1 /*
2 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
17 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20 * DEALINGS IN THE SOFTWARE.
21 */
22
23 /*
24 * Secure boot is the process by which NVIDIA-signed firmware is loaded into
25 * some of the falcons of a GPU. For production devices this is the only way
26 * for the firmware to access useful (but sensitive) registers.
27 *
28 * A Falcon microprocessor supporting advanced security modes can run in one of
29 * three modes:
30 *
31 * - Non-secure (NS). In this mode, functionality is similar to Falcon
32 * architectures before security modes were introduced (pre-Maxwell), but
33 * capability is restricted. In particular, certain registers may be
34 * inaccessible for reads and/or writes, and physical memory access may be
35 * disabled (on certain Falcon instances). This is the only possible mode that
36 * can be used if you don't have microcode cryptographically signed by NVIDIA.
37 *
38 * - Heavy Secure (HS). In this mode, the microprocessor is a black box - it's
39 * not possible to read or write any Falcon internal state or Falcon registers
40 * from outside the Falcon (for example, from the host system). The only way
41 * to enable this mode is by loading microcode that has been signed by NVIDIA.
42 * (The loading process involves tagging the IMEM block as secure, writing the
43 * signature into a Falcon register, and starting execution. The hardware will
44 * validate the signature, and if valid, grant HS privileges.)
45 *
46 * - Light Secure (LS). In this mode, the microprocessor has more privileges
47 * than NS but fewer than HS. Some of the microprocessor state is visible to
48 * host software to ease debugging. The only way to enable this mode is by HS
49 * microcode enabling LS mode. Some privileges available to HS mode are not
50 * available here. LS mode is introduced in GM20x.
51 *
52 * Secure boot consists in temporarily switching a HS-capable falcon (typically
53 * PMU) into HS mode in order to validate the LS firmwares of managed falcons,
54 * load them, and switch managed falcons into LS mode. Once secure boot
55 * completes, no falcon remains in HS mode.
56 *
57 * Secure boot requires a write-protected memory region (WPR) which can only be
58 * written by the secure falcon. On dGPU, the driver sets up the WPR region in
59 * video memory. On Tegra, it is set up by the bootloader and its location and
60 * size written into memory controller registers.
61 *
62 * The secure boot process takes place as follows:
63 *
64 * 1) A LS blob is constructed that contains all the LS firmwares we want to
65 * load, along with their signatures and bootloaders.
66 *
67 * 2) A HS blob (also called ACR) is created that contains the signed HS
68 * firmware in charge of loading the LS firmwares into their respective
69 * falcons.
70 *
71 * 3) The HS blob is loaded (via its own bootloader) and executed on the
72 * HS-capable falcon. It authenticates itself, switches the secure falcon to
73 * HS mode and setup the WPR region around the LS blob (dGPU) or copies the
74 * LS blob into the WPR region (Tegra).
75 *
76 * 4) The LS blob is now secure from all external tampering. The HS falcon
77 * checks the signatures of the LS firmwares and, if valid, switches the
78 * managed falcons to LS mode and makes them ready to run the LS firmware.
79 *
80 * 5) The managed falcons remain in LS mode and can be started.
81 *
82 */
83
84 #include "priv.h"
85 #include "acr.h"
86
87 #include <subdev/mc.h>
88 #include <subdev/timer.h>
89 #include <subdev/pmu.h>
90 #include <engine/sec2.h>
91
92 const char *
93 nvkm_secboot_falcon_name[] = {
94 [NVKM_SECBOOT_FALCON_PMU] = "PMU",
95 [NVKM_SECBOOT_FALCON_RESERVED] = "<reserved>",
96 [NVKM_SECBOOT_FALCON_FECS] = "FECS",
97 [NVKM_SECBOOT_FALCON_GPCCS] = "GPCCS",
98 [NVKM_SECBOOT_FALCON_SEC2] = "SEC2",
99 [NVKM_SECBOOT_FALCON_END] = "<invalid>",
100 };
101 /**
102 * nvkm_secboot_reset() - reset specified falcon
103 */
104 int
105 nvkm_secboot_reset(struct nvkm_secboot *sb, unsigned long falcon_mask)
106 {
107 /* Unmanaged falcon? */
108 if ((falcon_mask | sb->acr->managed_falcons) != sb->acr->managed_falcons) {
109 nvkm_error(&sb->subdev, "cannot reset unmanaged falcon!\n");
110 return -EINVAL;
111 }
112
113 return sb->acr->func->reset(sb->acr, sb, falcon_mask);
114 }
115
116 /**
117 * nvkm_secboot_is_managed() - check whether a given falcon is securely-managed
118 */
119 bool
120 nvkm_secboot_is_managed(struct nvkm_secboot *sb, enum nvkm_secboot_falcon fid)
121 {
122 if (!sb)
123 return false;
124
125 return sb->acr->managed_falcons & BIT(fid);
126 }
127
128 static int
129 nvkm_secboot_oneinit(struct nvkm_subdev *subdev)
130 {
131 struct nvkm_secboot *sb = nvkm_secboot(subdev);
132 int ret = 0;
133
134 switch (sb->acr->boot_falcon) {
135 case NVKM_SECBOOT_FALCON_PMU:
136 sb->halt_falcon = sb->boot_falcon = subdev->device->pmu->falcon;
137 break;
138 case NVKM_SECBOOT_FALCON_SEC2:
139 /* we must keep SEC2 alive forever since ACR will run on it */
140 nvkm_engine_ref(&subdev->device->sec2->engine);
141 sb->boot_falcon = subdev->device->sec2->falcon;
142 sb->halt_falcon = subdev->device->pmu->falcon;
143 break;
144 default:
145 nvkm_error(subdev, "Unmanaged boot falcon %s!\n",
146 nvkm_secboot_falcon_name[sb->acr->boot_falcon]);
147 return -EINVAL;
148 }
149 nvkm_debug(subdev, "using %s falcon for ACR\n", sb->boot_falcon->name);
150
151 /* Call chip-specific init function */
152 if (sb->func->oneinit)
153 ret = sb->func->oneinit(sb);
154 if (ret) {
155 nvkm_error(subdev, "Secure Boot initialization failed: %d\n",
156 ret);
157 return ret;
158 }
159
160 return 0;
161 }
162
163 static int
164 nvkm_secboot_fini(struct nvkm_subdev *subdev, bool suspend)
165 {
166 struct nvkm_secboot *sb = nvkm_secboot(subdev);
167 int ret = 0;
168
169 if (sb->func->fini)
170 ret = sb->func->fini(sb, suspend);
171
172 return ret;
173 }
174
175 static void *
176 nvkm_secboot_dtor(struct nvkm_subdev *subdev)
177 {
178 struct nvkm_secboot *sb = nvkm_secboot(subdev);
179 void *ret = NULL;
180
181 if (sb->func->dtor)
182 ret = sb->func->dtor(sb);
183
184 return ret;
185 }
186
187 static const struct nvkm_subdev_func
188 nvkm_secboot = {
189 .oneinit = nvkm_secboot_oneinit,
190 .fini = nvkm_secboot_fini,
191 .dtor = nvkm_secboot_dtor,
192 };
193
194 int
195 nvkm_secboot_ctor(const struct nvkm_secboot_func *func, struct nvkm_acr *acr,
196 struct nvkm_device *device, int index,
197 struct nvkm_secboot *sb)
198 {
199 unsigned long fid;
200
201 nvkm_subdev_ctor(&nvkm_secboot, device, index, &sb->subdev);
202 sb->func = func;
203 sb->acr = acr;
204 acr->subdev = &sb->subdev;
205
206 nvkm_debug(&sb->subdev, "securely managed falcons:\n");
207 for_each_set_bit(fid, &sb->acr->managed_falcons,
208 NVKM_SECBOOT_FALCON_END)
209 nvkm_debug(&sb->subdev, "- %s\n",
210 nvkm_secboot_falcon_name[fid]);
211
212 return 0;
213 }