This is a highly changed revision of the first patch series that adds secure
boot support to Nouveau. This code still depends on NVIDIA releasing official
firmware files, but the files released with SHIELD TV and Pixel C can already
be used on a Jetson TX1.
As you know we are working hard to release the official firmware files, however
in the meantime it doesn't hurt to review the code so it can be merged soon
after the release! :)
This series depends on the previously-sent "Unified firmware loading functions"
series.
Changes since v1:
- Moved secure boot into a subdev ("secboot") to integrate better with Nouveau
- Switched to more a flexible abstraction (clients can ask to reset a given
set of falcons, and the secboot subdev decides how to do this).
- Added dGPU support. Nouveau can now initialize securely-managed falcons on all
GM20X chips, provided adequate firmware is present, and GR can run on all
GM20X as well.
- Plenty of small changes that hopefully make the code easier to read...
Notes:
- The GM20B secboot driver is currently tailored to work with the firmware files
released with NVIDIA's SHIELD TV and Google's Pixel C. These files use a
slightly different format than dGPU. Final official GM20B firmware may be
aligned to the format used by dGPU, reducing the size of the GM20B driver.
- The current implementation monopolizes the PMU for doing secure boot. This
will be fixed once the PMU secure firmware is released as well. It may or may
not happen at the same time as the signed GR firmware, hence this currently
limited implementation to allow GR to be used. The current abstraction for
reseting securely-managed falcons should be suitable for both models.
Alexandre Courbot (5):
core: add gpuobj memcpy helper functions
core: add support for secure boot
gr: support for securely-booted FECS firmware
secboot/gm200: add secure-boot support
secboot/gm20b: add secure boot support
drm/nouveau/include/nvkm/core/device.h | 3 +
drm/nouveau/include/nvkm/core/gpuobj.h | 4 +
drm/nouveau/include/nvkm/subdev/secboot.h | 59 ++
drm/nouveau/nvkm/core/gpuobj.c | 20 +
drm/nouveau/nvkm/core/subdev.c | 1 +
drm/nouveau/nvkm/engine/device/base.c | 5 +
drm/nouveau/nvkm/engine/device/priv.h | 1 +
drm/nouveau/nvkm/engine/gr/gf100.c | 46 +-
drm/nouveau/nvkm/engine/gr/gm204.c | 8 +-
drm/nouveau/nvkm/engine/gr/gm20b.c | 9 +-
drm/nouveau/nvkm/subdev/Kbuild | 1 +
drm/nouveau/nvkm/subdev/secboot/Kbuild | 3 +
drm/nouveau/nvkm/subdev/secboot/base.c | 284 +++++++
drm/nouveau/nvkm/subdev/secboot/gm200.c | 1308 +++++++++++++++++++++++++++++
drm/nouveau/nvkm/subdev/secboot/gm20b.c | 213 +++++
drm/nouveau/nvkm/subdev/secboot/priv.h | 187 +++++
16 files changed, 2134 insertions(+), 18 deletions(-)
create mode 100644 drm/nouveau/include/nvkm/subdev/secboot.h
create mode 100644 drm/nouveau/nvkm/subdev/secboot/Kbuild
create mode 100644 drm/nouveau/nvkm/subdev/secboot/base.c
create mode 100644 drm/nouveau/nvkm/subdev/secboot/gm200.c
create mode 100644 drm/nouveau/nvkm/subdev/secboot/gm20b.c
create mode 100644 drm/nouveau/nvkm/subdev/secboot/priv.h
--
2.7.0
--
To unsubscribe from this list: send the line "unsubscribe linux-tegra" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
