[Nouveau] [PATCH v2 10/14] secboot: split reset function
Alexandre Courbot
acourbot at nvidia.com
Thu Oct 27 04:37:04 UTC 2016
Split the reset function into more meaningful and reusable ones.
Signed-off-by: Alexandre Courbot <acourbot at nvidia.com>
---
drm/nouveau/include/nvkm/subdev/secboot.h | 3 ++
drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 78 ++++++++++++++++++++----------
2 files changed, 56 insertions(+), 25 deletions(-)
diff --git a/drm/nouveau/include/nvkm/subdev/secboot.h b/drm/nouveau/include/nvkm/subdev/secboot.h
index 24d98878bb93..785e2c553392 100644
--- a/drm/nouveau/include/nvkm/subdev/secboot.h
+++ b/drm/nouveau/include/nvkm/subdev/secboot.h
@@ -30,6 +30,7 @@
* @base: base IO address of the falcon performing secure boot
* @managed_falcons: bitfield of falcons managed by this ACR
* @debug_mode: whether the debug or production signatures should be used
+ * @wpr_set: whether the WPR region is currently set
*/
struct nvkm_secboot {
const struct nvkm_secboot_func *func;
@@ -44,6 +45,8 @@ struct nvkm_secboot {
u32 wpr_size;
bool debug_mode;
+
+ bool wpr_set;
};
#define nvkm_secboot(p) container_of((p), struct nvkm_secboot, subdev)
diff --git a/drm/nouveau/nvkm/subdev/secboot/acr_r352.c b/drm/nouveau/nvkm/subdev/secboot/acr_r352.c
index a74dede4c222..d9f02c1c0de6 100644
--- a/drm/nouveau/nvkm/subdev/secboot/acr_r352.c
+++ b/drm/nouveau/nvkm/subdev/secboot/acr_r352.c
@@ -740,6 +740,54 @@ nvkm_acr_r352_load(struct nvkm_acr *_acr, struct nvkm_secboot *sb,
return 0;
}
+static int
+acr_r352_shutdown(struct nvkm_acr_r352 *acr, struct nvkm_secboot *sb)
+{
+ int i;
+
+ /* Run the unload blob to unprotect the WPR region */
+ if (acr->unload_blob && sb->wpr_set) {
+ int ret;
+
+ nvkm_debug(&sb->subdev, "running HS unload blob\n");
+ ret = sb->func->run_blob(sb, acr->unload_blob);
+ if (ret)
+ return ret;
+ nvkm_debug(&sb->subdev, "HS unload blob completed\n");
+ }
+
+ for (i = 0; i < NVKM_FALCON_END; i++)
+ acr->falcon_state[i] = NON_SECURE;
+
+ sb->wpr_set = false;
+
+ return 0;
+}
+
+static int
+acr_r352_bootstrap(struct nvkm_acr_r352 *acr, struct nvkm_secboot *sb)
+{
+ int ret;
+
+ if (sb->wpr_set)
+ return 0;
+
+ /* Make sure all blobs are ready */
+ ret = acr_r352_load_blobs(acr, sb);
+ if (ret)
+ return ret;
+
+ nvkm_debug(&sb->subdev, "running HS load blob\n");
+ ret = sb->func->run_blob(sb, acr->load_blob);
+ if (ret)
+ return ret;
+ nvkm_debug(&sb->subdev, "HS load blob completed\n");
+
+ sb->wpr_set = true;
+
+ return 0;
+}
+
/*
* nvkm_acr_r352_reset() - execute secure boot from the prepared state
*
@@ -754,11 +802,6 @@ nvkm_acr_r352_reset(struct nvkm_acr *_acr, struct nvkm_secboot *sb,
struct nvkm_acr_r352 *acr = nvkm_acr_r352(_acr);
int ret;
- /* Make sure all blobs are ready */
- ret = acr_r352_load_blobs(acr, sb);
- if (ret)
- return ret;
-
/*
* Dummy GM200 implementation: perform secure boot each time we are
* called on FECS. Since only FECS and GPCCS are managed and started
@@ -770,16 +813,11 @@ nvkm_acr_r352_reset(struct nvkm_acr *_acr, struct nvkm_secboot *sb,
if (falcon != NVKM_FALCON_FECS)
goto end;
- /* If WPR is set and we have an unload blob, run it to unlock WPR */
- if (acr->unload_blob &&
- acr->falcon_state[NVKM_FALCON_FECS] != NON_SECURE) {
- ret = sb->func->run_blob(sb, acr->unload_blob);
- if (ret)
- return ret;
- }
+ ret = acr_r352_shutdown(acr, sb);
+ if (ret)
+ return ret;
- /* Reload all managed falcons */
- ret = sb->func->run_blob(sb, acr->load_blob);
+ acr_r352_bootstrap(acr, sb);
if (ret)
return ret;
@@ -818,18 +856,8 @@ int
nvkm_acr_r352_fini(struct nvkm_acr *_acr, struct nvkm_secboot *sb, bool suspend)
{
struct nvkm_acr_r352 *acr = nvkm_acr_r352(_acr);
- int ret = 0;
- int i;
- /* Run the unload blob to unprotect the WPR region */
- if (acr->unload_blob &&
- acr->falcon_state[NVKM_FALCON_FECS] != NON_SECURE)
- ret = sb->func->run_blob(sb, acr->unload_blob);
-
- for (i = 0; i < NVKM_FALCON_END; i++)
- acr->falcon_state[i] = NON_SECURE;
-
- return ret;
+ return acr_r352_shutdown(acr, sb);
}
void
--
2.10.0
More information about the Nouveau
mailing list