| Age | Commit message (Collapse) | Author |
|---|
|
In order to support SVP Feature, EMI-MPU has to give MFG permissions
to allow MFG to access secure buffer by secure read and write.
Currently MFG is in domain 0, which include many other masters.
Move MFG to domain 6.
Set MFG remap, so that MFG can switch to protect mode by MFG register.
Change MFG permission from NO_PROTECTION to SEC_RW_ONLY for domain 0,
so that only AP in secure mode can access MFG_S_S-2 and MFG_S_S-5.
BUG=b:313855815
TEST=emerge-geralt coreboot
Change-Id: Ic6fb7d85bf9d4d92946a045a274b274abc440e1d
Signed-off-by: Fei Yan <fei.yan@mediatek.corp-partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/82076
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Yidi Lin <yidilin@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Eric Lai <ericllai@google.com>
|
|
Change-Id: I0ce2b61329efede1ba8a02446610e3eb635ceedc
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/81462
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yidi Lin <yidilin@google.com>
Reviewed-by: Eric Lai <ericllai@google.com>
|
|
Update BND_NORTH_APB2_S's domain 5 permission to allow the access from
APU. The APU requires certain information saved in BND_NORTH_APB2_S for
voltage tuning. If this information cannot be retrieved, the APU may
operate at a high frequency with low voltage. Consequently, the APU may
not function as expected.
Change-Id: I967b138dc5517e54da7fbf94b9e502e478c991b5
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
Signed-off-by: Jason Chen <Jason-ch.Chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79348
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Configure the SCP to operate within domain 8, allowing it to access
only the necessary registers. Any unauthorized access will be prevented
by the DAPC.
- Set SCP domain from domain 0 to domain 8.
- Lock register settings down to prevent unexpected modification.
BUG=b:270657858
TEST=scp bootup successful with dapc settings
Change-Id: I049486c997542d91bd468e0f4662eafbca4c17e0
Signed-off-by: Jason Chen <Jason-ch.Chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77883
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
|
Currently, all the masters controlled by DAPC are in domain 0. With
this setting, there is a potential security problem. For example, if a
certain master is somehow hacked, it may attempt to access registers
that it is not supposed to, with successful results. This is due to the
fact that, in the current setting, all masters are in domain 0 and can
access almost all registers. To prevent this problem, we assign masters
to different domains and restrict access to registers based on each
domain.
This patch sets domains for masters:
SSPM - domain 3
CPUEB - domain 14
PCIE0 - domain 2
SPM - domain 9
Change-Id: Ie3e1d5055e72824257b66d6257982652eeb05953
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
Signed-off-by: Jason Chen <Jason-ch.Chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77862
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Currently, all the masters controlled by DAPC are in domain 0. With
this setting, there is a potential security problem. For example, if a
certain master is somehow hacked, it may attempt to access registers
that it is not supposed to, with successful results. This is due to the
fact that, in the current setting, all masters are in domain 0 and can
access almost all registers. To prevent this problem, we assign masters
to different domains and restrict access to registers based on each
domain.
This patch updates the permission settings for domains 2, 3, 4, 5, 7,
8, 9, and 14, as these domains will be assigned masters in the upcoming
patch.
BUG=b:270657858
TEST=build pass
Change-Id: I6e95ddb5d84a09ff865d7615596430e25b69d3fc
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
Signed-off-by: Jason Chen <Jason-ch.Chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77861
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
|
dapc_init flow is the same on MT8186, MT8188 and MT8195. So move this
function to common/devapc.c
TEST=emerge-corsola coreboot; emerge-cherry coreboot;
emerge-geralt coreboot
TEST=devapc log is shown as expected and the system boots to kernel
Change-Id: I979c3a3721a82d40c9e2db7fbe62e14a9bbd53d8
Signed-off-by: Yidi Lin <yidilin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71137
Reviewed-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
|
When enabling cpufreq-hw driver, it is required for MCUPM to access
secure registers. Therefore, we enable side-band to allow MCUPM to
access the secure registers.
BUG=b:236331463
TEST=It works well after boot to login shell.
Change-Id: I67b08c38a31a7eae1bc59543a5148a78b61456d6
Signed-off-by: Liju-Clr Chen <liju-clr.chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69088
Reviewed-by: Yidi Lin <yidilin@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
|
|
This reverts commit a8172c329fe309f3b5b409c1a59a227186400dd4.
In the aforementioned patch, we allowed MCUPM to access secure
registers and set the domain to DOMAIN_2.
Additional attribute settings are also required when a hardware is
set to a specific domain. Otherwise, there would be violation between
hardware. Since MT8188 is in bring-up stage, we simply enable access
register permission for the DOMAIN_0 by default. So remove the wrong
setting for MCUPM, SCP and SSPM.
We will complete DEVAPC setting when the settings are confirmed.
Change-Id: I5d9809f6e84b8d10bc2e6f2ea5a442e676ad3bf9
Signed-off-by: Liju-Clr Chen <liju-clr.chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69139
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Reviewed-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
|
This patch fixes AP hanging issue caused by the handshaking between
MCUPM and CPUfreq driver.
CPUfreq hardware failed to read MCUPM registers due to DEVAPC
permission. Therefore, update the DEVAPC settings to fix this issue.
BUG=none
TEST=CPUfreq in kernel test pass.
Change-Id: I6b30b01fc0be052182599709cbcc9139e6d09742
Signed-off-by: Liju-Clr Chen <liju-clr.chen@mediatek.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67724
Reviewed-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Reviewed-by: Yidi Lin <yidilin@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Add basic DEVAPC (device access permission control) driver.
DEVAPC driver is used to set up bus fabric security and data protection
among hardwares. DEVAPC driver groups the master hardwares into
different domains and gives secure and non-secure property. The slave
hardware can configure different access permissions for different
domains via DEVAPC driver.
1. Initialize DEVAPC.
2. Set master domain and secure side band.
3. Set default permission.
TEST=check logs of DEVAPC ok.
BUG=b:236331724
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
Change-Id: Iad3569bc6f8ba032d478934ba839dc4b5387bafc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66970
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
