drm/xe/huc: HuC authentication via GSC

author Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>

Wed, 29 Nov 2023 01:17:19 +0000 (17:17 -0800)

committer Rodrigo Vivi <rodrigo.vivi@intel.com>

Thu, 21 Dec 2023 16:45:24 +0000 (11:45 -0500)
author Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
Wed, 29 Nov 2023 01:17:19 +0000 (17:17 -0800)
committer Rodrigo Vivi <rodrigo.vivi@intel.com>
Thu, 21 Dec 2023 16:45:24 +0000 (11:45 -0500)
diff --git a/drivers/gpu/drm/xe/abi/gsc_pxp_commands_abi.h b/drivers/gpu/drm/xe/abi/gsc_pxp_commands_abi.h

new file mode 100644 (file)

index 0000000..5752080
--- /dev/null
+++ b/drivers/gpu/drm/xe/abi/gsc_pxp_commands_abi.h
@@ -0,0 +1,59 @@
+/* SPDX-License-Identifier: MIT */
+/*
+ * Copyright © 2023 Intel Corporation
+ */
+
+#ifndef _ABI_GSC_PXP_COMMANDS_ABI_H
+#define _ABI_GSC_PXP_COMMANDS_ABI_H
+
+#include <linux/types.h>
+
+/* Heci client ID for PXP commands */
+#define HECI_MEADDRESS_PXP 17
+
+#define PXP_APIVER(x, y) (((x) & 0xFFFF) << 16 | ((y) & 0xFFFF))
+
+/*
+ * there are a lot of status codes for PXP, but we only define the cross-API
+ * common ones that we actually can handle in the kernel driver. Other failure
+ * codes should be printed to error msg for debug.
+ */
+enum pxp_status {
+       PXP_STATUS_SUCCESS = 0x0,
+       PXP_STATUS_ERROR_API_VERSION = 0x1002,
+       PXP_STATUS_NOT_READY = 0x100e,
+       PXP_STATUS_PLATFCONFIG_KF1_NOVERIF = 0x101a,
+       PXP_STATUS_PLATFCONFIG_KF1_BAD = 0x101f,
+       PXP_STATUS_OP_NOT_PERMITTED = 0x4013
+};
+
+/* Common PXP FW message header */
+struct pxp_cmd_header {
+       u32 api_version;
+       u32 command_id;
+       union {
+               u32 status; /* out */
+               u32 stream_id; /* in */
+#define PXP_CMDHDR_EXTDATA_SESSION_VALID GENMASK(0, 0)
+#define PXP_CMDHDR_EXTDATA_APP_TYPE GENMASK(1, 1)
+#define PXP_CMDHDR_EXTDATA_SESSION_ID GENMASK(17, 2)
+       };
+       /* Length of the message (excluding the header) */
+       u32 buffer_len;
+} __packed;
+
+#define PXP43_CMDID_NEW_HUC_AUTH 0x0000003F /* MTL+ */
+
+/* PXP-Input-Packet: HUC Auth-only */
+struct pxp43_new_huc_auth_in {
+       struct pxp_cmd_header header;
+       u64 huc_base_address;
+       u32 huc_size;
+} __packed;
+
+/* PXP-Output-Packet: HUC Load and Authentication or Auth-only */
+struct pxp43_huc_auth_out {
+       struct pxp_cmd_header header;
+} __packed;
+
+#endif
diff --git a/drivers/gpu/drm/xe/xe_gsc.c b/drivers/gpu/drm/xe/xe_gsc.c

index d8ec04e3c0065d42b6eecf750a9470c620425a96..a8a895cf4b44889dd5f7cce459988afb36ec9186 100644 (file)
--- a/drivers/gpu/drm/xe/xe_gsc.c
+++ b/drivers/gpu/drm/xe/xe_gsc.c
@@ -16,6 +16,7 @@
  #include "xe_gsc_submit.h"
  #include "xe_gt.h"
  #include "xe_gt_printk.h"
+#include "xe_huc.h"
  #include "xe_map.h"
  #include "xe_mmio.h"
  #include "xe_sched_job.h"
@@ -257,11 +258,18 @@ static void gsc_work(struct work_struct *work)
         xe_force_wake_get(gt_to_fw(gt), XE_FW_GSC);
  
         ret = gsc_upload(gsc);
-       if (ret && ret != -EEXIST)
+       if (ret && ret != -EEXIST) {
                 xe_uc_fw_change_status(&gsc->fw, XE_UC_FIRMWARE_LOAD_FAIL);
-       else
-               xe_uc_fw_change_status(&gsc->fw, XE_UC_FIRMWARE_TRANSFERRED);
+               goto out;
+       }
  
+       xe_uc_fw_change_status(&gsc->fw, XE_UC_FIRMWARE_TRANSFERRED);
+
+       /* HuC auth failure is not fatal */
+       if (xe_huc_is_authenticated(&gt->uc.huc, XE_HUC_AUTH_VIA_GUC))
+               xe_huc_auth(&gt->uc.huc, XE_HUC_AUTH_VIA_GSC);
+
+out:
         xe_force_wake_put(gt_to_fw(gt), XE_FW_GSC);
         xe_device_mem_access_put(xe);
  }
diff --git a/drivers/gpu/drm/xe/xe_huc.c b/drivers/gpu/drm/xe/xe_huc.c

index 9845165a819cdacaa0895b7eb37027f7f0e7b81a..eca109791c6ae649456ca68be14777225e2bef6a 100644 (file)
--- a/drivers/gpu/drm/xe/xe_huc.c
+++ b/drivers/gpu/drm/xe/xe_huc.c
@@ -5,14 +5,19 @@
  
  #include "xe_huc.h"
  
+#include <drm/drm_managed.h>
+
+#include "abi/gsc_pxp_commands_abi.h"
  #include "regs/xe_gsc_regs.h"
  #include "regs/xe_guc_regs.h"
  #include "xe_assert.h"
  #include "xe_bo.h"
  #include "xe_device.h"
  #include "xe_force_wake.h"
+#include "xe_gsc_submit.h"
  #include "xe_gt.h"
  #include "xe_guc.h"
+#include "xe_map.h"
  #include "xe_mmio.h"
  #include "xe_uc_fw.h"
  
@@ -34,6 +39,42 @@ huc_to_guc(struct xe_huc *huc)
         return &container_of(huc, struct xe_uc, huc)->guc;
  }
  
+static void free_gsc_pkt(struct drm_device *drm, void *arg)
+{
+       struct xe_huc *huc = arg;
+
+       xe_bo_unpin_map_no_vm(huc->gsc_pkt);
+       huc->gsc_pkt = NULL;
+}
+
+#define PXP43_HUC_AUTH_INOUT_SIZE SZ_4K
+static int huc_alloc_gsc_pkt(struct xe_huc *huc)
+{
+       struct xe_gt *gt = huc_to_gt(huc);
+       struct xe_device *xe = gt_to_xe(gt);
+       struct xe_bo *bo;
+       int err;
+
+       /* we use a single object for both input and output */
+       bo = xe_bo_create_pin_map(xe, gt_to_tile(gt), NULL,
+                                 PXP43_HUC_AUTH_INOUT_SIZE * 2,
+                                 ttm_bo_type_kernel,
+                                 XE_BO_CREATE_SYSTEM_BIT |
+                                 XE_BO_CREATE_GGTT_BIT);
+       if (IS_ERR(bo))
+               return PTR_ERR(bo);
+
+       huc->gsc_pkt = bo;
+
+       err = drmm_add_action_or_reset(&xe->drm, free_gsc_pkt, huc);
+       if (err) {
+               free_gsc_pkt(&xe->drm, huc);
+               return err;
+       }
+
+       return 0;
+}
+
  int xe_huc_init(struct xe_huc *huc)
  {
         struct xe_gt *gt = huc_to_gt(huc);
@@ -56,6 +97,12 @@ int xe_huc_init(struct xe_huc *huc)
         if (!xe_uc_fw_is_enabled(&huc->fw))
                 return 0;
  
+       if (huc->fw.has_gsc_headers) {
+               ret = huc_alloc_gsc_pkt(huc);
+               if (ret)
+                       goto out;
+       }
+
         xe_uc_fw_change_status(&huc->fw, XE_UC_FIRMWARE_LOADABLE);
  
         return 0;
@@ -72,6 +119,89 @@ int xe_huc_upload(struct xe_huc *huc)
         return xe_uc_fw_upload(&huc->fw, 0, HUC_UKERNEL);
  }
  
+#define huc_auth_msg_wr(xe_, map_, offset_, field_, val_) \
+       xe_map_wr_field(xe_, map_, offset_, struct pxp43_new_huc_auth_in, field_, val_)
+#define huc_auth_msg_rd(xe_, map_, offset_, field_) \
+       xe_map_rd_field(xe_, map_, offset_, struct pxp43_huc_auth_out, field_)
+
+static u32 huc_emit_pxp_auth_msg(struct xe_device *xe, struct iosys_map *map,
+                                u32 wr_offset, u32 huc_offset, u32 huc_size)
+{
+       xe_map_memset(xe, map, wr_offset, 0, sizeof(struct pxp43_new_huc_auth_in));
+
+       huc_auth_msg_wr(xe, map, wr_offset, header.api_version, PXP_APIVER(4, 3));
+       huc_auth_msg_wr(xe, map, wr_offset, header.command_id, PXP43_CMDID_NEW_HUC_AUTH);
+       huc_auth_msg_wr(xe, map, wr_offset, header.status, 0);
+       huc_auth_msg_wr(xe, map, wr_offset, header.buffer_len,
+                       sizeof(struct pxp43_new_huc_auth_in) - sizeof(struct pxp_cmd_header));
+       huc_auth_msg_wr(xe, map, wr_offset, huc_base_address, huc_offset);
+       huc_auth_msg_wr(xe, map, wr_offset, huc_size, huc_size);
+
+       return wr_offset + sizeof(struct pxp43_new_huc_auth_in);
+}
+
+static int huc_auth_via_gsccs(struct xe_huc *huc)
+{
+       struct xe_gt *gt = huc_to_gt(huc);
+       struct xe_device *xe = gt_to_xe(gt);
+       struct xe_bo *pkt = huc->gsc_pkt;
+       u32 wr_offset;
+       u32 rd_offset;
+       u64 ggtt_offset;
+       u32 out_status;
+       int retry = 5;
+       int err = 0;
+
+       if (!pkt)
+               return -ENODEV;
+
+       ggtt_offset = xe_bo_ggtt_addr(pkt);
+
+       wr_offset = xe_gsc_emit_header(xe, &pkt->vmap, 0, HECI_MEADDRESS_PXP, 0,
+                                      sizeof(struct pxp43_new_huc_auth_in));
+       wr_offset = huc_emit_pxp_auth_msg(xe, &pkt->vmap, wr_offset,
+                                         xe_bo_ggtt_addr(huc->fw.bo),
+                                         huc->fw.bo->size);
+       do {
+               err = xe_gsc_pkt_submit_kernel(&gt->uc.gsc, ggtt_offset, wr_offset,
+                                              ggtt_offset + PXP43_HUC_AUTH_INOUT_SIZE,
+                                              PXP43_HUC_AUTH_INOUT_SIZE);
+               if (err)
+                       break;
+
+               if (xe_gsc_check_and_update_pending(xe, &pkt->vmap, 0, &pkt->vmap,
+                                                   PXP43_HUC_AUTH_INOUT_SIZE)) {
+                       err = -EBUSY;
+                       msleep(50);
+               }
+       } while (--retry && err == -EBUSY);
+
+       if (err) {
+               drm_err(&xe->drm, "failed to submit GSC request to auth: %d\n", err);
+               return err;
+       }
+
+       err = xe_gsc_read_out_header(xe, &pkt->vmap, PXP43_HUC_AUTH_INOUT_SIZE,
+                                    sizeof(struct pxp43_huc_auth_out), &rd_offset);
+       if (err) {
+               drm_err(&xe->drm, "HuC: invalid GSC reply for auth (err=%d)\n", err);
+               return err;
+       }
+
+       /*
+        * The GSC will return PXP_STATUS_OP_NOT_PERMITTED if the HuC is already
+        * authenticated. If the same error is ever returned with HuC not loaded
+        * we'll still catch it when we check the authentication bit later.
+        */
+       out_status = huc_auth_msg_rd(xe, &pkt->vmap, rd_offset, header.status);
+       if (out_status != PXP_STATUS_SUCCESS && out_status != PXP_STATUS_OP_NOT_PERMITTED) {
+               drm_err(&xe->drm, "auth failed with GSC error = 0x%x\n", out_status);
+               return -EIO;
+       }
+
+       return 0;
+}
+
  static const struct {
         const char *name;
         struct xe_reg reg;
@@ -85,8 +215,10 @@ static const struct {
                                   HECI1_FWSTS5_HUC_AUTH_DONE },
  };
  
-static bool huc_is_authenticated(struct xe_gt *gt, enum xe_huc_auth_types type)
+bool xe_huc_is_authenticated(struct xe_huc *huc, enum xe_huc_auth_types type)
  {
+       struct xe_gt *gt = huc_to_gt(huc);
+
         return xe_mmio_read32(gt, huc_auth_modes[type].reg) & huc_auth_modes[type].val;
  }
  
@@ -100,10 +232,8 @@ int xe_huc_auth(struct xe_huc *huc, enum xe_huc_auth_types type)
         if (!xe_uc_fw_is_loadable(&huc->fw))
                 return 0;
  
-       xe_assert(xe, !xe_uc_fw_is_running(&huc->fw));
-
         /* On newer platforms the HuC survives reset, so no need to re-auth */
-       if (huc_is_authenticated(gt, type)) {
+       if (xe_huc_is_authenticated(huc, type)) {
                 xe_uc_fw_change_status(&huc->fw, XE_UC_FIRMWARE_RUNNING);
                 return 0;
         }
@@ -116,6 +246,9 @@ int xe_huc_auth(struct xe_huc *huc, enum xe_huc_auth_types type)
                 ret = xe_guc_auth_huc(guc, xe_bo_ggtt_addr(huc->fw.bo) +
                                       xe_uc_fw_rsa_offset(&huc->fw));
                 break;
+       case XE_HUC_AUTH_VIA_GSC:
+               ret = huc_auth_via_gsccs(huc);
+               break;
         default:
                 XE_WARN_ON(type);
                 return -EINVAL;
diff --git a/drivers/gpu/drm/xe/xe_huc.h b/drivers/gpu/drm/xe/xe_huc.h

index b8c387f14b8ef51568ece524100d3245239fa9f2..532017230287ff1f5c938af804c445002934da3f 100644 (file)
--- a/drivers/gpu/drm/xe/xe_huc.h
+++ b/drivers/gpu/drm/xe/xe_huc.h
@@ -19,6 +19,7 @@ enum xe_huc_auth_types {
  int xe_huc_init(struct xe_huc *huc);
  int xe_huc_upload(struct xe_huc *huc);
  int xe_huc_auth(struct xe_huc *huc, enum xe_huc_auth_types type);
+bool xe_huc_is_authenticated(struct xe_huc *huc, enum xe_huc_auth_types type);
  void xe_huc_sanitize(struct xe_huc *huc);
  void xe_huc_print_info(struct xe_huc *huc, struct drm_printer *p);
  
diff --git a/drivers/gpu/drm/xe/xe_huc_types.h b/drivers/gpu/drm/xe/xe_huc_types.h

index cae6d19097df26b6e54f72e8c5bdc29ad1f6ebec..cfbaa5e0dfcac6f678510e3bfa5695027ef1f3c3 100644 (file)
--- a/drivers/gpu/drm/xe/xe_huc_types.h
+++ b/drivers/gpu/drm/xe/xe_huc_types.h
@@ -8,12 +8,17 @@
  
  #include "xe_uc_fw_types.h"
  
+struct xe_bo;
+
  /**
   * struct xe_huc - HuC
   */
  struct xe_huc {
         /** @fw: Generic uC firmware management */
         struct xe_uc_fw fw;
+
+       /** @gsc_pkt: bo to store the packet for auth via GSC */
+       struct xe_bo *gsc_pkt;
  };
  
  #endif
diff --git a/drivers/gpu/drm/xe/xe_uc_fw.c b/drivers/gpu/drm/xe/xe_uc_fw.c

index 9abae65c6b2366cd09632d344ffbf839c89dd07c..73d6938c921d991864974ad0516c40ac84dd9902 100644 (file)
--- a/drivers/gpu/drm/xe/xe_uc_fw.c
+++ b/drivers/gpu/drm/xe/xe_uc_fw.c
@@ -528,6 +528,8 @@ static int parse_cpd_header(struct xe_uc_fw *uc_fw, const void *data, size_t siz
                 uc_fw->css_offset = offset;
         }
  
+       uc_fw->has_gsc_headers = true;
+
         return 0;
  }
  
diff --git a/drivers/gpu/drm/xe/xe_uc_fw_types.h b/drivers/gpu/drm/xe/xe_uc_fw_types.h

index fc1de0cc93247f770b0be012b16f6255784c8fa4..ee914a5d85235379b7d06b6056f4b82d251d2f97 100644 (file)
--- a/drivers/gpu/drm/xe/xe_uc_fw_types.h
+++ b/drivers/gpu/drm/xe/xe_uc_fw_types.h
@@ -112,6 +112,9 @@ struct xe_uc_fw {
         /** @bo: XE BO for uC firmware */
         struct xe_bo *bo;
  
+       /** @has_gsc_headers: whether the FW image starts with GSC headers */
+       bool has_gsc_headers;
+
         /*
          * The firmware build process will generate a version header file with
          * major and minor version defined. The versions are built into CSS
author	Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
	Wed, 29 Nov 2023 01:17:19 +0000 (17:17 -0800)
committer	Rodrigo Vivi <rodrigo.vivi@intel.com>
	Thu, 21 Dec 2023 16:45:24 +0000 (11:45 -0500)
drivers/gpu/drm/xe/abi/gsc_pxp_commands_abi.h	[new file with mode: 0644]	patch \| blob
drivers/gpu/drm/xe/xe_gsc.c		patch \| blob \| history
drivers/gpu/drm/xe/xe_huc.c		patch \| blob \| history
drivers/gpu/drm/xe/xe_huc.h		patch \| blob \| history
drivers/gpu/drm/xe/xe_huc_types.h		patch \| blob \| history
drivers/gpu/drm/xe/xe_uc_fw.c		patch \| blob \| history
drivers/gpu/drm/xe/xe_uc_fw_types.h		patch \| blob \| history