Commit Graph

16 Commits

Author SHA1 Message Date
Ben Skeggs
5f0f8b573a drm/nouveau/secboot: split out FW version-specific LS function pointers
It's not enough to have per-falcon structures anymore, we have multiple
versions of some firmware now that have interface differences.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2019-06-07 15:13:58 +10:00
Ben Skeggs
c26f3061fe drm/nouveau/secboot: pass max supported FW version to LS load funcs
Will be passed to the FW loader function as an upper bound on the supported
FW version to attempt to load.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2019-06-07 15:13:58 +10:00
Alexandre Courbot
d424d278b2 drm/nouveau/secboot: let LS post_run hooks return error
A LS post-run hook can meet an error meaning the failure of secure boot.
Make sure this can be reported.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-04-06 14:39:04 +10:00
Alexandre Courbot
2963a06a4d drm/nouveau/secboot: pass instance to LS firmware loaders
Having access to the secboot instance loading a LS firmware can be
useful to LS firmware handlers. At least more useful than just having an
out-of-context subdev pointer.

GP10B's firmware will also need to know the WPR address, which can be
obtained from the secboot instance.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-04-06 14:39:04 +10:00
Alexandre Courbot
84074e5b10 drm/nouveau/secboot: put HS code loading code into own file
We will also need to load HS blobs outside of acr_r352 (for instance, to
run the NVDEC VPR scrubber), so make this code reusable.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-03-07 17:05:16 +10:00
Alexandre Courbot
b58b417163 drm/nouveau/secboot: support for unload blob bootloader
If the load and unload falcons are different, then a different
bootloader must also be used. Support this case.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-03-07 17:05:14 +10:00
Alexandre Courbot
e9462417f1 drm/nouveau/secboot: add shadow blob argument
ACR firmware from r364 on need a shadow region for the ACR to copy the
WPR region into. Add a flag to indicate that a shadow region is required
and manage memory allocations accordingly.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-03-07 17:05:13 +10:00
Alexandre Courbot
0117b3369f drm/nouveau/secboot: add LS firmware post-run hooks
Add the ability for LS firmwares to declare a post-run hook that is
invoked right after the HS firmware is executed. This allows them to
e.g. write some initialization data into the falcon's DMEM.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-03-07 17:05:12 +10:00
Alexandre Courbot
9bb55bb79f drm/nouveau/secboot: abstract fixup_hs_desc function
As different firmare versions use different HS descriptor formats, we
need to abstract this part as well.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-03-07 17:05:12 +10:00
Alexandre Courbot
f7152a232c drm/nouveau/secboot: make specialized ls_ucode_img struct private
This structure does not need to be shared anymore.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-03-07 17:05:12 +10:00
Alexandre Courbot
5c4e0602d6 drm/nouveau/secboot: fix usage of hsf_load_header
Offsets were not properly computed. This went unnoticed because we are
only using one app for now.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-03-07 17:05:11 +10:00
Alexandre Courbot
3e8fbe3191 drm/nouveau/secboot: fix WPR address to be 64-bit
The WPR address parameter of the ls_write_wpr hook was defined as a u32,
which will very likely overflow on boards with more than 4GB VRAM.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-03-07 17:05:11 +10:00
Alexandre Courbot
425c816a80 drm/nouveau/secboot: add lazy-bootstrap flag
When the PMU firmware is present, the falcons it manages need to have
the lazy-bootstrap flag of their WPR header set so the ACR does not boot
them. Add support for this.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-02-17 15:14:32 +10:00
Alexandre Courbot
9d896f3e41 drm/nouveau/secboot: abstract LS firmware loading functions
The WPR and LSB headers, used to generate the LS blob, may have a
different layout and sizes depending on the driver version they come
from. Abstract them and confine their use to driver-specific code.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-02-17 15:14:32 +10:00
Alexandre Courbot
8a50452c89 drm/nouveau/secboot: add LS flags to LS func structure
Add a flag that can be set when declaring how a LS firmware should be
loaded. This allows us to remove falcon-specific code in the loader.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-02-17 15:14:31 +10:00
Alexandre Courbot
72e0642fb4 drm/nouveau/secboot: reorganize into more files
Split the act of building the ACR blob from firmware files from the rest
of the (chip-dependent) secure boot logic. ACR logic is moved into
acr_rxxx.c files, where rxxx corresponds to the compatible release of
the NVIDIA driver. At the moment r352 and r361 are supported since
firmwares have been released for these versions. Some abstractions are
added on top of r352 so r361 can easily be implemented on top of it by
just overriding a few hooks.

This split makes it possible and easy to reuse the same ACR version on
different chips. It also hopefully makes the code much more readable as
the different secure boot logics are separated. As more chips and
firmware versions will be supported, this is a necessity to not get lost
in code that is already quite complex.

This is a big commit, but it essentially moves things around (and split
the nvkm_secboot structure into two, nvkm_secboot and nvkm_acr). Code
semantics should not be affected.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-02-17 15:14:31 +10:00