[Intel-gfx] [PATCH 7/8] drm/i915/huc: Support HuC authentication
Srivatsa, Anusha
anusha.srivatsa at intel.com
Fri Jan 13 18:19:53 UTC 2017
>-----Original Message-----
>From: Wajdeczko, Michal
>Sent: Friday, January 13, 2017 10:18 AM
>To: Srivatsa, Anusha <anusha.srivatsa at intel.com>
>Cc: intel-gfx at lists.freedesktop.org; Chris Wilson <chris at chris-wilson.co.uk>;
>Hiler, Arkadiusz <arkadiusz.hiler at intel.com>; Alex Dai <yu.dai at intel.com>; Peter
>Antoine <peter.antoine at intel.com>
>Subject: Re: [PATCH 7/8] drm/i915/huc: Support HuC authentication
>
>On Fri, Jan 13, 2017 at 10:08:42AM -0800, Anusha Srivatsa wrote:
>> The HuC authentication is done by host2guc call. The HuC RSA keys are
>> sent to GuC for authentication.
>>
>> v2: rebased on top of drm-tip. Changed name format and upped version
>> 1.7.
>> v3: changed wait_for_atomic to wait_for
>> v4: rebased. Rename intel_huc_auh() to intel_guc_auth_huc() and place
>> the prototype in intel_guc.h,correct the comments.
>> v5: rebased. Moved intel_guc_auth_huc from i915_guc_submission.c to
>> intel_uc.c.Update dev to dev_priv in intel_guc_auth_huc().
>> Renamed HOST2GUC_ACTION_AUTHENTICATE_HUC TO INTEL_GUC_ACTION_
>> AUTHENTICATE_HUC
>> v6: rebased. Add newline on DRM_ERRORs that already dont have one.
>> v7: rebased. Replace wait_for with intel_wait_for_register() since the
>> latter employs sleep optimisations for quick responses- as pointed out
>> by Chris Wilson.
>> v8: rebased. Cleanup the intel_guc_auth_huc() by removing checks
>> already performed in earlier functions. Make comments more descriptive.
>> v9: rebased. Changed the bias for pinning the HuC object. Move
>> intel_guc_auth_huc() to intel_huc.c. Change DRM_DEBUGs to DRM_ERRORs
>> in intel_guc_auth_huc(). Add return status to DRM_ERRORs.
>> v10: Replace DRM_ERROR with DRM_INFO for cases that are non-
>> erroneous.
>>
>> Cc: Chris Wilson <chris at chris-wilson.co.uk>
>> Cc: Arkadiusz Hiler <arkadiusz.hiler at intel.com>
>> Cc: Michal Wajdeczko <michal.wajdeczko at intel.com>
>> Tested-by: Xiang Haihao <haihao.xiang at intel.com>
>> Signed-off-by: Anusha Srivatsa <anusha.srivatsa at intel.com>
>> Signed-off-by: Alex Dai <yu.dai at intel.com>
>> Signed-off-by: Peter Antoine <peter.antoine at intel.com>
>> ---
>> drivers/gpu/drm/i915/intel_guc_fwif.h | 1 +
>> drivers/gpu/drm/i915/intel_guc_loader.c | 2 ++
>> drivers/gpu/drm/i915/intel_huc.c | 53
>+++++++++++++++++++++++++++++++++
>> drivers/gpu/drm/i915/intel_uc.h | 1 +
>> 4 files changed, 57 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h
>> b/drivers/gpu/drm/i915/intel_guc_fwif.h
>> index ed1ab40..25691f0 100644
>> --- a/drivers/gpu/drm/i915/intel_guc_fwif.h
>> +++ b/drivers/gpu/drm/i915/intel_guc_fwif.h
>> @@ -505,6 +505,7 @@ enum intel_guc_action {
>> INTEL_GUC_ACTION_ENTER_S_STATE = 0x501,
>> INTEL_GUC_ACTION_EXIT_S_STATE = 0x502,
>> INTEL_GUC_ACTION_SLPC_REQUEST = 0x3003,
>> + INTEL_GUC_ACTION_AUTHENTICATE_HUC = 0x4000,
>> INTEL_GUC_ACTION_UK_LOG_ENABLE_LOGGING = 0x0E000,
>> INTEL_GUC_ACTION_LIMIT
>> };
>> diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c
>> b/drivers/gpu/drm/i915/intel_guc_loader.c
>> index 527558f..bb127a4 100644
>> --- a/drivers/gpu/drm/i915/intel_guc_loader.c
>> +++ b/drivers/gpu/drm/i915/intel_guc_loader.c
>> @@ -530,6 +530,8 @@ int intel_guc_setup(struct drm_i915_private *dev_priv)
>> intel_uc_fw_status_repr(guc_fw->fetch_status),
>> intel_uc_fw_status_repr(guc_fw->load_status));
>>
>> + intel_guc_auth_huc(dev_priv);
>> +
>> if (i915.enable_guc_submission) {
>> if (i915.guc_log_level >= 0)
>> gen9_enable_guc_interrupts(dev_priv);
>> diff --git a/drivers/gpu/drm/i915/intel_huc.c
>> b/drivers/gpu/drm/i915/intel_huc.c
>> index 8b84ba8..4ae34b5 100644
>> --- a/drivers/gpu/drm/i915/intel_huc.c
>> +++ b/drivers/gpu/drm/i915/intel_huc.c
>> @@ -284,3 +284,56 @@ void intel_huc_fini(struct drm_i915_private *dev_priv)
>> huc_fw->fetch_status = INTEL_UC_FIRMWARE_NONE; }
>>
>> +/**
>> + * intel_guc_auth_huc() - authenticate ucode
>> + * @dev_priv: the drm_i915_device
>> + *
>> + * Triggers a HuC fw authentication request to the GuC via
>> +intel_guc_action_
>> + * authenticate_huc interface.
>> + */
>> +void intel_guc_auth_huc(struct drm_i915_private *dev_priv) {
>> + struct intel_guc *guc = &dev_priv->guc;
>> + struct intel_huc *huc = &dev_priv->huc;
>> + struct i915_vma *vma;
>> + int ret;
>> + u32 data[2];
>> +
>> + vma = i915_gem_object_ggtt_pin(huc->fw.obj, NULL, 0, 0,
>> + PIN_OFFSET_BIAS | GUC_WOPCM_TOP);
>> + if (IS_ERR(vma)) {
>> + DRM_ERROR("failed to pin huc fw object %d\n",
>
>Maybe this message should start with "HuC:" to match other error messages used
>below ? Anyway,
>
>Reviewed-by: Michal Wajdeczko <michal.wajdeczko.intel.com>
Thanks a lot Michal!
>Thanks,
>Michal
>
>
>> + (int)PTR_ERR(vma));
>> + return;
>> + }
>> +
>> + /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */
>> + I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE);
>> +
>> + /* Specify auth action and where public signature is. */
>> + data[0] = INTEL_GUC_ACTION_AUTHENTICATE_HUC;
>> + data[1] = i915_ggtt_offset(vma) + huc->fw.rsa_offset;
>> +
>> + ret = intel_guc_send(guc, data, ARRAY_SIZE(data));
>> + if (ret) {
>> + DRM_ERROR("HuC: GuC did not ack Auth request %d\n", ret);
>> + goto out;
>> + }
>> +
>> + /* Check authentication status, it should be done by now */
>> + ret = intel_wait_for_register(dev_priv,
>> + HUC_STATUS2,
>> + HUC_FW_VERIFIED,
>> + HUC_FW_VERIFIED,
>> + 50);
>> +
>> + if (ret) {
>> + DRM_ERROR("HuC: Authentication failed %d\n", ret);
>> + goto out;
>> + }
>> +
>> + DRM_INFO("HuC Authentication Successful!\n");
>> +out:
>> + i915_vma_unpin(vma);
>> +}
>> +
>> diff --git a/drivers/gpu/drm/i915/intel_uc.h
>> b/drivers/gpu/drm/i915/intel_uc.h index 65c7d6e..27f8b6f 100644
>> --- a/drivers/gpu/drm/i915/intel_uc.h
>> +++ b/drivers/gpu/drm/i915/intel_uc.h
>> @@ -227,5 +227,6 @@ static inline u32 guc_ggtt_offset(struct i915_vma
>> *vma) void intel_huc_init(struct drm_i915_private *dev_priv); void
>> intel_huc_fini(struct drm_i915_private *dev_priv); int
>> intel_huc_load(struct drm_i915_private *dev_priv);
>> +void intel_guc_auth_huc(struct drm_i915_private *dev_priv);
>>
>> #endif
>> --
>> 2.7.4
>>
More information about the Intel-gfx
mailing list