[Nouveau] [PATCH v4 7/33] secboot: generate HS BL descriptor in hook
Alexandre Courbot
acourbot at nvidia.com
Mon Nov 21 08:29:04 UTC 2016
Use the HS hook to completely generate the HS BL descriptor, similarly
to what is done in the LS hook, instead of (arbitrarily) using the
acr_v1 format as an intermediate.
This allows us to make the bootloader descriptor structures private to
each implementation, resulting in a cleaner an more consistent design.
Signed-off-by: Alexandre Courbot <acourbot at nvidia.com>
---
drm/nouveau/nvkm/subdev/secboot/gm200.c | 177 ++++++++++++-------------
drm/nouveau/nvkm/subdev/secboot/gm20b.c | 43 ++----
drm/nouveau/nvkm/subdev/secboot/priv.h | 71 ++++------
3 files changed, 137 insertions(+), 154 deletions(-)
diff --git a/drm/nouveau/nvkm/subdev/secboot/gm200.c b/drm/nouveau/nvkm/subdev/secboot/gm200.c
index e82aee5c5ae7..3d4ae8324547 100644
--- a/drm/nouveau/nvkm/subdev/secboot/gm200.c
+++ b/drm/nouveau/nvkm/subdev/secboot/gm200.c
@@ -174,21 +174,45 @@ struct hsf_fw_header {
u32 hdr_size;
};
+
/**
- * struct hsf_load_header - HS firmware load header
+ * struct gm200_flcn_bl_desc - DMEM bootloader descriptor
+ * @signature: 16B signature for secure code. 0s if no secure code
+ * @ctx_dma: DMA context to be used by BL while loading code/data
+ * @code_dma_base: 256B-aligned Physical FB Address where code is located
+ * (falcon's $xcbase register)
+ * @non_sec_code_off: offset from code_dma_base where the non-secure code is
+ * located. The offset must be multiple of 256 to help perf
+ * @non_sec_code_size: the size of the nonSecure code part.
+ * @sec_code_off: offset from code_dma_base where the secure code is
+ * located. The offset must be multiple of 256 to help perf
+ * @sec_code_size: offset from code_dma_base where the secure code is
+ * located. The offset must be multiple of 256 to help perf
+ * @code_entry_point: code entry point which will be invoked by BL after
+ * code is loaded.
+ * @data_dma_base: 256B aligned Physical FB Address where data is located.
+ * (falcon's $xdbase register)
+ * @data_size: size of data block. Should be multiple of 256B
+ *
+ * Structure used by the bootloader to load the rest of the code. This has
+ * to be filled by host and copied into DMEM at offset provided in the
+ * hsflcn_bl_desc.bl_desc_dmem_load_off.
*/
-struct hsf_load_header {
+struct gm200_flcn_bl_desc {
+ u32 reserved[4];
+ u32 signature[4];
+ u32 ctx_dma;
+ struct flcn_u64 code_dma_base;
u32 non_sec_code_off;
u32 non_sec_code_size;
- u32 data_dma_base;
+ u32 sec_code_off;
+ u32 sec_code_size;
+ u32 code_entry_point;
+ struct flcn_u64 data_dma_base;
u32 data_size;
- u32 num_apps;
- struct {
- u32 sec_code_off;
- u32 sec_code_size;
- } app[0];
};
+
/**
* Convenience function to duplicate a firmware file in memory and check that
* it has the required minimum size.
@@ -739,39 +763,6 @@ gm200_secboot_hsf_patch_signature(struct gm200_secboot *gsb, void *acr_image)
}
/**
- * gm200_secboot_populate_hsf_bl_desc() - populate BL descriptor for HS image
- */
-static void
-gm200_secboot_populate_hsf_bl_desc(void *acr_image,
- struct gm200_flcn_bl_desc *bl_desc)
-{
- struct fw_bin_header *hsbin_hdr = acr_image;
- struct hsf_fw_header *fw_hdr = acr_image + hsbin_hdr->header_offset;
- struct hsf_load_header *load_hdr = acr_image + fw_hdr->hdr_offset;
-
- /*
- * Descriptor for the bootloader that will load the ACR image into
- * IMEM/DMEM memory.
- */
- fw_hdr = acr_image + hsbin_hdr->header_offset;
- load_hdr = acr_image + fw_hdr->hdr_offset;
- memset(bl_desc, 0, sizeof(*bl_desc));
- bl_desc->ctx_dma = FALCON_DMAIDX_VIRT;
- bl_desc->non_sec_code_off = load_hdr->non_sec_code_off;
- bl_desc->non_sec_code_size = load_hdr->non_sec_code_size;
- bl_desc->sec_code_off = load_hdr->app[0].sec_code_off;
- bl_desc->sec_code_size = load_hdr->app[0].sec_code_size;
- bl_desc->code_entry_point = 0;
- /*
- * We need to set code_dma_base to the virtual address of the acr_blob,
- * and add this address to data_dma_base before writing it into DMEM
- */
- bl_desc->code_dma_base.lo = 0;
- bl_desc->data_dma_base.lo = load_hdr->data_dma_base;
- bl_desc->data_size = load_hdr->data_size;
-}
-
-/**
* struct hsflcn_acr_desc - data section of the HS firmware
*
* This header is to be copied at the beginning of DMEM by the HS bootloader.
@@ -846,37 +837,44 @@ gm200_secboot_fixup_hs_desc(struct gm200_secboot *gsb,
static int
gm200_secboot_prepare_hs_blob(struct gm200_secboot *gsb, const char *fw,
struct nvkm_gpuobj **blob,
- struct gm200_flcn_bl_desc *bl_desc, bool patch)
+ struct hsf_load_header *load_header, bool patch)
{
struct nvkm_subdev *subdev = &gsb->base.subdev;
void *acr_image;
struct fw_bin_header *hsbin_hdr;
struct hsf_fw_header *fw_hdr;
- void *acr_data;
struct hsf_load_header *load_hdr;
- struct hsflcn_acr_desc *desc;
+ void *acr_data;
int ret;
acr_image = gm200_secboot_load_firmware(subdev, fw, 0);
if (IS_ERR(acr_image))
return PTR_ERR(acr_image);
+
hsbin_hdr = acr_image;
+ fw_hdr = acr_image + hsbin_hdr->header_offset;
+ load_hdr = acr_image + fw_hdr->hdr_offset;
+ acr_data = acr_image + hsbin_hdr->data_offset;
/* Patch signature */
gm200_secboot_hsf_patch_signature(gsb, acr_image);
- acr_data = acr_image + hsbin_hdr->data_offset;
-
/* Patch descriptor with WPR information? */
if (patch) {
- fw_hdr = acr_image + hsbin_hdr->header_offset;
- load_hdr = acr_image + fw_hdr->hdr_offset;
+ struct hsflcn_acr_desc *desc;
+
desc = acr_data + load_hdr->data_dma_base;
gm200_secboot_fixup_hs_desc(gsb, desc);
}
- /* Generate HS BL descriptor */
- gm200_secboot_populate_hsf_bl_desc(acr_image, bl_desc);
+ if (load_hdr->num_apps > GM200_ACR_MAX_APPS) {
+ nvkm_error(subdev, "more apps (%d) than supported (%d)!",
+ load_hdr->num_apps, GM200_ACR_MAX_APPS);
+ ret = -EINVAL;
+ goto cleanup;
+ }
+ memcpy(load_header, load_hdr, sizeof(*load_header) +
+ (sizeof(load_hdr->app[0]) * load_hdr->num_apps));
/* Create ACR blob and copy HS data to it */
ret = nvkm_gpuobj_new(subdev->device, ALIGN(hsbin_hdr->data_size, 256),
@@ -937,7 +935,7 @@ gm20x_secboot_prepare_blobs(struct gm200_secboot *gsb)
if (!gsb->acr_load_blob) {
ret = gm200_secboot_prepare_hs_blob(gsb, "acr/ucode_load",
&gsb->acr_load_blob,
- &gsb->acr_load_bl_desc, true);
+ &gsb->load_bl_header, true);
if (ret)
return ret;
}
@@ -965,7 +963,7 @@ gm200_secboot_prepare_blobs(struct gm200_secboot *gsb)
if (!gsb->acr_unload_blob) {
ret = gm200_secboot_prepare_hs_blob(gsb, "acr/ucode_unload",
&gsb->acr_unload_blob,
- &gsb->acr_unload_bl_desc, false);
+ &gsb->unload_bl_header, false);
if (ret)
return ret;
}
@@ -1086,35 +1084,37 @@ gm200_secboot_setup_falcon(struct gm200_secboot *gsb)
* gm200_secboot_run_hs_blob() - run the given high-secure blob
*/
static int
-gm200_secboot_run_hs_blob(struct gm200_secboot *gsb, struct nvkm_gpuobj *blob,
- struct gm200_flcn_bl_desc *desc)
+gm200_secboot_run_hs_blob(struct gm200_secboot *gsb, struct nvkm_gpuobj *blob)
{
struct nvkm_vma vma;
- u64 vma_addr;
const u32 bl_desc_size = gsb->func->bl_desc_size;
+ const struct hsf_load_header *load_hdr;
u8 bl_desc[bl_desc_size];
int ret;
+ /* Find the bootloader descriptor for our blob and copy it */
+ if (blob == gsb->acr_load_blob) {
+ load_hdr = &gsb->load_bl_header;
+
+ } else if (blob == gsb->acr_unload_blob) {
+ load_hdr = &gsb->unload_bl_header;
+ } else {
+ nvkm_error(&gsb->base.subdev, "invalid secure boot blob!\n");
+ return -EINVAL;
+ }
+
/* Map the HS firmware so the HS bootloader can see it */
ret = nvkm_gpuobj_map(blob, gsb->vm, NV_MEM_ACCESS_RW, &vma);
if (ret)
return ret;
- /* Add the mapping address to the DMA bases */
- vma_addr = flcn64_to_u64(desc->code_dma_base) + vma.offset;
- desc->code_dma_base.lo = lower_32_bits(vma_addr);
- desc->code_dma_base.hi = upper_32_bits(vma_addr);
- vma_addr = flcn64_to_u64(desc->data_dma_base) + vma.offset;
- desc->data_dma_base.lo = lower_32_bits(vma_addr);
- desc->data_dma_base.hi = upper_32_bits(vma_addr);
-
- /* Fixup the BL header */
- gsb->func->fixup_bl_desc(desc, &bl_desc);
+ /* Generate the BL header */
+ gsb->func->generate_bl_desc(load_hdr, bl_desc, vma.offset);
/* Reset the falcon and make it ready to run the HS bootloader */
ret = gm200_secboot_setup_falcon(gsb);
if (ret)
- goto done;
+ goto end;
/* Load the HS bootloader into the falcon's IMEM/DMEM */
gm200_secboot_load_hs_bl(gsb, &bl_desc, bl_desc_size);
@@ -1122,17 +1122,9 @@ gm200_secboot_run_hs_blob(struct gm200_secboot *gsb, struct nvkm_gpuobj *blob,
/* Start the HS bootloader */
ret = nvkm_secboot_falcon_run(&gsb->base);
if (ret)
- goto done;
-
-done:
- /* Restore the original DMA addresses */
- vma_addr = flcn64_to_u64(desc->code_dma_base) - vma.offset;
- desc->code_dma_base.lo = lower_32_bits(vma_addr);
- desc->code_dma_base.hi = upper_32_bits(vma_addr);
- vma_addr = flcn64_to_u64(desc->data_dma_base) - vma.offset;
- desc->data_dma_base.lo = lower_32_bits(vma_addr);
- desc->data_dma_base.hi = upper_32_bits(vma_addr);
+ goto end;
+end:
/* We don't need the ACR firmware anymore */
nvkm_gpuobj_unmap(&vma);
@@ -1171,15 +1163,13 @@ gm200_secboot_reset(struct nvkm_secboot *sb, enum nvkm_falconidx falcon)
/* If WPR is set and we have an unload blob, run it to unlock WPR */
if (gsb->acr_unload_blob &&
gsb->falcon_state[NVKM_FALCON_FECS] != NON_SECURE) {
- ret = gm200_secboot_run_hs_blob(gsb, gsb->acr_unload_blob,
- &gsb->acr_unload_bl_desc);
+ ret = gm200_secboot_run_hs_blob(gsb, gsb->acr_unload_blob);
if (ret)
return ret;
}
/* Reload all managed falcons */
- ret = gm200_secboot_run_hs_blob(gsb, gsb->acr_load_blob,
- &gsb->acr_load_bl_desc);
+ ret = gm200_secboot_run_hs_blob(gsb, gsb->acr_load_blob);
if (ret)
return ret;
@@ -1263,8 +1253,7 @@ gm200_secboot_fini(struct nvkm_secboot *sb, bool suspend)
/* Run the unload blob to unprotect the WPR region */
if (gsb->acr_unload_blob &&
gsb->falcon_state[NVKM_FALCON_FECS] != NON_SECURE)
- ret = gm200_secboot_run_hs_blob(gsb, gsb->acr_unload_blob,
- &gsb->acr_unload_bl_desc);
+ ret = gm200_secboot_run_hs_blob(gsb, gsb->acr_unload_blob);
for (i = 0; i < NVKM_FALCON_END; i++)
gsb->falcon_state[i] = NON_SECURE;
@@ -1303,21 +1292,29 @@ gm200_secboot = {
.boot_falcon = NVKM_FALCON_PMU,
};
-/**
- * gm200_fixup_bl_desc - just copy the BL descriptor
- *
- * Use the GM200 descriptor format by default.
- */
static void
-gm200_secboot_fixup_bl_desc(const struct gm200_flcn_bl_desc *desc, void *ret)
+gm200_secboot_generate_bl_desc(const struct hsf_load_header *hdr,
+ void *_bl_desc, u64 offset)
{
- memcpy(ret, desc, sizeof(*desc));
+ struct gm200_flcn_bl_desc *bl_desc = _bl_desc;
+
+ memset(bl_desc, 0, sizeof(*bl_desc));
+ bl_desc->ctx_dma = FALCON_DMAIDX_VIRT;
+ bl_desc->non_sec_code_off = hdr->non_sec_code_off;
+ bl_desc->non_sec_code_size = hdr->non_sec_code_size;
+ bl_desc->sec_code_off = hdr->app[0].sec_code_off;
+ bl_desc->sec_code_size = hdr->app[0].sec_code_size;
+ bl_desc->code_entry_point = 0;
+
+ bl_desc->code_dma_base = u64_to_flcn64(offset);
+ bl_desc->data_dma_base = u64_to_flcn64(offset + hdr->data_dma_base);
+ bl_desc->data_size = hdr->data_size;
}
static const struct gm200_secboot_func
gm200_secboot_func = {
.bl_desc_size = sizeof(struct gm200_flcn_bl_desc),
- .fixup_bl_desc = gm200_secboot_fixup_bl_desc,
+ .generate_bl_desc = gm200_secboot_generate_bl_desc,
.prepare_blobs = gm200_secboot_prepare_blobs,
};
diff --git a/drm/nouveau/nvkm/subdev/secboot/gm20b.c b/drm/nouveau/nvkm/subdev/secboot/gm20b.c
index d062ccc0166f..403b4d690902 100644
--- a/drm/nouveau/nvkm/subdev/secboot/gm20b.c
+++ b/drm/nouveau/nvkm/subdev/secboot/gm20b.c
@@ -87,41 +87,28 @@ gm20b_secboot_prepare_blobs(struct gm200_secboot *gsb)
return 0;
}
-/**
- * gm20b_secboot_fixup_bl_desc - adapt BL descriptor to format used by GM20B FW
- *
- * There is only a slight format difference (DMA addresses being 32-bits and
- * 256B-aligned) to address.
- */
static void
-gm20b_secboot_fixup_bl_desc(const struct gm200_flcn_bl_desc *desc, void *ret)
+gm20b_secboot_generate_bl_desc(const struct hsf_load_header *load_hdr,
+ void *_bl_desc, u64 offset)
{
- struct gm20b_flcn_bl_desc *gdesc = ret;
- u64 addr;
-
- memcpy(gdesc->reserved, desc->reserved, sizeof(gdesc->reserved));
- memcpy(gdesc->signature, desc->signature, sizeof(gdesc->signature));
- gdesc->ctx_dma = desc->ctx_dma;
- addr = desc->code_dma_base.hi;
- addr <<= 32;
- addr |= desc->code_dma_base.lo;
- gdesc->code_dma_base = lower_32_bits(addr >> 8);
- gdesc->non_sec_code_off = desc->non_sec_code_off;
- gdesc->non_sec_code_size = desc->non_sec_code_size;
- gdesc->sec_code_off = desc->sec_code_off;
- gdesc->sec_code_size = desc->sec_code_size;
- gdesc->code_entry_point = desc->code_entry_point;
- addr = desc->data_dma_base.hi;
- addr <<= 32;
- addr |= desc->data_dma_base.lo;
- gdesc->data_dma_base = lower_32_bits(addr >> 8);
- gdesc->data_size = desc->data_size;
+ struct gm20b_flcn_bl_desc *bl_desc = _bl_desc;
+
+ memset(bl_desc, 0, sizeof(*bl_desc));
+ bl_desc->ctx_dma = FALCON_DMAIDX_VIRT;
+ bl_desc->non_sec_code_off = load_hdr->non_sec_code_off;
+ bl_desc->non_sec_code_size = load_hdr->non_sec_code_size;
+ bl_desc->sec_code_off = load_hdr->app[0].sec_code_off;
+ bl_desc->sec_code_size = load_hdr->app[0].sec_code_size;
+ bl_desc->code_entry_point = 0;
+ bl_desc->code_dma_base = offset >> 8;
+ bl_desc->data_dma_base = (offset + load_hdr->data_dma_base) >> 8;
+ bl_desc->data_size = load_hdr->data_size;
}
static const struct gm200_secboot_func
gm20b_secboot_func = {
.bl_desc_size = sizeof(struct gm20b_flcn_bl_desc),
- .fixup_bl_desc = gm20b_secboot_fixup_bl_desc,
+ .generate_bl_desc = gm20b_secboot_generate_bl_desc,
.prepare_blobs = gm20b_secboot_prepare_blobs,
};
diff --git a/drm/nouveau/nvkm/subdev/secboot/priv.h b/drm/nouveau/nvkm/subdev/secboot/priv.h
index 2a4c4d5a3c90..1922422fd539 100644
--- a/drm/nouveau/nvkm/subdev/secboot/priv.h
+++ b/drm/nouveau/nvkm/subdev/secboot/priv.h
@@ -217,46 +217,39 @@ struct flcn_u64 {
u32 lo;
u32 hi;
};
+
static inline u64 flcn64_to_u64(const struct flcn_u64 f)
{
return ((u64)f.hi) << 32 | f.lo;
}
+static inline struct flcn_u64 u64_to_flcn64(u64 u)
+{
+ struct flcn_u64 ret;
+
+ ret.hi = upper_32_bits(u);
+ ret.lo = lower_32_bits(u);
+
+ return ret;
+}
+
+#define GM200_ACR_MAX_APPS 8
+
+struct hsf_load_header_app {
+ u32 sec_code_off;
+ u32 sec_code_size;
+};
+
/**
- * struct gm200_flcn_bl_desc - DMEM bootloader descriptor
- * @signature: 16B signature for secure code. 0s if no secure code
- * @ctx_dma: DMA context to be used by BL while loading code/data
- * @code_dma_base: 256B-aligned Physical FB Address where code is located
- * (falcon's $xcbase register)
- * @non_sec_code_off: offset from code_dma_base where the non-secure code is
- * located. The offset must be multiple of 256 to help perf
- * @non_sec_code_size: the size of the nonSecure code part.
- * @sec_code_off: offset from code_dma_base where the secure code is
- * located. The offset must be multiple of 256 to help perf
- * @sec_code_size: offset from code_dma_base where the secure code is
- * located. The offset must be multiple of 256 to help perf
- * @code_entry_point: code entry point which will be invoked by BL after
- * code is loaded.
- * @data_dma_base: 256B aligned Physical FB Address where data is located.
- * (falcon's $xdbase register)
- * @data_size: size of data block. Should be multiple of 256B
- *
- * Structure used by the bootloader to load the rest of the code. This has
- * to be filled by host and copied into DMEM at offset provided in the
- * hsflcn_bl_desc.bl_desc_dmem_load_off.
+ * struct hsf_load_header - HS firmware load header
*/
-struct gm200_flcn_bl_desc {
- u32 reserved[4];
- u32 signature[4];
- u32 ctx_dma;
- struct flcn_u64 code_dma_base;
+struct hsf_load_header {
u32 non_sec_code_off;
u32 non_sec_code_size;
- u32 sec_code_off;
- u32 sec_code_size;
- u32 code_entry_point;
- struct flcn_u64 data_dma_base;
+ u32 data_dma_base;
u32 data_size;
+ u32 num_apps;
+ struct hsf_load_header_app app[0];
};
/**
@@ -322,11 +315,17 @@ struct gm200_secboot {
* on Tegra the HS FW copies the LS blob into the fixed WPR instead
*/
struct nvkm_gpuobj *acr_load_blob;
- struct gm200_flcn_bl_desc acr_load_bl_desc;
+ struct {
+ struct hsf_load_header load_bl_header;
+ struct hsf_load_header_app __load_apps[GM200_ACR_MAX_APPS];
+ };
/* HS FW - unlock WPR region (dGPU only) */
struct nvkm_gpuobj *acr_unload_blob;
- struct gm200_flcn_bl_desc acr_unload_bl_desc;
+ struct {
+ struct hsf_load_header unload_bl_header;
+ struct hsf_load_header_app __unload_apps[GM200_ACR_MAX_APPS];
+ };
/* HS bootloader */
void *hsbl_blob;
@@ -356,9 +355,9 @@ struct gm200_secboot {
/**
* Contains functions we wish to abstract between GM200-like implementations
* @bl_desc_size: size of the BL descriptor used by this chip.
- * @fixup_bl_desc: hook that generates the proper BL descriptor format from
- * the generic GM200 format into a data array of size
- * bl_desc_size
+ * @generate_bl_desc: hook that generates the proper BL descriptor format from
+ * the hsf_load_header format into a preallocated array of
+ * size bl_desc_size
* @prepare_blobs: prepares the various blobs needed for secure booting
*/
struct gm200_secboot_func {
@@ -368,7 +367,7 @@ struct gm200_secboot_func {
* callback is called on it
*/
u32 bl_desc_size;
- void (*fixup_bl_desc)(const struct gm200_flcn_bl_desc *, void *);
+ void (*generate_bl_desc)(const struct hsf_load_header *, void *, u64);
int (*prepare_blobs)(struct gm200_secboot *);
};
--
git-series 0.8.10
More information about the Nouveau
mailing list