[v5,7/18] secboot: split reset function

Submitted by Alexandre Courbot on Dec. 14, 2016, 8:02 a.m.

Details

Message ID b4341c3bb5fdf80736466216856fc9ae004de390.1481702469.git-series.acourbot@nvidia.com
State New
Headers show
Series "Secure Boot refactoring" ( rev: 1 ) in Nouveau

Not browsing as part of any series.

Commit Message

Alexandre Courbot Dec. 14, 2016, 8:02 a.m.
Split the reset function into more meaningful and reusable ones.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
---
 drm/nouveau/include/nvkm/subdev/secboot.h  |  5 +-
 drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 78 +++++++++++++++--------
 2 files changed, 58 insertions(+), 25 deletions(-)

Patch hide | download patch | download mbox

diff --git a/drm/nouveau/include/nvkm/subdev/secboot.h b/drm/nouveau/include/nvkm/subdev/secboot.h
index 6e9e0450220c..5dbd8aa4f8c2 100644
--- a/drm/nouveau/include/nvkm/subdev/secboot.h
+++ b/drm/nouveau/include/nvkm/subdev/secboot.h
@@ -34,6 +34,9 @@  enum nvkm_secboot_falcon {
 	NVKM_SECBOOT_FALCON_INVALID = 0xffffffff,
 };
 
+/**
+ * @wpr_set: whether the WPR region is currently set
+*/
 struct nvkm_secboot {
 	const struct nvkm_secboot_func *func;
 	struct nvkm_acr *acr;
@@ -42,6 +45,8 @@  struct nvkm_secboot {
 
 	u64 wpr_addr;
 	u32 wpr_size;
+
+	bool wpr_set;
 };
 #define nvkm_secboot(p) container_of((p), struct nvkm_secboot, subdev)
 
diff --git a/drm/nouveau/nvkm/subdev/secboot/acr_r352.c b/drm/nouveau/nvkm/subdev/secboot/acr_r352.c
index 0d44575ea272..ea2ecd620500 100644
--- a/drm/nouveau/nvkm/subdev/secboot/acr_r352.c
+++ b/drm/nouveau/nvkm/subdev/secboot/acr_r352.c
@@ -740,6 +740,54 @@  acr_r352_load(struct nvkm_acr *_acr, struct nvkm_secboot *sb,
 	return 0;
 }
 
+static int
+acr_r352_shutdown(struct acr_r352 *acr, struct nvkm_secboot *sb)
+{
+	int i;
+
+	/* Run the unload blob to unprotect the WPR region */
+	if (acr->unload_blob && sb->wpr_set) {
+		int ret;
+
+		nvkm_debug(&sb->subdev, "running HS unload blob\n");
+		ret = sb->func->run_blob(sb, acr->unload_blob);
+		if (ret)
+			return ret;
+		nvkm_debug(&sb->subdev, "HS unload blob completed\n");
+	}
+
+	for (i = 0; i < NVKM_SECBOOT_FALCON_END; i++)
+		acr->falcon_state[i] = NON_SECURE;
+
+	sb->wpr_set = false;
+
+	return 0;
+}
+
+static int
+acr_r352_bootstrap(struct acr_r352 *acr, struct nvkm_secboot *sb)
+{
+	int ret;
+
+	if (sb->wpr_set)
+		return 0;
+
+	/* Make sure all blobs are ready */
+	ret = acr_r352_load_blobs(acr, sb);
+	if (ret)
+		return ret;
+
+	nvkm_debug(&sb->subdev, "running HS load blob\n");
+	ret = sb->func->run_blob(sb, acr->load_blob);
+	if (ret)
+		return ret;
+	nvkm_debug(&sb->subdev, "HS load blob completed\n");
+
+	sb->wpr_set = true;
+
+	return 0;
+}
+
 /*
  * acr_r352_reset() - execute secure boot from the prepared state
  *
@@ -754,11 +802,6 @@  acr_r352_reset(struct nvkm_acr *_acr, struct nvkm_secboot *sb,
 	struct acr_r352 *acr = acr_r352(_acr);
 	int ret;
 
-	/* Make sure all blobs are ready */
-	ret = acr_r352_load_blobs(acr, sb);
-	if (ret)
-		return ret;
-
 	/*
 	 * Dummy GM200 implementation: perform secure boot each time we are
 	 * called on FECS. Since only FECS and GPCCS are managed and started
@@ -770,16 +813,11 @@  acr_r352_reset(struct nvkm_acr *_acr, struct nvkm_secboot *sb,
 	if (falcon != NVKM_SECBOOT_FALCON_FECS)
 		goto end;
 
-	/* If WPR is set and we have an unload blob, run it to unlock WPR */
-	if (acr->unload_blob &&
-	    acr->falcon_state[NVKM_SECBOOT_FALCON_FECS] != NON_SECURE) {
-		ret = sb->func->run_blob(sb, acr->unload_blob);
-		if (ret)
-			return ret;
-	}
+	ret = acr_r352_shutdown(acr, sb);
+	if (ret)
+		return ret;
 
-	/* Reload all managed falcons */
-	ret = sb->func->run_blob(sb, acr->load_blob);
+	acr_r352_bootstrap(acr, sb);
 	if (ret)
 		return ret;
 
@@ -818,18 +856,8 @@  static int
 acr_r352_fini(struct nvkm_acr *_acr, struct nvkm_secboot *sb, bool suspend)
 {
 	struct acr_r352 *acr = acr_r352(_acr);
-	int ret = 0;
-	int i;
 
-	/* Run the unload blob to unprotect the WPR region */
-	if (acr->unload_blob &&
-	    acr->falcon_state[NVKM_SECBOOT_FALCON_FECS] != NON_SECURE)
-		ret = sb->func->run_blob(sb, acr->unload_blob);
-
-	for (i = 0; i < NVKM_SECBOOT_FALCON_END; i++)
-		acr->falcon_state[i] = NON_SECURE;
-
-	return ret;
+	return acr_r352_shutdown(acr, sb);
 }
 
 static void