From: "Teres Alexis, Alan Previn" <alan.previn.teres.alexis@intel.com>
To: "Ceraolo Spurio, Daniele" <daniele.ceraolospurio@intel.com>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>
Cc: "dri-devel@lists.freedesktop.org" <dri-devel@lists.freedesktop.org>
Subject: Re: [PATCH v3 5/7] drm/i915/mtl/huc: auth HuC via GSC
Date: Wed, 31 May 2023 00:33:55 +0000 [thread overview]
Message-ID: <22ff64c588c62d2161b4bb794364e1e8e207d2a7.camel@intel.com> (raw)
In-Reply-To: <20230527005242.1346093-6-daniele.ceraolospurio@intel.com>
On Fri, 2023-05-26 at 17:52 -0700, Ceraolo Spurio, Daniele wrote:
> The full authentication via the GSC requires an heci packet submission
> to the GSC FW via the GSC CS. The GSC has new PXP command for this
> (literally called NEW_HUC_AUTH).
> The intel_huc_auth fuction is also updated to handle both authentication
> types.
>
alan:snip
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c b/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c
> index b26f493f86fa..c659cc01f32f 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c
> @@ -29,13 +29,32 @@ static void gsc_work(struct work_struct *work)
>
> if (actions & GSC_ACTION_FW_LOAD) {
> ret = intel_gsc_uc_fw_upload(gsc);
> - if (ret == -EEXIST) /* skip proxy if not a new load */
> - actions &= ~GSC_ACTION_FW_LOAD;
> - else if (ret)
> + if (!ret)
> + /* setup proxy on a new load */
> + actions |= GSC_ACTION_SW_PROXY;
> + else if (ret != -EEXIST)
> goto out_put;
alan: I realize that this worker doesnt print error values that
come back from intel_gsc_uc_fw_upload - wonder if we should print
it before goto out_put.
> +
> + /*
> + * The HuC auth can be done both before or after the proxy init;
> + * if done after, a proxy request will be issued and must be
> + * serviced before the authentication can complete.
> + * Since this worker also handles proxy requests, we can't
> + * perform an action that requires the proxy from within it and
> + * then stall waiting for it, because we'd be blocking the
> + * service path. Therefore, it is easier for us to load HuC
> + * first and do proxy later. The GSC will ack the HuC auth and
> + * then send the HuC proxy request as part of the proxy init
> + * flow.
> + * Note that we can only do the GSC auth if the GuC auth was
> + * successful.
> + */
> + if (intel_uc_uses_huc(>->uc) &&
> + intel_huc_is_authenticated(>->uc.huc, INTEL_HUC_AUTH_BY_GUC))
> + intel_huc_auth(>->uc.huc, INTEL_HUC_AUTH_BY_GSC);
> }
>
> - if (actions & (GSC_ACTION_FW_LOAD | GSC_ACTION_SW_PROXY)) {
> + if (actions & GSC_ACTION_SW_PROXY) {
> if (!intel_gsc_uc_fw_init_done(gsc)) {
> gt_err(gt, "Proxy request received with GSC not loaded!\n");
> goto out_put;
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc_heci_cmd_submit.c b/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc_heci_cmd_submit.c
> index 579c0f5a1438..0ad090304ca0 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc_heci_cmd_submit.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc_heci_cmd_submit.c
>
alan:snip
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_huc.c b/drivers/gpu/drm/i915/gt/uc/intel_huc.c
> index ab5246ae3979..5a4058d39550 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_huc.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_huc.c
>
alan:snip
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_huc_fw.c b/drivers/gpu/drm/i915/gt/uc/intel_huc_fw.c
> index d2b4176c81d6..8e538d639b05 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_huc_fw.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_huc_fw.c
>
alan:snip
> +int intel_huc_fw_auth_via_gsccs(struct intel_huc *huc)
> +{
> + struct drm_i915_gem_object *obj;
> + void *pkt_vaddr;
> + u64 pkt_offset;
> + int retry = 5;
> + int err = 0;
> +
> + if (!huc->heci_pkt)
> + return -ENODEV;
> +
> + obj = huc->heci_pkt->obj;
> + pkt_offset = i915_ggtt_offset(huc->heci_pkt);
> +
> + pkt_vaddr = i915_gem_object_pin_map_unlocked(obj,
> + i915_coherent_map_type(i915, obj, true));
> + if (IS_ERR(pkt_vaddr))
> + return PTR_ERR(pkt_vaddr);
> +
> + msg_in = pkt_vaddr;
> + msg_out = pkt_vaddr + SZ_4K;
this 4K*2 (4k for input and 4K for output) seems to be hardcoded in two different locations.
One is here in intel_huc_fw_auth_via_gsccs and the other location in intel_huc_init which was
even in a different file. Perhaps its better to use a #define after to the definition of
PXP43_CMDID_NEW_HUC_AUTH... maybe something like a "#define PXP43_NEW_HUC_AUTH_INOUT_PKT_SIZE (SZ_4K)"
> +
> + intel_gsc_uc_heci_cmd_emit_mtl_header(&msg_in->header,
> + HECI_MEADDRESS_PXP,
> + sizeof(*msg_in), 0);
> +
> + msg_in->huc_in.header.api_version = PXP_APIVER(4, 3);
> + msg_in->huc_in.header.command_id = PXP43_CMDID_NEW_HUC_AUTH;
> + msg_in->huc_in.header.status = 0;
> + msg_in->huc_in.header.buffer_len = sizeof(msg_in->huc_in) -
> + sizeof(msg_in->huc_in.header);
> + msg_in->huc_in.huc_base_address = huc->fw.vma_res.start;
> + msg_in->huc_in.huc_size = huc->fw.obj->base.size;
alan: is this right?: fw.obj.base.size is the rounded up firmware size that was
allocated from intel_uc_fw_fetch when it calls i915_gem_object_create_shmem_from_data
That latter funcation populates obj with the "rounded up to 4K" size.
So is it okay use the 4k rounded up number for the size of the firmware microcode that needs to be authenticated?
(or, since this is a GSC FW command, does GSC FW parse the mei headers and extract the exact size to authenticate?)
alan:snip
> +
> +out_unpin:
> + i915_gem_object_unpin_map(obj);
> + return err;
> +}
>
alan:snip
WARNING: multiple messages have this Message-ID (diff)
From: "Teres Alexis, Alan Previn" <alan.previn.teres.alexis@intel.com>
To: "Ceraolo Spurio, Daniele" <daniele.ceraolospurio@intel.com>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>
Cc: "dri-devel@lists.freedesktop.org" <dri-devel@lists.freedesktop.org>
Subject: Re: [Intel-gfx] [PATCH v3 5/7] drm/i915/mtl/huc: auth HuC via GSC
Date: Wed, 31 May 2023 00:33:55 +0000 [thread overview]
Message-ID: <22ff64c588c62d2161b4bb794364e1e8e207d2a7.camel@intel.com> (raw)
In-Reply-To: <20230527005242.1346093-6-daniele.ceraolospurio@intel.com>
On Fri, 2023-05-26 at 17:52 -0700, Ceraolo Spurio, Daniele wrote:
> The full authentication via the GSC requires an heci packet submission
> to the GSC FW via the GSC CS. The GSC has new PXP command for this
> (literally called NEW_HUC_AUTH).
> The intel_huc_auth fuction is also updated to handle both authentication
> types.
>
alan:snip
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c b/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c
> index b26f493f86fa..c659cc01f32f 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c
> @@ -29,13 +29,32 @@ static void gsc_work(struct work_struct *work)
>
> if (actions & GSC_ACTION_FW_LOAD) {
> ret = intel_gsc_uc_fw_upload(gsc);
> - if (ret == -EEXIST) /* skip proxy if not a new load */
> - actions &= ~GSC_ACTION_FW_LOAD;
> - else if (ret)
> + if (!ret)
> + /* setup proxy on a new load */
> + actions |= GSC_ACTION_SW_PROXY;
> + else if (ret != -EEXIST)
> goto out_put;
alan: I realize that this worker doesnt print error values that
come back from intel_gsc_uc_fw_upload - wonder if we should print
it before goto out_put.
> +
> + /*
> + * The HuC auth can be done both before or after the proxy init;
> + * if done after, a proxy request will be issued and must be
> + * serviced before the authentication can complete.
> + * Since this worker also handles proxy requests, we can't
> + * perform an action that requires the proxy from within it and
> + * then stall waiting for it, because we'd be blocking the
> + * service path. Therefore, it is easier for us to load HuC
> + * first and do proxy later. The GSC will ack the HuC auth and
> + * then send the HuC proxy request as part of the proxy init
> + * flow.
> + * Note that we can only do the GSC auth if the GuC auth was
> + * successful.
> + */
> + if (intel_uc_uses_huc(>->uc) &&
> + intel_huc_is_authenticated(>->uc.huc, INTEL_HUC_AUTH_BY_GUC))
> + intel_huc_auth(>->uc.huc, INTEL_HUC_AUTH_BY_GSC);
> }
>
> - if (actions & (GSC_ACTION_FW_LOAD | GSC_ACTION_SW_PROXY)) {
> + if (actions & GSC_ACTION_SW_PROXY) {
> if (!intel_gsc_uc_fw_init_done(gsc)) {
> gt_err(gt, "Proxy request received with GSC not loaded!\n");
> goto out_put;
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc_heci_cmd_submit.c b/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc_heci_cmd_submit.c
> index 579c0f5a1438..0ad090304ca0 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc_heci_cmd_submit.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_gsc_uc_heci_cmd_submit.c
>
alan:snip
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_huc.c b/drivers/gpu/drm/i915/gt/uc/intel_huc.c
> index ab5246ae3979..5a4058d39550 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_huc.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_huc.c
>
alan:snip
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_huc_fw.c b/drivers/gpu/drm/i915/gt/uc/intel_huc_fw.c
> index d2b4176c81d6..8e538d639b05 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_huc_fw.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_huc_fw.c
>
alan:snip
> +int intel_huc_fw_auth_via_gsccs(struct intel_huc *huc)
> +{
> + struct drm_i915_gem_object *obj;
> + void *pkt_vaddr;
> + u64 pkt_offset;
> + int retry = 5;
> + int err = 0;
> +
> + if (!huc->heci_pkt)
> + return -ENODEV;
> +
> + obj = huc->heci_pkt->obj;
> + pkt_offset = i915_ggtt_offset(huc->heci_pkt);
> +
> + pkt_vaddr = i915_gem_object_pin_map_unlocked(obj,
> + i915_coherent_map_type(i915, obj, true));
> + if (IS_ERR(pkt_vaddr))
> + return PTR_ERR(pkt_vaddr);
> +
> + msg_in = pkt_vaddr;
> + msg_out = pkt_vaddr + SZ_4K;
this 4K*2 (4k for input and 4K for output) seems to be hardcoded in two different locations.
One is here in intel_huc_fw_auth_via_gsccs and the other location in intel_huc_init which was
even in a different file. Perhaps its better to use a #define after to the definition of
PXP43_CMDID_NEW_HUC_AUTH... maybe something like a "#define PXP43_NEW_HUC_AUTH_INOUT_PKT_SIZE (SZ_4K)"
> +
> + intel_gsc_uc_heci_cmd_emit_mtl_header(&msg_in->header,
> + HECI_MEADDRESS_PXP,
> + sizeof(*msg_in), 0);
> +
> + msg_in->huc_in.header.api_version = PXP_APIVER(4, 3);
> + msg_in->huc_in.header.command_id = PXP43_CMDID_NEW_HUC_AUTH;
> + msg_in->huc_in.header.status = 0;
> + msg_in->huc_in.header.buffer_len = sizeof(msg_in->huc_in) -
> + sizeof(msg_in->huc_in.header);
> + msg_in->huc_in.huc_base_address = huc->fw.vma_res.start;
> + msg_in->huc_in.huc_size = huc->fw.obj->base.size;
alan: is this right?: fw.obj.base.size is the rounded up firmware size that was
allocated from intel_uc_fw_fetch when it calls i915_gem_object_create_shmem_from_data
That latter funcation populates obj with the "rounded up to 4K" size.
So is it okay use the 4k rounded up number for the size of the firmware microcode that needs to be authenticated?
(or, since this is a GSC FW command, does GSC FW parse the mei headers and extract the exact size to authenticate?)
alan:snip
> +
> +out_unpin:
> + i915_gem_object_unpin_map(obj);
> + return err;
> +}
>
alan:snip
next prev parent reply other threads:[~2023-05-31 0:34 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-27 0:52 [PATCH v3 0/7] drm/i915: HuC loading and authentication for MTL Daniele Ceraolo Spurio
2023-05-27 0:52 ` [Intel-gfx] " Daniele Ceraolo Spurio
2023-05-27 0:52 ` [PATCH v3 1/7] drm/i915/uc: perma-pin firmwares Daniele Ceraolo Spurio
2023-05-27 0:52 ` [Intel-gfx] " Daniele Ceraolo Spurio
2023-05-30 22:52 ` John Harrison
2023-05-30 22:52 ` [Intel-gfx] " John Harrison
2023-05-27 0:52 ` [PATCH v3 2/7] drm/i915/huc: Parse the GSC-enabled HuC binary Daniele Ceraolo Spurio
2023-05-27 0:52 ` [Intel-gfx] " Daniele Ceraolo Spurio
2023-05-30 23:30 ` John Harrison
2023-05-30 23:30 ` [Intel-gfx] " John Harrison
2023-05-31 0:06 ` Ceraolo Spurio, Daniele
2023-05-31 0:06 ` [Intel-gfx] " Ceraolo Spurio, Daniele
2023-05-31 0:11 ` John Harrison
2023-05-31 0:11 ` [Intel-gfx] " John Harrison
2023-05-27 0:52 ` [PATCH v3 3/7] drm/i915/huc: Load GSC-enabled HuC via DMA xfer if the fuse says so Daniele Ceraolo Spurio
2023-05-27 0:52 ` [Intel-gfx] " Daniele Ceraolo Spurio
2023-05-30 23:51 ` John Harrison
2023-05-30 23:51 ` [Intel-gfx] " John Harrison
2023-05-31 0:11 ` Ceraolo Spurio, Daniele
2023-05-31 0:11 ` [Intel-gfx] " Ceraolo Spurio, Daniele
2023-05-31 0:20 ` John Harrison
2023-05-31 0:20 ` [Intel-gfx] " John Harrison
2023-05-31 0:26 ` Ceraolo Spurio, Daniele
2023-05-31 0:26 ` [Intel-gfx] " Ceraolo Spurio, Daniele
2023-05-27 0:52 ` [PATCH v3 4/7] drm/i915/huc: differentiate the 2 steps of the MTL HuC auth flow Daniele Ceraolo Spurio
2023-05-27 0:52 ` [Intel-gfx] " Daniele Ceraolo Spurio
2023-05-27 5:07 ` kernel test robot
2023-05-27 8:59 ` kernel test robot
2023-05-30 15:29 ` [PATCH v4] " Daniele Ceraolo Spurio
2023-05-30 15:29 ` [Intel-gfx] " Daniele Ceraolo Spurio
2023-05-31 0:01 ` John Harrison
2023-05-31 0:01 ` [Intel-gfx] " John Harrison
2023-05-31 0:14 ` Ceraolo Spurio, Daniele
2023-05-31 0:14 ` [Intel-gfx] " Ceraolo Spurio, Daniele
2023-05-31 0:24 ` John Harrison
2023-05-31 0:24 ` [Intel-gfx] " John Harrison
2023-05-31 0:53 ` [PATCH v3 4/7] " kernel test robot
2023-05-27 0:52 ` [PATCH v3 5/7] drm/i915/mtl/huc: auth HuC via GSC Daniele Ceraolo Spurio
2023-05-27 0:52 ` [Intel-gfx] " Daniele Ceraolo Spurio
2023-05-31 0:33 ` Teres Alexis, Alan Previn [this message]
2023-05-31 0:33 ` Teres Alexis, Alan Previn
2023-05-27 0:52 ` [PATCH v3 6/7] drm/i915/mtl/huc: Use the media gt for the HuC getparam Daniele Ceraolo Spurio
2023-05-27 0:52 ` [Intel-gfx] " Daniele Ceraolo Spurio
2023-05-27 0:52 ` [PATCH v3 7/7] drm/i915/huc: define HuC FW version for MTL Daniele Ceraolo Spurio
2023-05-27 0:52 ` [Intel-gfx] " Daniele Ceraolo Spurio
2023-05-27 1:22 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for drm/i915: HuC loading and authentication for MTL (rev5) Patchwork
2023-05-27 1:22 ` [Intel-gfx] ✗ Fi.CI.SPARSE: " Patchwork
2023-05-27 1:35 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2023-05-28 1:07 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
2023-05-31 9:20 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for drm/i915: HuC loading and authentication for MTL (rev6) Patchwork
2023-05-31 9:20 ` [Intel-gfx] ✗ Fi.CI.SPARSE: " Patchwork
2023-05-31 9:34 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=22ff64c588c62d2161b4bb794364e1e8e207d2a7.camel@intel.com \
--to=alan.previn.teres.alexis@intel.com \
--cc=daniele.ceraolospurio@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.