1 // SPDX-License-Identifier: MIT
2 /*
3 * Copyright © 2016-2019 Intel Corporation
4 */
5
6 #include <linux/types.h>
7
8 #include "gt/intel_gt.h"
9 #include "intel_huc.h"
10 #include "i915_drv.h"
11
intel_huc_init_early(struct intel_huc * huc)12 void intel_huc_init_early(struct intel_huc *huc)
13 {
14 struct drm_i915_private *i915 = huc_to_gt(huc)->i915;
15
16 intel_huc_fw_init_early(huc);
17
18 if (INTEL_GEN(i915) >= 11) {
19 huc->status.reg = GEN11_HUC_KERNEL_LOAD_INFO;
20 huc->status.mask = HUC_LOAD_SUCCESSFUL;
21 huc->status.value = HUC_LOAD_SUCCESSFUL;
22 } else {
23 huc->status.reg = HUC_STATUS2;
24 huc->status.mask = HUC_FW_VERIFIED;
25 huc->status.value = HUC_FW_VERIFIED;
26 }
27 }
28
intel_huc_rsa_data_create(struct intel_huc * huc)29 static int intel_huc_rsa_data_create(struct intel_huc *huc)
30 {
31 struct intel_gt *gt = huc_to_gt(huc);
32 struct intel_guc *guc = >->uc.guc;
33 struct i915_vma *vma;
34 size_t copied;
35 void *vaddr;
36 int err;
37
38 err = i915_inject_load_error(gt->i915, -ENXIO);
39 if (err)
40 return err;
41
42 /*
43 * HuC firmware will sit above GUC_GGTT_TOP and will not map
44 * through GTT. Unfortunately, this means GuC cannot perform
45 * the HuC auth. as the rsa offset now falls within the GuC
46 * inaccessible range. We resort to perma-pinning an additional
47 * vma within the accessible range that only contains the rsa
48 * signature. The GuC can use this extra pinning to perform
49 * the authentication since its GGTT offset will be GuC
50 * accessible.
51 */
52 GEM_BUG_ON(huc->fw.rsa_size > PAGE_SIZE);
53 vma = intel_guc_allocate_vma(guc, PAGE_SIZE);
54 if (IS_ERR(vma))
55 return PTR_ERR(vma);
56
57 vaddr = i915_gem_object_pin_map(vma->obj, I915_MAP_WB);
58 if (IS_ERR(vaddr)) {
59 i915_vma_unpin_and_release(&vma, 0);
60 return PTR_ERR(vaddr);
61 }
62
63 copied = intel_uc_fw_copy_rsa(&huc->fw, vaddr, vma->size);
64 GEM_BUG_ON(copied < huc->fw.rsa_size);
65
66 i915_gem_object_unpin_map(vma->obj);
67
68 huc->rsa_data = vma;
69
70 return 0;
71 }
72
intel_huc_rsa_data_destroy(struct intel_huc * huc)73 static void intel_huc_rsa_data_destroy(struct intel_huc *huc)
74 {
75 i915_vma_unpin_and_release(&huc->rsa_data, 0);
76 }
77
intel_huc_init(struct intel_huc * huc)78 int intel_huc_init(struct intel_huc *huc)
79 {
80 struct drm_i915_private *i915 = huc_to_gt(huc)->i915;
81 int err;
82
83 err = intel_uc_fw_init(&huc->fw);
84 if (err)
85 goto out;
86
87 /*
88 * HuC firmware image is outside GuC accessible range.
89 * Copy the RSA signature out of the image into
90 * a perma-pinned region set aside for it
91 */
92 err = intel_huc_rsa_data_create(huc);
93 if (err)
94 goto out_fini;
95
96 return 0;
97
98 out_fini:
99 intel_uc_fw_fini(&huc->fw);
100 out:
101 intel_uc_fw_cleanup_fetch(&huc->fw);
102 DRM_DEV_DEBUG_DRIVER(i915->drm.dev, "failed with %d\n", err);
103 return err;
104 }
105
intel_huc_fini(struct intel_huc * huc)106 void intel_huc_fini(struct intel_huc *huc)
107 {
108 if (!intel_uc_fw_is_available(&huc->fw))
109 return;
110
111 intel_huc_rsa_data_destroy(huc);
112 intel_uc_fw_fini(&huc->fw);
113 }
114
115 /**
116 * intel_huc_auth() - Authenticate HuC uCode
117 * @huc: intel_huc structure
118 *
119 * Called after HuC and GuC firmware loading during intel_uc_init_hw().
120 *
121 * This function pins HuC firmware image object into GGTT.
122 * Then it invokes GuC action to authenticate passing the offset to RSA
123 * signature through intel_guc_auth_huc(). It then waits for 50ms for
124 * firmware verification ACK and unpins the object.
125 */
intel_huc_auth(struct intel_huc * huc)126 int intel_huc_auth(struct intel_huc *huc)
127 {
128 struct intel_gt *gt = huc_to_gt(huc);
129 struct intel_guc *guc = >->uc.guc;
130 int ret;
131
132 GEM_BUG_ON(intel_huc_is_authenticated(huc));
133
134 if (!intel_uc_fw_is_loaded(&huc->fw))
135 return -ENOEXEC;
136
137 ret = i915_inject_load_error(gt->i915, -ENXIO);
138 if (ret)
139 goto fail;
140
141 ret = intel_guc_auth_huc(guc,
142 intel_guc_ggtt_offset(guc, huc->rsa_data));
143 if (ret) {
144 DRM_ERROR("HuC: GuC did not ack Auth request %d\n", ret);
145 goto fail;
146 }
147
148 /* Check authentication status, it should be done by now */
149 ret = __intel_wait_for_register(gt->uncore,
150 huc->status.reg,
151 huc->status.mask,
152 huc->status.value,
153 2, 50, NULL);
154 if (ret) {
155 DRM_ERROR("HuC: Firmware not verified %d\n", ret);
156 goto fail;
157 }
158
159 intel_uc_fw_change_status(&huc->fw, INTEL_UC_FIRMWARE_RUNNING);
160 return 0;
161
162 fail:
163 i915_probe_error(gt->i915, "HuC: Authentication failed %d\n", ret);
164 intel_uc_fw_change_status(&huc->fw, INTEL_UC_FIRMWARE_FAIL);
165 return ret;
166 }
167
168 /**
169 * intel_huc_check_status() - check HuC status
170 * @huc: intel_huc structure
171 *
172 * This function reads status register to verify if HuC
173 * firmware was successfully loaded.
174 *
175 * Returns: 1 if HuC firmware is loaded and verified,
176 * 0 if HuC firmware is not loaded and -ENODEV if HuC
177 * is not present on this platform.
178 */
intel_huc_check_status(struct intel_huc * huc)179 int intel_huc_check_status(struct intel_huc *huc)
180 {
181 struct intel_gt *gt = huc_to_gt(huc);
182 intel_wakeref_t wakeref;
183 u32 status = 0;
184
185 if (!intel_huc_is_supported(huc))
186 return -ENODEV;
187
188 with_intel_runtime_pm(>->i915->runtime_pm, wakeref)
189 status = intel_uncore_read(gt->uncore, huc->status.reg);
190
191 return (status & huc->status.mask) == huc->status.value;
192 }
193
