1 // SPDX-License-Identifier: GPL-2.0 2 3 //! FWSEC is a High Secure firmware that is extracted from the BIOS and performs the first step of 4 //! the GSP startup by creating the WPR2 memory region and copying critical areas of the VBIOS into 5 //! it after authenticating them, ensuring they haven't been tampered with. It runs on the GSP 6 //! falcon. 7 //! 8 //! Before being run, it needs to be patched in two areas: 9 //! 10 //! - The command to be run, as this firmware can perform several tasks ; 11 //! - The ucode signature, so the GSP falcon can run FWSEC in HS mode. 12 13 pub(crate) mod bootloader; 14 15 use core::marker::PhantomData; 16 17 use kernel::{ 18 device::{ 19 self, 20 Device, // 21 }, 22 prelude::*, 23 transmute::{ 24 AsBytes, 25 FromBytes, // 26 }, 27 }; 28 29 use crate::{ 30 driver::Bar0, 31 falcon::{ 32 gsp::Gsp, 33 Falcon, 34 FalconBromParams, 35 FalconDmaLoadTarget, 36 FalconDmaLoadable, 37 FalconFirmware, // 38 }, 39 firmware::{ 40 FalconUCodeDesc, 41 FirmwareObject, 42 FirmwareSignature, 43 Signed, 44 Unsigned, // 45 }, 46 num::FromSafeCast, 47 vbios::Vbios, 48 }; 49 50 const NVFW_FALCON_APPIF_ID_DMEMMAPPER: u32 = 0x4; 51 52 #[repr(C)] 53 #[derive(Debug)] 54 struct FalconAppifHdrV1 { 55 version: u8, 56 header_size: u8, 57 entry_size: u8, 58 entry_count: u8, 59 } 60 // SAFETY: Any byte sequence is valid for this struct. 61 unsafe impl FromBytes for FalconAppifHdrV1 {} 62 63 #[repr(C, packed)] 64 #[derive(Debug)] 65 struct FalconAppifV1 { 66 id: u32, 67 dmem_base: u32, 68 } 69 // SAFETY: Any byte sequence is valid for this struct. 70 unsafe impl FromBytes for FalconAppifV1 {} 71 72 #[derive(Debug)] 73 #[repr(C, packed)] 74 struct FalconAppifDmemmapperV3 { 75 signature: u32, 76 version: u16, 77 size: u16, 78 cmd_in_buffer_offset: u32, 79 cmd_in_buffer_size: u32, 80 cmd_out_buffer_offset: u32, 81 cmd_out_buffer_size: u32, 82 nvf_img_data_buffer_offset: u32, 83 nvf_img_data_buffer_size: u32, 84 printf_buffer_hdr: u32, 85 ucode_build_time_stamp: u32, 86 ucode_signature: u32, 87 init_cmd: u32, 88 ucode_feature: u32, 89 ucode_cmd_mask0: u32, 90 ucode_cmd_mask1: u32, 91 multi_tgt_tbl: u32, 92 } 93 // SAFETY: Any byte sequence is valid for this struct. 94 unsafe impl FromBytes for FalconAppifDmemmapperV3 {} 95 // SAFETY: This struct doesn't contain uninitialized bytes and doesn't have interior mutability. 96 unsafe impl AsBytes for FalconAppifDmemmapperV3 {} 97 98 #[derive(Debug)] 99 #[repr(C, packed)] 100 struct ReadVbios { 101 ver: u32, 102 hdr: u32, 103 addr: u64, 104 size: u32, 105 flags: u32, 106 } 107 // SAFETY: Any byte sequence is valid for this struct. 108 unsafe impl FromBytes for ReadVbios {} 109 // SAFETY: This struct doesn't contain uninitialized bytes and doesn't have interior mutability. 110 unsafe impl AsBytes for ReadVbios {} 111 112 #[derive(Debug)] 113 #[repr(C, packed)] 114 struct FrtsRegion { 115 ver: u32, 116 hdr: u32, 117 addr: u32, 118 size: u32, 119 ftype: u32, 120 } 121 // SAFETY: Any byte sequence is valid for this struct. 122 unsafe impl FromBytes for FrtsRegion {} 123 // SAFETY: This struct doesn't contain uninitialized bytes and doesn't have interior mutability. 124 unsafe impl AsBytes for FrtsRegion {} 125 126 const NVFW_FRTS_CMD_REGION_TYPE_FB: u32 = 2; 127 128 #[repr(C, packed)] 129 struct FrtsCmd { 130 read_vbios: ReadVbios, 131 frts_region: FrtsRegion, 132 } 133 // SAFETY: Any byte sequence is valid for this struct. 134 unsafe impl FromBytes for FrtsCmd {} 135 // SAFETY: This struct doesn't contain uninitialized bytes and doesn't have interior mutability. 136 unsafe impl AsBytes for FrtsCmd {} 137 138 const NVFW_FALCON_APPIF_DMEMMAPPER_CMD_FRTS: u32 = 0x15; 139 const NVFW_FALCON_APPIF_DMEMMAPPER_CMD_SB: u32 = 0x19; 140 141 /// Command for the [`FwsecFirmware`] to execute. 142 pub(crate) enum FwsecCommand { 143 /// Asks [`FwsecFirmware`] to carve out the WPR2 area and place a verified copy of the VBIOS 144 /// image into it. 145 Frts { frts_addr: u64, frts_size: u64 }, 146 /// Asks [`FwsecFirmware`] to load pre-OS apps on the PMU. 147 Sb, 148 } 149 150 /// Size of the signatures used in FWSEC. 151 const BCRT30_RSA3K_SIG_SIZE: usize = 384; 152 153 /// A single signature that can be patched into a FWSEC image. 154 #[repr(transparent)] 155 pub(crate) struct Bcrt30Rsa3kSignature([u8; BCRT30_RSA3K_SIG_SIZE]); 156 157 /// SAFETY: A signature is just an array of bytes. 158 unsafe impl FromBytes for Bcrt30Rsa3kSignature {} 159 160 impl From<[u8; BCRT30_RSA3K_SIG_SIZE]> for Bcrt30Rsa3kSignature { 161 fn from(sig: [u8; BCRT30_RSA3K_SIG_SIZE]) -> Self { 162 Self(sig) 163 } 164 } 165 166 impl AsRef<[u8]> for Bcrt30Rsa3kSignature { 167 fn as_ref(&self) -> &[u8] { 168 &self.0 169 } 170 } 171 172 impl FirmwareSignature<FwsecFirmware> for Bcrt30Rsa3kSignature {} 173 174 /// The FWSEC microcode, extracted from the BIOS and to be run on the GSP falcon. 175 /// 176 /// It is responsible for e.g. carving out the WPR2 region as the first step of the GSP bootflow. 177 pub(crate) struct FwsecFirmware { 178 /// Descriptor of the firmware. 179 desc: FalconUCodeDesc, 180 /// Object containing the firmware binary. 181 ucode: FirmwareObject<Self, Signed>, 182 } 183 184 impl FalconDmaLoadable for FwsecFirmware { 185 fn as_slice(&self) -> &[u8] { 186 self.ucode.0.as_slice() 187 } 188 189 fn imem_sec_load_params(&self) -> FalconDmaLoadTarget { 190 self.desc.imem_sec_load_params() 191 } 192 193 fn imem_ns_load_params(&self) -> Option<FalconDmaLoadTarget> { 194 self.desc.imem_ns_load_params() 195 } 196 197 fn dmem_load_params(&self) -> FalconDmaLoadTarget { 198 self.desc.dmem_load_params() 199 } 200 } 201 202 impl FalconFirmware for FwsecFirmware { 203 type Target = Gsp; 204 205 fn brom_params(&self) -> FalconBromParams { 206 FalconBromParams { 207 pkc_data_offset: self.desc.pkc_data_offset(), 208 engine_id_mask: self.desc.engine_id_mask(), 209 ucode_id: self.desc.ucode_id(), 210 } 211 } 212 213 fn boot_addr(&self) -> u32 { 214 0 215 } 216 } 217 218 impl FirmwareObject<FwsecFirmware, Unsigned> { 219 fn new_fwsec(bios: &Vbios, cmd: FwsecCommand) -> Result<Self> { 220 let desc = bios.fwsec_image().header()?; 221 let mut ucode = KVVec::new(); 222 ucode.extend_from_slice(bios.fwsec_image().ucode(&desc)?, GFP_KERNEL)?; 223 224 let hdr_offset = desc 225 .imem_load_size() 226 .checked_add(desc.interface_offset()) 227 .map(usize::from_safe_cast) 228 .ok_or(EINVAL)?; 229 230 let hdr = ucode 231 .get(hdr_offset..) 232 .and_then(FalconAppifHdrV1::from_bytes_prefix) 233 .ok_or(EINVAL)? 234 .0; 235 236 if hdr.version != 1 { 237 return Err(EINVAL); 238 } 239 240 // Find the DMEM mapper section in the firmware. 241 for i in 0..usize::from(hdr.entry_count) { 242 // CALC: hdr_offset + header_size + i * entry_size. 243 let entry_offset = hdr_offset 244 .checked_add(usize::from(hdr.header_size)) 245 .and_then(|o| o.checked_add(i.checked_mul(usize::from(hdr.entry_size))?)) 246 .ok_or(EINVAL)?; 247 248 let app = ucode 249 .get(entry_offset..) 250 .and_then(FalconAppifV1::from_bytes_prefix) 251 .ok_or(EINVAL)? 252 .0; 253 254 if app.id != NVFW_FALCON_APPIF_ID_DMEMMAPPER { 255 continue; 256 } 257 let dmem_base = app.dmem_base; 258 259 let dmem_mapper_offset = desc 260 .imem_load_size() 261 .checked_add(dmem_base) 262 .map(usize::from_safe_cast) 263 .ok_or(EINVAL)?; 264 265 let dmem_mapper = ucode 266 .get_mut(dmem_mapper_offset..) 267 .and_then(FalconAppifDmemmapperV3::from_bytes_mut_prefix) 268 .ok_or(EINVAL)? 269 .0; 270 271 dmem_mapper.init_cmd = match cmd { 272 FwsecCommand::Frts { .. } => NVFW_FALCON_APPIF_DMEMMAPPER_CMD_FRTS, 273 FwsecCommand::Sb => NVFW_FALCON_APPIF_DMEMMAPPER_CMD_SB, 274 }; 275 let cmd_in_buffer_offset = dmem_mapper.cmd_in_buffer_offset; 276 277 let frts_cmd_offset = desc 278 .imem_load_size() 279 .checked_add(cmd_in_buffer_offset) 280 .map(usize::from_safe_cast) 281 .ok_or(EINVAL)?; 282 283 let frts_cmd = ucode 284 .get_mut(frts_cmd_offset..) 285 .and_then(FrtsCmd::from_bytes_mut_prefix) 286 .ok_or(EINVAL)? 287 .0; 288 289 frts_cmd.read_vbios = ReadVbios { 290 ver: 1, 291 hdr: u32::try_from(size_of::<ReadVbios>())?, 292 addr: 0, 293 size: 0, 294 flags: 2, 295 }; 296 if let FwsecCommand::Frts { 297 frts_addr, 298 frts_size, 299 } = cmd 300 { 301 frts_cmd.frts_region = FrtsRegion { 302 ver: 1, 303 hdr: u32::try_from(size_of::<FrtsRegion>())?, 304 addr: u32::try_from(frts_addr >> 12)?, 305 size: u32::try_from(frts_size >> 12)?, 306 ftype: NVFW_FRTS_CMD_REGION_TYPE_FB, 307 }; 308 } 309 310 // Return early as we found and patched the DMEMMAPPER region. 311 return Ok(Self(ucode, PhantomData)); 312 } 313 314 Err(ENOTSUPP) 315 } 316 } 317 318 impl FwsecFirmware { 319 /// Extract the Fwsec firmware from `bios` and patch it to run on `falcon` with the `cmd` 320 /// command. 321 pub(crate) fn new( 322 dev: &Device<device::Bound>, 323 falcon: &Falcon<Gsp>, 324 bar: Bar0<'_>, 325 bios: &Vbios, 326 cmd: FwsecCommand, 327 ) -> Result<Self> { 328 let ucode_dma = FirmwareObject::<Self, _>::new_fwsec(bios, cmd)?; 329 330 // Patch signature if needed. 331 let desc = bios.fwsec_image().header()?; 332 let ucode_signed = if desc.signature_count() != 0 { 333 let sig_base_img = desc 334 .imem_load_size() 335 .checked_add(desc.pkc_data_offset()) 336 .map(usize::from_safe_cast) 337 .ok_or(EINVAL)?; 338 let desc_sig_versions = u32::from(desc.signature_versions()); 339 let reg_fuse_version = 340 falcon.signature_reg_fuse_version(bar, desc.engine_id_mask(), desc.ucode_id())?; 341 dev_dbg!( 342 dev, 343 "desc_sig_versions: {:#x}, reg_fuse_version: {}\n", 344 desc_sig_versions, 345 reg_fuse_version 346 ); 347 let signature_idx = { 348 let reg_fuse_version_bit = 1 << reg_fuse_version; 349 350 // Check if the fuse version is supported by the firmware. 351 if desc_sig_versions & reg_fuse_version_bit == 0 { 352 dev_err!( 353 dev, 354 "no matching signature: {:#x} {:#x}\n", 355 reg_fuse_version_bit, 356 desc_sig_versions, 357 ); 358 return Err(EINVAL); 359 } 360 361 // `desc_sig_versions` has one bit set per included signature. Thus, the index of 362 // the signature to patch is the number of bits in `desc_sig_versions` set to `1` 363 // before `reg_fuse_version_bit`. 364 365 // Mask of the bits of `desc_sig_versions` to preserve. 366 let reg_fuse_version_mask = reg_fuse_version_bit.wrapping_sub(1); 367 368 usize::from_safe_cast((desc_sig_versions & reg_fuse_version_mask).count_ones()) 369 }; 370 371 dev_dbg!(dev, "patching signature with index {}\n", signature_idx); 372 let signature = bios 373 .fwsec_image() 374 .sigs(&desc) 375 .and_then(|sigs| sigs.get(signature_idx).ok_or(EINVAL))?; 376 377 ucode_dma.patch_signature(signature, sig_base_img)? 378 } else { 379 ucode_dma.no_patch_signature() 380 }; 381 382 Ok(FwsecFirmware { 383 desc, 384 ucode: ucode_signed, 385 }) 386 } 387 388 /// Loads the FWSEC firmware into `falcon` and execute it. 389 /// 390 /// This must only be called on chipsets that do not need the FWSEC bootloader (i.e., where 391 /// [`Chipset::needs_fwsec_bootloader()`](crate::gpu::Chipset::needs_fwsec_bootloader) returns 392 /// `false`). On chipsets that do, use [`bootloader::FwsecFirmwareWithBl`] instead. 393 pub(crate) fn run( 394 &self, 395 dev: &Device<device::Bound>, 396 falcon: &Falcon<Gsp>, 397 bar: Bar0<'_>, 398 ) -> Result<()> { 399 // Reset falcon, load the firmware, and run it. 400 falcon 401 .reset(bar) 402 .inspect_err(|e| dev_err!(dev, "Failed to reset GSP falcon: {:?}\n", e))?; 403 falcon 404 .load(dev, bar, self) 405 .inspect_err(|e| dev_err!(dev, "Failed to load FWSEC firmware: {:?}\n", e))?; 406 let (mbox0, _) = falcon 407 .boot(bar, Some(0), None) 408 .inspect_err(|e| dev_err!(dev, "Failed to boot FWSEC firmware: {:?}\n", e))?; 409 if mbox0 != 0 { 410 dev_err!(dev, "FWSEC firmware returned error {}\n", mbox0); 411 Err(EIO) 412 } else { 413 Ok(()) 414 } 415 } 416 } 417