From: Peter Antoine <peter.antoine@xxxxxxxxx> The HuC authentication is done by host2guc call. The HuC RSA keys are sent to GuC for authentication. v2: rebased on top of drm-intel-nightly. changed name format and upped version 1.7. v3: rebased on top of drm-intel-nightly. v4: changed wait_for_automic to wait_for v5: rebased. v7: rebased. v8: rebased. v9: rebased. Rename intel_huc_auh() to intel_guc_auth_huc() and place the prototype in intel_guc.h,correct the comments. v10: rebased. v11: rebased. v12: rebased on top of drm-tip v13: rebased. Moved intel_guc_auth_huc from i915_guc_submission.c to intel_uc.c.Update dev to dev_priv in intel_guc_auth_huc(). Renamed HOST2GUC_ACTION_AUTHENTICATE_HUC TO INTEL_GUC_ACTION_ AUTHENTICATE_HUC v14: rebased. v15: rebased. Add newline on DRM_ERRORs that already dont have one. v16: rebased. Replace wait_for with intel_wait_for_register() since the latter employs sleep optimisations for quick responses- as pointed out by Chris Wilson. Cc: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> Cc: Arkadiusz Hiler <arkadiusz.hiler@xxxxxxxxx> Cc: Michal Wajdeczko <michal.wajdecko@xxxxxxxxx> Tested-by: Xiang Haihao <haihao.xiang@xxxxxxxxx> Signed-off-by: Anusha Srivatsa <anusha.srivatsa@xxxxxxxxx> Signed-off-by: Alex Dai <yu.dai@xxxxxxxxx> Signed-off-by: Peter Antoine <peter.antoine@xxxxxxxxx> --- drivers/gpu/drm/i915/intel_guc_fwif.h | 1 + drivers/gpu/drm/i915/intel_guc_loader.c | 2 + drivers/gpu/drm/i915/intel_uc.c | 70 ++++++++++++++++++++++++++++++++- drivers/gpu/drm/i915/intel_uc.h | 1 + 4 files changed, 72 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_guc_fwif.h b/drivers/gpu/drm/i915/intel_guc_fwif.h index ed1ab40..ce4e05e 100644 --- a/drivers/gpu/drm/i915/intel_guc_fwif.h +++ b/drivers/gpu/drm/i915/intel_guc_fwif.h @@ -506,6 +506,7 @@ enum intel_guc_action { INTEL_GUC_ACTION_EXIT_S_STATE = 0x502, INTEL_GUC_ACTION_SLPC_REQUEST = 0x3003, INTEL_GUC_ACTION_UK_LOG_ENABLE_LOGGING = 0x0E000, + INTEL_GUC_ACTION_AUTHENTICATE_HUC = 0x4000, INTEL_GUC_ACTION_LIMIT }; diff --git a/drivers/gpu/drm/i915/intel_guc_loader.c b/drivers/gpu/drm/i915/intel_guc_loader.c index ed57ab3..0508054 100644 --- a/drivers/gpu/drm/i915/intel_guc_loader.c +++ b/drivers/gpu/drm/i915/intel_guc_loader.c @@ -529,6 +529,8 @@ int intel_guc_setup(struct drm_i915_private *dev_priv) intel_uc_fw_status_repr(guc_fw->fetch_status), intel_uc_fw_status_repr(guc_fw->load_status)); + intel_guc_auth_huc(dev_priv); + if (i915.enable_guc_submission) { if (i915.guc_log_level >= 0) gen9_enable_guc_interrupts(dev_priv); diff --git a/drivers/gpu/drm/i915/intel_uc.c b/drivers/gpu/drm/i915/intel_uc.c index c6be352..d1a4d79 100644 --- a/drivers/gpu/drm/i915/intel_uc.c +++ b/drivers/gpu/drm/i915/intel_uc.c @@ -46,7 +46,7 @@ static bool intel_guc_recv(struct intel_guc *guc, u32 *status) int intel_guc_send(struct intel_guc *guc, const u32 *action, u32 len) { struct drm_i915_private *dev_priv = guc_to_i915(guc); - u32 status; + u32 status = 0; int i; int ret; @@ -71,7 +71,11 @@ int intel_guc_send(struct intel_guc *guc, const u32 *action, u32 len) * up to that length of time, then switch to a slower sleep-wait loop. * No inte_guc_send command should ever take longer than 10ms. */ - ret = wait_for_us(intel_guc_recv(guc, &status), 10); + ret = intel_wait_for_register(dev_priv, + HUC_STATUS2, + HUC_FW_VERIFIED, + HUC_FW_VERIFIED, + 50); if (ret) ret = wait_for(intel_guc_recv(guc, &status), 10); if (status != INTEL_GUC_STATUS_SUCCESS) { @@ -140,3 +144,65 @@ int intel_guc_log_control(struct intel_guc *guc, u32 control_val) return intel_guc_send(guc, action, ARRAY_SIZE(action)); } + +/** + * intel_guc_auth_huc() - authenticate ucode + * @dev_priv: the drm_i915_device + * + * Triggers a HuC fw authentication request to the GuC via intel_guc_action_ + * authenticate_huc interface. + * interface. + */ +void intel_guc_auth_huc(struct drm_i915_private *dev_priv) +{ + struct intel_guc *guc = &dev_priv->guc; + struct intel_huc *huc = &dev_priv->huc; + struct i915_vma *vma; + int ret; + u32 data[2]; + + /* Bypass the case where there is no HuC firmware */ + if (huc->fw.fetch_status == INTEL_UC_FIRMWARE_NONE || + huc->fw.load_status == INTEL_UC_FIRMWARE_NONE) + return; + + if (guc->fw.load_status != INTEL_UC_FIRMWARE_SUCCESS) { + DRM_ERROR("HuC: GuC fw wasn't loaded. Can't authenticate\n"); + return; + } + + if (huc->fw.load_status != INTEL_UC_FIRMWARE_SUCCESS) { + DRM_ERROR("HuC: fw wasn't loaded. Nothing to authenticate\n"); + return; + } + + vma = i915_gem_object_ggtt_pin(huc->fw.obj, NULL, 0, 0, 0); + if (IS_ERR(vma)) { + DRM_DEBUG_DRIVER("pin failed %d\n", (int)PTR_ERR(vma)); + return; + } + + + /* Invalidate GuC TLB to let GuC take the latest updates to GTT. */ + I915_WRITE(GEN8_GTCR, GEN8_GTCR_INVALIDATE); + + /* Specify auth action and where public signature is. */ + data[0] = INTEL_GUC_ACTION_AUTHENTICATE_HUC; + data[1] = i915_ggtt_offset(vma) + huc->fw.rsa_offset; + + ret = intel_guc_send(guc, data, ARRAY_SIZE(data)); + if (ret) { + DRM_ERROR("HuC: GuC did not ack Auth request\n"); + goto out; + } + + /* Check authentication status, it should be done by now */ + ret = wait_for((I915_READ(HUC_STATUS2) & HUC_FW_VERIFIED) > 0, 50); + if (ret) { + DRM_ERROR("HuC: Authentication failed\n"); + goto out; + } + +out: + i915_vma_unpin(vma); +} diff --git a/drivers/gpu/drm/i915/intel_uc.h b/drivers/gpu/drm/i915/intel_uc.h index 7df57c1..6ba56e18 100644 --- a/drivers/gpu/drm/i915/intel_uc.h +++ b/drivers/gpu/drm/i915/intel_uc.h @@ -193,6 +193,7 @@ int intel_guc_sample_forcewake(struct intel_guc *guc); int intel_guc_log_flush_complete(struct intel_guc *guc); int intel_guc_log_flush(struct intel_guc *guc); int intel_guc_log_control(struct intel_guc *guc, u32 control_val); +void intel_guc_auth_huc(struct drm_i915_private *dev_priv); /* intel_guc_loader.c */ extern void intel_guc_init(struct drm_i915_private *dev_priv); -- 2.7.4 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx