diff options
| author | Nina Wu <nina-cm.wu@mediatek.corp-partner.google.com> | 2023-09-08 10:03:09 +0800 |
|---|---|---|
| committer | Yu-Ping Wu <yupingso@google.com> | 2023-10-02 06:32:01 +0000 |
| commit | 95a3c79d559d1b4ef064c752571221484f913a9a (patch) | |
| tree | 4746b93b9cdebae2cc544c5fdd77b89a7aee0bea /src | |
| parent | 244ec489f22b0a70c06c03262b3bd881635c78df (diff) | |
soc/mediatek/mt8188: devapc: Set master domains
Currently, all the masters controlled by DAPC are in domain 0. With
this setting, there is a potential security problem. For example, if a
certain master is somehow hacked, it may attempt to access registers
that it is not supposed to, with successful results. This is due to the
fact that, in the current setting, all masters are in domain 0 and can
access almost all registers. To prevent this problem, we assign masters
to different domains and restrict access to registers based on each
domain.
This patch sets domains for masters:
SSPM - domain 3
CPUEB - domain 14
PCIE0 - domain 2
SPM - domain 9
Change-Id: Ie3e1d5055e72824257b66d6257982652eeb05953
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
Signed-off-by: Jason Chen <Jason-ch.Chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77862
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/soc/mediatek/mt8188/devapc.c | 13 | ||||
| -rw-r--r-- | src/soc/mediatek/mt8188/include/soc/devapc.h | 9 |
2 files changed, 22 insertions, 0 deletions
diff --git a/src/soc/mediatek/mt8188/devapc.c b/src/soc/mediatek/mt8188/devapc.c index 72ba222746..b30856f3e8 100644 --- a/src/soc/mediatek/mt8188/devapc.c +++ b/src/soc/mediatek/mt8188/devapc.c @@ -1636,6 +1636,11 @@ static void infra_init(uintptr_t base) SET32_BITFIELDS(getreg(base, MAS_SEC_0), CPU_EB_SEC, SECURE_TRANS); SET32_BITFIELDS(getreg(base, MAS_SEC_0), SCP_SSPM_SEC, SECURE_TRANS); + /* Master Domain */ + SET32_BITFIELDS(getreg(base, MAS_DOM_0), + SCP_SSPM_DOM, DOMAIN_3, + CPU_EB_DOM, DOMAIN_14); + /* * Domain Remap: INFRA (4-bit) -> MMSYS (2-bit) * domain 0 -> domain 0 @@ -1670,6 +1675,9 @@ static void peri_init(uintptr_t base) /* Default APC setting */ set_peri_ao_apc(base); + /* Master Domain */ + SET32_BITFIELDS(getreg(base, MAS_DOM_0), SPM_DOM, DOMAIN_9); + /* * Domain Remap: INFRA (4-bit) -> TINYSYS (3-bit) * domain 0 -> domain 0 @@ -1694,6 +1702,11 @@ static void peri_par_init(uintptr_t base) { /* Default APC setting */ set_peri_par_ao_apc(base); + + /* Master Domain */ + SET32_BITFIELDS(getreg_domain(base, MAS_DOM_0, 0, 4), + PCIE0_DOM, DOMAIN_2); + } static void fmem_master_init(uintptr_t base) diff --git a/src/soc/mediatek/mt8188/include/soc/devapc.h b/src/soc/mediatek/mt8188/include/soc/devapc.h index 0f320bac6a..177cd3c4a5 100644 --- a/src/soc/mediatek/mt8188/include/soc/devapc.h +++ b/src/soc/mediatek/mt8188/include/soc/devapc.h @@ -59,4 +59,13 @@ enum devapc_cfg_index { DEFINE_BIT(CPU_EB_SEC, 1) DEFINE_BIT(SCP_SSPM_SEC, 2) +DEFINE_BITFIELD(CPU_EB_DOM, 11, 8) /* 1 */ +DEFINE_BITFIELD(SCP_SSPM_DOM, 19, 16) /* 2 */ + +/* PERI */ +DEFINE_BITFIELD(SPM_DOM, 3, 0) /* 0 */ + +/* PERI_PAR */ +DEFINE_BITFIELD(PCIE0_DOM, 27, 24) /* 19 */ + #endif /* SOC_MEDIATEK_MT8188_DEVAPC_H */ |