| Message ID | 1484330923-22031-8-git-send-email-anusha.srivatsa@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, Jan 13, 2017 at 10:08:42AM -0800, Anusha Srivatsa wrote: > The HuC authentication is done by host2guc call. The HuC RSA keys > are sent to GuC for authentication. > > v2: rebased on top of drm-tip. Changed name format and upped > version 1.7. > v3: changed wait_for_atomic to wait_for > v4: rebased. Rename intel_huc_auh() to intel_guc_auth_huc() > and place the prototype in intel_guc.h,correct the comments. > v5: rebased. Moved intel_guc_auth_huc from i915_guc_submission.c > to intel_uc.c.Update dev to dev_priv in intel_guc_auth_huc(). > Renamed HOST2GUC_ACTION_AUTHENTICATE_HUC TO INTEL_GUC_ACTION_ > AUTHENTICATE_HUC > v6: rebased. Add newline on DRM_ERRORs that already dont have one. > v7: rebased. Replace wait_for with intel_wait_for_register() since > the latter employs sleep optimisations for quick responses- as pointed > out by Chris Wilson. > v8: rebased. Cleanup the intel_guc_auth_huc() by removing checks > already performed in earlier functions. Make comments more descriptive. > v9: rebased. Changed the bias for pinning the HuC object. Move > intel_guc_auth_huc() to intel_huc.c. Change DRM_DEBUGs to DRM_ERRORs > in intel_guc_auth_huc(). Add return status to DRM_ERRORs. > v10: Replace DRM_ERROR with DRM_INFO for cases that are non- > erroneous. > > Cc: Chris Wilson <chris@chris-wilson.co.uk> > Cc: Arkadiusz Hiler <arkadiusz.hiler@intel.com> > Cc: Michal Wajdeczko <michal.wajdeczko@intel.com> > Tested-by: Xiang Haihao <haihao.xiang@intel.com> > Signed-off-by: Anusha Srivatsa <anusha.srivatsa@intel.com> > Signed-off-by: Alex Dai <yu.dai@intel.com> > Signed-off-by: Peter Antoine <peter.antoine@intel.com> > --- > drivers/gpu/drm/i915/intel_guc_fwif.h | 1 + > drivers/gpu/drm/i915/intel_guc_loader.c | 2 ++ > drivers/gpu/drm/i915/intel_huc.c | 53 +++++++++++++++++++++++++++++++++ > drivers/gpu/drm/i915/intel_uc.h | 1 + > 4 files changed, 57 insertions(+) > > diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h b/drivers/gpu/drm/i915/intel_guc_fwif.h > index ed1ab40..25691f0 100644 > --- a/drivers/gpu/drm/i915/intel_guc_fwif.h > +++ b/drivers/gpu/drm/i915/intel_guc_fwif.h > @@ -505,6 +505,7 @@ enum intel_guc_action { > INTEL_GUC_ACTION_ENTER_S_STATE = 0x501, > INTEL_GUC_ACTION_EXIT_S_STATE = 0x502, > INTEL_GUC_ACTION_SLPC_REQUEST = 0x3003, > + INTEL_GUC_ACTION_AUTHENTICATE_HUC = 0x4000, > INTEL_GUC_ACTION_UK_LOG_ENABLE_LOGGING = 0x0E000, > INTEL_GUC_ACTION_LIMIT > }; > diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c b/drivers/gpu/drm/i915/intel_guc_loader.c > index 527558f..bb127a4 100644 > --- a/drivers/gpu/drm/i915/intel_guc_loader.c > +++ b/drivers/gpu/drm/i915/intel_guc_loader.c > @@ -530,6 +530,8 @@ int intel_guc_setup(struct drm_i915_private *dev_priv) > intel_uc_fw_status_repr(guc_fw->fetch_status), > intel_uc_fw_status_repr(guc_fw->load_status)); > > + intel_guc_auth_huc(dev_priv); > + > if (i915.enable_guc_submission) { > if (i915.guc_log_level >= 0) > gen9_enable_guc_interrupts(dev_priv); > diff --git a/drivers/gpu/drm/i915/intel_huc.c b/drivers/gpu/drm/i915/intel_huc.c > index 8b84ba8..4ae34b5 100644 > --- a/drivers/gpu/drm/i915/intel_huc.c > +++ b/drivers/gpu/drm/i915/intel_huc.c > @@ -284,3 +284,56 @@ void intel_huc_fini(struct drm_i915_private *dev_priv) > huc_fw->fetch_status = INTEL_UC_FIRMWARE_NONE; > } > > +/** > + * intel_guc_auth_huc() - authenticate ucode > + * @dev_priv: the drm_i915_device > + * > + * Triggers a HuC fw authentication request to the GuC via intel_guc_action_ > + * authenticate_huc interface. > + */ > +void intel_guc_auth_huc(struct drm_i915_private *dev_priv) > +{ > + struct intel_guc *guc = &dev_priv->guc; > + struct intel_huc *huc = &dev_priv->huc; > + struct i915_vma *vma; > + int ret; > + u32 data[2]; > + > + vma = i915_gem_object_ggtt_pin(huc->fw.obj, NULL, 0, 0, > + PIN_OFFSET_BIAS | GUC_WOPCM_TOP); > + if (IS_ERR(vma)) { > + DRM_ERROR("failed to pin huc fw object %d\n", Maybe this message should start with "HuC:" to match other error messages used below ? Anyway, Reviewed-by: Michal Wajdeczko <michal.wajdeczko.intel.com> Thanks, Michal > + (int)PTR_ERR(vma)); > + return; > + } > + > + /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */ > + I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE); > + > + /* Specify auth action and where public signature is. */ > + data[0] = INTEL_GUC_ACTION_AUTHENTICATE_HUC; > + data[1] = i915_ggtt_offset(vma) + huc->fw.rsa_offset; > + > + ret = intel_guc_send(guc, data, ARRAY_SIZE(data)); > + if (ret) { > + DRM_ERROR("HuC: GuC did not ack Auth request %d\n", ret); > + goto out; > + } > + > + /* Check authentication status, it should be done by now */ > + ret = intel_wait_for_register(dev_priv, > + HUC_STATUS2, > + HUC_FW_VERIFIED, > + HUC_FW_VERIFIED, > + 50); > + > + if (ret) { > + DRM_ERROR("HuC: Authentication failed %d\n", ret); > + goto out; > + } > + > + DRM_INFO("HuC Authentication Successful!\n"); > +out: > + i915_vma_unpin(vma); > +} > + > diff --git a/drivers/gpu/drm/i915/intel_uc.h b/drivers/gpu/drm/i915/intel_uc.h > index 65c7d6e..27f8b6f 100644 > --- a/drivers/gpu/drm/i915/intel_uc.h > +++ b/drivers/gpu/drm/i915/intel_uc.h > @@ -227,5 +227,6 @@ static inline u32 guc_ggtt_offset(struct i915_vma *vma) > void intel_huc_init(struct drm_i915_private *dev_priv); > void intel_huc_fini(struct drm_i915_private *dev_priv); > int intel_huc_load(struct drm_i915_private *dev_priv); > +void intel_guc_auth_huc(struct drm_i915_private *dev_priv); > > #endif > -- > 2.7.4 >
>-----Original Message----- >From: Wajdeczko, Michal >Sent: Friday, January 13, 2017 10:18 AM >To: Srivatsa, Anusha <anusha.srivatsa@intel.com> >Cc: intel-gfx@lists.freedesktop.org; Chris Wilson <chris@chris-wilson.co.uk>; >Hiler, Arkadiusz <arkadiusz.hiler@intel.com>; Alex Dai <yu.dai@intel.com>; Peter >Antoine <peter.antoine@intel.com> >Subject: Re: [PATCH 7/8] drm/i915/huc: Support HuC authentication > >On Fri, Jan 13, 2017 at 10:08:42AM -0800, Anusha Srivatsa wrote: >> The HuC authentication is done by host2guc call. The HuC RSA keys are >> sent to GuC for authentication. >> >> v2: rebased on top of drm-tip. Changed name format and upped version >> 1.7. >> v3: changed wait_for_atomic to wait_for >> v4: rebased. Rename intel_huc_auh() to intel_guc_auth_huc() and place >> the prototype in intel_guc.h,correct the comments. >> v5: rebased. Moved intel_guc_auth_huc from i915_guc_submission.c to >> intel_uc.c.Update dev to dev_priv in intel_guc_auth_huc(). >> Renamed HOST2GUC_ACTION_AUTHENTICATE_HUC TO INTEL_GUC_ACTION_ >> AUTHENTICATE_HUC >> v6: rebased. Add newline on DRM_ERRORs that already dont have one. >> v7: rebased. Replace wait_for with intel_wait_for_register() since the >> latter employs sleep optimisations for quick responses- as pointed out >> by Chris Wilson. >> v8: rebased. Cleanup the intel_guc_auth_huc() by removing checks >> already performed in earlier functions. Make comments more descriptive. >> v9: rebased. Changed the bias for pinning the HuC object. Move >> intel_guc_auth_huc() to intel_huc.c. Change DRM_DEBUGs to DRM_ERRORs >> in intel_guc_auth_huc(). Add return status to DRM_ERRORs. >> v10: Replace DRM_ERROR with DRM_INFO for cases that are non- >> erroneous. >> >> Cc: Chris Wilson <chris@chris-wilson.co.uk> >> Cc: Arkadiusz Hiler <arkadiusz.hiler@intel.com> >> Cc: Michal Wajdeczko <michal.wajdeczko@intel.com> >> Tested-by: Xiang Haihao <haihao.xiang@intel.com> >> Signed-off-by: Anusha Srivatsa <anusha.srivatsa@intel.com> >> Signed-off-by: Alex Dai <yu.dai@intel.com> >> Signed-off-by: Peter Antoine <peter.antoine@intel.com> >> --- >> drivers/gpu/drm/i915/intel_guc_fwif.h | 1 + >> drivers/gpu/drm/i915/intel_guc_loader.c | 2 ++ >> drivers/gpu/drm/i915/intel_huc.c | 53 >+++++++++++++++++++++++++++++++++ >> drivers/gpu/drm/i915/intel_uc.h | 1 + >> 4 files changed, 57 insertions(+) >> >> diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h >> b/drivers/gpu/drm/i915/intel_guc_fwif.h >> index ed1ab40..25691f0 100644 >> --- a/drivers/gpu/drm/i915/intel_guc_fwif.h >> +++ b/drivers/gpu/drm/i915/intel_guc_fwif.h >> @@ -505,6 +505,7 @@ enum intel_guc_action { >> INTEL_GUC_ACTION_ENTER_S_STATE = 0x501, >> INTEL_GUC_ACTION_EXIT_S_STATE = 0x502, >> INTEL_GUC_ACTION_SLPC_REQUEST = 0x3003, >> + INTEL_GUC_ACTION_AUTHENTICATE_HUC = 0x4000, >> INTEL_GUC_ACTION_UK_LOG_ENABLE_LOGGING = 0x0E000, >> INTEL_GUC_ACTION_LIMIT >> }; >> diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c >> b/drivers/gpu/drm/i915/intel_guc_loader.c >> index 527558f..bb127a4 100644 >> --- a/drivers/gpu/drm/i915/intel_guc_loader.c >> +++ b/drivers/gpu/drm/i915/intel_guc_loader.c >> @@ -530,6 +530,8 @@ int intel_guc_setup(struct drm_i915_private *dev_priv) >> intel_uc_fw_status_repr(guc_fw->fetch_status), >> intel_uc_fw_status_repr(guc_fw->load_status)); >> >> + intel_guc_auth_huc(dev_priv); >> + >> if (i915.enable_guc_submission) { >> if (i915.guc_log_level >= 0) >> gen9_enable_guc_interrupts(dev_priv); >> diff --git a/drivers/gpu/drm/i915/intel_huc.c >> b/drivers/gpu/drm/i915/intel_huc.c >> index 8b84ba8..4ae34b5 100644 >> --- a/drivers/gpu/drm/i915/intel_huc.c >> +++ b/drivers/gpu/drm/i915/intel_huc.c >> @@ -284,3 +284,56 @@ void intel_huc_fini(struct drm_i915_private *dev_priv) >> huc_fw->fetch_status = INTEL_UC_FIRMWARE_NONE; } >> >> +/** >> + * intel_guc_auth_huc() - authenticate ucode >> + * @dev_priv: the drm_i915_device >> + * >> + * Triggers a HuC fw authentication request to the GuC via >> +intel_guc_action_ >> + * authenticate_huc interface. >> + */ >> +void intel_guc_auth_huc(struct drm_i915_private *dev_priv) { >> + struct intel_guc *guc = &dev_priv->guc; >> + struct intel_huc *huc = &dev_priv->huc; >> + struct i915_vma *vma; >> + int ret; >> + u32 data[2]; >> + >> + vma = i915_gem_object_ggtt_pin(huc->fw.obj, NULL, 0, 0, >> + PIN_OFFSET_BIAS | GUC_WOPCM_TOP); >> + if (IS_ERR(vma)) { >> + DRM_ERROR("failed to pin huc fw object %d\n", > >Maybe this message should start with "HuC:" to match other error messages used >below ? Anyway, > >Reviewed-by: Michal Wajdeczko <michal.wajdeczko.intel.com> Thanks a lot Michal! >Thanks, >Michal > > >> + (int)PTR_ERR(vma)); >> + return; >> + } >> + >> + /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */ >> + I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE); >> + >> + /* Specify auth action and where public signature is. */ >> + data[0] = INTEL_GUC_ACTION_AUTHENTICATE_HUC; >> + data[1] = i915_ggtt_offset(vma) + huc->fw.rsa_offset; >> + >> + ret = intel_guc_send(guc, data, ARRAY_SIZE(data)); >> + if (ret) { >> + DRM_ERROR("HuC: GuC did not ack Auth request %d\n", ret); >> + goto out; >> + } >> + >> + /* Check authentication status, it should be done by now */ >> + ret = intel_wait_for_register(dev_priv, >> + HUC_STATUS2, >> + HUC_FW_VERIFIED, >> + HUC_FW_VERIFIED, >> + 50); >> + >> + if (ret) { >> + DRM_ERROR("HuC: Authentication failed %d\n", ret); >> + goto out; >> + } >> + >> + DRM_INFO("HuC Authentication Successful!\n"); >> +out: >> + i915_vma_unpin(vma); >> +} >> + >> diff --git a/drivers/gpu/drm/i915/intel_uc.h >> b/drivers/gpu/drm/i915/intel_uc.h index 65c7d6e..27f8b6f 100644 >> --- a/drivers/gpu/drm/i915/intel_uc.h >> +++ b/drivers/gpu/drm/i915/intel_uc.h >> @@ -227,5 +227,6 @@ static inline u32 guc_ggtt_offset(struct i915_vma >> *vma) void intel_huc_init(struct drm_i915_private *dev_priv); void >> intel_huc_fini(struct drm_i915_private *dev_priv); int >> intel_huc_load(struct drm_i915_private *dev_priv); >> +void intel_guc_auth_huc(struct drm_i915_private *dev_priv); >> >> #endif >> -- >> 2.7.4 >>
On Fri, Jan 13, 2017 at 06:19:53PM +0000, Srivatsa, Anusha wrote: > >> + /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */ > >> + I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE); This is not required on drm-tip. > >> + /* Specify auth action and where public signature is. */ > >> + data[0] = INTEL_GUC_ACTION_AUTHENTICATE_HUC; > >> + data[1] = i915_ggtt_offset(vma) + huc->fw.rsa_offset; > >> + > >> + ret = intel_guc_send(guc, data, ARRAY_SIZE(data)); > >> + if (ret) { > >> + DRM_ERROR("HuC: GuC did not ack Auth request %d\n", ret); > >> + goto out; > >> + } > >> + > >> + /* Check authentication status, it should be done by now */ > >> + ret = intel_wait_for_register(dev_priv, > >> + HUC_STATUS2, > >> + HUC_FW_VERIFIED, > >> + HUC_FW_VERIFIED, > >> + 50); > >> + > >> + if (ret) { > >> + DRM_ERROR("HuC: Authentication failed %d\n", ret); > >> + goto out; > >> + } > >> + > >> + DRM_INFO("HuC Authentication Successful!\n"); You still seem surprised. Is this a useful user message? What does it mean for the user? Avoid using jargon when talking to the user. -Chris
diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h b/drivers/gpu/drm/i915/intel_guc_fwif.h index ed1ab40..25691f0 100644 --- a/drivers/gpu/drm/i915/intel_guc_fwif.h +++ b/drivers/gpu/drm/i915/intel_guc_fwif.h @@ -505,6 +505,7 @@ enum intel_guc_action { INTEL_GUC_ACTION_ENTER_S_STATE = 0x501, INTEL_GUC_ACTION_EXIT_S_STATE = 0x502, INTEL_GUC_ACTION_SLPC_REQUEST = 0x3003, + INTEL_GUC_ACTION_AUTHENTICATE_HUC = 0x4000, INTEL_GUC_ACTION_UK_LOG_ENABLE_LOGGING = 0x0E000, INTEL_GUC_ACTION_LIMIT }; diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c b/drivers/gpu/drm/i915/intel_guc_loader.c index 527558f..bb127a4 100644 --- a/drivers/gpu/drm/i915/intel_guc_loader.c +++ b/drivers/gpu/drm/i915/intel_guc_loader.c @@ -530,6 +530,8 @@ int intel_guc_setup(struct drm_i915_private *dev_priv) intel_uc_fw_status_repr(guc_fw->fetch_status), intel_uc_fw_status_repr(guc_fw->load_status)); + intel_guc_auth_huc(dev_priv); + if (i915.enable_guc_submission) { if (i915.guc_log_level >= 0) gen9_enable_guc_interrupts(dev_priv); diff --git a/drivers/gpu/drm/i915/intel_huc.c b/drivers/gpu/drm/i915/intel_huc.c index 8b84ba8..4ae34b5 100644 --- a/drivers/gpu/drm/i915/intel_huc.c +++ b/drivers/gpu/drm/i915/intel_huc.c @@ -284,3 +284,56 @@ void intel_huc_fini(struct drm_i915_private *dev_priv) huc_fw->fetch_status = INTEL_UC_FIRMWARE_NONE; } +/** + * intel_guc_auth_huc() - authenticate ucode + * @dev_priv: the drm_i915_device + * + * Triggers a HuC fw authentication request to the GuC via intel_guc_action_ + * authenticate_huc interface. + */ +void intel_guc_auth_huc(struct drm_i915_private *dev_priv) +{ + struct intel_guc *guc = &dev_priv->guc; + struct intel_huc *huc = &dev_priv->huc; + struct i915_vma *vma; + int ret; + u32 data[2]; + + vma = i915_gem_object_ggtt_pin(huc->fw.obj, NULL, 0, 0, + PIN_OFFSET_BIAS | GUC_WOPCM_TOP); + if (IS_ERR(vma)) { + DRM_ERROR("failed to pin huc fw object %d\n", + (int)PTR_ERR(vma)); + return; + } + + /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */ + I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE); + + /* Specify auth action and where public signature is. */ + data[0] = INTEL_GUC_ACTION_AUTHENTICATE_HUC; + data[1] = i915_ggtt_offset(vma) + huc->fw.rsa_offset; + + ret = intel_guc_send(guc, data, ARRAY_SIZE(data)); + if (ret) { + DRM_ERROR("HuC: GuC did not ack Auth request %d\n", ret); + goto out; + } + + /* Check authentication status, it should be done by now */ + ret = intel_wait_for_register(dev_priv, + HUC_STATUS2, + HUC_FW_VERIFIED, + HUC_FW_VERIFIED, + 50); + + if (ret) { + DRM_ERROR("HuC: Authentication failed %d\n", ret); + goto out; + } + + DRM_INFO("HuC Authentication Successful!\n"); +out: + i915_vma_unpin(vma); +} + diff --git a/drivers/gpu/drm/i915/intel_uc.h b/drivers/gpu/drm/i915/intel_uc.h index 65c7d6e..27f8b6f 100644 --- a/drivers/gpu/drm/i915/intel_uc.h +++ b/drivers/gpu/drm/i915/intel_uc.h @@ -227,5 +227,6 @@ static inline u32 guc_ggtt_offset(struct i915_vma *vma) void intel_huc_init(struct drm_i915_private *dev_priv); void intel_huc_fini(struct drm_i915_private *dev_priv); int intel_huc_load(struct drm_i915_private *dev_priv); +void intel_guc_auth_huc(struct drm_i915_private *dev_priv); #endif