[Nouveau] [PATCH v2 3/5] gr: support for securely-booted FECS firmware

Alexandre Courbot acourbot at nvidia.com
Sun Jan 17 22:10:45 PST 2016


Trigger the loading of FECS/GPCCS using secure boot if required, and
start managed falcons using the CPUCTL_ALIAS register since CPUCTL is
protected in that case.

This solution (doing secure boot in GR) is temporary. In the future the
PMU firmware will be able to reboot falcons on demand, but this requires
the PMU firmware to be released first. This solution at least allows GR
to be enabled.

Signed-off-by: Alexandre Courbot <acourbot at nvidia.com>
---
 drm/nouveau/nvkm/engine/gr/gf100.c | 46 +++++++++++++++++++++++++++++++-------
 1 file changed, 38 insertions(+), 8 deletions(-)

diff --git a/drm/nouveau/nvkm/engine/gr/gf100.c b/drm/nouveau/nvkm/engine/gr/gf100.c
index f2410aff07cf..a09859491670 100644
--- a/drm/nouveau/nvkm/engine/gr/gf100.c
+++ b/drm/nouveau/nvkm/engine/gr/gf100.c
@@ -28,6 +28,7 @@
 #include <core/client.h>
 #include <core/option.h>
 #include <core/firmware.h>
+#include <subdev/secboot.h>
 #include <subdev/fb.h>
 #include <subdev/mc.h>
 #include <subdev/pmu.h>
@@ -1428,21 +1429,46 @@ gf100_gr_init_ctxctl(struct gf100_gr *gr)
 	const struct gf100_grctx_func *grctx = gr->func->grctx;
 	struct nvkm_subdev *subdev = &gr->base.engine.subdev;
 	struct nvkm_device *device = subdev->device;
+	u32 sec_flcns = 0;
+	int ret = 0;
 	int i;
 
 	if (gr->firmware) {
 		/* load fuc microcode */
 		nvkm_mc_unk260(device->mc, 0);
-		gf100_gr_init_fw(gr, 0x409000, &gr->fuc409c, &gr->fuc409d);
-		gf100_gr_init_fw(gr, 0x41a000, &gr->fuc41ac, &gr->fuc41ad);
+
+		/* securely-managed falcons must be reset using secure boot */
+		if (nvkm_secboot_is_managed(device, NVKM_SECBOOT_FALCON_FECS))
+			sec_flcns |= BIT(NVKM_SECBOOT_FALCON_FECS);
+		else
+			gf100_gr_init_fw(gr, 0x409000, &gr->fuc409c,
+					 &gr->fuc409d);
+		if (nvkm_secboot_is_managed(device, NVKM_SECBOOT_FALCON_GPCCS))
+			sec_flcns |= BIT(NVKM_SECBOOT_FALCON_GPCCS);
+		else
+			gf100_gr_init_fw(gr, 0x41a000, &gr->fuc41ac,
+					 &gr->fuc41ad);
+		if (sec_flcns)
+			ret = nvkm_secboot_reset(device->secboot, sec_flcns);
+		if (ret)
+			return ret;
+
 		nvkm_mc_unk260(device->mc, 1);
 
 		/* start both of them running */
 		nvkm_wr32(device, 0x409840, 0xffffffff);
 		nvkm_wr32(device, 0x41a10c, 0x00000000);
 		nvkm_wr32(device, 0x40910c, 0x00000000);
-		nvkm_wr32(device, 0x41a100, 0x00000002);
-		nvkm_wr32(device, 0x409100, 0x00000002);
+
+		/* Use FALCON_CPUCTL_ALIAS if falcon is in secure mode */
+		if (nvkm_rd32(device, 0x41a100) & 0x40)
+			nvkm_wr32(device, 0x41a130, 0x00000002);
+		else
+			nvkm_wr32(device, 0x41a100, 0x00000002);
+		if (nvkm_rd32(device, 0x409100) & 0x40)
+			nvkm_wr32(device, 0x409130, 0x00000002);
+		else
+			nvkm_wr32(device, 0x409100, 0x00000002);
 		if (nvkm_msec(device, 2000,
 			if (nvkm_rd32(device, 0x409800) & 0x00000001)
 				break;
@@ -1753,10 +1779,14 @@ gf100_gr_ctor(const struct gf100_gr_func *func, struct nvkm_device *device,
 
 	if (gr->firmware) {
 		nvkm_info(&gr->base.engine.subdev, "using external firmware\n");
-		if (gf100_gr_ctor_fw(gr, "fecs_inst", &gr->fuc409c) ||
-		    gf100_gr_ctor_fw(gr, "fecs_data", &gr->fuc409d) ||
-		    gf100_gr_ctor_fw(gr, "gpccs_inst", &gr->fuc41ac) ||
-		    gf100_gr_ctor_fw(gr, "gpccs_data", &gr->fuc41ad))
+		if (!nvkm_secboot_is_managed(device, NVKM_SECBOOT_FALCON_FECS)
+		     && (gf100_gr_ctor_fw(gr, "fecs_inst", &gr->fuc409c) ||
+			 gf100_gr_ctor_fw(gr, "fecs_data", &gr->fuc409d)))
+			return -ENODEV;
+
+		if (!nvkm_secboot_is_managed(device, NVKM_SECBOOT_FALCON_GPCCS)
+		     && (gf100_gr_ctor_fw(gr, "gpccs_inst", &gr->fuc41ac) ||
+			 gf100_gr_ctor_fw(gr, "gpccs_data", &gr->fuc41ad)))
 			return -ENODEV;
 	}
 
-- 
2.7.0



More information about the Nouveau mailing list