All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alexandre Courbot <acourbot-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
To: Ben Skeggs <bskeggs-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
Subject: [PATCH v2 10/14] secboot: split reset function
Date: Thu, 27 Oct 2016 13:37:04 +0900	[thread overview]
Message-ID: <20161027043708.22538-11-acourbot@nvidia.com> (raw)
In-Reply-To: <20161027043708.22538-1-acourbot-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>

Split the reset function into more meaningful and reusable ones.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
---
 drm/nouveau/include/nvkm/subdev/secboot.h  |  3 ++
 drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 78 ++++++++++++++++++++----------
 2 files changed, 56 insertions(+), 25 deletions(-)

diff --git a/drm/nouveau/include/nvkm/subdev/secboot.h b/drm/nouveau/include/nvkm/subdev/secboot.h
index 24d98878bb93..785e2c553392 100644
--- a/drm/nouveau/include/nvkm/subdev/secboot.h
+++ b/drm/nouveau/include/nvkm/subdev/secboot.h
@@ -30,6 +30,7 @@
  * @base: base IO address of the falcon performing secure boot
  * @managed_falcons: bitfield of falcons managed by this ACR
  * @debug_mode: whether the debug or production signatures should be used
+ * @wpr_set: whether the WPR region is currently set
 */
 struct nvkm_secboot {
 	const struct nvkm_secboot_func *func;
@@ -44,6 +45,8 @@ struct nvkm_secboot {
 	u32 wpr_size;
 
 	bool debug_mode;
+
+	bool wpr_set;
 };
 #define nvkm_secboot(p) container_of((p), struct nvkm_secboot, subdev)
 
diff --git a/drm/nouveau/nvkm/subdev/secboot/acr_r352.c b/drm/nouveau/nvkm/subdev/secboot/acr_r352.c
index a74dede4c222..d9f02c1c0de6 100644
--- a/drm/nouveau/nvkm/subdev/secboot/acr_r352.c
+++ b/drm/nouveau/nvkm/subdev/secboot/acr_r352.c
@@ -740,6 +740,54 @@ nvkm_acr_r352_load(struct nvkm_acr *_acr, struct nvkm_secboot *sb,
 	return 0;
 }
 
+static int
+acr_r352_shutdown(struct nvkm_acr_r352 *acr, struct nvkm_secboot *sb)
+{
+	int i;
+
+	/* Run the unload blob to unprotect the WPR region */
+	if (acr->unload_blob && sb->wpr_set) {
+		int ret;
+
+		nvkm_debug(&sb->subdev, "running HS unload blob\n");
+		ret = sb->func->run_blob(sb, acr->unload_blob);
+		if (ret)
+			return ret;
+		nvkm_debug(&sb->subdev, "HS unload blob completed\n");
+	}
+
+	for (i = 0; i < NVKM_FALCON_END; i++)
+		acr->falcon_state[i] = NON_SECURE;
+
+	sb->wpr_set = false;
+
+	return 0;
+}
+
+static int
+acr_r352_bootstrap(struct nvkm_acr_r352 *acr, struct nvkm_secboot *sb)
+{
+	int ret;
+
+	if (sb->wpr_set)
+		return 0;
+
+	/* Make sure all blobs are ready */
+	ret = acr_r352_load_blobs(acr, sb);
+	if (ret)
+		return ret;
+
+	nvkm_debug(&sb->subdev, "running HS load blob\n");
+	ret = sb->func->run_blob(sb, acr->load_blob);
+	if (ret)
+		return ret;
+	nvkm_debug(&sb->subdev, "HS load blob completed\n");
+
+	sb->wpr_set = true;
+
+	return 0;
+}
+
 /*
  * nvkm_acr_r352_reset() - execute secure boot from the prepared state
  *
@@ -754,11 +802,6 @@ nvkm_acr_r352_reset(struct nvkm_acr *_acr, struct nvkm_secboot *sb,
 	struct nvkm_acr_r352 *acr = nvkm_acr_r352(_acr);
 	int ret;
 
-	/* Make sure all blobs are ready */
-	ret = acr_r352_load_blobs(acr, sb);
-	if (ret)
-		return ret;
-
 	/*
 	 * Dummy GM200 implementation: perform secure boot each time we are
 	 * called on FECS. Since only FECS and GPCCS are managed and started
@@ -770,16 +813,11 @@ nvkm_acr_r352_reset(struct nvkm_acr *_acr, struct nvkm_secboot *sb,
 	if (falcon != NVKM_FALCON_FECS)
 		goto end;
 
-	/* If WPR is set and we have an unload blob, run it to unlock WPR */
-	if (acr->unload_blob &&
-	    acr->falcon_state[NVKM_FALCON_FECS] != NON_SECURE) {
-		ret = sb->func->run_blob(sb, acr->unload_blob);
-		if (ret)
-			return ret;
-	}
+	ret = acr_r352_shutdown(acr, sb);
+	if (ret)
+		return ret;
 
-	/* Reload all managed falcons */
-	ret = sb->func->run_blob(sb, acr->load_blob);
+	acr_r352_bootstrap(acr, sb);
 	if (ret)
 		return ret;
 
@@ -818,18 +856,8 @@ int
 nvkm_acr_r352_fini(struct nvkm_acr *_acr, struct nvkm_secboot *sb, bool suspend)
 {
 	struct nvkm_acr_r352 *acr = nvkm_acr_r352(_acr);
-	int ret = 0;
-	int i;
 
-	/* Run the unload blob to unprotect the WPR region */
-	if (acr->unload_blob &&
-	    acr->falcon_state[NVKM_FALCON_FECS] != NON_SECURE)
-		ret = sb->func->run_blob(sb, acr->unload_blob);
-
-	for (i = 0; i < NVKM_FALCON_END; i++)
-		acr->falcon_state[i] = NON_SECURE;
-
-	return ret;
+	return acr_r352_shutdown(acr, sb);
 }
 
 void
-- 
2.10.0

_______________________________________________
Nouveau mailing list
Nouveau@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/nouveau

  parent reply	other threads:[~2016-10-27  4:37 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-10-27  4:36 [PATCH v2 00/14] Secure Boot refactoring Alexandre Courbot
     [not found] ` <20161027043708.22538-1-acourbot-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-10-27  4:36   ` [PATCH v2 01/14] core: constify nv*_printk macros Alexandre Courbot
2016-10-27  4:36   ` [PATCH v2 02/14] core: add falcon library Alexandre Courbot
2016-10-27  4:36   ` [PATCH v2 03/14] secboot: use falcon library's IMEM/DMEM loading functions Alexandre Courbot
2016-10-27  4:36   ` [PATCH v2 04/14] secboot: rename init() hook to oneinit() Alexandre Courbot
2016-10-27  4:36   ` [PATCH v2 05/14] secboot: remove fixup_hs_desc hook Alexandre Courbot
2016-10-27  4:37   ` [PATCH v2 06/14] secboot: add low-secure firmware hooks Alexandre Courbot
2016-10-27  4:37   ` [PATCH v2 07/14] secboot: generate HS BL descriptor in hook Alexandre Courbot
2016-10-27  4:37   ` [PATCH v2 08/14] secboot: reorganize into more files Alexandre Courbot
2016-10-27  4:37   ` [PATCH v2 09/14] secboot: add LS flags to LS func structure Alexandre Courbot
2016-10-27  4:37   ` Alexandre Courbot [this message]
2016-10-27  4:37   ` [PATCH v2 11/14] secboot: disable falcon interrupts before running Alexandre Courbot
2016-10-27  4:37   ` [PATCH v2 12/14] secboot: remove unneeded ls_ucode_img member Alexandre Courbot
2016-10-27  4:37   ` [PATCH v2 13/14] secboot: remove ls_ucode_mgr Alexandre Courbot
2016-10-27  4:37   ` [PATCH v2 14/14] secboot: abstract LS firmware loading functions Alexandre Courbot
2016-10-27  8:27   ` [PATCH v2 00/14] Secure Boot refactoring Alexandre Courbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161027043708.22538-11-acourbot@nvidia.com \
    --to=acourbot-ddmlm1+adcrqt0dzr+alfa@public.gmane.org \
    --cc=bskeggs-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.