1 /* 2 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved. 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 17 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 * DEALINGS IN THE SOFTWARE. 21 */ 22 23 /* 24 * Secure boot is the process by which NVIDIA-signed firmware is loaded into 25 * some of the falcons of a GPU. For production devices this is the only way 26 * for the firmware to access useful (but sensitive) registers. 27 * 28 * A Falcon microprocessor supporting advanced security modes can run in one of 29 * three modes: 30 * 31 * - Non-secure (NS). In this mode, functionality is similar to Falcon 32 * architectures before security modes were introduced (pre-Maxwell), but 33 * capability is restricted. In particular, certain registers may be 34 * inaccessible for reads and/or writes, and physical memory access may be 35 * disabled (on certain Falcon instances). This is the only possible mode that 36 * can be used if you don't have microcode cryptographically signed by NVIDIA. 37 * 38 * - Heavy Secure (HS). In this mode, the microprocessor is a black box - it's 39 * not possible to read or write any Falcon internal state or Falcon registers 40 * from outside the Falcon (for example, from the host system). The only way 41 * to enable this mode is by loading microcode that has been signed by NVIDIA. 42 * (The loading process involves tagging the IMEM block as secure, writing the 43 * signature into a Falcon register, and starting execution. The hardware will 44 * validate the signature, and if valid, grant HS privileges.) 45 * 46 * - Light Secure (LS). In this mode, the microprocessor has more privileges 47 * than NS but fewer than HS. Some of the microprocessor state is visible to 48 * host software to ease debugging. The only way to enable this mode is by HS 49 * microcode enabling LS mode. Some privileges available to HS mode are not 50 * available here. LS mode is introduced in GM20x. 51 * 52 * Secure boot consists in temporarily switching a HS-capable falcon (typically 53 * PMU) into HS mode in order to validate the LS firmwares of managed falcons, 54 * load them, and switch managed falcons into LS mode. Once secure boot 55 * completes, no falcon remains in HS mode. 56 * 57 * Secure boot requires a write-protected memory region (WPR) which can only be 58 * written by the secure falcon. On dGPU, the driver sets up the WPR region in 59 * video memory. On Tegra, it is set up by the bootloader and its location and 60 * size written into memory controller registers. 61 * 62 * The secure boot process takes place as follows: 63 * 64 * 1) A LS blob is constructed that contains all the LS firmwares we want to 65 * load, along with their signatures and bootloaders. 66 * 67 * 2) A HS blob (also called ACR) is created that contains the signed HS 68 * firmware in charge of loading the LS firmwares into their respective 69 * falcons. 70 * 71 * 3) The HS blob is loaded (via its own bootloader) and executed on the 72 * HS-capable falcon. It authenticates itself, switches the secure falcon to 73 * HS mode and setup the WPR region around the LS blob (dGPU) or copies the 74 * LS blob into the WPR region (Tegra). 75 * 76 * 4) The LS blob is now secure from all external tampering. The HS falcon 77 * checks the signatures of the LS firmwares and, if valid, switches the 78 * managed falcons to LS mode and makes them ready to run the LS firmware. 79 * 80 * 5) The managed falcons remain in LS mode and can be started. 81 * 82 */ 83 84 #include "priv.h" 85 #include "acr.h" 86 87 #include <subdev/mc.h> 88 #include <subdev/timer.h> 89 #include <subdev/pmu.h> 90 #include <engine/sec2.h> 91 92 const char * 93 nvkm_secboot_falcon_name[] = { 94 [NVKM_SECBOOT_FALCON_PMU] = "PMU", 95 [NVKM_SECBOOT_FALCON_RESERVED] = "<reserved>", 96 [NVKM_SECBOOT_FALCON_FECS] = "FECS", 97 [NVKM_SECBOOT_FALCON_GPCCS] = "GPCCS", 98 [NVKM_SECBOOT_FALCON_SEC2] = "SEC2", 99 [NVKM_SECBOOT_FALCON_END] = "<invalid>", 100 }; 101 /** 102 * nvkm_secboot_reset() - reset specified falcon 103 */ 104 int 105 nvkm_secboot_reset(struct nvkm_secboot *sb, unsigned long falcon_mask) 106 { 107 /* Unmanaged falcon? */ 108 if ((falcon_mask | sb->acr->managed_falcons) != sb->acr->managed_falcons) { 109 nvkm_error(&sb->subdev, "cannot reset unmanaged falcon!\n"); 110 return -EINVAL; 111 } 112 113 return sb->acr->func->reset(sb->acr, sb, falcon_mask); 114 } 115 116 /** 117 * nvkm_secboot_is_managed() - check whether a given falcon is securely-managed 118 */ 119 bool 120 nvkm_secboot_is_managed(struct nvkm_secboot *sb, enum nvkm_secboot_falcon fid) 121 { 122 if (!sb) 123 return false; 124 125 return sb->acr->managed_falcons & BIT(fid); 126 } 127 128 static int 129 nvkm_secboot_oneinit(struct nvkm_subdev *subdev) 130 { 131 struct nvkm_secboot *sb = nvkm_secboot(subdev); 132 int ret = 0; 133 134 switch (sb->acr->boot_falcon) { 135 case NVKM_SECBOOT_FALCON_PMU: 136 sb->halt_falcon = sb->boot_falcon = subdev->device->pmu->falcon; 137 break; 138 case NVKM_SECBOOT_FALCON_SEC2: 139 /* we must keep SEC2 alive forever since ACR will run on it */ 140 nvkm_engine_ref(&subdev->device->sec2->engine); 141 sb->boot_falcon = subdev->device->sec2->falcon; 142 sb->halt_falcon = subdev->device->pmu->falcon; 143 break; 144 default: 145 nvkm_error(subdev, "Unmanaged boot falcon %s!\n", 146 nvkm_secboot_falcon_name[sb->acr->boot_falcon]); 147 return -EINVAL; 148 } 149 nvkm_debug(subdev, "using %s falcon for ACR\n", sb->boot_falcon->name); 150 151 /* Call chip-specific init function */ 152 if (sb->func->oneinit) 153 ret = sb->func->oneinit(sb); 154 if (ret) { 155 nvkm_error(subdev, "Secure Boot initialization failed: %d\n", 156 ret); 157 return ret; 158 } 159 160 return 0; 161 } 162 163 static int 164 nvkm_secboot_fini(struct nvkm_subdev *subdev, bool suspend) 165 { 166 struct nvkm_secboot *sb = nvkm_secboot(subdev); 167 int ret = 0; 168 169 if (sb->func->fini) 170 ret = sb->func->fini(sb, suspend); 171 172 return ret; 173 } 174 175 static void * 176 nvkm_secboot_dtor(struct nvkm_subdev *subdev) 177 { 178 struct nvkm_secboot *sb = nvkm_secboot(subdev); 179 void *ret = NULL; 180 181 if (sb->func->dtor) 182 ret = sb->func->dtor(sb); 183 184 return ret; 185 } 186 187 static const struct nvkm_subdev_func 188 nvkm_secboot = { 189 .oneinit = nvkm_secboot_oneinit, 190 .fini = nvkm_secboot_fini, 191 .dtor = nvkm_secboot_dtor, 192 }; 193 194 int 195 nvkm_secboot_ctor(const struct nvkm_secboot_func *func, struct nvkm_acr *acr, 196 struct nvkm_device *device, int index, 197 struct nvkm_secboot *sb) 198 { 199 unsigned long fid; 200 201 nvkm_subdev_ctor(&nvkm_secboot, device, index, &sb->subdev); 202 sb->func = func; 203 sb->acr = acr; 204 acr->subdev = &sb->subdev; 205 206 nvkm_debug(&sb->subdev, "securely managed falcons:\n"); 207 for_each_set_bit(fid, &sb->acr->managed_falcons, 208 NVKM_SECBOOT_FALCON_END) 209 nvkm_debug(&sb->subdev, "- %s\n", 210 nvkm_secboot_falcon_name[fid]); 211 212 return 0; 213 }