lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20171130030907.26848-4-seanpaul@chromium.org>
Date:   Wed, 29 Nov 2017 22:08:58 -0500
From:   Sean Paul <seanpaul@...omium.org>
To:     dri-devel@...ts.freedesktop.org, intel-gfx@...ts.freedesktop.org
Cc:     Sean Paul <seanpaul@...omium.org>,
        Jani Nikula <jani.nikula@...ux.intel.com>,
        Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
        Rodrigo Vivi <rodrigo.vivi@...el.com>,
        David Airlie <airlied@...ux.ie>, linux-kernel@...r.kernel.org
Subject: [RFC PATCH 3/6] drm/i915: Add HDCP framework + base implementation

This patch adds the framework required to add HDCP support to intel
connectors. It implements Aksv loading from fuse, and parts 1/2/3
of the HDCP authentication scheme.

Note that without shim implementations, this does not actually implement
HDCP. That will come in subsequent patches.

Signed-off-by: Sean Paul <seanpaul@...omium.org>
---
 drivers/gpu/drm/i915/Makefile       |   1 +
 drivers/gpu/drm/i915/i915_reg.h     |  83 +++++
 drivers/gpu/drm/i915/intel_atomic.c |  26 +-
 drivers/gpu/drm/i915/intel_ddi.c    |  14 +
 drivers/gpu/drm/i915/intel_drv.h    |  53 +++
 drivers/gpu/drm/i915/intel_hdcp.c   | 636 ++++++++++++++++++++++++++++++++++++
 6 files changed, 811 insertions(+), 2 deletions(-)
 create mode 100644 drivers/gpu/drm/i915/intel_hdcp.c

diff --git a/drivers/gpu/drm/i915/Makefile b/drivers/gpu/drm/i915/Makefile
index 6c3b0481ef82..1e745508e437 100644
--- a/drivers/gpu/drm/i915/Makefile
+++ b/drivers/gpu/drm/i915/Makefile
@@ -87,6 +87,7 @@ i915-y += intel_audio.o \
 	  intel_fbc.o \
 	  intel_fifo_underrun.o \
 	  intel_frontbuffer.o \
+	  intel_hdcp.o \
 	  intel_hotplug.o \
 	  intel_modes.o \
 	  intel_overlay.o \
diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h
index 68a58cce6ab1..43128030171d 100644
--- a/drivers/gpu/drm/i915/i915_reg.h
+++ b/drivers/gpu/drm/i915/i915_reg.h
@@ -7991,6 +7991,7 @@ enum {
 #define     GEN9_MEM_LATENCY_LEVEL_1_5_SHIFT	8
 #define     GEN9_MEM_LATENCY_LEVEL_2_6_SHIFT	16
 #define     GEN9_MEM_LATENCY_LEVEL_3_7_SHIFT	24
+#define   SKL_PCODE_LOAD_HDCP_KEYS		0x5
 #define   SKL_PCODE_CDCLK_CONTROL		0x7
 #define     SKL_CDCLK_PREPARE_FOR_CHANGE	0x3
 #define     SKL_CDCLK_READY_FOR_CHANGE		0x1
@@ -8285,6 +8286,88 @@ enum skl_power_gate {
 #define  SKL_PW_TO_PG(pw)			((pw) - SKL_DISP_PW_1 + SKL_PG1)
 #define  SKL_FUSE_PG_DIST_STATUS(pg)		(1 << (27 - (pg)))
 
+
+/* HDCP Key Registers */
+#define SKL_HDCP_KEY_CONF		_MMIO(0x66c00)
+#define	 SKL_HDCP_AKSV_SEND_TRIGGER	BIT(31)
+#define  SKL_HDCP_CLEAR_KEYS_TRIGGER	BIT(30)
+#define SKL_HDCP_KEY_STATUS		_MMIO(0x66c04)
+#define  SKL_HDCP_FUSE_IN_PROGRESS	BIT(7)
+#define  SKL_HDCP_FUSE_ERROR		BIT(6)
+#define  SKL_HDCP_FUSE_DONE		BIT(5)
+#define  SKL_HDCP_KEY_LOAD_STATUS	BIT(1)
+#define  SKL_HDCP_KEY_LOAD_DONE		BIT(0)
+#define SKL_HDCP_AKSV_LO		_MMIO(0x66c10)
+#define SKL_HDCP_AKSV_HI		_MMIO(0x66c14)
+
+/* HDCP Repeater Registers */
+#define SKL_HDCP_REP_CTL		_MMIO(0x66d00)
+#define  SKL_HDCP_DDIB_REP_PRESENT	BIT(30)
+#define  SKL_HDCP_DDIA_REP_PRESENT	BIT(29)
+#define  SKL_HDCP_DDIC_REP_PRESENT	BIT(28)
+#define  SKL_HDCP_DDID_REP_PRESENT	BIT(27)
+#define  SKL_HDCP_DDIF_REP_PRESENT	BIT(26)
+#define  SKL_HDCP_DDIE_REP_PRESENT	BIT(25)
+#define  SKL_HDCP_DDIB_SHA1_M0		(1 << 20)
+#define  SKL_HDCP_DDIA_SHA1_M0		(2 << 20)
+#define  SKL_HDCP_DDIC_SHA1_M0		(3 << 20)
+#define  SKL_HDCP_DDID_SHA1_M0		(4 << 20)
+#define  SKL_HDCP_DDIF_SHA1_M0		(5 << 20)
+#define  SKL_HDCP_DDIE_SHA1_M0		(6 << 20) // Bspec says 5?
+#define  SKL_HDCP_SHA1_BUSY		BIT(16)
+#define  SKL_HDCP_SHA1_READY		BIT(17)
+#define  SKL_HDCP_SHA1_COMPLETE		BIT(18)
+#define  SKL_HDCP_SHA1_V_MATCH		BIT(19)
+#define  SKL_HDCP_SHA1_TEXT_32		(1 << 1)
+#define  SKL_HDCP_SHA1_COMPLETE_HASH	(2 << 1)
+#define  SKL_HDCP_SHA1_TEXT_24		(4 << 1)
+#define  SKL_HDCP_SHA1_TEXT_16		(5 << 1)
+#define  SKL_HDCP_SHA1_TEXT_8		(6 << 1)
+#define  SKL_HDCP_SHA1_TEXT_0		(7 << 1)
+#define SKL_HDCP_SHA_V_PRIME_H0		_MMIO(0x66d04)
+#define SKL_HDCP_SHA_V_PRIME_H1		_MMIO(0x66d08)
+#define SKL_HDCP_SHA_V_PRIME_H2		_MMIO(0x66d0C)
+#define SKL_HDCP_SHA_V_PRIME_H3		_MMIO(0x66d10)
+#define SKL_HDCP_SHA_V_PRIME_H4		_MMIO(0x66d14)
+#define SKL_HDCP_SHA_V_PRIME(h)		_MMIO((0x66d04 + h * 4))
+#define SKL_HDCP_SHA_TEXT		_MMIO(0x66d18)
+
+/* HDCP Auth Registers */
+#define _SKL_PORTA_HDCP_AUTHENC		0x66800
+#define _SKL_PORTB_HDCP_AUTHENC		0x66500
+#define _SKL_PORTC_HDCP_AUTHENC		0x66600
+#define _SKL_PORTD_HDCP_AUTHENC		0x66700
+#define _SKL_PORTE_HDCP_AUTHENC		0x66A00
+#define _SKL_PORTF_HDCP_AUTHENC		0x66900
+#define _SKL_PORT_HDCP_AUTHENC(port, x)	_MMIO(_PICK(port, \
+					  _SKL_PORTA_HDCP_AUTHENC, \
+					  _SKL_PORTB_HDCP_AUTHENC, \
+					  _SKL_PORTC_HDCP_AUTHENC, \
+					  _SKL_PORTD_HDCP_AUTHENC, \
+					  _SKL_PORTE_HDCP_AUTHENC, \
+					  _SKL_PORTF_HDCP_AUTHENC) + x)
+#define SKL_PORT_HDCP_CONF(port)	_SKL_PORT_HDCP_AUTHENC(port, 0x0)
+#define  SKL_HDCP_CONF_CAPTURE_AN	BIT(0)
+#define  SKL_HDCP_CONF_AUTH_AND_ENC	(BIT(1) | BIT(0))
+#define SKL_PORT_HDCP_ANINIT(port)	_SKL_PORT_HDCP_AUTHENC(port, 0x4)
+#define SKL_PORT_HDCP_ANLO(port)	_SKL_PORT_HDCP_AUTHENC(port, 0x8)
+#define SKL_PORT_HDCP_ANHI(port)	_SKL_PORT_HDCP_AUTHENC(port, 0xC)
+#define SKL_PORT_HDCP_BKSVLO(port)	_SKL_PORT_HDCP_AUTHENC(port, 0x10)
+#define SKL_PORT_HDCP_BKSVHI(port)	_SKL_PORT_HDCP_AUTHENC(port, 0x14)
+#define SKL_PORT_HDCP_RPRIME(port)	_SKL_PORT_HDCP_AUTHENC(port, 0x18)
+#define SKL_PORT_HDCP_STATUS(port)	_SKL_PORT_HDCP_AUTHENC(port, 0x1C)
+#define  SKL_HDCP_STATUS_STREAM_A_ENC	BIT(31)
+#define  SKL_HDCP_STATUS_STREAM_B_ENC	BIT(30)
+#define  SKL_HDCP_STATUS_STREAM_C_ENC	BIT(29)
+#define  SKL_HDCP_STATUS_STREAM_D_ENC	BIT(28)
+#define  SKL_HDCP_STATUS_AUTH		BIT(21)
+#define  SKL_HDCP_STATUS_ENC		BIT(20)
+#define  SKL_HDCP_STATUS_RI_MATCH	BIT(19)
+#define  SKL_HDCP_STATUS_R0_READY	BIT(18)
+#define  SKL_HDCP_STATUS_AN_READY	BIT(17)
+#define  SKL_HDCP_STATUS_CIPHER		BIT(16)
+#define  SKL_HDCP_STATUS_FRAME_CNT(x)	((x >> 8) & 0xff)
+
 /* Per-pipe DDI Function Control */
 #define _TRANS_DDI_FUNC_CTL_A		0x60400
 #define _TRANS_DDI_FUNC_CTL_B		0x61400
diff --git a/drivers/gpu/drm/i915/intel_atomic.c b/drivers/gpu/drm/i915/intel_atomic.c
index 36d4e635e4ce..ddf08227d9cb 100644
--- a/drivers/gpu/drm/i915/intel_atomic.c
+++ b/drivers/gpu/drm/i915/intel_atomic.c
@@ -109,12 +109,34 @@ int intel_digital_connector_atomic_check(struct drm_connector *conn,
 	struct intel_digital_connector_state *old_conn_state =
 		to_intel_digital_connector_state(old_state);
 	struct drm_crtc_state *crtc_state;
-
-	if (!new_state->crtc)
+	uint64_t old_cp = old_conn_state->base.content_protection;
+	uint64_t new_cp = new_state->content_protection;
+
+	if (!new_state->crtc) {
+		/* 
+		 * If the connector is being disabled with CP enabled, mark it
+		 * desired so it's re-enabled when the connector is brought back
+		 */
+		if (old_cp == DRM_MODE_CONTENT_PROTECTION_ENABLED)
+			new_state->content_protection =
+				DRM_MODE_CONTENT_PROTECTION_DESIRED;
 		return 0;
+	}
 
 	crtc_state = drm_atomic_get_new_crtc_state(new_state->state, new_state->crtc);
 
+	if (new_cp != old_cp) {
+		/* Only drivers can set content protection enabled */
+		if (new_cp == DRM_MODE_CONTENT_PROTECTION_ENABLED)
+			new_state->content_protection =
+				DRM_MODE_CONTENT_PROTECTION_DESIRED;
+
+		/* Involve the encoder/connector to enable/disable CP */
+		if (new_cp == DRM_MODE_CONTENT_PROTECTION_OFF ||
+		    old_cp == DRM_MODE_CONTENT_PROTECTION_OFF)
+			crtc_state->mode_changed = true;
+	}
+
 	/*
 	 * These properties are handled by fastset, and might not end
 	 * up in a modeset.
diff --git a/drivers/gpu/drm/i915/intel_ddi.c b/drivers/gpu/drm/i915/intel_ddi.c
index 933c18fd4258..0e69337f410d 100644
--- a/drivers/gpu/drm/i915/intel_ddi.c
+++ b/drivers/gpu/drm/i915/intel_ddi.c
@@ -2432,10 +2432,17 @@ static void intel_enable_ddi(struct intel_encoder *encoder,
 			     const struct intel_crtc_state *crtc_state,
 			     const struct drm_connector_state *conn_state)
 {
+	struct drm_connector *connector = conn_state->connector;
+	struct intel_connector *intel_connector = to_intel_connector(connector);
+
 	if (intel_crtc_has_type(crtc_state, INTEL_OUTPUT_HDMI))
 		intel_enable_ddi_hdmi(encoder, crtc_state, conn_state);
 	else
 		intel_enable_ddi_dp(encoder, crtc_state, conn_state);
+
+	if (conn_state->content_protection ==
+			DRM_MODE_CONTENT_PROTECTION_DESIRED)
+		intel_hdcp_enable(intel_connector);
 }
 
 static void intel_disable_ddi_dp(struct intel_encoder *encoder,
@@ -2468,10 +2475,17 @@ static void intel_disable_ddi(struct intel_encoder *encoder,
 			      const struct intel_crtc_state *old_crtc_state,
 			      const struct drm_connector_state *old_conn_state)
 {
+	struct drm_connector *connector = old_conn_state->connector;
+	struct intel_connector *intel_connector = to_intel_connector(connector);
+
 	if (intel_crtc_has_type(old_crtc_state, INTEL_OUTPUT_HDMI))
 		intel_disable_ddi_hdmi(encoder, old_crtc_state, old_conn_state);
 	else
 		intel_disable_ddi_dp(encoder, old_crtc_state, old_conn_state);
+
+	if (old_conn_state->content_protection !=
+			DRM_MODE_CONTENT_PROTECTION_OFF)
+		intel_hdcp_disable(intel_connector);
 }
 
 static void bxt_ddi_pre_pll_enable(struct intel_encoder *encoder,
diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h
index 47d022d48718..8924004575b8 100644
--- a/drivers/gpu/drm/i915/intel_drv.h
+++ b/drivers/gpu/drm/i915/intel_drv.h
@@ -299,6 +299,49 @@ struct intel_panel {
 	} backlight;
 };
 
+struct intel_hdcp_shim {
+	/* Outputs the transmitter's An and Aksv values to the receiver. */
+	int (*write_an_aksv)(struct intel_digital_port *intel_dig_port, u8 *an);
+
+	/* Reads the receiver's key selection vector */
+	int (*read_bksv)(struct intel_digital_port *intel_dig_port, u8 *bksv);
+
+	/*
+	 * Reads BINFO from DP receivers and BSTATUS from HDMI receivers. The
+	 * definitions are the same in the respective specs, but the names are
+	 * different. Call it BSTATUS since that's the name the HDMI spec
+	 * uses and it was there first.
+	 */
+	int (*read_bstatus)(struct intel_digital_port *intel_dig_port,
+			    u8 *bstatus);
+
+	/* Determines whether a repeater is present downstream */
+	int (*repeater_present)(struct intel_digital_port *intel_dig_port,
+				bool *repeater_present);
+
+	/* Reads the receiver's Ri' value */
+	int (*read_ri_prime)(struct intel_digital_port *intel_dig_port, u8 *ri);
+
+	/* Determines if the receiver's KSV FIFO is ready for consumption */
+	int (*read_ksv_ready)(struct intel_digital_port *intel_dig_port,
+			      bool *ksv_ready);
+
+	/* Reads the ksv fifo for num_downstream devices */
+	int (*read_ksv_fifo)(struct intel_digital_port *intel_dig_port,
+			     int num_downstream, u8 *ksv_fifo);
+
+	/* Reads a 32-bit part of V' from the receiver */
+	int (*read_v_prime_part)(struct intel_digital_port *intel_dig_port,
+				 int i, u32 *part);
+
+	/* Enables HDCP signalling on the port */
+	int (*toggle_signalling)(struct intel_digital_port *intel_dig_port,
+				 bool enable);
+
+	/* Ensures the link is still protected */
+	bool (*check_link)(struct intel_digital_port *intel_dig_port);
+};
+
 struct intel_connector {
 	struct drm_connector base;
 	/*
@@ -330,6 +373,9 @@ struct intel_connector {
 
 	/* Work struct to schedule a uevent on link train failure */
 	struct work_struct modeset_retry_work;
+
+	const struct intel_hdcp_shim *hdcp_shim;
+	struct delayed_work hdcp_work;
 };
 
 struct intel_digital_connector_state {
@@ -1295,6 +1341,8 @@ void intel_ddi_set_vc_payload_alloc(const struct intel_crtc_state *crtc_state,
 				    bool state);
 u32 bxt_signal_levels(struct intel_dp *intel_dp);
 uint32_t ddi_signal_levels(struct intel_dp *intel_dp);
+int intel_ddi_enable_hdcp_signalling(struct intel_encoder *intel_encoder);
+int intel_ddi_disable_hdcp_signalling(struct intel_encoder *intel_encoder);
 u8 intel_ddi_dp_voltage_max(struct intel_encoder *encoder);
 
 unsigned int intel_fb_align_height(const struct drm_framebuffer *fb,
@@ -1746,6 +1794,11 @@ static inline void intel_backlight_device_unregister(struct intel_connector *con
 }
 #endif /* CONFIG_BACKLIGHT_CLASS_DEVICE */
 
+/* intel_hdcp.c */
+int intel_hdcp_enable(struct intel_connector *connector);
+int intel_hdcp_disable(struct intel_connector *connector);
+int intel_hdcp_check_link(struct intel_connector *connector);
+void intel_hdcp_work(struct work_struct *work);
 
 /* intel_psr.c */
 void intel_psr_enable(struct intel_dp *intel_dp,
diff --git a/drivers/gpu/drm/i915/intel_hdcp.c b/drivers/gpu/drm/i915/intel_hdcp.c
new file mode 100644
index 000000000000..a2a575ed657e
--- /dev/null
+++ b/drivers/gpu/drm/i915/intel_hdcp.c
@@ -0,0 +1,636 @@
+/*
+ * Copyright (C) 2017 Google, Inc.
+ *
+ * This software is licensed under the terms of the GNU General Public
+ * License version 2, as published by the Free Software Foundation, and
+ * may be copied, distributed, and modified under those terms.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <drm/drmP.h>
+#include <drm/drm_hdcp.h>
+#include <linux/i2c.h>
+#include <linux/random.h>
+
+#include "intel_drv.h"
+#include "i915_reg.h"
+
+#define KEY_LOAD_TRIES	5
+
+static int intel_hdcp_poll_ksv_fifo(struct intel_digital_port *intel_dig_port,
+				    const struct intel_hdcp_shim *shim)
+{
+	unsigned long timeout = jiffies + msecs_to_jiffies_timeout(500);
+	int ret;
+	bool ksv_ready;
+
+	while (true) {
+		ret = shim->read_ksv_ready(intel_dig_port, &ksv_ready);
+		if (ret)
+			return ret;
+		if (ksv_ready)
+			break;
+		if (time_after(jiffies, timeout))
+			return -ETIMEDOUT;
+		msleep(100);
+	}
+	return 0;
+}
+
+static void intel_hdcp_clear_keys(struct drm_i915_private *dev_priv)
+{
+	I915_WRITE(SKL_HDCP_KEY_CONF, SKL_HDCP_CLEAR_KEYS_TRIGGER);
+	I915_WRITE(SKL_HDCP_KEY_STATUS,
+		   SKL_HDCP_KEY_LOAD_DONE | SKL_HDCP_KEY_LOAD_STATUS |
+		   SKL_HDCP_FUSE_IN_PROGRESS | SKL_HDCP_FUSE_ERROR |
+		   SKL_HDCP_FUSE_DONE);
+}
+
+static int intel_hdcp_load_keys(struct drm_i915_private *dev_priv)
+{
+	unsigned long timeout;
+	int ret;
+	u32 val;
+
+	// Initiate loading the HDCP key from fuses
+	mutex_lock(&dev_priv->pcu_lock);
+	ret = sandybridge_pcode_write(dev_priv, SKL_PCODE_LOAD_HDCP_KEYS, 1);
+	mutex_unlock(&dev_priv->pcu_lock);
+	if (ret) {
+		DRM_ERROR("Failed to initiate HDCP key load (%d)\n", ret);
+		return ret;
+	}
+
+	// Wait for the keys to load (500us)
+	timeout = jiffies + nsecs_to_jiffies_timeout(500 * 1000);
+	while (true) {
+		val = I915_READ(SKL_HDCP_KEY_STATUS);
+		if (val & SKL_HDCP_KEY_LOAD_DONE)
+			break;
+		if (time_after(jiffies, timeout))
+			return -ETIMEDOUT;
+		usleep_range(50, 100);
+	}
+	if (!(val & SKL_HDCP_KEY_LOAD_STATUS))
+		return -ENXIO;
+
+	// Send Aksv over to PCH display for use in authentication
+	I915_WRITE(SKL_HDCP_KEY_CONF, SKL_HDCP_AKSV_SEND_TRIGGER);
+
+	return 0;
+}
+
+/* Returns updated SHA-1 index */
+static int intel_write_sha_text(struct drm_i915_private *dev_priv, u32 sha_text)
+{
+	I915_WRITE(SKL_HDCP_SHA_TEXT, sha_text);
+	if (wait_for(I915_READ(SKL_HDCP_REP_CTL) & SKL_HDCP_SHA1_READY, 1)) {
+		DRM_ERROR("Timed out waiting for SHA1 ready\n");
+		return -ETIMEDOUT;
+	}
+	return 0;
+}
+
+static
+u32 intel_hdcp_get_repeater_ctl(struct intel_digital_port *intel_dig_port)
+{
+	enum port port = intel_dig_port->port;
+	switch(port) {
+	case PORT_A:
+		return SKL_HDCP_DDIA_REP_PRESENT | SKL_HDCP_DDIA_SHA1_M0;
+	case PORT_B:
+		return SKL_HDCP_DDIB_REP_PRESENT | SKL_HDCP_DDIB_SHA1_M0;
+	case PORT_C:
+		return SKL_HDCP_DDIC_REP_PRESENT | SKL_HDCP_DDIC_SHA1_M0;
+	case PORT_D:
+		return SKL_HDCP_DDID_REP_PRESENT | SKL_HDCP_DDID_SHA1_M0;
+	case PORT_E:
+		return SKL_HDCP_DDIE_REP_PRESENT | SKL_HDCP_DDIE_SHA1_M0;
+	default:
+		break;
+	}
+	DRM_ERROR("Unknown port %d\n", port);
+	return -EINVAL;
+}
+
+/* Implements Part 2 of the HDCP authorization procedure */
+static
+int intel_hdcp_auth_downstream(struct intel_digital_port *intel_dig_port,
+			       const struct intel_hdcp_shim *shim)
+{
+	struct drm_i915_private *dev_priv;
+	u32 vprime, sha_text, sha_leftovers, rep_ctl;
+	u8 bstatus[2], num_downstream, *ksv_fifo;
+	int ret, i, j, sha_idx;
+
+	dev_priv = intel_dig_port->base.base.dev->dev_private;
+
+	ret = shim->read_bstatus(intel_dig_port, bstatus);
+	if (ret)
+		return ret;
+
+	/* If there are no downstream devices, we're all done. */
+	num_downstream = DRM_HDCP_NUM_DOWNSTREAM(bstatus[0]);
+	if (num_downstream == 0) {
+		DRM_INFO("HDCP is enabled (no downstream devices)\n");
+		return 0;
+	}
+
+	// Poll for ksv list ready (spec says max time allowed is 5s)
+	ret = intel_hdcp_poll_ksv_fifo(intel_dig_port, shim);
+	if (ret) {
+		DRM_ERROR("KSV list failed to become ready (%d)\n", ret);
+		return ret;
+	}
+
+	ksv_fifo = kzalloc(num_downstream * DRM_HDCP_KSV_LEN, GFP_KERNEL);
+	if (!ksv_fifo)
+		return -ENOMEM;
+
+	ret = shim->read_ksv_fifo(intel_dig_port, num_downstream, ksv_fifo);
+	if (ret)
+		return ret;
+
+	// Process V' values from the receiver
+	for (i = 0; i < DRM_HDCP_V_PRIME_NUM_PARTS; i++) {
+		ret = shim->read_v_prime_part(intel_dig_port, i, &vprime);
+		if (ret)
+			return ret;
+		I915_WRITE(SKL_HDCP_SHA_V_PRIME(i), vprime);
+	}
+
+	/*
+	 * We need to write the concatenation of all device KSVs, BINFO (DP) ||
+	 * BSTATUS (HDMI), and M0 (which is added via HDCP_REP_CTL). This byte
+	 * stream is written via the HDCP_SHA_TEXT register in 32-bit
+	 * increments. Every 64 bytes, we need to write HDCP_REP_CTL again. This
+	 * index will keep track of our progress through the 64 bytes as well as
+	 * helping us work the 40-bit KSVs through our 32-bit register.
+	 *
+	 * NOTE: data passed via HDCP_SHA_TEXT should be big-endian
+	 */
+	sha_idx = 0;
+	sha_text = 0;
+	sha_leftovers = 0;
+	rep_ctl = intel_hdcp_get_repeater_ctl(intel_dig_port);
+	I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_32);
+	for (i = 0; i < num_downstream; i++) {
+		unsigned sha_empty;
+		u8 *ksv = &ksv_fifo[i * DRM_HDCP_KSV_LEN];
+
+		// Fill up the empty slots in sha_text and write it out
+		sha_empty = sizeof(sha_text) - sha_leftovers;
+		for (j = 0; j < sha_empty; j++)
+			sha_text |= ksv[j] << ((sizeof(sha_text) - j - 1) * 8);
+
+		ret = intel_write_sha_text(dev_priv, sha_text);
+		if (ret < 0)
+			return ret;
+
+		// Programming guide writes this every 64 bytes
+		sha_idx += sizeof(sha_text);
+		if (!(sha_idx % 64))
+			I915_WRITE(SKL_HDCP_REP_CTL,
+				   rep_ctl | SKL_HDCP_SHA1_TEXT_32);
+
+		// Store the leftover bytes from the ksv in sha_text
+		sha_leftovers = DRM_HDCP_KSV_LEN - sha_empty;
+		sha_text = 0;
+		for (j = 0; j < sha_leftovers; j++)
+			sha_text |= ksv[sha_empty + j] <<
+					((sizeof(sha_text) - j - 1) * 8);
+
+		/*
+		 * If we still have room in sha_text for more data, continue.
+		 * Otherwise, write it out immediately.
+		 */
+		if (sizeof(sha_text) > sha_leftovers)
+			continue;
+
+		ret = intel_write_sha_text(dev_priv, sha_text);
+		if (ret < 0)
+			return ret;
+		sha_leftovers = 0;
+		sha_text = 0;
+		sha_idx += sizeof(sha_text);
+	}
+
+	/*
+	 * We need to write BINFO/BSTATUS, and M0 now. Depending on how many
+	 * bytes are leftover from the last ksv, we might be able to fit them
+	 * all in sha_text (first 2 cases), or we might need to split them up
+	 * into 2 writes (last 2 cases).
+	 */
+	if (sha_leftovers == 0) {
+		// Write 16 bits of text, 16 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_16);
+		ret = intel_write_sha_text(dev_priv,
+					   bstatus[0] << 8 | bstatus[1]);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+		// Write 32 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_0);
+		ret = intel_write_sha_text(dev_priv, 0);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+		// Write 16 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_16);
+		ret = intel_write_sha_text(dev_priv, 0);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+	} else if (sha_leftovers == 1) {
+		// Write 24 bits of text, 8 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_24);
+		sha_text |= bstatus[0] << 16 | bstatus[1] << 8;
+		// Only 24-bits of data, must be in the LSB
+		sha_text = (sha_text & 0xffffff00) >> 8;
+		ret = intel_write_sha_text(dev_priv, sha_text);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+		// Write 32 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_0);
+		ret = intel_write_sha_text(dev_priv, 0);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+		// Write 24 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_8);
+		ret = intel_write_sha_text(dev_priv, 0);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+	} else if (sha_leftovers == 2) {
+		// Write 32 bits of text
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_32);
+		sha_text |= bstatus[0] << 24 | bstatus[1] << 16;
+		ret = intel_write_sha_text(dev_priv, sha_text);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+		// Write 64 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_0);
+		for (i = 0; i < 2; i++) {
+			ret = intel_write_sha_text(dev_priv, 0);
+			if (ret < 0)
+				return ret;
+			sha_idx += sizeof(sha_text);
+		}
+	} else if (sha_leftovers == 3) {
+		// Write 32 bits of text
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_32);
+		sha_text |= bstatus[0] << 24;
+		ret = intel_write_sha_text(dev_priv, sha_text);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+		// Write 8 bits of text, 24 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_8);
+		ret = intel_write_sha_text(dev_priv, bstatus[1]);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+		// Write 32 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_0);
+		ret = intel_write_sha_text(dev_priv, 0);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+
+		// Write 8 bits of M0
+		I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_24);
+		ret = intel_write_sha_text(dev_priv, 0);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+	} else {
+		DRM_ERROR("Invalid number of leftovers %d\n", sha_leftovers);
+		return -EINVAL;
+	}
+
+	I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_TEXT_32);
+	// Fill up to 64 - 4 bytes with zeros (leave the last write for length)
+	while ((sha_idx % 64) < (64 - sizeof(sha_text))) {
+		ret = intel_write_sha_text(dev_priv, 0);
+		if (ret < 0)
+			return ret;
+		sha_idx += sizeof(sha_text);
+	}
+
+	/*
+	 * Last write gets the length of the concatenation in bits. That is:
+	 *  - 5 bytes per device
+	 *  - 10 bytes for BINFO/BSTATUS(2), M0(8)
+	 */
+	sha_text = (num_downstream * 5 + 10) * 8;
+	ret = intel_write_sha_text(dev_priv, sha_text);
+	if (ret < 0)
+		return ret;
+
+	// Finally, tell the HW we're done with the hash and wait for it to ACK
+	I915_WRITE(SKL_HDCP_REP_CTL, rep_ctl | SKL_HDCP_SHA1_COMPLETE_HASH);
+	if (wait_for(I915_READ(SKL_HDCP_REP_CTL) & SKL_HDCP_SHA1_COMPLETE, 1)) {
+		DRM_ERROR("Timed out waiting for SHA1 complete\n");
+		return -ETIMEDOUT;
+	}
+	if (!(I915_READ(SKL_HDCP_REP_CTL) & SKL_HDCP_SHA1_V_MATCH)) {
+		DRM_ERROR("SHA-1 mismatch, HDCP failed\n");
+		return -ENXIO;
+	}
+
+	DRM_INFO("HDCP is enabled (%d downstream devices)\n", num_downstream);
+	return 0;
+}
+
+/* Implements Part 1 of the HDCP authorization procedure */
+static int intel_hdcp_auth(struct intel_digital_port *intel_dig_port,
+			   const struct intel_hdcp_shim *shim)
+{
+	struct drm_i915_private *dev_priv;
+	enum port port;
+	unsigned long r0_prime_gen_start;
+	int ret, i;
+	union {
+		u32 reg[2];
+		u8 shim[DRM_HDCP_AN_LEN];
+	} an;
+	union {
+		u32 reg[2];
+		u8 shim[DRM_HDCP_KSV_LEN];
+	} bksv;
+	union {
+		u32 reg;
+		u8 shim[DRM_HDCP_RI_LEN];
+	} ri;
+	bool repeater_present;
+
+	dev_priv = intel_dig_port->base.base.dev->dev_private;
+
+	port = intel_dig_port->port;
+
+	// Initialize An with 2 random values and acquire it
+	for (i = 0; i < 2; i++)
+		I915_WRITE(SKL_PORT_HDCP_ANINIT(port), get_random_long());
+	I915_WRITE(SKL_PORT_HDCP_CONF(port), SKL_HDCP_CONF_CAPTURE_AN);
+
+	// Wait for An to be acquired
+	if (wait_for(I915_READ(SKL_PORT_HDCP_STATUS(port)) &
+		     SKL_HDCP_STATUS_AN_READY, 1)) {
+		DRM_ERROR("Timed out waiting for An\n");
+		return -ETIMEDOUT;
+	}
+
+	an.reg[0] = I915_READ(SKL_PORT_HDCP_ANLO(port));
+	an.reg[1] = I915_READ(SKL_PORT_HDCP_ANHI(port));
+	ret = shim->write_an_aksv(intel_dig_port, an.shim);
+	if (ret)
+		return ret;
+
+	r0_prime_gen_start = jiffies;
+
+	memset(&bksv, 0, sizeof(bksv));
+	ret = shim->read_bksv(intel_dig_port, bksv.shim);
+	if (ret)
+		return ret;
+
+	I915_WRITE(SKL_PORT_HDCP_BKSVLO(port), bksv.reg[0]);
+	I915_WRITE(SKL_PORT_HDCP_BKSVHI(port), bksv.reg[1]);
+
+	ret = shim->repeater_present(intel_dig_port, &repeater_present);
+	if (ret)
+		return ret;
+	if (repeater_present)
+		I915_WRITE(SKL_HDCP_REP_CTL,
+			   intel_hdcp_get_repeater_ctl(intel_dig_port));
+
+	ret = shim->toggle_signalling(intel_dig_port, true);
+	if (ret)
+		return ret;
+
+	I915_WRITE(SKL_PORT_HDCP_CONF(port), SKL_HDCP_CONF_AUTH_AND_ENC);
+
+	// Wait for R0 ready
+	if (wait_for(I915_READ(SKL_PORT_HDCP_STATUS(port)) &
+		     (SKL_HDCP_STATUS_R0_READY | SKL_HDCP_STATUS_ENC), 1)) {
+		DRM_ERROR("Timed out waiting for R0 ready\n");
+		return -ETIMEDOUT;
+	}
+
+	/*
+	 * Wait for R0' to become available, the spec says 100ms from Aksv
+	 * write. On DP, there's an R0_READY bit available but no such bit
+	 * exists on HDMI. Since the upper-bound is the same, we'll just do
+	 * the stupid thing instead of polling on one and not the other.
+	 */
+	wait_remaining_ms_from_jiffies(r0_prime_gen_start, 100);
+
+	ri.reg = 0;
+	ret = shim->read_ri_prime(intel_dig_port, ri.shim);
+	if (ret)
+		return ret;
+	I915_WRITE(SKL_PORT_HDCP_RPRIME(port), ri.reg);
+
+	// Wait for Ri prime match
+	if (wait_for(I915_READ(SKL_PORT_HDCP_STATUS(port)) &
+		     (SKL_HDCP_STATUS_RI_MATCH | SKL_HDCP_STATUS_ENC), 1)) {
+		DRM_ERROR("Timed out waiting for Ri prime match (%x)\n",
+			  I915_READ(SKL_PORT_HDCP_STATUS(port)));
+		return -ETIMEDOUT;
+	}
+
+	// Wait for encryption confirmation
+	if (wait_for(I915_READ(SKL_PORT_HDCP_STATUS(port)) &
+		      SKL_HDCP_STATUS_ENC, 20)) {
+		DRM_ERROR("Timed out waiting for encryption\n");
+		return -ETIMEDOUT;
+	}
+
+	/*
+	 * XXX: If we have MST-connected devices, we need to enable encryption
+	 * on those as well.
+	 */
+
+	return intel_hdcp_auth_downstream(intel_dig_port, shim);
+}
+
+static
+struct intel_digital_port *conn_to_dig_port(struct intel_connector *connector)
+{
+	return enc_to_dig_port(&intel_attached_encoder(&connector->base)->base);
+}
+
+static int _intel_hdcp_disable(struct intel_connector *connector)
+{
+	struct drm_i915_private *dev_priv = connector->base.dev->dev_private;
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	enum port port = intel_dig_port->port;
+	int ret;
+
+	I915_WRITE(SKL_PORT_HDCP_CONF(port), 0);
+	if (wait_for(I915_READ(SKL_PORT_HDCP_STATUS(port)) == 0, 20)) {
+		DRM_ERROR("Failed to disable HDCP, timeout clearing status\n");
+		return -ETIMEDOUT;
+	}
+
+	intel_hdcp_clear_keys(dev_priv);
+
+	ret = connector->hdcp_shim->toggle_signalling(intel_dig_port, false);
+	if (ret) {
+		DRM_ERROR("Failed to disable HDCP signalling\n");
+		return ret;
+	}
+
+	DRM_INFO("HDCP is disabled\n");
+	return 0;
+}
+
+static int _intel_hdcp_enable(struct intel_connector *connector)
+{
+	struct drm_i915_private *dev_priv = connector->base.dev->dev_private;
+	int i, ret;
+
+	if (!(I915_READ(SKL_FUSE_STATUS) & SKL_FUSE_PG_DIST_STATUS(1))) {
+		DRM_ERROR("PG1 is disabled, cannot load keys\n");
+		return -ENXIO;
+	}
+
+	for (i = 0; i < KEY_LOAD_TRIES; i++) {
+		ret = intel_hdcp_load_keys(dev_priv);
+		if (!ret)
+			break;
+		intel_hdcp_clear_keys(dev_priv);
+	}
+	if (ret) {
+		DRM_ERROR("Could not load HDCP keys, (%d)\n", ret);
+		return ret;
+	}
+
+	ret = intel_hdcp_auth(conn_to_dig_port(connector),
+			      connector->hdcp_shim);
+	if (ret) {
+		DRM_ERROR("Failed to authenticate HDCP (%d)\n", ret);
+		return ret;
+	}
+
+	return 0;
+}
+
+void intel_hdcp_work(struct work_struct *work)
+{
+	struct intel_connector *connector = container_of(to_delayed_work(work),
+							 struct intel_connector,
+						         hdcp_work);
+	struct drm_device *dev = connector->base.dev;
+	int ret;
+
+	drm_modeset_lock(&dev->mode_config.connection_mutex, NULL);
+
+	ret = intel_hdcp_check_link(connector);
+	if (!ret)
+		schedule_delayed_work(&connector->hdcp_work,
+				      DRM_HDCP_CHECK_PERIOD_MS);
+
+	drm_modeset_unlock(&dev->mode_config.connection_mutex);
+}
+
+int intel_hdcp_enable(struct intel_connector *connector)
+{
+	struct drm_i915_private *dev_priv = connector->base.dev->dev_private;
+	struct drm_device *dev = &dev_priv->drm;
+	struct drm_connector_state *state = connector->base.state;
+	int ret;
+
+	WARN_ON(!drm_modeset_is_locked(&dev->mode_config.connection_mutex));
+
+	if (!connector->hdcp_shim)
+		return -ENOENT;
+
+	ret = _intel_hdcp_enable(connector);
+	if (ret)
+		return ret;
+
+	state->content_protection = DRM_MODE_CONTENT_PROTECTION_ENABLED;
+
+	schedule_delayed_work(&connector->hdcp_work, DRM_HDCP_CHECK_PERIOD_MS);
+	return 0;
+}
+
+int intel_hdcp_disable(struct intel_connector *connector)
+{
+	struct drm_i915_private *dev_priv = connector->base.dev->dev_private;
+	struct drm_device *dev = &dev_priv->drm;
+
+	WARN_ON(!drm_modeset_is_locked(&dev->mode_config.connection_mutex));
+
+	if (!connector->hdcp_shim)
+		return -ENOENT;
+
+	cancel_delayed_work(&connector->hdcp_work);
+
+	return _intel_hdcp_disable(connector);
+}
+
+/* Implements Part 3 of the HDCP authorization procedure */
+int intel_hdcp_check_link(struct intel_connector *connector)
+{
+	struct drm_i915_private *dev_priv = connector->base.dev->dev_private;
+	struct drm_device *dev = &dev_priv->drm;
+	struct drm_connector_state *state = connector->base.state;
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	enum port port = intel_dig_port->port;
+	int ret;
+
+	WARN_ON(!drm_modeset_is_locked(&dev->mode_config.connection_mutex));
+
+	if (state->content_protection != DRM_MODE_CONTENT_PROTECTION_ENABLED)
+		return 0;
+
+	if (!connector->hdcp_shim)
+		return -ENOENT;
+
+	if (!(I915_READ(SKL_PORT_HDCP_STATUS(port)) & SKL_HDCP_STATUS_ENC)) {
+		DRM_ERROR("HDCP check failed: link is not encrypted, %x\n",
+			   I915_READ(SKL_PORT_HDCP_STATUS(port)));
+		ret = -ENXIO;
+		goto fail;
+	}
+
+	if (connector->hdcp_shim->check_link(intel_dig_port))
+		return 0;
+
+	DRM_INFO("HDCP link failed, retrying authentication\n");
+
+	ret = _intel_hdcp_disable(connector);
+	if (ret) {
+		DRM_ERROR("Failed to disable hdcp (%d)\n", ret);
+		goto fail;
+	}
+
+	ret = _intel_hdcp_enable(connector);
+	if (ret) {
+		DRM_ERROR("Failed to enable hdcp (%d)\n", ret);
+		goto fail;
+	}
+
+	return 0;
+
+fail:
+	state->content_protection = DRM_MODE_CONTENT_PROTECTION_DESIRED;
+	return ret;
+}
-- 
2.15.0.531.g2ccb3012c9-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ