1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 2019 Intel Corporation.
4 *
5 * Authors:
6 * Ramalingam C <ramalingam.c@intel.com>
7 */
8
9 #include <linux/device.h>
10 #include <linux/err.h>
11 #include <linux/gfp.h>
12 #include <linux/export.h>
13 #include <linux/slab.h>
14 #include <linux/firmware.h>
15
16 #include <drm/drm_hdcp.h>
17 #include <drm/drm_sysfs.h>
18 #include <drm/drm_print.h>
19 #include <drm/drm_device.h>
20 #include <drm/drm_property.h>
21 #include <drm/drm_mode_object.h>
22 #include <drm/drm_connector.h>
23
24 #include "drm_internal.h"
25
26 static struct hdcp_srm {
27 u32 revoked_ksv_cnt;
28 u8 *revoked_ksv_list;
29
30 /* Mutex to protect above struct member */
31 struct mutex mutex;
32 } *srm_data;
33
drm_hdcp_print_ksv(const u8 * ksv)34 static inline void drm_hdcp_print_ksv(const u8 *ksv)
35 {
36 DRM_DEBUG("\t%#02x, %#02x, %#02x, %#02x, %#02x\n",
37 ksv[0], ksv[1], ksv[2], ksv[3], ksv[4]);
38 }
39
drm_hdcp_get_revoked_ksv_count(const u8 * buf,u32 vrls_length)40 static u32 drm_hdcp_get_revoked_ksv_count(const u8 *buf, u32 vrls_length)
41 {
42 u32 parsed_bytes = 0, ksv_count = 0, vrl_ksv_cnt, vrl_sz;
43
44 while (parsed_bytes < vrls_length) {
45 vrl_ksv_cnt = *buf;
46 ksv_count += vrl_ksv_cnt;
47
48 vrl_sz = (vrl_ksv_cnt * DRM_HDCP_KSV_LEN) + 1;
49 buf += vrl_sz;
50 parsed_bytes += vrl_sz;
51 }
52
53 /*
54 * When vrls are not valid, ksvs are not considered.
55 * Hence SRM will be discarded.
56 */
57 if (parsed_bytes != vrls_length)
58 ksv_count = 0;
59
60 return ksv_count;
61 }
62
drm_hdcp_get_revoked_ksvs(const u8 * buf,u8 * revoked_ksv_list,u32 vrls_length)63 static u32 drm_hdcp_get_revoked_ksvs(const u8 *buf, u8 *revoked_ksv_list,
64 u32 vrls_length)
65 {
66 u32 parsed_bytes = 0, ksv_count = 0;
67 u32 vrl_ksv_cnt, vrl_ksv_sz, vrl_idx = 0;
68
69 do {
70 vrl_ksv_cnt = *buf;
71 vrl_ksv_sz = vrl_ksv_cnt * DRM_HDCP_KSV_LEN;
72
73 buf++;
74
75 DRM_DEBUG("vrl: %d, Revoked KSVs: %d\n", vrl_idx++,
76 vrl_ksv_cnt);
77 memcpy(revoked_ksv_list, buf, vrl_ksv_sz);
78
79 ksv_count += vrl_ksv_cnt;
80 revoked_ksv_list += vrl_ksv_sz;
81 buf += vrl_ksv_sz;
82
83 parsed_bytes += (vrl_ksv_sz + 1);
84 } while (parsed_bytes < vrls_length);
85
86 return ksv_count;
87 }
88
get_vrl_length(const u8 * buf)89 static inline u32 get_vrl_length(const u8 *buf)
90 {
91 return drm_hdcp_be24_to_cpu(buf);
92 }
93
drm_hdcp_parse_hdcp1_srm(const u8 * buf,size_t count)94 static int drm_hdcp_parse_hdcp1_srm(const u8 *buf, size_t count)
95 {
96 struct hdcp_srm_header *header;
97 u32 vrl_length, ksv_count;
98
99 if (count < (sizeof(struct hdcp_srm_header) +
100 DRM_HDCP_1_4_VRL_LENGTH_SIZE + DRM_HDCP_1_4_DCP_SIG_SIZE)) {
101 DRM_ERROR("Invalid blob length\n");
102 return -EINVAL;
103 }
104
105 header = (struct hdcp_srm_header *)buf;
106 DRM_DEBUG("SRM ID: 0x%x, SRM Ver: 0x%x, SRM Gen No: 0x%x\n",
107 header->srm_id,
108 be16_to_cpu(header->srm_version), header->srm_gen_no);
109
110 WARN_ON(header->reserved);
111
112 buf = buf + sizeof(*header);
113 vrl_length = get_vrl_length(buf);
114 if (count < (sizeof(struct hdcp_srm_header) + vrl_length) ||
115 vrl_length < (DRM_HDCP_1_4_VRL_LENGTH_SIZE +
116 DRM_HDCP_1_4_DCP_SIG_SIZE)) {
117 DRM_ERROR("Invalid blob length or vrl length\n");
118 return -EINVAL;
119 }
120
121 /* Length of the all vrls combined */
122 vrl_length -= (DRM_HDCP_1_4_VRL_LENGTH_SIZE +
123 DRM_HDCP_1_4_DCP_SIG_SIZE);
124
125 if (!vrl_length) {
126 DRM_ERROR("No vrl found\n");
127 return -EINVAL;
128 }
129
130 buf += DRM_HDCP_1_4_VRL_LENGTH_SIZE;
131 ksv_count = drm_hdcp_get_revoked_ksv_count(buf, vrl_length);
132 if (!ksv_count) {
133 DRM_DEBUG("Revoked KSV count is 0\n");
134 return count;
135 }
136
137 kfree(srm_data->revoked_ksv_list);
138 srm_data->revoked_ksv_list = kcalloc(ksv_count, DRM_HDCP_KSV_LEN,
139 GFP_KERNEL);
140 if (!srm_data->revoked_ksv_list) {
141 DRM_ERROR("Out of Memory\n");
142 return -ENOMEM;
143 }
144
145 if (drm_hdcp_get_revoked_ksvs(buf, srm_data->revoked_ksv_list,
146 vrl_length) != ksv_count) {
147 srm_data->revoked_ksv_cnt = 0;
148 kfree(srm_data->revoked_ksv_list);
149 return -EINVAL;
150 }
151
152 srm_data->revoked_ksv_cnt = ksv_count;
153 return count;
154 }
155
drm_hdcp_parse_hdcp2_srm(const u8 * buf,size_t count)156 static int drm_hdcp_parse_hdcp2_srm(const u8 *buf, size_t count)
157 {
158 struct hdcp_srm_header *header;
159 u32 vrl_length, ksv_count, ksv_sz;
160
161 if (count < (sizeof(struct hdcp_srm_header) +
162 DRM_HDCP_2_VRL_LENGTH_SIZE + DRM_HDCP_2_DCP_SIG_SIZE)) {
163 DRM_ERROR("Invalid blob length\n");
164 return -EINVAL;
165 }
166
167 header = (struct hdcp_srm_header *)buf;
168 DRM_DEBUG("SRM ID: 0x%x, SRM Ver: 0x%x, SRM Gen No: 0x%x\n",
169 header->srm_id & DRM_HDCP_SRM_ID_MASK,
170 be16_to_cpu(header->srm_version), header->srm_gen_no);
171
172 if (header->reserved)
173 return -EINVAL;
174
175 buf = buf + sizeof(*header);
176 vrl_length = get_vrl_length(buf);
177
178 if (count < (sizeof(struct hdcp_srm_header) + vrl_length) ||
179 vrl_length < (DRM_HDCP_2_VRL_LENGTH_SIZE +
180 DRM_HDCP_2_DCP_SIG_SIZE)) {
181 DRM_ERROR("Invalid blob length or vrl length\n");
182 return -EINVAL;
183 }
184
185 /* Length of the all vrls combined */
186 vrl_length -= (DRM_HDCP_2_VRL_LENGTH_SIZE +
187 DRM_HDCP_2_DCP_SIG_SIZE);
188
189 if (!vrl_length) {
190 DRM_ERROR("No vrl found\n");
191 return -EINVAL;
192 }
193
194 buf += DRM_HDCP_2_VRL_LENGTH_SIZE;
195 ksv_count = (*buf << 2) | DRM_HDCP_2_KSV_COUNT_2_LSBITS(*(buf + 1));
196 if (!ksv_count) {
197 DRM_DEBUG("Revoked KSV count is 0\n");
198 return count;
199 }
200
201 kfree(srm_data->revoked_ksv_list);
202 srm_data->revoked_ksv_list = kcalloc(ksv_count, DRM_HDCP_KSV_LEN,
203 GFP_KERNEL);
204 if (!srm_data->revoked_ksv_list) {
205 DRM_ERROR("Out of Memory\n");
206 return -ENOMEM;
207 }
208
209 ksv_sz = ksv_count * DRM_HDCP_KSV_LEN;
210 buf += DRM_HDCP_2_NO_OF_DEV_PLUS_RESERVED_SZ;
211
212 DRM_DEBUG("Revoked KSVs: %d\n", ksv_count);
213 memcpy(srm_data->revoked_ksv_list, buf, ksv_sz);
214
215 srm_data->revoked_ksv_cnt = ksv_count;
216 return count;
217 }
218
is_srm_version_hdcp1(const u8 * buf)219 static inline bool is_srm_version_hdcp1(const u8 *buf)
220 {
221 return *buf == (u8)(DRM_HDCP_1_4_SRM_ID << 4);
222 }
223
is_srm_version_hdcp2(const u8 * buf)224 static inline bool is_srm_version_hdcp2(const u8 *buf)
225 {
226 return *buf == (u8)(DRM_HDCP_2_SRM_ID << 4 | DRM_HDCP_2_INDICATOR);
227 }
228
drm_hdcp_srm_update(const u8 * buf,size_t count)229 static void drm_hdcp_srm_update(const u8 *buf, size_t count)
230 {
231 if (count < sizeof(struct hdcp_srm_header))
232 return;
233
234 if (is_srm_version_hdcp1(buf))
235 drm_hdcp_parse_hdcp1_srm(buf, count);
236 else if (is_srm_version_hdcp2(buf))
237 drm_hdcp_parse_hdcp2_srm(buf, count);
238 }
239
drm_hdcp_request_srm(struct drm_device * drm_dev)240 static void drm_hdcp_request_srm(struct drm_device *drm_dev)
241 {
242 char fw_name[36] = "display_hdcp_srm.bin";
243 const struct firmware *fw;
244
245 int ret;
246
247 ret = request_firmware_direct(&fw, (const char *)fw_name,
248 drm_dev->dev);
249 if (ret < 0)
250 goto exit;
251
252 if (fw->size && fw->data)
253 drm_hdcp_srm_update(fw->data, fw->size);
254
255 exit:
256 release_firmware(fw);
257 }
258
259 /**
260 * drm_hdcp_check_ksvs_revoked - Check the revoked status of the IDs
261 *
262 * @drm_dev: drm_device for which HDCP revocation check is requested
263 * @ksvs: List of KSVs (HDCP receiver IDs)
264 * @ksv_count: KSV count passed in through @ksvs
265 *
266 * This function reads the HDCP System renewability Message(SRM Table)
267 * from userspace as a firmware and parses it for the revoked HDCP
268 * KSVs(Receiver IDs) detected by DCP LLC. Once the revoked KSVs are known,
269 * revoked state of the KSVs in the list passed in by display drivers are
270 * decided and response is sent.
271 *
272 * SRM should be presented in the name of "display_hdcp_srm.bin".
273 *
274 * Format of the SRM table, that userspace needs to write into the binary file,
275 * is defined at:
276 * 1. Renewability chapter on 55th page of HDCP 1.4 specification
277 * https://www.digital-cp.com/sites/default/files/specifications/HDCP%20Specification%20Rev1_4_Secure.pdf
278 * 2. Renewability chapter on 63rd page of HDCP 2.2 specification
279 * https://www.digital-cp.com/sites/default/files/specifications/HDCP%20on%20HDMI%20Specification%20Rev2_2_Final1.pdf
280 *
281 * Returns:
282 * TRUE on any of the KSV is revoked, else FALSE.
283 */
drm_hdcp_check_ksvs_revoked(struct drm_device * drm_dev,u8 * ksvs,u32 ksv_count)284 bool drm_hdcp_check_ksvs_revoked(struct drm_device *drm_dev, u8 *ksvs,
285 u32 ksv_count)
286 {
287 u32 rev_ksv_cnt, cnt, i, j;
288 u8 *rev_ksv_list;
289
290 if (!srm_data)
291 return false;
292
293 mutex_lock(&srm_data->mutex);
294 drm_hdcp_request_srm(drm_dev);
295
296 rev_ksv_cnt = srm_data->revoked_ksv_cnt;
297 rev_ksv_list = srm_data->revoked_ksv_list;
298
299 /* If the Revoked ksv list is empty */
300 if (!rev_ksv_cnt || !rev_ksv_list) {
301 mutex_unlock(&srm_data->mutex);
302 return false;
303 }
304
305 for (cnt = 0; cnt < ksv_count; cnt++) {
306 rev_ksv_list = srm_data->revoked_ksv_list;
307 for (i = 0; i < rev_ksv_cnt; i++) {
308 for (j = 0; j < DRM_HDCP_KSV_LEN; j++)
309 if (ksvs[j] != rev_ksv_list[j]) {
310 break;
311 } else if (j == (DRM_HDCP_KSV_LEN - 1)) {
312 DRM_DEBUG("Revoked KSV is ");
313 drm_hdcp_print_ksv(ksvs);
314 mutex_unlock(&srm_data->mutex);
315 return true;
316 }
317 /* Move the offset to next KSV in the revoked list */
318 rev_ksv_list += DRM_HDCP_KSV_LEN;
319 }
320
321 /* Iterate to next ksv_offset */
322 ksvs += DRM_HDCP_KSV_LEN;
323 }
324 mutex_unlock(&srm_data->mutex);
325 return false;
326 }
327 EXPORT_SYMBOL_GPL(drm_hdcp_check_ksvs_revoked);
328
drm_setup_hdcp_srm(struct class * drm_class)329 int drm_setup_hdcp_srm(struct class *drm_class)
330 {
331 srm_data = kzalloc(sizeof(*srm_data), GFP_KERNEL);
332 if (!srm_data)
333 return -ENOMEM;
334 mutex_init(&srm_data->mutex);
335
336 return 0;
337 }
338
drm_teardown_hdcp_srm(struct class * drm_class)339 void drm_teardown_hdcp_srm(struct class *drm_class)
340 {
341 if (srm_data) {
342 kfree(srm_data->revoked_ksv_list);
343 kfree(srm_data);
344 }
345 }
346
347 static struct drm_prop_enum_list drm_cp_enum_list[] = {
348 { DRM_MODE_CONTENT_PROTECTION_UNDESIRED, "Undesired" },
349 { DRM_MODE_CONTENT_PROTECTION_DESIRED, "Desired" },
350 { DRM_MODE_CONTENT_PROTECTION_ENABLED, "Enabled" },
351 };
352 DRM_ENUM_NAME_FN(drm_get_content_protection_name, drm_cp_enum_list)
353
354 static struct drm_prop_enum_list drm_hdcp_content_type_enum_list[] = {
355 { DRM_MODE_HDCP_CONTENT_TYPE0, "HDCP Type0" },
356 { DRM_MODE_HDCP_CONTENT_TYPE1, "HDCP Type1" },
357 };
DRM_ENUM_NAME_FN(drm_get_hdcp_content_type_name,drm_hdcp_content_type_enum_list)358 DRM_ENUM_NAME_FN(drm_get_hdcp_content_type_name,
359 drm_hdcp_content_type_enum_list)
360
361 /**
362 * drm_connector_attach_content_protection_property - attach content protection
363 * property
364 *
365 * @connector: connector to attach CP property on.
366 * @hdcp_content_type: is HDCP Content Type property needed for connector
367 *
368 * This is used to add support for content protection on select connectors.
369 * Content Protection is intentionally vague to allow for different underlying
370 * technologies, however it is most implemented by HDCP.
371 *
372 * When hdcp_content_type is true enum property called HDCP Content Type is
373 * created (if it is not already) and attached to the connector.
374 *
375 * This property is used for sending the protected content's stream type
376 * from userspace to kernel on selected connectors. Protected content provider
377 * will decide their type of their content and declare the same to kernel.
378 *
379 * Content type will be used during the HDCP 2.2 authentication.
380 * Content type will be set to &drm_connector_state.hdcp_content_type.
381 *
382 * The content protection will be set to &drm_connector_state.content_protection
383 *
384 * When kernel triggered content protection state change like DESIRED->ENABLED
385 * and ENABLED->DESIRED, will use drm_hdcp_update_content_protection() to update
386 * the content protection state of a connector.
387 *
388 * Returns:
389 * Zero on success, negative errno on failure.
390 */
391 int drm_connector_attach_content_protection_property(
392 struct drm_connector *connector, bool hdcp_content_type)
393 {
394 struct drm_device *dev = connector->dev;
395 struct drm_property *prop =
396 dev->mode_config.content_protection_property;
397
398 if (!prop)
399 prop = drm_property_create_enum(dev, 0, "Content Protection",
400 drm_cp_enum_list,
401 ARRAY_SIZE(drm_cp_enum_list));
402 if (!prop)
403 return -ENOMEM;
404
405 drm_object_attach_property(&connector->base, prop,
406 DRM_MODE_CONTENT_PROTECTION_UNDESIRED);
407 dev->mode_config.content_protection_property = prop;
408
409 if (!hdcp_content_type)
410 return 0;
411
412 prop = dev->mode_config.hdcp_content_type_property;
413 if (!prop)
414 prop = drm_property_create_enum(dev, 0, "HDCP Content Type",
415 drm_hdcp_content_type_enum_list,
416 ARRAY_SIZE(
417 drm_hdcp_content_type_enum_list));
418 if (!prop)
419 return -ENOMEM;
420
421 drm_object_attach_property(&connector->base, prop,
422 DRM_MODE_HDCP_CONTENT_TYPE0);
423 dev->mode_config.hdcp_content_type_property = prop;
424
425 return 0;
426 }
427 EXPORT_SYMBOL(drm_connector_attach_content_protection_property);
428
429 /**
430 * drm_hdcp_update_content_protection - Updates the content protection state
431 * of a connector
432 *
433 * @connector: drm_connector on which content protection state needs an update
434 * @val: New state of the content protection property
435 *
436 * This function can be used by display drivers, to update the kernel triggered
437 * content protection state changes of a drm_connector such as DESIRED->ENABLED
438 * and ENABLED->DESIRED. No uevent for DESIRED->UNDESIRED or ENABLED->UNDESIRED,
439 * as userspace is triggering such state change and kernel performs it without
440 * fail.This function update the new state of the property into the connector's
441 * state and generate an uevent to notify the userspace.
442 */
drm_hdcp_update_content_protection(struct drm_connector * connector,u64 val)443 void drm_hdcp_update_content_protection(struct drm_connector *connector,
444 u64 val)
445 {
446 struct drm_device *dev = connector->dev;
447 struct drm_connector_state *state = connector->state;
448
449 WARN_ON(!drm_modeset_is_locked(&dev->mode_config.connection_mutex));
450 if (state->content_protection == val)
451 return;
452
453 state->content_protection = val;
454 drm_sysfs_connector_status_event(connector,
455 dev->mode_config.content_protection_property);
456 }
457 EXPORT_SYMBOL(drm_hdcp_update_content_protection);
458
