[Intel-gfx] [PATCH 7/8] drm/i915/huc: Support HuC authentication
Anusha Srivatsa
anusha.srivatsa at intel.com
Wed Jan 4 14:55:54 UTC 2017
From: Peter Antoine <peter.antoine at intel.com>
The HuC authentication is done by host2guc call. The HuC RSA keys
are sent to GuC for authentication.
v2: rebased on top of drm-intel-nightly.
changed name format and upped version 1.7.
v3: rebased on top of drm-intel-nightly.
v4: changed wait_for_automic to wait_for
v5: rebased.
v7: rebased.
v8: rebased.
v9: rebased. Rename intel_huc_auh() to intel_guc_auth_huc()
and place the prototype in intel_guc.h,correct the comments.
v10: rebased.
v11: rebased.
v12: rebased on top of drm-tip
v13: rebased. Moved intel_guc_auth_huc from i915_guc_submission.c
to intel_uc.c.Update dev to dev_priv in intel_guc_auth_huc().
Renamed HOST2GUC_ACTION_AUTHENTICATE_HUC TO INTEL_GUC_ACTION_
AUTHENTICATE_HUC
v14: rebased.
v15: rebased. Add newline on DRM_ERRORs that already dont have one.
v16: rebased. Replace wait_for with intel_wait_for_register() since
the latter employs sleep optimisations for quick responses- as pointed
out by Chris Wilson.
Cc: Chris Wilson <chris at chris-wilson.co.uk>
Cc: Arkadiusz Hiler <arkadiusz.hiler at intel.com>
Cc: Michal Wajdeczko <michal.wajdecko at intel.com>
Tested-by: Xiang Haihao <haihao.xiang at intel.com>
Signed-off-by: Anusha Srivatsa <anusha.srivatsa at intel.com>
Signed-off-by: Alex Dai <yu.dai at intel.com>
Signed-off-by: Peter Antoine <peter.antoine at intel.com>
---
drivers/gpu/drm/i915/intel_guc_fwif.h | 1 +
drivers/gpu/drm/i915/intel_guc_loader.c | 2 +
drivers/gpu/drm/i915/intel_uc.c | 70 ++++++++++++++++++++++++++++++++-
drivers/gpu/drm/i915/intel_uc.h | 1 +
4 files changed, 72 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h b/drivers/gpu/drm/i915/intel_guc_fwif.h
index ed1ab40..ce4e05e 100644
--- a/drivers/gpu/drm/i915/intel_guc_fwif.h
+++ b/drivers/gpu/drm/i915/intel_guc_fwif.h
@@ -506,6 +506,7 @@ enum intel_guc_action {
INTEL_GUC_ACTION_EXIT_S_STATE = 0x502,
INTEL_GUC_ACTION_SLPC_REQUEST = 0x3003,
INTEL_GUC_ACTION_UK_LOG_ENABLE_LOGGING = 0x0E000,
+ INTEL_GUC_ACTION_AUTHENTICATE_HUC = 0x4000,
INTEL_GUC_ACTION_LIMIT
};
diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c b/drivers/gpu/drm/i915/intel_guc_loader.c
index ed57ab3..0508054 100644
--- a/drivers/gpu/drm/i915/intel_guc_loader.c
+++ b/drivers/gpu/drm/i915/intel_guc_loader.c
@@ -529,6 +529,8 @@ int intel_guc_setup(struct drm_i915_private *dev_priv)
intel_uc_fw_status_repr(guc_fw->fetch_status),
intel_uc_fw_status_repr(guc_fw->load_status));
+ intel_guc_auth_huc(dev_priv);
+
if (i915.enable_guc_submission) {
if (i915.guc_log_level >= 0)
gen9_enable_guc_interrupts(dev_priv);
diff --git a/drivers/gpu/drm/i915/intel_uc.c b/drivers/gpu/drm/i915/intel_uc.c
index c6be352..d1a4d79 100644
--- a/drivers/gpu/drm/i915/intel_uc.c
+++ b/drivers/gpu/drm/i915/intel_uc.c
@@ -46,7 +46,7 @@ static bool intel_guc_recv(struct intel_guc *guc, u32 *status)
int intel_guc_send(struct intel_guc *guc, const u32 *action, u32 len)
{
struct drm_i915_private *dev_priv = guc_to_i915(guc);
- u32 status;
+ u32 status = 0;
int i;
int ret;
@@ -71,7 +71,11 @@ int intel_guc_send(struct intel_guc *guc, const u32 *action, u32 len)
* up to that length of time, then switch to a slower sleep-wait loop.
* No inte_guc_send command should ever take longer than 10ms.
*/
- ret = wait_for_us(intel_guc_recv(guc, &status), 10);
+ ret = intel_wait_for_register(dev_priv,
+ HUC_STATUS2,
+ HUC_FW_VERIFIED,
+ HUC_FW_VERIFIED,
+ 50);
if (ret)
ret = wait_for(intel_guc_recv(guc, &status), 10);
if (status != INTEL_GUC_STATUS_SUCCESS) {
@@ -140,3 +144,65 @@ int intel_guc_log_control(struct intel_guc *guc, u32 control_val)
return intel_guc_send(guc, action, ARRAY_SIZE(action));
}
+
+/**
+ * intel_guc_auth_huc() - authenticate ucode
+ * @dev_priv: the drm_i915_device
+ *
+ * Triggers a HuC fw authentication request to the GuC via intel_guc_action_
+ * authenticate_huc interface.
+ * interface.
+ */
+void intel_guc_auth_huc(struct drm_i915_private *dev_priv)
+{
+ struct intel_guc *guc = &dev_priv->guc;
+ struct intel_huc *huc = &dev_priv->huc;
+ struct i915_vma *vma;
+ int ret;
+ u32 data[2];
+
+ /* Bypass the case where there is no HuC firmware */
+ if (huc->fw.fetch_status == INTEL_UC_FIRMWARE_NONE ||
+ huc->fw.load_status == INTEL_UC_FIRMWARE_NONE)
+ return;
+
+ if (guc->fw.load_status != INTEL_UC_FIRMWARE_SUCCESS) {
+ DRM_ERROR("HuC: GuC fw wasn't loaded. Can't authenticate\n");
+ return;
+ }
+
+ if (huc->fw.load_status != INTEL_UC_FIRMWARE_SUCCESS) {
+ DRM_ERROR("HuC: fw wasn't loaded. Nothing to authenticate\n");
+ return;
+ }
+
+ vma = i915_gem_object_ggtt_pin(huc->fw.obj, NULL, 0, 0, 0);
+ if (IS_ERR(vma)) {
+ DRM_DEBUG_DRIVER("pin failed %d\n", (int)PTR_ERR(vma));
+ return;
+ }
+
+
+ /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */
+ I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE);
+
+ /* Specify auth action and where public signature is. */
+ data[0] = INTEL_GUC_ACTION_AUTHENTICATE_HUC;
+ data[1] = i915_ggtt_offset(vma) + huc->fw.rsa_offset;
+
+ ret = intel_guc_send(guc, data, ARRAY_SIZE(data));
+ if (ret) {
+ DRM_ERROR("HuC: GuC did not ack Auth request\n");
+ goto out;
+ }
+
+ /* Check authentication status, it should be done by now */
+ ret = wait_for((I915_READ(HUC_STATUS2) & HUC_FW_VERIFIED) > 0, 50);
+ if (ret) {
+ DRM_ERROR("HuC: Authentication failed\n");
+ goto out;
+ }
+
+out:
+ i915_vma_unpin(vma);
+}
diff --git a/drivers/gpu/drm/i915/intel_uc.h b/drivers/gpu/drm/i915/intel_uc.h
index 7df57c1..6ba56e18 100644
--- a/drivers/gpu/drm/i915/intel_uc.h
+++ b/drivers/gpu/drm/i915/intel_uc.h
@@ -193,6 +193,7 @@ int intel_guc_sample_forcewake(struct intel_guc *guc);
int intel_guc_log_flush_complete(struct intel_guc *guc);
int intel_guc_log_flush(struct intel_guc *guc);
int intel_guc_log_control(struct intel_guc *guc, u32 control_val);
+void intel_guc_auth_huc(struct drm_i915_private *dev_priv);
/* intel_guc_loader.c */
extern void intel_guc_init(struct drm_i915_private *dev_priv);
--
2.7.4
More information about the Intel-gfx
mailing list