1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
// SPDX-License-Identifier: MIT
/*
* Copyright © 2016-2019 Intel Corporation
*/
#include <linux/types.h>
#include "gt/intel_gt.h"
#include "intel_huc.h"
#include "i915_drv.h"
void intel_huc_init_early(struct intel_huc *huc)
{
struct drm_i915_private *i915 = huc_to_gt(huc)->i915;
intel_huc_fw_init_early(huc);
if (INTEL_GEN(i915) >= 11) {
huc->status.reg = GEN11_HUC_KERNEL_LOAD_INFO;
huc->status.mask = HUC_LOAD_SUCCESSFUL;
huc->status.value = HUC_LOAD_SUCCESSFUL;
} else {
huc->status.reg = HUC_STATUS2;
huc->status.mask = HUC_FW_VERIFIED;
huc->status.value = HUC_FW_VERIFIED;
}
}
static int intel_huc_rsa_data_create(struct intel_huc *huc)
{
struct intel_gt *gt = huc_to_gt(huc);
struct intel_guc *guc = >->uc.guc;
struct i915_vma *vma;
size_t copied;
void *vaddr;
int err;
err = i915_inject_load_error(gt->i915, -ENXIO);
if (err)
return err;
/*
* HuC firmware will sit above GUC_GGTT_TOP and will not map
* through GTT. Unfortunately, this means GuC cannot perform
* the HuC auth. as the rsa offset now falls within the GuC
* inaccessible range. We resort to perma-pinning an additional
* vma within the accessible range that only contains the rsa
* signature. The GuC can use this extra pinning to perform
* the authentication since its GGTT offset will be GuC
* accessible.
*/
GEM_BUG_ON(huc->fw.rsa_size > PAGE_SIZE);
vma = intel_guc_allocate_vma(guc, PAGE_SIZE);
if (IS_ERR(vma))
return PTR_ERR(vma);
vaddr = i915_gem_object_pin_map(vma->obj, I915_MAP_WB);
if (IS_ERR(vaddr)) {
i915_vma_unpin_and_release(&vma, 0);
return PTR_ERR(vaddr);
}
copied = intel_uc_fw_copy_rsa(&huc->fw, vaddr, vma->size);
GEM_BUG_ON(copied < huc->fw.rsa_size);
i915_gem_object_unpin_map(vma->obj);
huc->rsa_data = vma;
return 0;
}
static void intel_huc_rsa_data_destroy(struct intel_huc *huc)
{
i915_vma_unpin_and_release(&huc->rsa_data, 0);
}
int intel_huc_init(struct intel_huc *huc)
{
struct drm_i915_private *i915 = huc_to_gt(huc)->i915;
int err;
err = intel_uc_fw_init(&huc->fw);
if (err)
goto out;
/*
* HuC firmware image is outside GuC accessible range.
* Copy the RSA signature out of the image into
* a perma-pinned region set aside for it
*/
err = intel_huc_rsa_data_create(huc);
if (err)
goto out_fini;
return 0;
out_fini:
intel_uc_fw_fini(&huc->fw);
out:
intel_uc_fw_cleanup_fetch(&huc->fw);
DRM_DEV_DEBUG_DRIVER(i915->drm.dev, "failed with %d\n", err);
return err;
}
void intel_huc_fini(struct intel_huc *huc)
{
intel_huc_rsa_data_destroy(huc);
intel_uc_fw_fini(&huc->fw);
}
/**
* intel_huc_auth() - Authenticate HuC uCode
* @huc: intel_huc structure
*
* Called after HuC and GuC firmware loading during intel_uc_init_hw().
*
* This function pins HuC firmware image object into GGTT.
* Then it invokes GuC action to authenticate passing the offset to RSA
* signature through intel_guc_auth_huc(). It then waits for 50ms for
* firmware verification ACK and unpins the object.
*/
int intel_huc_auth(struct intel_huc *huc)
{
struct intel_gt *gt = huc_to_gt(huc);
struct intel_guc *guc = >->uc.guc;
int ret;
GEM_BUG_ON(!intel_uc_fw_is_loaded(&huc->fw));
GEM_BUG_ON(intel_huc_is_authenticated(huc));
ret = i915_inject_load_error(gt->i915, -ENXIO);
if (ret)
goto fail;
ret = intel_guc_auth_huc(guc,
intel_guc_ggtt_offset(guc, huc->rsa_data));
if (ret) {
DRM_ERROR("HuC: GuC did not ack Auth request %d\n", ret);
goto fail;
}
/* Check authentication status, it should be done by now */
ret = __intel_wait_for_register(gt->uncore,
huc->status.reg,
huc->status.mask,
huc->status.value,
2, 50, NULL);
if (ret) {
DRM_ERROR("HuC: Firmware not verified %d\n", ret);
goto fail;
}
intel_uc_fw_change_status(&huc->fw, INTEL_UC_FIRMWARE_RUNNING);
return 0;
fail:
i915_probe_error(gt->i915, "HuC: Authentication failed %d\n", ret);
intel_uc_fw_change_status(&huc->fw, INTEL_UC_FIRMWARE_FAIL);
return ret;
}
/**
* intel_huc_check_status() - check HuC status
* @huc: intel_huc structure
*
* This function reads status register to verify if HuC
* firmware was successfully loaded.
*
* Returns: 1 if HuC firmware is loaded and verified,
* 0 if HuC firmware is not loaded and -ENODEV if HuC
* is not present on this platform.
*/
int intel_huc_check_status(struct intel_huc *huc)
{
struct intel_gt *gt = huc_to_gt(huc);
intel_wakeref_t wakeref;
u32 status = 0;
if (!intel_huc_is_supported(huc))
return -ENODEV;
with_intel_runtime_pm(>->i915->runtime_pm, wakeref)
status = intel_uncore_read(gt->uncore, huc->status.reg);
return (status & huc->status.mask) == huc->status.value;
}
|