[mirror_ubuntu-bionic-kernel.git] / drivers / gpu / drm / nouveau / nvkm / subdev / secboot / priv.h

/*
 * Copyright (c) 2015, NVIDIA CORPORATION. All rights reserved.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

#ifndef __NVKM_SECBOOT_PRIV_H__
#define __NVKM_SECBOOT_PRIV_H__

#include <subdev/secboot.h>
#include <subdev/mmu.h>

struct nvkm_secboot_func {
	int (*oneinit)(struct nvkm_secboot *);
	int (*fini)(struct nvkm_secboot *, bool suspend);
	void *(*dtor)(struct nvkm_secboot *);
	int (*reset)(struct nvkm_secboot *, enum nvkm_secboot_falcon);

	/* ID of the falcon that will perform secure boot */
	enum nvkm_secboot_falcon boot_falcon;
	/* Bit-mask of IDs of managed falcons */
	unsigned long managed_falcons;
};

int nvkm_secboot_ctor(const struct nvkm_secboot_func *, struct nvkm_device *,
		      int index, struct nvkm_secboot *);

struct flcn_u64 {
	u32 lo;
	u32 hi;
};
static inline u64 flcn64_to_u64(const struct flcn_u64 f)
{
	return ((u64)f.hi) << 32 | f.lo;
}

/**
 * struct gm200_flcn_bl_desc - DMEM bootloader descriptor
 * @signature:		16B signature for secure code. 0s if no secure code
 * @ctx_dma:		DMA context to be used by BL while loading code/data
 * @code_dma_base:	256B-aligned Physical FB Address where code is located
 *			(falcon's $xcbase register)
 * @non_sec_code_off:	offset from code_dma_base where the non-secure code is
 *                      located. The offset must be multiple of 256 to help perf
 * @non_sec_code_size:	the size of the nonSecure code part.
 * @sec_code_off:	offset from code_dma_base where the secure code is
 *                      located. The offset must be multiple of 256 to help perf
 * @sec_code_size:	offset from code_dma_base where the secure code is
 *                      located. The offset must be multiple of 256 to help perf
 * @code_entry_point:	code entry point which will be invoked by BL after
 *                      code is loaded.
 * @data_dma_base:	256B aligned Physical FB Address where data is located.
 *			(falcon's $xdbase register)
 * @data_size:		size of data block. Should be multiple of 256B
 *
 * Structure used by the bootloader to load the rest of the code. This has
 * to be filled by host and copied into DMEM at offset provided in the
 * hsflcn_bl_desc.bl_desc_dmem_load_off.
 */
struct gm200_flcn_bl_desc {
	u32 reserved[4];
	u32 signature[4];
	u32 ctx_dma;
	struct flcn_u64 code_dma_base;
	u32 non_sec_code_off;
	u32 non_sec_code_size;
	u32 sec_code_off;
	u32 sec_code_size;
	u32 code_entry_point;
	struct flcn_u64 data_dma_base;
	u32 data_size;
};

/**
 * Contains the whole secure boot state, allowing it to be performed as needed
 * @wpr_addr:		physical address of the WPR region
 * @wpr_size:		size in bytes of the WPR region
 * @ls_blob:		LS blob of all the LS firmwares, signatures, bootloaders
 * @ls_blob_size:	size of the LS blob
 * @ls_blob_nb_regions:	number of LS firmwares that will be loaded
 * @acr_blob:		HS blob
 * @acr_blob_vma:	mapping of the HS blob into the secure falcon's VM
 * @acr_bl_desc:	bootloader descriptor of the HS blob
 * @hsbl_blob:		HS blob bootloader
 * @inst:		instance block for HS falcon
 * @pgd:		page directory for the HS falcon
 * @vm:			address space used by the HS falcon
 * @falcon_state:	current state of the managed falcons
 * @firmware_ok:	whether the firmware blobs have been created
 */
struct gm200_secboot {
	struct nvkm_secboot base;
	const struct gm200_secboot_func *func;

	/*
	 * Address and size of the fixed WPR region, if any. On Tegra this
	 * region is set by the bootloader
	 */
	u64 wpr_addr;
	u32 wpr_size;

	/*
	 * Address and size of the actual WPR region.
	 */
	u64 acr_wpr_addr;
	u32 acr_wpr_size;

	/*
	 * HS FW - lock WPR region (dGPU only) and load LS FWs
	 * on Tegra the HS FW copies the LS blob into the fixed WPR instead
	 */
	struct nvkm_gpuobj *acr_load_blob;
	struct gm200_flcn_bl_desc acr_load_bl_desc;

	/* HS FW - unlock WPR region (dGPU only) */
	struct nvkm_gpuobj *acr_unload_blob;
	struct gm200_flcn_bl_desc acr_unload_bl_desc;

	/* HS bootloader */
	void *hsbl_blob;

	/* LS FWs, to be loaded by the HS ACR */
	struct nvkm_gpuobj *ls_blob;

	/* Instance block & address space used for HS FW execution */
	struct nvkm_gpuobj *inst;
	struct nvkm_gpuobj *pgd;
	struct nvkm_vm *vm;

	/* To keep track of the state of all managed falcons */
	enum {
		/* In non-secure state, no firmware loaded, no privileges*/
		NON_SECURE = 0,
		/* In low-secure mode and ready to be started */
		RESET,
		/* In low-secure mode and running */
		RUNNING,
	} falcon_state[NVKM_SECBOOT_FALCON_END];

	bool firmware_ok;
};
#define gm200_secboot(sb) container_of(sb, struct gm200_secboot, base)

/**
 * Contains functions we wish to abstract between GM200-like implementations
 * @bl_desc_size:	size of the BL descriptor used by this chip.
 * @fixup_bl_desc:	hook that generates the proper BL descriptor format from
 *			the generic GM200 format into a data array of size
 *			bl_desc_size
 * @prepare_blobs:	prepares the various blobs needed for secure booting
 */
struct gm200_secboot_func {
	/*
	 * Size of the bootloader descriptor for this chip. A block of this
	 * size is allocated before booting a falcon and the fixup_bl_desc
	 * callback is called on it
	 */
	u32 bl_desc_size;
	void (*fixup_bl_desc)(const struct gm200_flcn_bl_desc *, void *);

	int (*prepare_blobs)(struct gm200_secboot *);
};

int gm200_secboot_oneinit(struct nvkm_secboot *);
void *gm200_secboot_dtor(struct nvkm_secboot *);
int gm200_secboot_reset(struct nvkm_secboot *, enum nvkm_secboot_falcon);
int gm200_secboot_start(struct nvkm_secboot *, enum nvkm_secboot_falcon);

int gm20x_secboot_prepare_blobs(struct gm200_secboot *);

#endif
Commit	Line	Data
7d12388a AC	1	/*
	2	* Copyright (c) 2015, NVIDIA CORPORATION. All rights reserved.
	3	*
	4	* Permission is hereby granted, free of charge, to any person obtaining a
	5	* copy of this software and associated documentation files (the "Software"),
	6	* to deal in the Software without restriction, including without limitation
	7	* the rights to use, copy, modify, merge, publish, distribute, sublicense,
	8	* and/or sell copies of the Software, and to permit persons to whom the
	9	* Software is furnished to do so, subject to the following conditions:
	10	*
	11	* The above copyright notice and this permission notice shall be included in
	12	* all copies or substantial portions of the Software.
	13	*
	14	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	15	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	16	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
	17	* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	18	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
	19	* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
	20	* DEALINGS IN THE SOFTWARE.
	21	*/
	22
	23	#ifndef __NVKM_SECBOOT_PRIV_H__
	24	#define __NVKM_SECBOOT_PRIV_H__
	25
	26	#include <subdev/secboot.h>
	27	#include <subdev/mmu.h>
	28
	29	struct nvkm_secboot_func {
808d6efd	30	int (oneinit)(struct nvkm_secboot );
7d12388a AC	31	int (fini)(struct nvkm_secboot , bool suspend);
7d12388a AC	32	void (dtor)(struct nvkm_secboot *);
7d12388a	33	int (reset)(struct nvkm_secboot , enum nvkm_secboot_falcon);
7d12388a AC	34
	35	/* ID of the falcon that will perform secure boot */
	36	enum nvkm_secboot_falcon boot_falcon;
	37	/* Bit-mask of IDs of managed falcons */
	38	unsigned long managed_falcons;
	39	};
	40
	41	int nvkm_secboot_ctor(const struct nvkm_secboot_func , struct nvkm_device ,
	42	int index, struct nvkm_secboot *);
7d12388a	43
9cc45521 AC	44	struct flcn_u64 {
	45	u32 lo;
	46	u32 hi;
	47	};
	48	static inline u64 flcn64_to_u64(const struct flcn_u64 f)
	49	{
	50	return ((u64)f.hi) << 32 \| f.lo;
	51	}
	52
	53	/**
	54	* struct gm200_flcn_bl_desc - DMEM bootloader descriptor
	55	* @signature: 16B signature for secure code. 0s if no secure code
	56	* @ctx_dma: DMA context to be used by BL while loading code/data
	57	* @code_dma_base: 256B-aligned Physical FB Address where code is located
	58	* (falcon's $xcbase register)
	59	* @non_sec_code_off: offset from code_dma_base where the non-secure code is
	60	* located. The offset must be multiple of 256 to help perf
	61	* @non_sec_code_size: the size of the nonSecure code part.
	62	* @sec_code_off: offset from code_dma_base where the secure code is
	63	* located. The offset must be multiple of 256 to help perf
	64	* @sec_code_size: offset from code_dma_base where the secure code is
	65	* located. The offset must be multiple of 256 to help perf
	66	* @code_entry_point: code entry point which will be invoked by BL after
	67	* code is loaded.
	68	* @data_dma_base: 256B aligned Physical FB Address where data is located.
	69	* (falcon's $xdbase register)
	70	* @data_size: size of data block. Should be multiple of 256B
	71	*
	72	* Structure used by the bootloader to load the rest of the code. This has
	73	* to be filled by host and copied into DMEM at offset provided in the
	74	* hsflcn_bl_desc.bl_desc_dmem_load_off.
	75	*/
	76	struct gm200_flcn_bl_desc {
	77	u32 reserved[4];
	78	u32 signature[4];
	79	u32 ctx_dma;
	80	struct flcn_u64 code_dma_base;
	81	u32 non_sec_code_off;
	82	u32 non_sec_code_size;
	83	u32 sec_code_off;
	84	u32 sec_code_size;
	85	u32 code_entry_point;
	86	struct flcn_u64 data_dma_base;
	87	u32 data_size;
	88	};
	89
9cc45521 AC	90	/**
	91	* Contains the whole secure boot state, allowing it to be performed as needed
	92	* @wpr_addr: physical address of the WPR region
	93	* @wpr_size: size in bytes of the WPR region
	94	* @ls_blob: LS blob of all the LS firmwares, signatures, bootloaders
	95	* @ls_blob_size: size of the LS blob
	96	* @ls_blob_nb_regions: number of LS firmwares that will be loaded
	97	* @acr_blob: HS blob
	98	* @acr_blob_vma: mapping of the HS blob into the secure falcon's VM
	99	* @acr_bl_desc: bootloader descriptor of the HS blob
	100	* @hsbl_blob: HS blob bootloader
	101	* @inst: instance block for HS falcon
	102	* @pgd: page directory for the HS falcon
	103	* @vm: address space used by the HS falcon
e5da20a8	104	* @falcon_state: current state of the managed falcons
20560a9a	105	* @firmware_ok: whether the firmware blobs have been created
9cc45521 AC	106	*/
	107	struct gm200_secboot {
	108	struct nvkm_secboot base;
	109	const struct gm200_secboot_func *func;
	110
	111	/*
a9b333a5 AC	112	* Address and size of the fixed WPR region, if any. On Tegra this
a9b333a5 AC	113	* region is set by the bootloader
9cc45521 AC	114	*/
	115	u64 wpr_addr;
	116	u32 wpr_size;
	117
a9b333a5 AC	118	/*
	119	* Address and size of the actual WPR region.
	120	*/
	121	u64 acr_wpr_addr;
	122	u32 acr_wpr_size;
	123
9cc45521 AC	124	/*
	125	* HS FW - lock WPR region (dGPU only) and load LS FWs
	126	* on Tegra the HS FW copies the LS blob into the fixed WPR instead
	127	*/
	128	struct nvkm_gpuobj *acr_load_blob;
	129	struct gm200_flcn_bl_desc acr_load_bl_desc;
	130
	131	/* HS FW - unlock WPR region (dGPU only) */
	132	struct nvkm_gpuobj *acr_unload_blob;
	133	struct gm200_flcn_bl_desc acr_unload_bl_desc;
	134
	135	/* HS bootloader */
	136	void *hsbl_blob;
	137
	138	/* LS FWs, to be loaded by the HS ACR */
	139	struct nvkm_gpuobj *ls_blob;
	140
	141	/* Instance block & address space used for HS FW execution */
	142	struct nvkm_gpuobj *inst;
	143	struct nvkm_gpuobj *pgd;
	144	struct nvkm_vm *vm;
	145
	146	/* To keep track of the state of all managed falcons */
	147	enum {
	148	/* In non-secure state, no firmware loaded, no privileges*/
	149	NON_SECURE = 0,
	150	/* In low-secure mode and ready to be started */
	151	RESET,
	152	/* In low-secure mode and running */
	153	RUNNING,
	154	} falcon_state[NVKM_SECBOOT_FALCON_END];
	155
20560a9a	156	bool firmware_ok;
9cc45521 AC	157	};
	158	#define gm200_secboot(sb) container_of(sb, struct gm200_secboot, base)
	159
e5da20a8 AC	160	/**
	161	* Contains functions we wish to abstract between GM200-like implementations
	162	* @bl_desc_size: size of the BL descriptor used by this chip.
	163	* @fixup_bl_desc: hook that generates the proper BL descriptor format from
	164	* the generic GM200 format into a data array of size
	165	* bl_desc_size
20560a9a	166	* @prepare_blobs: prepares the various blobs needed for secure booting
e5da20a8	167	*/
9cc45521 AC	168	struct gm200_secboot_func {
	169	/*
	170	* Size of the bootloader descriptor for this chip. A block of this
	171	* size is allocated before booting a falcon and the fixup_bl_desc
	172	* callback is called on it
	173	*/
	174	u32 bl_desc_size;
	175	void (fixup_bl_desc)(const struct gm200_flcn_bl_desc , void *);
	176
20560a9a	177	int (prepare_blobs)(struct gm200_secboot );
9cc45521 AC	178	};
9cc45521 AC	179
808d6efd	180	int gm200_secboot_oneinit(struct nvkm_secboot *);
9cc45521	181	void gm200_secboot_dtor(struct nvkm_secboot );
236f4747 AC	182	int gm200_secboot_reset(struct nvkm_secboot *, enum nvkm_secboot_falcon);
236f4747 AC	183	int gm200_secboot_start(struct nvkm_secboot *, enum nvkm_secboot_falcon);
9cc45521 AC	184
	185	int gm20x_secboot_prepare_blobs(struct gm200_secboot *);
	186
7d12388a	187	#endif