diff options
author | Alexandre Courbot <acourbot@nvidia.com> | 2016-01-13 17:12:49 +0900 |
---|---|---|
committer | Alexandre Courbot <acourbot@nvidia.com> | 2016-01-18 18:19:13 +0900 |
commit | 32ac72a199cb1339f7f7a6f6a4ce78e378850b2a (patch) | |
tree | d8b222aae7937ff252af1f430c03518676841913 /drm/nouveau/nvkm/subdev/secboot/priv.h | |
parent | 7984cff8a9972f5e4e647cb564ef1188c07c9677 (diff) | |
download | nouveau-32ac72a199cb1339f7f7a6f6a4ce78e378850b2a.tar.gz |
core: add support for secure boot
On GM20x and later GPUs, firmware for some essential falcons (notably
FECS) must be authenticated by a NVIDIA-produced signature and loaded
by a high-secure falcon in order to access certain registers, in a
process known as Secure Boot.
Secure Boot requires the building of a binary blob containing the
firmwares and signatures of the falcons to be loaded. This blob is then
given to a high-secure falcon running a signed loader firmware that
copies the blob into a write-protected region, checks that the
signatures are valid, and finally loads the verified firmware into the
managed falcons and switches them to a priviledged mode.
This patch adds infrastructure code to support this process on chips
that require it.
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Diffstat (limited to 'drm/nouveau/nvkm/subdev/secboot/priv.h')
-rw-r--r-- | drm/nouveau/nvkm/subdev/secboot/priv.h | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/drm/nouveau/nvkm/subdev/secboot/priv.h b/drm/nouveau/nvkm/subdev/secboot/priv.h new file mode 100644 index 000000000..990d490ee --- /dev/null +++ b/drm/nouveau/nvkm/subdev/secboot/priv.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015, NVIDIA CORPORATION. All rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ + +#ifndef __NVKM_SECBOOT_PRIV_H__ +#define __NVKM_SECBOOT_PRIV_H__ + +#include <subdev/secboot.h> +#include <subdev/mmu.h> + +struct nvkm_secboot_func { + int (*init)(struct nvkm_secboot *); + void *(*dtor)(struct nvkm_secboot *); + int (*prepare_blobs)(struct nvkm_secboot *); + int (*run)(struct nvkm_secboot *); + + /* ID of the falcon that will perform secure boot */ + enum nvkm_secboot_falcon boot_falcon; + /* Bit-mask of IDs of managed falcons */ + unsigned long managed_falcons; +}; + +int nvkm_secboot_ctor(const struct nvkm_secboot_func *, struct nvkm_device *, + int index, struct nvkm_secboot *); +int nvkm_secboot_falcon_reset(struct nvkm_secboot *); +int nvkm_secboot_falcon_run(struct nvkm_secboot *); + +#endif |