• Jordan Crouse's avatar
    drm/msm: gpu: Enable zap shader for A5XX · 7c65817e
    Jordan Crouse authored
    The A5XX GPU powers on in "secure" mode. In secure mode the GPU can
    only render to buffers that are marked as secure and inaccessible
    to the kernel and user through a series of hardware protections. In
    practice secure mode is used to draw things like a UI on a secure
    video frame.
    
    In order to switch out of secure mode the GPU executes a special
    shader that clears out the GMEM and other sensitve registers and
    then writes a register. Because the kernel can't be trusted the
    shader binary is signed and verified and programmed by the
    secure world. To do this we need to read the MDT header and the
    segments from the firmware location and put them in memory and
    present them for approval.
    
    For targets without secure support there is an out: if the
    secure world doesn't support secure then there are no hardware
    protections and we can freely write the SECVID_TRUST register from
    the CPU. We don't have 100% confidence that we can query the
    secure capabilities at run time but we have enough calls that
    need to go right to give us some confidence that we're at least doing
    something useful.
    
    Of course if we guess wrong you trigger a permissions violation
    which usually ends up in a system crash but thats a problem
    that shows up immediately.
    
    [v2: use child device per Bjorn]
    [v3: use generic MDT loader per Bjorn]
    [v4: use managed dma functions and ifdefs for the MDT loader]
    [v5: Add depends for QCOM_MDT_LOADER]
    Signed-off-by: default avatarJordan Crouse <jcrouse@codeaurora.org>
    Acked-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
    [robclark: fix Kconfig to use select instead of depends + #if IS_ENABLED()]
    Signed-off-by: default avatarRob Clark <robdclark@gmail.com>
    7c65817e
a5xx_gpu.c 31.8 KB