Message ID | 20230210012804.2223978-1-daniele.ceraolospurio@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [RFC] drm/i915/uapi/huc: two levels of HuC authentication | expand |
diff --git a/include/uapi/drm/i915_drm.h b/include/uapi/drm/i915_drm.h index 8df261c5ab9b..8a69014f3fd9 100644 --- a/include/uapi/drm/i915_drm.h +++ b/include/uapi/drm/i915_drm.h @@ -659,7 +659,8 @@ typedef struct drm_i915_irq_wait { * If the IOCTL is successful, the returned parameter will be set to one of the * following values: * * 0 if HuC firmware load is not complete, - * * 1 if HuC firmware is authenticated and running. + * * 1 if HuC firmware is loaded and fully authenticated, + * * 2 if HuC firmware is loaded and authenticated for clear media only */ #define I915_PARAM_HUC_STATUS 42
Starting on DG2, the owner of HuC authentication is the GSC FW. On MTL, with the GSC moving into the media GT and being loaded by i915, this can result in a significant delay in HuC readiness on init/resume. To reduce the impact, the HuC load & authentication has been split in 2 parts: 1) The HuC is loaded via DMA and authenticated by the GuC, like on older platforms. However, this is now considered a partial authentication and only allows clear-media workloads. 2) After the GSC FW is loaded, the HuC is re-authenticated with a PXP command. This is a full authentication and allows all workloads. This way, only the protected content operations are impacted by the GSC-introduced delay, which is not an issue because GSC is required for those anyway. To report the different steps to userspace, a new value is introduced for the HuC status ioctl. RFC: I'm asking for comments ahead of the implementation to make sure there are no concerns with the proposed interface change. I've kept value '1' as the "full authentication" mode because that is what it represents on older platforms. The media driver currently checks for value != 0, which will keep working for clear-media and allow it to start submitting without waiting for the GSC auth, while the protected content side of things will have to adapt to explicitly check for value == 1 (which will work on existing platforms as well). Signed-off-by: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com> Cc: John Harrison <John.C.Harrison@Intel.com> Cc: Alan Previn <alan.previn.teres.alexis@intel.com> Cc: Ankit Jain <ankit1.jain@intel.com> Cc: Tony Ye <tony.ye@intel.com> Cc: Carl Zhang <carl.zhang@intel.com> --- include/uapi/drm/i915_drm.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)