[Nouveau] [PATCH 0/3] nouveau: core: gm20b: basic support for secure boot

Alexandre Courbot acourbot at nvidia.com
Sun Oct 25 22:43:19 PDT 2015 

At long last, I wrapped my head around the yard thread that is our downstream
secure boot code and here is a version that is hopefully easier to review.

Patch 1 includes the core secure boot support, which is the ability to load
NVIDIA-signed firmware into secure falcons. With this series, only FECS is
handled but the framework is here to add support for other falcons. I am still
struggling to try and release all firmwares in the same format so they can be
loaded the same way, but am not sure yet whether this will be possible - in the
worst case we will have different loading functions.

Patch 2 adds the ability for GR to start secure boot in order to load the FECS
falcon, and patch 3 turns the right flags in GM20B support to make it happen
for that chip. This series is tested and confirmed to work on GM20B.

Future work that will be based on this series:
- dGPU support: processes for dGPU and Tegra are mostly identical, but with
  a few differences (notably in the way the WPR region is managed). I will
  finish dGPU support once we have solved the issue of reliably producing
  publicly-releasable firmware files for dGPU Maxwell chips.

- Support for other falcons: PMU in particular also needs to be securely booted,
  so does GPCCS for dGPU. These are on hold for now because...

- ... secure boot is currently initiated by GR: secure boot loads all the
  firmwares on all managed falcons, so the current process of having it started
  by GR init will not scale as we manage more falcons. We are discussing this
  issue internally but it would be nice to have thoughts from Nouveau as well.

I hope this base is sane for merging - otherwise please let me know of issues
so we can move this forward!

Thanks,
Alex.

Alexandre Courbot (3):
  core: add support for secure boot
  gr: support for securely-booted FECS firmware
  gm20b: secure-boot FECS falcon

 drm/nouveau/include/nvkm/core/device.h      |   10 +
 drm/nouveau/include/nvkm/core/secure_boot.h |   52 +
 drm/nouveau/nvkm/core/Kbuild                |    1 +
 drm/nouveau/nvkm/core/secure_boot.c         | 1737 +++++++++++++++++++++++++++
 drm/nouveau/nvkm/engine/device/base.c       |   13 +
 drm/nouveau/nvkm/engine/gr/gf100.c          |   56 +-
 drm/nouveau/nvkm/engine/gr/gm20b.c          |    6 +-
 7 files changed, 1861 insertions(+), 14 deletions(-)
 create mode 100644 drm/nouveau/include/nvkm/core/secure_boot.h
 create mode 100644 drm/nouveau/nvkm/core/secure_boot.c

-- 
2.6.1

More information about the Nouveau mailing list