From fcb5114c426119dedb0226137d4a3468462f979f Mon Sep 17 00:00:00 2001 From: Russell Currey Date: Fri, 24 Feb 2017 16:36:46 +1100 Subject: [PATCH] pci/quirk: Populate device tree for AST2400 VGA Adding these properties enables the kernel to function in the same way that it would if it could no longer access BMC configuration registers through a backdoor, which may become the default in future. The comments describe how isolating the host from the BMC could be achieved in skiboot, assuming all kernels that the system boots support this. Isolating the BMC and the host from each other is important if they are owned by different parties; for example, a cloud provider renting machines "bare metal". Acked-by: Joel Stanley Signed-off-by: Russell Currey Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Stewart Smith --- core/pci-quirk.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ include/ast.h | 7 +++++++ 2 files changed, 53 insertions(+) diff --git a/core/pci-quirk.c b/core/pci-quirk.c index 3ce134d156a7..383d92c6c7e6 100644 --- a/core/pci-quirk.c +++ b/core/pci-quirk.c @@ -19,8 +19,54 @@ #include #include +static void quirk_astbmc_vga(struct phb *phb __unused, + struct pci_device *pd) +{ + struct dt_node *np = pd->dn; + uint32_t revision, mcr_configuration, mcr_scu_mpll, mcr_scu_strap; + + /* + * These accesses will only work if the BMC address 0x1E6E2180 is set + * to 0x7B, which is its default state on current systems. In future, + * for security purposes it is proposed to configure this register to + * disallow accesses from the host, and provide the properties that + * the Linux ast VGA driver used through the device tree instead. + * Here we set those properties so we can test how things would work + * if the window into BMC memory was closed. + * + * If both the petitboot kernel and the host kernel have an ast driver + * that reads properties from the device tree, setting 0x1E6E2180 to + * 0x79 will disable the backdoor into BMC memory and the only way the + * ast driver can operate is using the device tree properties. + */ + + revision = ast_ahb_readl(SCU_REVISION_ID); + mcr_configuration = ast_ahb_readl(MCR_CONFIGURATION); + mcr_scu_mpll = ast_ahb_readl(MCR_SCU_MPLL); + mcr_scu_strap = ast_ahb_readl(MCR_SCU_STRAP); + dt_add_property_cells(np, "aspeed,scu-revision-id", revision); + dt_add_property_cells(np, "aspeed,mcr-configuration", mcr_configuration); + dt_add_property_cells(np, "aspeed,mcr-scu-mpll", mcr_scu_mpll); + dt_add_property_cells(np, "aspeed,mcr-scu-strap", mcr_scu_strap); + + /* + * if + * - the petitboot kernel supports an ast driver that uses DT + * - every host kernel supports an ast driver that uses DT + * - the host can't flash unsigned skiboots + * + * then enabling the line below will allow the host and the BMC to be + * securely isolated from each other, without changing what's running + * on the BMC. + */ + + /* ast_ahb_writel(0x79, 0x1E6E2180); */ +} + /* Quirks are: {fixup function, vendor ID, (device ID or PCI_ANY_ID)} */ static const struct pci_quirk quirk_table[] = { + /* ASPEED 2400 VGA device */ + { &quirk_astbmc_vga, 0x1a03, 0x2000 }, {NULL} }; diff --git a/include/ast.h b/include/ast.h index 40225e9a72ed..414ff6a3d39a 100644 --- a/include/ast.h +++ b/include/ast.h @@ -51,6 +51,13 @@ /* SCU registers */ #define SCU_BASE 0x1e6e2000 #define SCU_HW_STRAPPING (SCU_BASE + 0x70) +#define SCU_REVISION_ID (SCU_BASE + 0x7C) + +/* MCR registers */ +#define MCR_BASE 0x1e6e0000 +#define MCR_CONFIGURATION (MCR_BASE + 0x04) +#define MCR_SCU_MPLL (MCR_BASE + 0x120) +#define MCR_SCU_STRAP (MCR_BASE + 0x170) /* * AHB Accessors