214 lines
7.3 KiB
C
214 lines
7.3 KiB
C
/*
|
|
* Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a
|
|
* copy of this software and associated documentation files (the "Software"),
|
|
* to deal in the Software without restriction, including without limitation
|
|
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
|
|
* and/or sell copies of the Software, and to permit persons to whom the
|
|
* Software is furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
* DEALINGS IN THE SOFTWARE.
|
|
*/
|
|
|
|
/*
|
|
* Secure boot is the process by which NVIDIA-signed firmware is loaded into
|
|
* some of the falcons of a GPU. For production devices this is the only way
|
|
* for the firmware to access useful (but sensitive) registers.
|
|
*
|
|
* A Falcon microprocessor supporting advanced security modes can run in one of
|
|
* three modes:
|
|
*
|
|
* - Non-secure (NS). In this mode, functionality is similar to Falcon
|
|
* architectures before security modes were introduced (pre-Maxwell), but
|
|
* capability is restricted. In particular, certain registers may be
|
|
* inaccessible for reads and/or writes, and physical memory access may be
|
|
* disabled (on certain Falcon instances). This is the only possible mode that
|
|
* can be used if you don't have microcode cryptographically signed by NVIDIA.
|
|
*
|
|
* - Heavy Secure (HS). In this mode, the microprocessor is a black box - it's
|
|
* not possible to read or write any Falcon internal state or Falcon registers
|
|
* from outside the Falcon (for example, from the host system). The only way
|
|
* to enable this mode is by loading microcode that has been signed by NVIDIA.
|
|
* (The loading process involves tagging the IMEM block as secure, writing the
|
|
* signature into a Falcon register, and starting execution. The hardware will
|
|
* validate the signature, and if valid, grant HS privileges.)
|
|
*
|
|
* - Light Secure (LS). In this mode, the microprocessor has more privileges
|
|
* than NS but fewer than HS. Some of the microprocessor state is visible to
|
|
* host software to ease debugging. The only way to enable this mode is by HS
|
|
* microcode enabling LS mode. Some privileges available to HS mode are not
|
|
* available here. LS mode is introduced in GM20x.
|
|
*
|
|
* Secure boot consists in temporarily switching a HS-capable falcon (typically
|
|
* PMU) into HS mode in order to validate the LS firmwares of managed falcons,
|
|
* load them, and switch managed falcons into LS mode. Once secure boot
|
|
* completes, no falcon remains in HS mode.
|
|
*
|
|
* Secure boot requires a write-protected memory region (WPR) which can only be
|
|
* written by the secure falcon. On dGPU, the driver sets up the WPR region in
|
|
* video memory. On Tegra, it is set up by the bootloader and its location and
|
|
* size written into memory controller registers.
|
|
*
|
|
* The secure boot process takes place as follows:
|
|
*
|
|
* 1) A LS blob is constructed that contains all the LS firmwares we want to
|
|
* load, along with their signatures and bootloaders.
|
|
*
|
|
* 2) A HS blob (also called ACR) is created that contains the signed HS
|
|
* firmware in charge of loading the LS firmwares into their respective
|
|
* falcons.
|
|
*
|
|
* 3) The HS blob is loaded (via its own bootloader) and executed on the
|
|
* HS-capable falcon. It authenticates itself, switches the secure falcon to
|
|
* HS mode and setup the WPR region around the LS blob (dGPU) or copies the
|
|
* LS blob into the WPR region (Tegra).
|
|
*
|
|
* 4) The LS blob is now secure from all external tampering. The HS falcon
|
|
* checks the signatures of the LS firmwares and, if valid, switches the
|
|
* managed falcons to LS mode and makes them ready to run the LS firmware.
|
|
*
|
|
* 5) The managed falcons remain in LS mode and can be started.
|
|
*
|
|
*/
|
|
|
|
#include "priv.h"
|
|
#include "acr.h"
|
|
|
|
#include <subdev/mc.h>
|
|
#include <subdev/timer.h>
|
|
#include <subdev/pmu.h>
|
|
#include <engine/sec2.h>
|
|
|
|
const char *
|
|
nvkm_secboot_falcon_name[] = {
|
|
[NVKM_SECBOOT_FALCON_PMU] = "PMU",
|
|
[NVKM_SECBOOT_FALCON_RESERVED] = "<reserved>",
|
|
[NVKM_SECBOOT_FALCON_FECS] = "FECS",
|
|
[NVKM_SECBOOT_FALCON_GPCCS] = "GPCCS",
|
|
[NVKM_SECBOOT_FALCON_SEC2] = "SEC2",
|
|
[NVKM_SECBOOT_FALCON_END] = "<invalid>",
|
|
};
|
|
/**
|
|
* nvkm_secboot_reset() - reset specified falcon
|
|
*/
|
|
int
|
|
nvkm_secboot_reset(struct nvkm_secboot *sb, unsigned long falcon_mask)
|
|
{
|
|
/* Unmanaged falcon? */
|
|
if ((falcon_mask | sb->acr->managed_falcons) != sb->acr->managed_falcons) {
|
|
nvkm_error(&sb->subdev, "cannot reset unmanaged falcon!\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
return sb->acr->func->reset(sb->acr, sb, falcon_mask);
|
|
}
|
|
|
|
/**
|
|
* nvkm_secboot_is_managed() - check whether a given falcon is securely-managed
|
|
*/
|
|
bool
|
|
nvkm_secboot_is_managed(struct nvkm_secboot *sb, enum nvkm_secboot_falcon fid)
|
|
{
|
|
if (!sb)
|
|
return false;
|
|
|
|
return sb->acr->managed_falcons & BIT(fid);
|
|
}
|
|
|
|
static int
|
|
nvkm_secboot_oneinit(struct nvkm_subdev *subdev)
|
|
{
|
|
struct nvkm_secboot *sb = nvkm_secboot(subdev);
|
|
int ret = 0;
|
|
|
|
switch (sb->acr->boot_falcon) {
|
|
case NVKM_SECBOOT_FALCON_PMU:
|
|
sb->halt_falcon = sb->boot_falcon = subdev->device->pmu->falcon;
|
|
break;
|
|
case NVKM_SECBOOT_FALCON_SEC2:
|
|
/* we must keep SEC2 alive forever since ACR will run on it */
|
|
nvkm_engine_ref(&subdev->device->sec2->engine);
|
|
sb->boot_falcon = subdev->device->sec2->falcon;
|
|
sb->halt_falcon = subdev->device->pmu->falcon;
|
|
break;
|
|
default:
|
|
nvkm_error(subdev, "Unmanaged boot falcon %s!\n",
|
|
nvkm_secboot_falcon_name[sb->acr->boot_falcon]);
|
|
return -EINVAL;
|
|
}
|
|
nvkm_debug(subdev, "using %s falcon for ACR\n", sb->boot_falcon->name);
|
|
|
|
/* Call chip-specific init function */
|
|
if (sb->func->oneinit)
|
|
ret = sb->func->oneinit(sb);
|
|
if (ret) {
|
|
nvkm_error(subdev, "Secure Boot initialization failed: %d\n",
|
|
ret);
|
|
return ret;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
nvkm_secboot_fini(struct nvkm_subdev *subdev, bool suspend)
|
|
{
|
|
struct nvkm_secboot *sb = nvkm_secboot(subdev);
|
|
int ret = 0;
|
|
|
|
if (sb->func->fini)
|
|
ret = sb->func->fini(sb, suspend);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static void *
|
|
nvkm_secboot_dtor(struct nvkm_subdev *subdev)
|
|
{
|
|
struct nvkm_secboot *sb = nvkm_secboot(subdev);
|
|
void *ret = NULL;
|
|
|
|
if (sb->func->dtor)
|
|
ret = sb->func->dtor(sb);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static const struct nvkm_subdev_func
|
|
nvkm_secboot = {
|
|
.oneinit = nvkm_secboot_oneinit,
|
|
.fini = nvkm_secboot_fini,
|
|
.dtor = nvkm_secboot_dtor,
|
|
};
|
|
|
|
int
|
|
nvkm_secboot_ctor(const struct nvkm_secboot_func *func, struct nvkm_acr *acr,
|
|
struct nvkm_device *device, int index,
|
|
struct nvkm_secboot *sb)
|
|
{
|
|
unsigned long fid;
|
|
|
|
nvkm_subdev_ctor(&nvkm_secboot, device, index, &sb->subdev);
|
|
sb->func = func;
|
|
sb->acr = acr;
|
|
acr->subdev = &sb->subdev;
|
|
|
|
nvkm_debug(&sb->subdev, "securely managed falcons:\n");
|
|
for_each_set_bit(fid, &sb->acr->managed_falcons,
|
|
NVKM_SECBOOT_FALCON_END)
|
|
nvkm_debug(&sb->subdev, "- %s\n",
|
|
nvkm_secboot_falcon_name[fid]);
|
|
|
|
return 0;
|
|
}
|