[Nouveau] [PATCH v2 00/14] Secure Boot refactoring
Alexandre Courbot
acourbot at nvidia.com
Thu Oct 27 04:36:54 UTC 2016
This is a rework of the secure boot code that moves the building of the blob
into its own set of source files (and own hooks), making the code more flexible
and (hopefully) easier to understand as well.
This rework is needed to support more signed firmware for existing and new
chips. Since the firmwares in question are not available yet I cannot send the
code to manage then, but hopefully the gain in clarity will be enough to merge
this series ahead of the rest.
Of the whole series, patch 8 is the most significant as it reorganizes the code
into more source files. Chip support is separated from the ACR implementation,
with ACR being numbered according to the (public) NVIDIA driver version it was
build aainst. This means one can make any chip work with any ACR version just by
instanciating the proper ACR and adds a lot of flexibility that will be required
as more firmwares get released. At the moment, released firmwares cover driver
versions 352 (for GM20B) and 361 (for GM200, GM204, GM206 and GP100). The r361
implementation re-uses most of r352, and only implements its own BL descritors
since the structure changed between the two versions.
Other patches are a mix of minor optimizations (1, 2, 3, 4, 9, 10, 12, 13),
small fixes (5, 7, 11), and addition of abstractions to properly support various
ACR versions (6, 14). Not all the abstractions are used at the moment
(particularly those of patch 14), but hopefully they will be put to good use
soon!
Changes since v1:
- Use NVIDIA driver versions to differenciate the ACR structures instead of
arbitrary numbers
- Add abstractions to firmware loading functions
- Optimized set of abstractions
- Removed some more code
Alexandre Courbot (14):
core: constify nv*_printk macros
core: add falcon library
secboot: use falcon library's IMEM/DMEM loading functions
secboot: rename init() hook to oneinit()
secboot: remove fixup_hs_desc hook
secboot: add low-secure firmware hooks
secboot: generate HS BL descriptor in hook
secboot: reorganize into more files
secboot: add LS flags to LS func structure
secboot: split reset function
secboot: disable falcon interrupts before running
secboot: remove unneeded ls_ucode_img member
secboot: remove ls_ucode_mgr
secboot: abstract LS firmware loading functions
drm/nouveau/include/nvkm/core/client.h | 4 +-
drm/nouveau/include/nvkm/core/device.h | 2 +-
drm/nouveau/include/nvkm/core/falcon.h | 50 +
drm/nouveau/include/nvkm/core/subdev.h | 2 +-
drm/nouveau/include/nvkm/subdev/secboot.h | 32 +-
drm/nouveau/nvkm/core/Kbuild | 1 +
drm/nouveau/nvkm/core/falcon.c | 62 ++
drm/nouveau/nvkm/engine/gr/gf100.c | 16 +-
drm/nouveau/nvkm/engine/gr/gm200.c | 6 +-
drm/nouveau/nvkm/subdev/secboot/Kbuild | 4 +
drm/nouveau/nvkm/subdev/secboot/acr.c | 54 +
drm/nouveau/nvkm/subdev/secboot/acr.h | 68 ++
drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 924 +++++++++++++++++
drm/nouveau/nvkm/subdev/secboot/acr_r352.h | 246 +++++
drm/nouveau/nvkm/subdev/secboot/acr_r361.c | 140 +++
drm/nouveau/nvkm/subdev/secboot/base.c | 118 ++-
drm/nouveau/nvkm/subdev/secboot/gm200.c | 1335 +------------------------
drm/nouveau/nvkm/subdev/secboot/gm200.h | 43 +
drm/nouveau/nvkm/subdev/secboot/gm20b.c | 127 +--
drm/nouveau/nvkm/subdev/secboot/ls_ucode.h | 151 +++
drm/nouveau/nvkm/subdev/secboot/ls_ucode_gr.c | 158 +++
drm/nouveau/nvkm/subdev/secboot/priv.h | 199 +---
22 files changed, 2095 insertions(+), 1647 deletions(-)
create mode 100644 drm/nouveau/include/nvkm/core/falcon.h
create mode 100644 drm/nouveau/nvkm/core/falcon.c
create mode 100644 drm/nouveau/nvkm/subdev/secboot/acr.c
create mode 100644 drm/nouveau/nvkm/subdev/secboot/acr.h
create mode 100644 drm/nouveau/nvkm/subdev/secboot/acr_r352.c
create mode 100644 drm/nouveau/nvkm/subdev/secboot/acr_r352.h
create mode 100644 drm/nouveau/nvkm/subdev/secboot/acr_r361.c
create mode 100644 drm/nouveau/nvkm/subdev/secboot/gm200.h
create mode 100644 drm/nouveau/nvkm/subdev/secboot/ls_ucode.h
create mode 100644 drm/nouveau/nvkm/subdev/secboot/ls_ucode_gr.c
--
2.10.0
More information about the Nouveau
mailing list