pci/quirk: Populate device tree for AST2400 VGA

Adding these properties enables the kernel to function in the same way that it would if it could no longer access BMC configuration registers through a backdoor, which may become the default in future. The comments describe how isolating the host from the BMC could be achieved in skiboot, assuming all kernels that the system boots support this. Isolating the BMC and the host from each other is important if they are owned by different parties; for example, a cloud provider renting machines "bare metal". Acked-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Russell Currey <ruscur@russell.cc> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
open-power · Mar 2, 2017 · fcb5114 · fcb5114
1 parent dca7b55
commit fcb5114
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 0 deletions.
diff --git a/core/pci-quirk.c b/core/pci-quirk.c
@@ -19,8 +19,54 @@
 #include <pci-quirk.h>
 #include <ast.h>
 
+static void quirk_astbmc_vga(struct phb *phb __unused,
+			     struct pci_device *pd)
+{
+	struct dt_node *np = pd->dn;
+	uint32_t revision, mcr_configuration, mcr_scu_mpll, mcr_scu_strap;
+
+	/*
+	 * These accesses will only work if the BMC address 0x1E6E2180 is set
+	 * to 0x7B, which is its default state on current systems.  In future,
+	 * for security purposes it is proposed to configure this register to
+	 * disallow accesses from the host, and provide the properties that
+	 * the Linux ast VGA driver used through the device tree instead.
+	 * Here we set those properties so we can test how things would work
+	 * if the window into BMC memory was closed.
+	 *
+	 * If both the petitboot kernel and the host kernel have an ast driver
+	 * that reads properties from the device tree, setting 0x1E6E2180 to
+	 * 0x79 will disable the backdoor into BMC memory and the only way the
+	 * ast driver can operate is using the device tree properties.
+	 */
+
+	revision = ast_ahb_readl(SCU_REVISION_ID);
+	mcr_configuration = ast_ahb_readl(MCR_CONFIGURATION);
+	mcr_scu_mpll = ast_ahb_readl(MCR_SCU_MPLL);
+	mcr_scu_strap = ast_ahb_readl(MCR_SCU_STRAP);
+	dt_add_property_cells(np, "aspeed,scu-revision-id", revision);
+	dt_add_property_cells(np, "aspeed,mcr-configuration", mcr_configuration);
+	dt_add_property_cells(np, "aspeed,mcr-scu-mpll", mcr_scu_mpll);
+	dt_add_property_cells(np, "aspeed,mcr-scu-strap", mcr_scu_strap);
+
+	/*
+	 * if
+	 *    - the petitboot kernel supports an ast driver that uses DT
+	 *    - every host kernel supports an ast driver that uses DT
+	 *    - the host can't flash unsigned skiboots
+	 *
+	 * then enabling the line below will allow the host and the BMC to be
+	 * securely isolated from each other, without changing what's running
+	 * on the BMC.
+	 */
+
+	/* ast_ahb_writel(0x79, 0x1E6E2180); */
+}
+
 /* Quirks are: {fixup function, vendor ID, (device ID or PCI_ANY_ID)} */
 static const struct pci_quirk quirk_table[] = {
+	/* ASPEED 2400 VGA device */
+	{ &quirk_astbmc_vga, 0x1a03, 0x2000 },
 	{NULL}
 };
 

diff --git a/include/ast.h b/include/ast.h
@@ -51,6 +51,13 @@
 /* SCU registers */
 #define SCU_BASE		0x1e6e2000
 #define SCU_HW_STRAPPING	(SCU_BASE + 0x70)
+#define SCU_REVISION_ID		(SCU_BASE + 0x7C)
+
+/* MCR registers */
+#define MCR_BASE		0x1e6e0000
+#define MCR_CONFIGURATION	(MCR_BASE + 0x04)
+#define MCR_SCU_MPLL		(MCR_BASE + 0x120)
+#define MCR_SCU_STRAP		(MCR_BASE + 0x170)
 
 /*
  * AHB Accessors