| Message ID | 1467815071-35665-5-git-send-email-peter.antoine@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 06/07/16 15:24, Peter Antoine wrote: > The HuC authentication is done by host2guc call. The HuC RSA keys > are sent to GuC for authentication. > > v2: rebased on top of drm-intel-nightly. > changed name format and upped version 1.7. > v3: rebased on top of drm-intel-nightly. > > Signed-off-by: Alex Dai <yu.dai@intel.com> > Signed-off-by: Peter Antoine <peter.antoine@intel.com> > --- > drivers/gpu/drm/i915/i915_guc_submission.c | 65 ++++++++++++++++++++++++++++++ > drivers/gpu/drm/i915/intel_guc_fwif.h | 1 + > drivers/gpu/drm/i915/intel_guc_loader.c | 2 + > 3 files changed, 68 insertions(+) No obvious problems here. Reviewed-by: Dave Gordon <david.s.gordon@intel.com> > diff --git a/drivers/gpu/drm/i915/i915_guc_submission.c b/drivers/gpu/drm/i915/i915_guc_submission.c > index 5f88500..1ec16a4 100644 > --- a/drivers/gpu/drm/i915/i915_guc_submission.c > +++ b/drivers/gpu/drm/i915/i915_guc_submission.c > @@ -25,6 +25,7 @@ > #include <linux/circ_buf.h> > #include "i915_drv.h" > #include "intel_guc.h" > +#include "intel_huc.h" > > /** > * DOC: GuC-based command submission > @@ -1076,3 +1077,67 @@ int intel_guc_resume(struct drm_device *dev) > > return host2guc_action(guc, data, ARRAY_SIZE(data)); > } > + > +/** > + * intel_huc_auth() - authenticate ucode > + * @dev: the drm device > + * > + * Triggers a HuC fw authentication request to the GuC via host-2-guc > + * interface. > + */ > +void intel_huc_auth(struct drm_device *dev) > +{ > + struct drm_i915_private *dev_priv = dev->dev_private; > + struct intel_guc *guc = &dev_priv->guc; > + struct intel_huc *huc = &dev_priv->huc; > + int ret; > + u32 data[2]; > + > + /* Bypass the case where there is no HuC firmware */ > + if (huc->huc_fw.fetch_status == UC_FIRMWARE_NONE || > + huc->huc_fw.load_status == UC_FIRMWARE_NONE) > + return; > + > + if (guc->guc_fw.load_status != UC_FIRMWARE_SUCCESS) { > + DRM_ERROR("HuC: GuC fw wasn't loaded. Can't authenticate"); > + return; > + } > + > + if (huc->huc_fw.load_status != UC_FIRMWARE_SUCCESS) { > + DRM_ERROR("HuC: fw wasn't loaded. Nothing to authenticate"); > + return; > + } > + > + ret = i915_gem_obj_ggtt_pin(huc->huc_fw.uc_fw_obj, 0, 0); > + if (ret) { > + DRM_ERROR("HuC: Pin failed"); > + return; > + } > + > + /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */ > + I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE); > + > + /* Specify auth action and where public signature is. It's stored > + * at the beginning of the gem object, before the fw bits > + */ > + data[0] = HOST2GUC_ACTION_AUTHENTICATE_HUC; > + data[1] = i915_gem_obj_ggtt_offset(huc->huc_fw.uc_fw_obj) + > + huc->huc_fw.rsa_offset; > + > + ret = host2guc_action(guc, data, ARRAY_SIZE(data)); > + if (ret) { > + DRM_ERROR("HuC: GuC did not ack Auth request\n"); > + goto out; > + } > + > + /* Check authentication status, it should be done by now */ > + ret = wait_for_atomic( > + (I915_READ(HUC_STATUS2) & HUC_FW_VERIFIED) > 0, 50); > + if (ret) { > + DRM_ERROR("HuC: Authentication failed\n"); > + goto out; > + } > + > +out: > + i915_gem_object_ggtt_unpin(huc->huc_fw.uc_fw_obj); > +} > diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h b/drivers/gpu/drm/i915/intel_guc_fwif.h > index a69ee36..c5a6227 100644 > --- a/drivers/gpu/drm/i915/intel_guc_fwif.h > +++ b/drivers/gpu/drm/i915/intel_guc_fwif.h > @@ -437,6 +437,7 @@ enum host2guc_action { > HOST2GUC_ACTION_ENTER_S_STATE = 0x501, > HOST2GUC_ACTION_EXIT_S_STATE = 0x502, > HOST2GUC_ACTION_SLPC_REQUEST = 0x3003, > + HOST2GUC_ACTION_AUTHENTICATE_HUC = 0x4000, > HOST2GUC_ACTION_LIMIT > }; > > diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c b/drivers/gpu/drm/i915/intel_guc_loader.c > index d76451c..e3d2e69 100644 > --- a/drivers/gpu/drm/i915/intel_guc_loader.c > +++ b/drivers/gpu/drm/i915/intel_guc_loader.c > @@ -495,6 +495,8 @@ int intel_guc_setup(struct drm_device *dev) > intel_uc_fw_status_repr(guc_fw->fetch_status), > intel_uc_fw_status_repr(guc_fw->load_status)); > > + intel_huc_auth(dev); > + > if (i915.enable_guc_submission) { > err = i915_guc_submission_enable(dev_priv); > if (err) >
On 29/07/16 12:33, Dave Gordon wrote: > On 06/07/16 15:24, Peter Antoine wrote: >> The HuC authentication is done by host2guc call. The HuC RSA keys >> are sent to GuC for authentication. >> >> v2: rebased on top of drm-intel-nightly. >> changed name format and upped version 1.7. >> v3: rebased on top of drm-intel-nightly. >> >> Signed-off-by: Alex Dai <yu.dai@intel.com> >> Signed-off-by: Peter Antoine <peter.antoine@intel.com> >> --- >> drivers/gpu/drm/i915/i915_guc_submission.c | 65 >> ++++++++++++++++++++++++++++++ >> drivers/gpu/drm/i915/intel_guc_fwif.h | 1 + >> drivers/gpu/drm/i915/intel_guc_loader.c | 2 + >> 3 files changed, 68 insertions(+) > > No obvious problems here. On second thoughts ... >> + ret = host2guc_action(guc, data, ARRAY_SIZE(data)); >> + if (ret) { >> + DRM_ERROR("HuC: GuC did not ack Auth request\n"); >> + goto out; >> + } >> + >> + /* Check authentication status, it should be done by now */ >> + ret = wait_for_atomic( >> + (I915_READ(HUC_STATUS2) & HUC_FW_VERIFIED) > 0, 50); >> + if (ret) { >> + DRM_ERROR("HuC: Authentication failed\n"); >> + goto out; >> + } ... there's another wait_for_atomic() here :( .Dave.
diff --git a/drivers/gpu/drm/i915/i915_guc_submission.c b/drivers/gpu/drm/i915/i915_guc_submission.c index 5f88500..1ec16a4 100644 --- a/drivers/gpu/drm/i915/i915_guc_submission.c +++ b/drivers/gpu/drm/i915/i915_guc_submission.c @@ -25,6 +25,7 @@ #include <linux/circ_buf.h> #include "i915_drv.h" #include "intel_guc.h" +#include "intel_huc.h" /** * DOC: GuC-based command submission @@ -1076,3 +1077,67 @@ int intel_guc_resume(struct drm_device *dev) return host2guc_action(guc, data, ARRAY_SIZE(data)); } + +/** + * intel_huc_auth() - authenticate ucode + * @dev: the drm device + * + * Triggers a HuC fw authentication request to the GuC via host-2-guc + * interface. + */ +void intel_huc_auth(struct drm_device *dev) +{ + struct drm_i915_private *dev_priv = dev->dev_private; + struct intel_guc *guc = &dev_priv->guc; + struct intel_huc *huc = &dev_priv->huc; + int ret; + u32 data[2]; + + /* Bypass the case where there is no HuC firmware */ + if (huc->huc_fw.fetch_status == UC_FIRMWARE_NONE || + huc->huc_fw.load_status == UC_FIRMWARE_NONE) + return; + + if (guc->guc_fw.load_status != UC_FIRMWARE_SUCCESS) { + DRM_ERROR("HuC: GuC fw wasn't loaded. Can't authenticate"); + return; + } + + if (huc->huc_fw.load_status != UC_FIRMWARE_SUCCESS) { + DRM_ERROR("HuC: fw wasn't loaded. Nothing to authenticate"); + return; + } + + ret = i915_gem_obj_ggtt_pin(huc->huc_fw.uc_fw_obj, 0, 0); + if (ret) { + DRM_ERROR("HuC: Pin failed"); + return; + } + + /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */ + I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE); + + /* Specify auth action and where public signature is. It's stored + * at the beginning of the gem object, before the fw bits + */ + data[0] = HOST2GUC_ACTION_AUTHENTICATE_HUC; + data[1] = i915_gem_obj_ggtt_offset(huc->huc_fw.uc_fw_obj) + + huc->huc_fw.rsa_offset; + + ret = host2guc_action(guc, data, ARRAY_SIZE(data)); + if (ret) { + DRM_ERROR("HuC: GuC did not ack Auth request\n"); + goto out; + } + + /* Check authentication status, it should be done by now */ + ret = wait_for_atomic( + (I915_READ(HUC_STATUS2) & HUC_FW_VERIFIED) > 0, 50); + if (ret) { + DRM_ERROR("HuC: Authentication failed\n"); + goto out; + } + +out: + i915_gem_object_ggtt_unpin(huc->huc_fw.uc_fw_obj); +} diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h b/drivers/gpu/drm/i915/intel_guc_fwif.h index a69ee36..c5a6227 100644 --- a/drivers/gpu/drm/i915/intel_guc_fwif.h +++ b/drivers/gpu/drm/i915/intel_guc_fwif.h @@ -437,6 +437,7 @@ enum host2guc_action { HOST2GUC_ACTION_ENTER_S_STATE = 0x501, HOST2GUC_ACTION_EXIT_S_STATE = 0x502, HOST2GUC_ACTION_SLPC_REQUEST = 0x3003, + HOST2GUC_ACTION_AUTHENTICATE_HUC = 0x4000, HOST2GUC_ACTION_LIMIT }; diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c b/drivers/gpu/drm/i915/intel_guc_loader.c index d76451c..e3d2e69 100644 --- a/drivers/gpu/drm/i915/intel_guc_loader.c +++ b/drivers/gpu/drm/i915/intel_guc_loader.c @@ -495,6 +495,8 @@ int intel_guc_setup(struct drm_device *dev) intel_uc_fw_status_repr(guc_fw->fetch_status), intel_uc_fw_status_repr(guc_fw->load_status)); + intel_huc_auth(dev); + if (i915.enable_guc_submission) { err = i915_guc_submission_enable(dev_priv); if (err)
The HuC authentication is done by host2guc call. The HuC RSA keys are sent to GuC for authentication. v2: rebased on top of drm-intel-nightly. changed name format and upped version 1.7. v3: rebased on top of drm-intel-nightly. Signed-off-by: Alex Dai <yu.dai@intel.com> Signed-off-by: Peter Antoine <peter.antoine@intel.com> --- drivers/gpu/drm/i915/i915_guc_submission.c | 65 ++++++++++++++++++++++++++++++ drivers/gpu/drm/i915/intel_guc_fwif.h | 1 + drivers/gpu/drm/i915/intel_guc_loader.c | 2 + 3 files changed, 68 insertions(+)