UC_FIRMWARE_SUCCESS) {
+ DRM_ERROR("HuC: GuC fw wasn't loaded. Can't authenticate");
+ return;
+ }
+
+ if (huc->huc_fw.load_status != UC_FIRMWARE_SUCCESS) {
+ DRM_ERROR("HuC: fw wasn't loaded. Nothing to authenticate");
+ return;
+ }
+
+ vma = i915_gem_object_ggtt_pin(huc->huc_fw.uc_fw_obj, NULL, 0, 0, 0);
+ if (IS_ERR(vma)) {
+ DRM_DEBUG_DRIVER("pin failed %d\n", (int)PTR_ERR(vma));
+ return;
+ }
+
+
+ /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */
+ I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE);
+
+ /* Specify auth action and where public signature is. It's stored
+ * at the beginning of the gem object, before the fw bits
+ */
+ data[0] = HOST2GUC_ACTION_AUTHENTICATE_HUC;
+ data[1] = i915_ggtt_offset(vma) + huc->huc_fw.rsa_offset;
+
+ ret = host2guc_action(guc, data, ARRAY_SIZE(data));
+ if (ret) {
+ DRM_ERROR("HuC: GuC did not ack Auth request\n");
+ goto out;
+ }
+
+ /* Check authentication status, it should be done by now */
+ ret = wait_for((I915_READ(HUC_STATUS2) & HUC_FW_VERIFIED) > 0, 50);
+ if (ret) {
+ DRM_ERROR("HuC: Authentication failed\n");
+ goto out;
+ }
+
+out:
+ i915_vma_unpin(vma);
+}
diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h b/drivers/gpu/drm/i915/intel_guc_fwif.h
index b38b6b4..57e6466 100644
--- a/drivers/gpu/drm/i915/intel_guc_fwif.h
+++ b/drivers/gpu/drm/i915/intel_guc_fwif.h
@@ -438,6 +438,7 @@ enum host2guc_action {
HOST2GUC_ACTION_ENTER_S_STATE = 0x501,
HOST2GUC_ACTION_EXIT_S_STATE = 0x502,
HOST2GUC_ACTION_SLPC_REQUEST = 0x3003,
+ HOST2GUC_ACTION_AUTHENTICATE_HUC = 0x4000,
HOST2GUC_ACTION_LIMIT
};
diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c b/drivers/gpu/drm/i915/intel_guc_loader.c
index 834073f..9be84bb5 100644
--- a/drivers/gpu/drm/i915/intel_guc_loader.c
+++ b/drivers/gpu/drm/i915/intel_guc_loader.c
@@ -509,6 +509,8 @@ int intel_guc_setup(struct drm_device *dev)
intel_uc_fw_status_repr(guc_fw->fetch_status),
intel_uc_fw_status_repr(guc_fw->load_status));
+ intel_huc_auth(dev);
+
if (i915.enable_guc_submission) {
err = i915_guc_submission_enable(dev_priv);
if (err)
--
1.9.1
More information about the Intel-gfx
mailing list