/* * intel_hdcp_required_content_stream selects the most highest common possible HDCP * content_type for all streams in DP MST topology because security f/w doesn't * have any provision to mark content_type for each stream separately, it marks * all available streams with the content_type proivided at the time of port * authentication. This may prohibit the userspace to use type1 content on * HDCP 2.2 capable sink because of other sink are not capable of HDCP 2.2 in * DP MST topology. Though it is not compulsory, security fw should change its * policy to mark different content_types for different streams.
*/ staticint
intel_hdcp_required_content_stream(struct intel_atomic_state *state, struct intel_digital_port *dig_port)
{ struct intel_display *display = to_intel_display(state); struct drm_connector_list_iter conn_iter; struct intel_digital_port *conn_dig_port; struct intel_connector *connector; struct hdcp_port_data *data = &dig_port->hdcp.port_data; bool enforce_type0 = false; int k;
if (dig_port->hdcp.auth_status) return 0;
data->k = 0;
if (!dig_port->hdcp.mst_type1_capable)
enforce_type0 = true;
drm_connector_list_iter_begin(display->drm, &conn_iter);
for_each_intel_connector_iter(connector, &conn_iter) { if (connector->base.status == connector_status_disconnected) continue;
if (!intel_encoder_is_mst(intel_attached_encoder(connector))) continue;
conn_dig_port = intel_attached_dig_port(connector); if (conn_dig_port != dig_port) continue;
/* * Apply common protection level across all streams in DP MST Topology. * Use highest supported content type for all streams in DP MST Topology.
*/ for (k = 0; k < data->k; k++)
data->streams[k].stream_type =
enforce_type0 ? DRM_MODE_HDCP_CONTENT_TYPE0 : DRM_MODE_HDCP_CONTENT_TYPE1;
static bool intel_hdcp_is_ksv_valid(u8 *ksv)
{ int i, ones = 0; /* KSV has 20 1's and 20 0's */ for (i = 0; i < DRM_HDCP_KSV_LEN; i++)
ones += hweight8(ksv[i]); if (ones != 20) returnfalse;
returntrue;
}
static int intel_hdcp_read_valid_bksv(struct intel_digital_port *dig_port, conststruct intel_hdcp_shim *shim, u8 *bksv)
{ struct intel_display *display = to_intel_display(dig_port); int ret, i, tries = 2;
/* HDCP spec states that we must retry the bksv if it is invalid */ for (i = 0; i < tries; i++) {
ret = shim->read_bksv(dig_port, bksv); if (ret) return ret; if (intel_hdcp_is_ksv_valid(bksv)) break;
} if (i == tries) {
drm_dbg_kms(display->drm, "Bksv is invalid\n"); return -ENODEV;
}
return 0;
}
/* Is HDCP1.4 capable on Platform and Sink */ staticbool intel_hdcp_get_capability(struct intel_connector *connector)
{ struct intel_digital_port *dig_port; conststruct intel_hdcp_shim *shim = connector->hdcp.shim; bool capable = false;
u8 bksv[5];
if (!intel_attached_encoder(connector)) return capable;
dig_port = intel_attached_dig_port(connector);
if (!shim) return capable;
if (shim->hdcp_get_capability) {
shim->hdcp_get_capability(dig_port, &capable);
} else { if (!intel_hdcp_read_valid_bksv(dig_port, shim, bksv))
capable = true;
}
return capable;
}
/* * Check if the source has all the building blocks ready to make * HDCP 2.2 work
*/ staticbool intel_hdcp2_prerequisite(struct intel_connector *connector)
{ struct intel_display *display = to_intel_display(connector); struct intel_hdcp *hdcp = &connector->hdcp;
/* I915 support for HDCP2.2 */ if (!hdcp->hdcp2_supported) returnfalse;
/* If MTL+ make sure gsc is loaded and proxy is setup */ if (USE_HDCP_GSC(display)) { if (!intel_hdcp_gsc_check_status(display->drm)) returnfalse;
}
/* MEI/GSC interface is solid depending on which is used */
mutex_lock(&display->hdcp.hdcp_mutex); if (!display->hdcp.comp_added || !display->hdcp.arbiter) {
mutex_unlock(&display->hdcp.hdcp_mutex); returnfalse;
}
mutex_unlock(&display->hdcp.hdcp_mutex);
returntrue;
}
/* Is HDCP2.2 capable on Platform and Sink */ staticbool intel_hdcp2_get_capability(struct intel_connector *connector)
{ struct intel_hdcp *hdcp = &connector->hdcp; bool capable = false;
if (!intel_hdcp2_prerequisite(connector)) returnfalse;
/* Sink's capability for HDCP2.2 */
hdcp->shim->hdcp_2_2_get_capability(connector, &capable);
/* Poll for ksv list ready (spec says max time allowed is 5s) */
ret = __wait_for(read_ret = shim->read_ksv_ready(dig_port,
&ksv_ready),
read_ret || ksv_ready, 5 * 1000 * 1000, 1000,
100 * 1000); if (ret) return ret; if (read_ret) return read_ret; if (!ksv_ready) return -ETIMEDOUT;
/* * On HSW and BDW, Display HW loads the Key as soon as Display resumes. * On all BXT+, SW can load the keys only when the PW#1 is turned on.
*/ if (display->platform.haswell || display->platform.broadwell)
id = HSW_DISP_PW_GLOBAL; else
id = SKL_DISP_PW_1;
/* PG1 (power well #1) needs to be enabled */
with_intel_display_rpm(display)
enabled = intel_display_power_well_is_enabled(display, id);
/* * Another req for hdcp key loadability is enabled state of pll for * cdclk. Without active crtc we won't land here. So we are assuming that * cdclk is already on.
*/
staticint intel_hdcp_load_keys(struct intel_display *display)
{ int ret;
u32 val;
val = intel_de_read(display, HDCP_KEY_STATUS); if ((val & HDCP_KEY_LOAD_DONE) && (val & HDCP_KEY_LOAD_STATUS)) return 0;
/* * On HSW and BDW HW loads the HDCP1.4 Key when Display comes * out of reset. So if Key is not already loaded, its an error state.
*/ if (display->platform.haswell || display->platform.broadwell) if (!(intel_de_read(display, HDCP_KEY_STATUS) & HDCP_KEY_LOAD_DONE)) return -ENXIO;
/* * Initiate loading the HDCP key from fuses. * * BXT+ platforms, HDCP key needs to be loaded by SW. Only display * version 9 platforms (minus BXT) differ in the key load trigger * process from other platforms. These platforms use the GT Driver * Mailbox interface.
*/ if (DISPLAY_VER(display) == 9 && !display->platform.broxton) {
ret = intel_pcode_write(display->drm, SKL_PCODE_LOAD_HDCP_KEYS, 1); if (ret) {
drm_err(display->drm, "Failed to initiate HDCP key load (%d)\n",
ret); return ret;
}
} else {
intel_de_write(display, HDCP_KEY_CONF, HDCP_KEY_LOAD_TRIGGER);
}
/* Wait for the keys to load (500us) */
ret = intel_de_wait_custom(display, HDCP_KEY_STATUS,
HDCP_KEY_LOAD_DONE, HDCP_KEY_LOAD_DONE,
10, 1, &val); if (ret) return ret; elseif (!(val & HDCP_KEY_LOAD_STATUS)) return -ENXIO;
/* Send Aksv over to PCH display for use in authentication */
intel_de_write(display, HDCP_KEY_CONF, HDCP_AKSV_SEND_TRIGGER);
return 0;
}
/* Returns updated SHA-1 index */ staticint intel_write_sha_text(struct intel_display *display, u32 sha_text)
{
intel_de_write(display, HDCP_SHA_TEXT, sha_text); if (intel_de_wait_for_set(display, HDCP_REP_CTL, HDCP_SHA1_READY, 1)) {
drm_err(display->drm, "Timed out waiting for SHA1 ready\n"); return -ETIMEDOUT;
} return 0;
}
static
u32 intel_hdcp_get_repeater_ctl(struct intel_display *display, enum transcoder cpu_transcoder, enum port port)
{ if (DISPLAY_VER(display) >= 12) { switch (cpu_transcoder) { case TRANSCODER_A: return HDCP_TRANSA_REP_PRESENT |
HDCP_TRANSA_SHA1_M0; case TRANSCODER_B: return HDCP_TRANSB_REP_PRESENT |
HDCP_TRANSB_SHA1_M0; case TRANSCODER_C: return HDCP_TRANSC_REP_PRESENT |
HDCP_TRANSC_SHA1_M0; case TRANSCODER_D: return HDCP_TRANSD_REP_PRESENT |
HDCP_TRANSD_SHA1_M0; default:
drm_err(display->drm, "Unknown transcoder %d\n",
cpu_transcoder); return 0;
}
}
switch (port) { case PORT_A: return HDCP_DDIA_REP_PRESENT | HDCP_DDIA_SHA1_M0; case PORT_B: return HDCP_DDIB_REP_PRESENT | HDCP_DDIB_SHA1_M0; case PORT_C: return HDCP_DDIC_REP_PRESENT | HDCP_DDIC_SHA1_M0; case PORT_D: return HDCP_DDID_REP_PRESENT | HDCP_DDID_SHA1_M0; case PORT_E: return HDCP_DDIE_REP_PRESENT | HDCP_DDIE_SHA1_M0; default:
drm_err(display->drm, "Unknown port %d\n", port); return 0;
}
}
static int intel_hdcp_validate_v_prime(struct intel_connector *connector, conststruct intel_hdcp_shim *shim,
u8 *ksv_fifo, u8 num_downstream, u8 *bstatus)
{ struct intel_display *display = to_intel_display(connector); struct intel_digital_port *dig_port = intel_attached_dig_port(connector); enum transcoder cpu_transcoder = connector->hdcp.cpu_transcoder; enum port port = dig_port->base.port;
u32 vprime, sha_text, sha_leftovers, rep_ctl; int ret, i, j, sha_idx;
/* Process V' values from the receiver */ for (i = 0; i < DRM_HDCP_V_PRIME_NUM_PARTS; i++) {
ret = shim->read_v_prime_part(dig_port, i, &vprime); if (ret) return ret;
intel_de_write(display, HDCP_SHA_V_PRIME(i), vprime);
}
/* * We need to write the concatenation of all device KSVs, BINFO (DP) || * BSTATUS (HDMI), and M0 (which is added via HDCP_REP_CTL). This byte * stream is written via the HDCP_SHA_TEXT register in 32-bit * increments. Every 64 bytes, we need to write HDCP_REP_CTL again. This * index will keep track of our progress through the 64 bytes as well as * helping us work the 40-bit KSVs through our 32-bit register. * * NOTE: data passed via HDCP_SHA_TEXT should be big-endian
*/
sha_idx = 0;
sha_text = 0;
sha_leftovers = 0;
rep_ctl = intel_hdcp_get_repeater_ctl(display, cpu_transcoder, port);
intel_de_write(display, HDCP_REP_CTL, rep_ctl | HDCP_SHA1_TEXT_32); for (i = 0; i < num_downstream; i++) { unsignedint sha_empty;
u8 *ksv = &ksv_fifo[i * DRM_HDCP_KSV_LEN];
/* Fill up the empty slots in sha_text and write it out */
sha_empty = sizeof(sha_text) - sha_leftovers; for (j = 0; j < sha_empty; j++) {
u8 off = ((sizeof(sha_text) - j - 1 - sha_leftovers) * 8);
sha_text |= ksv[j] << off;
}
ret = intel_write_sha_text(display, sha_text); if (ret < 0) return ret;
/* Programming guide writes this every 64 bytes */
sha_idx += sizeof(sha_text); if (!(sha_idx % 64))
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_32);
/* Store the leftover bytes from the ksv in sha_text */
sha_leftovers = DRM_HDCP_KSV_LEN - sha_empty;
sha_text = 0; for (j = 0; j < sha_leftovers; j++)
sha_text |= ksv[sha_empty + j] <<
((sizeof(sha_text) - j - 1) * 8);
/* * If we still have room in sha_text for more data, continue. * Otherwise, write it out immediately.
*/ if (sizeof(sha_text) > sha_leftovers) continue;
ret = intel_write_sha_text(display, sha_text); if (ret < 0) return ret;
sha_leftovers = 0;
sha_text = 0;
sha_idx += sizeof(sha_text);
}
/* * We need to write BINFO/BSTATUS, and M0 now. Depending on how many * bytes are leftover from the last ksv, we might be able to fit them * all in sha_text (first 2 cases), or we might need to split them up * into 2 writes (last 2 cases).
*/ if (sha_leftovers == 0) { /* Write 16 bits of text, 16 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_16);
ret = intel_write_sha_text(display,
bstatus[0] << 8 | bstatus[1]); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
/* Write 32 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_0);
ret = intel_write_sha_text(display, 0); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
/* Write 16 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_16);
ret = intel_write_sha_text(display, 0); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
} elseif (sha_leftovers == 1) { /* Write 24 bits of text, 8 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_24);
sha_text |= bstatus[0] << 16 | bstatus[1] << 8; /* Only 24-bits of data, must be in the LSB */
sha_text = (sha_text & 0xffffff00) >> 8;
ret = intel_write_sha_text(display, sha_text); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
/* Write 32 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_0);
ret = intel_write_sha_text(display, 0); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
/* Write 24 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_8);
ret = intel_write_sha_text(display, 0); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
} elseif (sha_leftovers == 2) { /* Write 32 bits of text */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_32);
sha_text |= bstatus[0] << 8 | bstatus[1];
ret = intel_write_sha_text(display, sha_text); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
/* Write 64 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_0); for (i = 0; i < 2; i++) {
ret = intel_write_sha_text(display, 0); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
}
/* * Terminate the SHA-1 stream by hand. For the other leftover * cases this is appended by the hardware.
*/
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_32);
sha_text = DRM_HDCP_SHA1_TERMINATOR << 24;
ret = intel_write_sha_text(display, sha_text); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
} elseif (sha_leftovers == 3) { /* Write 32 bits of text (filled from LSB) */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_32);
sha_text |= bstatus[0];
ret = intel_write_sha_text(display, sha_text); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
/* Write 8 bits of text (filled from LSB), 24 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_8);
ret = intel_write_sha_text(display, bstatus[1]); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
/* Write 32 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_0);
ret = intel_write_sha_text(display, 0); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
/* Write 8 bits of M0 */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_TEXT_24);
ret = intel_write_sha_text(display, 0); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
} else {
drm_dbg_kms(display->drm, "Invalid number of leftovers %d\n",
sha_leftovers); return -EINVAL;
}
intel_de_write(display, HDCP_REP_CTL, rep_ctl | HDCP_SHA1_TEXT_32); /* Fill up to 64-4 bytes with zeros (leave the last write for length) */ while ((sha_idx % 64) < (64 - sizeof(sha_text))) {
ret = intel_write_sha_text(display, 0); if (ret < 0) return ret;
sha_idx += sizeof(sha_text);
}
/* * Last write gets the length of the concatenation in bits. That is: * - 5 bytes per device * - 10 bytes for BINFO/BSTATUS(2), M0(8)
*/
sha_text = (num_downstream * 5 + 10) * 8;
ret = intel_write_sha_text(display, sha_text); if (ret < 0) return ret;
/* Tell the HW we're done with the hash and wait for it to ACK */
intel_de_write(display, HDCP_REP_CTL,
rep_ctl | HDCP_SHA1_COMPLETE_HASH); if (intel_de_wait_for_set(display, HDCP_REP_CTL,
HDCP_SHA1_COMPLETE, 1)) {
drm_err(display->drm, "Timed out waiting for SHA1 complete\n"); return -ETIMEDOUT;
} if (!(intel_de_read(display, HDCP_REP_CTL) & HDCP_SHA1_V_MATCH)) {
drm_dbg_kms(display->drm, "SHA-1 mismatch, HDCP failed\n"); return -ENXIO;
}
return 0;
}
/* Implements Part 2 of the HDCP authorization procedure */ static int intel_hdcp_auth_downstream(struct intel_connector *connector)
{ struct intel_display *display = to_intel_display(connector); struct intel_digital_port *dig_port = intel_attached_dig_port(connector); conststruct intel_hdcp_shim *shim = connector->hdcp.shim;
u8 bstatus[2], num_downstream, *ksv_fifo; int ret, i, tries = 3;
ret = intel_hdcp_poll_ksv_fifo(dig_port, shim); if (ret) {
drm_dbg_kms(display->drm, "KSV list failed to become ready (%d)\n", ret); return ret;
}
ret = shim->read_bstatus(dig_port, bstatus); if (ret) return ret;
/* * When repeater reports 0 device count, HDCP1.4 spec allows disabling * the HDCP encryption. That implies that repeater can't have its own * display. As there is no consumption of encrypted content in the * repeater with 0 downstream devices, we are failing the * authentication.
*/
num_downstream = DRM_HDCP_NUM_DOWNSTREAM(bstatus[0]); if (num_downstream == 0) {
drm_dbg_kms(display->drm, "Repeater with zero downstream devices\n"); return -EINVAL;
}
ksv_fifo = kcalloc(DRM_HDCP_KSV_LEN, num_downstream, GFP_KERNEL); if (!ksv_fifo) {
drm_dbg_kms(display->drm, "Out of mem: ksv_fifo\n"); return -ENOMEM;
}
ret = shim->read_ksv_fifo(dig_port, num_downstream, ksv_fifo); if (ret) goto err;
if (drm_hdcp_check_ksvs_revoked(display->drm, ksv_fifo,
num_downstream) > 0) {
drm_err(display->drm, "Revoked Ksv(s) in ksv_fifo\n");
ret = -EPERM; goto err;
}
/* * When V prime mismatches, DP Spec mandates re-read of * V prime atleast twice.
*/ for (i = 0; i < tries; i++) {
ret = intel_hdcp_validate_v_prime(connector, shim,
ksv_fifo, num_downstream,
bstatus); if (!ret) break;
}
if (i == tries) {
drm_dbg_kms(display->drm, "V Prime validation failed.(%d)\n", ret); goto err;
}
drm_dbg_kms(display->drm, "HDCP is enabled (%d downstream devices)\n",
num_downstream);
ret = 0;
err:
kfree(ksv_fifo); return ret;
}
/* Implements Part 1 of the HDCP authorization procedure */ staticint intel_hdcp_auth(struct intel_connector *connector)
{ struct intel_display *display = to_intel_display(connector); struct intel_digital_port *dig_port = intel_attached_dig_port(connector); struct intel_hdcp *hdcp = &connector->hdcp; conststruct intel_hdcp_shim *shim = hdcp->shim; enum transcoder cpu_transcoder = connector->hdcp.cpu_transcoder; enum port port = dig_port->base.port; unsignedlong r0_prime_gen_start; int ret, i, tries = 2; union {
u32 reg[2];
u8 shim[DRM_HDCP_AN_LEN];
} an; union {
u32 reg[2];
u8 shim[DRM_HDCP_KSV_LEN];
} bksv; union {
u32 reg;
u8 shim[DRM_HDCP_RI_LEN];
} ri; bool repeater_present, hdcp_capable;
/* * Detects whether the display is HDCP capable. Although we check for * valid Bksv below, the HDCP over DP spec requires that we check * whether the display supports HDCP before we write An. For HDMI * displays, this is not necessary.
*/ if (shim->hdcp_get_capability) {
ret = shim->hdcp_get_capability(dig_port, &hdcp_capable); if (ret) return ret; if (!hdcp_capable) {
drm_dbg_kms(display->drm, "Panel is not HDCP capable\n"); return -EINVAL;
}
}
/* Initialize An with 2 random values and acquire it */ for (i = 0; i < 2; i++)
intel_de_write(display,
HDCP_ANINIT(display, cpu_transcoder, port),
get_random_u32());
intel_de_write(display, HDCP_CONF(display, cpu_transcoder, port),
HDCP_CONF_CAPTURE_AN);
/* Wait for An to be acquired */ if (intel_de_wait_for_set(display,
HDCP_STATUS(display, cpu_transcoder, port),
HDCP_STATUS_AN_READY, 1)) {
drm_err(display->drm, "Timed out waiting for An\n"); return -ETIMEDOUT;
}
an.reg[0] = intel_de_read(display,
HDCP_ANLO(display, cpu_transcoder, port));
an.reg[1] = intel_de_read(display,
HDCP_ANHI(display, cpu_transcoder, port));
ret = shim->write_an_aksv(dig_port, an.shim); if (ret) return ret;
r0_prime_gen_start = jiffies;
memset(&bksv, 0, sizeof(bksv));
ret = intel_hdcp_read_valid_bksv(dig_port, shim, bksv.shim); if (ret < 0) return ret;
if (drm_hdcp_check_ksvs_revoked(display->drm, bksv.shim, 1) > 0) {
drm_err(display->drm, "BKSV is revoked\n"); return -EPERM;
}
ret = shim->repeater_present(dig_port, &repeater_present); if (ret) return ret; if (repeater_present)
intel_de_write(display, HDCP_REP_CTL,
intel_hdcp_get_repeater_ctl(display, cpu_transcoder, port));
ret = shim->toggle_signalling(dig_port, cpu_transcoder, true); if (ret) return ret;
/* Wait for R0 ready */ if (wait_for(intel_de_read(display, HDCP_STATUS(display, cpu_transcoder, port)) &
(HDCP_STATUS_R0_READY | HDCP_STATUS_ENC), 1)) {
drm_err(display->drm, "Timed out waiting for R0 ready\n"); return -ETIMEDOUT;
}
/* * Wait for R0' to become available. The spec says 100ms from Aksv, but * some monitors can take longer than this. We'll set the timeout at * 300ms just to be sure. * * On DP, there's an R0_READY bit available but no such bit * exists on HDMI. Since the upper-bound is the same, we'll just do * the stupid thing instead of polling on one and not the other.
*/
wait_remaining_ms_from_jiffies(r0_prime_gen_start, 300);
tries = 3;
/* * DP HDCP Spec mandates the two more reattempt to read R0, incase * of R0 mismatch.
*/ for (i = 0; i < tries; i++) {
ri.reg = 0;
ret = shim->read_ri_prime(dig_port, ri.shim); if (ret) return ret;
intel_de_write(display,
HDCP_RPRIME(display, cpu_transcoder, port),
ri.reg);
/* Wait for Ri prime match */ if (!wait_for(intel_de_read(display, HDCP_STATUS(display, cpu_transcoder, port)) &
(HDCP_STATUS_RI_MATCH | HDCP_STATUS_ENC), 1)) break;
}
if (i == tries) {
drm_dbg_kms(display->drm, "Timed out waiting for Ri prime match (%x)\n",
intel_de_read(display,
HDCP_STATUS(display, cpu_transcoder, port))); return -ETIMEDOUT;
}
/* Wait for encryption confirmation */ if (intel_de_wait_for_set(display,
HDCP_STATUS(display, cpu_transcoder, port),
HDCP_STATUS_ENC,
HDCP_ENCRYPT_STATUS_CHANGE_TIMEOUT_MS)) {
drm_err(display->drm, "Timed out waiting for encryption\n"); return -ETIMEDOUT;
}
/* DP MST Auth Part 1 Step 2.a and Step 2.b */ if (shim->stream_encryption) {
ret = shim->stream_encryption(connector, true); if (ret) {
drm_err(display->drm, "[CONNECTOR:%d:%s] Failed to enable HDCP 1.4 stream enc\n",
connector->base.base.id, connector->base.name); return ret;
}
drm_dbg_kms(display->drm, "HDCP 1.4 transcoder: %s stream encrypted\n",
transcoder_name(hdcp->stream_transcoder));
}
if (repeater_present) return intel_hdcp_auth_downstream(connector);
drm_dbg_kms(display->drm, "HDCP is enabled (no repeater present)\n"); return 0;
}
drm_dbg_kms(display->drm, "[CONNECTOR:%d:%s] HDCP is being disabled...\n",
connector->base.base.id, connector->base.name);
if (hdcp->shim->stream_encryption) {
ret = hdcp->shim->stream_encryption(connector, false); if (ret) {
drm_err(display->drm, "[CONNECTOR:%d:%s] Failed to disable HDCP 1.4 stream enc\n",
connector->base.base.id, connector->base.name); return ret;
}
drm_dbg_kms(display->drm, "HDCP 1.4 transcoder: %s stream encryption disabled\n",
transcoder_name(hdcp->stream_transcoder)); /* * If there are other connectors on this port using HDCP, * don't disable it until it disabled HDCP encryption for * all connectors in MST topology.
*/ if (dig_port->hdcp.num_streams > 0) return 0;
}
drm_dbg_kms(display->drm, "[CONNECTOR:%d:%s] HDCP is being enabled...\n",
connector->base.base.id, connector->base.name);
if (!hdcp_key_loadable(display)) {
drm_err(display->drm, "HDCP key Load is not possible\n"); return -ENXIO;
}
for (i = 0; i < KEY_LOAD_TRIES; i++) {
ret = intel_hdcp_load_keys(display); if (!ret) break;
intel_hdcp_clear_keys(display);
} if (ret) {
drm_err(display->drm, "Could not load HDCP keys, (%d)\n",
ret); return ret;
}
/* Check_link valid only when HDCP1.4 is enabled */ if (hdcp->value != DRM_MODE_CONTENT_PROTECTION_ENABLED ||
!hdcp->hdcp_encrypted) {
ret = -EINVAL; goto out;
}
if (drm_WARN_ON(display->drm,
!intel_hdcp_in_use(display, cpu_transcoder, port))) {
drm_err(display->drm, "[CONNECTOR:%d:%s] HDCP link stopped encryption,%x\n",
connector->base.base.id, connector->base.name,
intel_de_read(display, HDCP_STATUS(display, cpu_transcoder, port)));
ret = -ENXIO;
intel_hdcp_update_value(connector,
DRM_MODE_CONTENT_PROTECTION_DESIRED, true); goto out;
}
if (hdcp->shim->check_link(dig_port, connector)) { if (hdcp->value != DRM_MODE_CONTENT_PROTECTION_UNDESIRED) {
intel_hdcp_update_value(connector,
DRM_MODE_CONTENT_PROTECTION_ENABLED, true);
} goto out;
}
drm_dbg_kms(display->drm, "[CONNECTOR:%d:%s] HDCP link failed, retrying authentication\n",
connector->base.base.id, connector->base.name);
ret = _intel_hdcp_disable(connector); if (ret) {
drm_err(display->drm, "Failed to disable hdcp (%d)\n", ret);
intel_hdcp_update_value(connector,
DRM_MODE_CONTENT_PROTECTION_DESIRED, true); goto out;
}
ret = intel_hdcp1_enable(connector); if (ret) {
drm_err(display->drm, "Failed to enable hdcp (%d)\n", ret);
intel_hdcp_update_value(connector,
DRM_MODE_CONTENT_PROTECTION_DESIRED, true); goto out;
}
/* * This worker is only used to flip between ENABLED/DESIRED. Either of * those to UNDESIRED is handled by core. If value == UNDESIRED, * we're running just after hdcp has been disabled, so just exit
*/ if (hdcp->value != DRM_MODE_CONTENT_PROTECTION_UNDESIRED)
drm_hdcp_update_content_protection(&connector->base,
hdcp->value);
ret = hdcp2_prepare_ake_init(connector, &msgs.ake_init); if (ret < 0) return ret;
/* * Retry the first read and write to downstream at least 10 times * with a 50ms delay if not hdcp2 capable for DP/DPMST encoders * (dock decides to stop advertising hdcp2 capability for some reason). * The reason being that during suspend resume dock usually keeps the * HDCP2 registers inaccessible causing AUX error. This wouldn't be a * big problem if the userspace just kept retrying with some delay while * it continues to play low value content but most userspace applications * end up throwing an error when it receives one from KMD. This makes * sure we give the dock and the sink devices to complete its power cycle * and then try HDCP authentication. The values of 10 and delay of 50ms * was decided based on multiple trial and errors.
*/ for (i = 0; i < max_retries; i++) { if (!intel_hdcp2_get_capability(connector)) {
msleep(50); continue;
}
ret = shim->write_2_2_msg(connector, &msgs.ake_init, sizeof(msgs.ake_init)); if (ret < 0) continue;
ret = shim->read_2_2_msg(connector, HDCP_2_2_AKE_SEND_CERT,
&msgs.send_cert, sizeof(msgs.send_cert)); if (ret > 0) break;
}
if (ret < 0) return ret;
if (msgs.send_cert.rx_caps[0] != HDCP_2_2_RX_CAPS_VERSION_VAL) {
drm_dbg_kms(display->drm, "cert.rx_caps dont claim HDCP2.2\n"); return -EINVAL;
}
if (drm_hdcp_check_ksvs_revoked(display->drm,
msgs.send_cert.cert_rx.receiver_id,
1) > 0) {
drm_err(display->drm, "Receiver ID is revoked\n"); return -EPERM;
}
/* * Here msgs.no_stored_km will hold msgs corresponding to the km * stored also.
*/
ret = hdcp2_verify_rx_cert_prepare_km(connector, &msgs.send_cert,
&hdcp->is_paired,
&msgs.no_stored_km, &size); if (ret < 0) return ret;
ret = shim->write_2_2_msg(connector, &msgs.no_stored_km, size); if (ret < 0) return ret;
ret = shim->read_2_2_msg(connector, HDCP_2_2_AKE_SEND_HPRIME,
&msgs.send_hprime, sizeof(msgs.send_hprime)); if (ret < 0) return ret;
ret = hdcp2_verify_hprime(connector, &msgs.send_hprime); if (ret < 0) return ret;
if (!hdcp->is_paired) { /* Pairing is required */
ret = shim->read_2_2_msg(connector,
HDCP_2_2_AKE_SEND_PAIRING_INFO,
&msgs.pairing_info, sizeof(msgs.pairing_info)); if (ret < 0) return ret;
ret = hdcp2_store_pairing_info(connector, &msgs.pairing_info); if (ret < 0) return ret;
hdcp->is_paired = true;
}
ret = shim->read_2_2_msg(connector, HDCP_2_2_REP_SEND_RECVID_LIST,
&msgs.recvid_list, sizeof(msgs.recvid_list)); if (ret < 0) return ret;
rx_info = msgs.recvid_list.rx_info;
if (HDCP_2_2_MAX_CASCADE_EXCEEDED(rx_info[1]) ||
HDCP_2_2_MAX_DEVS_EXCEEDED(rx_info[1])) {
drm_dbg_kms(display->drm, "Topology Max Size Exceeded\n"); return -EINVAL;
}
/* * MST topology is not Type 1 capable if it contains a downstream * device that is only HDCP 1.x or Legacy HDCP 2.0/2.1 compliant.
*/
dig_port->hdcp.mst_type1_capable =
!HDCP_2_2_HDCP1_DEVICE_CONNECTED(rx_info[1]) &&
!HDCP_2_2_HDCP_2_0_REP_CONNECTED(rx_info[1]);
if (!dig_port->hdcp.mst_type1_capable && hdcp->content_type) {
drm_dbg_kms(display->drm, "HDCP1.x or 2.0 Legacy Device Downstream\n"); return -EINVAL;
}
/* Converting and Storing the seq_num_v to local variable as DWORD */
seq_num_v =
drm_hdcp_be24_to_cpu((const u8 *)msgs.recvid_list.seq_num_v);
if (!hdcp->hdcp2_encrypted && seq_num_v) {
drm_dbg_kms(display->drm, "Non zero Seq_num_v at first RecvId_List msg\n"); return -EINVAL;
}
if (seq_num_v < hdcp->seq_num_v) { /* Roll over of the seq_num_v from repeater. Reauthenticate. */
drm_dbg_kms(display->drm, "Seq_num_v roll over.\n"); return -EINVAL;
}
device_cnt = (HDCP_2_2_DEV_COUNT_HI(rx_info[0]) << 4 |
HDCP_2_2_DEV_COUNT_LO(rx_info[1])); if (drm_hdcp_check_ksvs_revoked(display->drm,
msgs.recvid_list.receiver_ids,
device_cnt) > 0) {
drm_err(display->drm, "Revoked receiver ID(s) is in list\n"); return -EPERM;
}
ret = hdcp2_verify_rep_topology_prepare_ack(connector,
&msgs.recvid_list,
&msgs.rep_ack); if (ret < 0) return ret;
hdcp->seq_num_v = seq_num_v;
ret = shim->write_2_2_msg(connector, &msgs.rep_ack, sizeof(msgs.rep_ack)); if (ret < 0) return ret;
ret = hdcp2_authentication_key_exchange(connector); if (ret < 0) {
drm_dbg_kms(display->drm, "AKE Failed. Err : %d\n", ret); return ret;
}
ret = hdcp2_locality_check(connector); if (ret < 0) {
drm_dbg_kms(display->drm, "Locality Check failed. Err : %d\n", ret); return ret;
}
ret = hdcp2_session_key_exchange(connector); if (ret < 0) {
drm_dbg_kms(display->drm, "SKE Failed. Err : %d\n", ret); return ret;
}
if (shim->config_stream_type) {
ret = shim->config_stream_type(connector,
hdcp->is_repeater,
hdcp->content_type); if (ret < 0) return ret;
}
if (hdcp->is_repeater) {
ret = hdcp2_authenticate_repeater_topology(connector); if (ret < 0) {
drm_dbg_kms(display->drm, "Repeater Auth Failed. Err: %d\n", ret); return ret;
}
}
return ret;
}
staticint hdcp2_enable_stream_encryption(struct intel_connector *connector)
{ struct intel_display *display = to_intel_display(connector); struct intel_digital_port *dig_port = intel_attached_dig_port(connector); struct hdcp_port_data *data = &dig_port->hdcp.port_data; struct intel_hdcp *hdcp = &connector->hdcp; enum transcoder cpu_transcoder = hdcp->cpu_transcoder; enum port port = dig_port->base.port; int ret = 0;
if (!(intel_de_read(display, HDCP2_STATUS(display, cpu_transcoder, port)) &
LINK_ENCRYPTION_STATUS)) {
drm_err(display->drm, "[CONNECTOR:%d:%s] HDCP 2.2 Link is not encrypted\n",
connector->base.base.id, connector->base.name);
ret = -EPERM; goto link_recover;
}
if (hdcp->shim->stream_2_2_encryption) {
ret = hdcp->shim->stream_2_2_encryption(connector, true); if (ret) {
drm_err(display->drm, "[CONNECTOR:%d:%s] Failed to enable HDCP 2.2 stream enc\n",
connector->base.base.id, connector->base.name); return ret;
}
drm_dbg_kms(display->drm, "HDCP 2.2 transcoder: %s stream encrypted\n",
transcoder_name(hdcp->stream_transcoder));
}
return 0;
link_recover: if (hdcp2_deauthenticate_port(connector) < 0)
drm_dbg_kms(display->drm, "Port deauth failed.\n");
drm_WARN_ON(display->drm,
intel_de_read(display, HDCP2_STATUS(display, cpu_transcoder, port)) &
LINK_ENCRYPTION_STATUS); if (hdcp->shim->toggle_signalling) {
ret = hdcp->shim->toggle_signalling(dig_port, cpu_transcoder, true); if (ret) {
drm_err(display->drm, "Failed to enable HDCP signalling. %d\n",
ret); return ret;
}
}
if (intel_de_read(display, HDCP2_STATUS(display, cpu_transcoder, port)) &
LINK_AUTH_STATUS) /* Link is Authenticated. Now set for Encryption */
intel_de_rmw(display, HDCP2_CTL(display, cpu_transcoder, port),
0, CTL_LINK_ENCRYPTION_REQ);
ret = intel_de_wait_for_clear(display,
HDCP2_STATUS(display, cpu_transcoder,
port),
LINK_ENCRYPTION_STATUS,
HDCP_ENCRYPT_STATUS_CHANGE_TIMEOUT_MS); if (ret == -ETIMEDOUT)
drm_dbg_kms(display->drm, "Disable Encryption Timedout");
if (hdcp->shim->toggle_signalling) {
ret = hdcp->shim->toggle_signalling(dig_port, cpu_transcoder, false); if (ret) {
drm_err(display->drm, "Failed to disable HDCP signalling. %d\n",
ret); return ret;
}
}
return ret;
}
staticint
hdcp2_propagate_stream_management_info(struct intel_connector *connector)
{ struct intel_display *display = to_intel_display(connector); int i, tries = 3, ret;
if (!connector->hdcp.is_repeater) return 0;
for (i = 0; i < tries; i++) {
ret = _hdcp2_propagate_stream_management_info(connector); if (!ret) break;
/* Lets restart the auth incase of seq_num_m roll over */ if (connector->hdcp.seq_num_m > HDCP_2_2_SEQ_NUM_MAX) {
drm_dbg_kms(display->drm, "seq_num_m roll over.(%d)\n", ret); break;
}
drm_dbg_kms(display->drm, "HDCP2 stream management %d of %d Failed.(%d)\n",
i + 1, tries, ret);
}
return ret;
}
staticint hdcp2_authenticate_and_encrypt(struct intel_atomic_state *state, struct intel_connector *connector)
{ struct intel_display *display = to_intel_display(connector); struct intel_digital_port *dig_port = intel_attached_dig_port(connector); int ret = 0, i, tries = 3;
for (i = 0; i < tries && !dig_port->hdcp.auth_status; i++) {
ret = hdcp2_authenticate_sink(connector); if (!ret) {
ret = intel_hdcp_prepare_streams(state, connector); if (ret) {
drm_dbg_kms(display->drm, "Prepare stream failed.(%d)\n",
ret); break;
}
ret = hdcp2_propagate_stream_management_info(connector); if (ret) {
drm_dbg_kms(display->drm, "Stream management failed.(%d)\n",
ret); break;
}
ret = hdcp2_authenticate_port(connector); if (!ret) break;
drm_dbg_kms(display->drm, "HDCP2 port auth failed.(%d)\n",
ret);
}
/* Clearing the mei hdcp session */
drm_dbg_kms(display->drm, "HDCP2.2 Auth %d of %d Failed.(%d)\n",
i + 1, tries, ret); if (hdcp2_deauthenticate_port(connector) < 0)
drm_dbg_kms(display->drm, "Port deauth failed.\n");
}
if (!ret && !dig_port->hdcp.auth_status) { /* * Ensuring the required 200mSec min time interval between * Session Key Exchange and encryption.
*/
msleep(HDCP_2_2_DELAY_BEFORE_ENCRYPTION_EN);
ret = hdcp2_enable_encryption(connector); if (ret < 0) {
drm_dbg_kms(display->drm, "Encryption Enable Failed.(%d)\n", ret); if (hdcp2_deauthenticate_port(connector) < 0)
drm_dbg_kms(display->drm, "Port deauth failed.\n");
}
}
if (!ret)
ret = hdcp2_enable_stream_encryption(connector);
/* hdcp2_check_link is expected only when HDCP2.2 is Enabled */ if (hdcp->value != DRM_MODE_CONTENT_PROTECTION_ENABLED ||
!hdcp->hdcp2_encrypted) {
ret = -EINVAL; goto out;
}
if (drm_WARN_ON(display->drm,
!intel_hdcp2_in_use(display, cpu_transcoder, port))) {
drm_err(display->drm, "HDCP2.2 link stopped the encryption, %x\n",
intel_de_read(display, HDCP2_STATUS(display, cpu_transcoder, port)));
ret = -ENXIO;
_intel_hdcp2_disable(connector, true);
intel_hdcp_update_value(connector,
DRM_MODE_CONTENT_PROTECTION_DESIRED, true); goto out;
}
ret = hdcp->shim->check_2_2_link(dig_port, connector); if (ret == HDCP_LINK_PROTECTED) { if (hdcp->value != DRM_MODE_CONTENT_PROTECTION_UNDESIRED) {
intel_hdcp_update_value(connector,
DRM_MODE_CONTENT_PROTECTION_ENABLED, true);
} goto out;
}
if (ret == HDCP_TOPOLOGY_CHANGE) { if (hdcp->value == DRM_MODE_CONTENT_PROTECTION_UNDESIRED) goto out;
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
