[Skiboot] [PATCH v2 2/2] pci/quirk: Populate device tree for AST2400 VGA
Russell Currey
ruscur at russell.cc
Fri Feb 24 16:03:36 AEDT 2017
Adding these properties enables the kernel to function in the same way
that it would if it could no longer access BMC configuration registers
through a backdoor, which may become the default in future.
The comments describe how isolating the host from the BMC could be
achieved in skiboot, assuming all kernels that the system boots
support this. Isolating the BMC and the host from each other is
important if they are owned by different parties; for example, a cloud
provider renting machines "bare metal".
Also add a "aspeed,must-init-vga" property to indicate that the VGA
portion of the chip hasn't been initialized by a VBIOS and needs
to be cleaned up first.
Signed-off-by: Russell Currey <ruscur at russell.cc>
Signed-off-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>
---
v2 [ruscur]: Drop dt_node from function and rename "ast,..." to "aspeed,..."
---
core/pci-quirk.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
include/ast.h | 7 +++++++
2 files changed, 55 insertions(+)
diff --git a/core/pci-quirk.c b/core/pci-quirk.c
index 93f613eb..7e3f1a6a 100644
--- a/core/pci-quirk.c
+++ b/core/pci-quirk.c
@@ -19,8 +19,56 @@
#include <pci-quirk.h>
#include <ast.h>
+static void quirk_astbmc_vga(struct phb *phb __unused,
+ struct pci_device *pd)
+{
+ struct dt_node *np = pd->dn;
+ uint32_t revision, mcr_configuration, mcr_scu_mpll, mcr_scu_strap;
+
+ /*
+ * These accesses will only work if the BMC address 0x1E6E2180 is set
+ * to 0x7B, which is its default state on current systems. In future,
+ * for security purposes it is proposed to configure this register to
+ * disallow accesses from the host, and provide the properties that
+ * the Linux ast VGA driver used through the device tree instead.
+ * Here we set those properties so we can test how things would work
+ * if the window into BMC memory was closed.
+ *
+ * If both the petitboot kernel and the host kernel have an ast driver
+ * that reads properties from the device tree, setting 0x1E6E2180 to
+ * 0x79 will disable the backdoor into BMC memory and the only way the
+ * ast driver can operate is using the device tree properties.
+ */
+
+ revision = ast_ahb_readl(SCU_REVISION_ID);
+ mcr_configuration = ast_ahb_readl(MCR_CONFIGURATION);
+ mcr_scu_mpll = ast_ahb_readl(MCR_SCU_MPLL);
+ mcr_scu_strap = ast_ahb_readl(MCR_SCU_STRAP);
+ dt_add_property_cells(np, "aspeed,scu-revision-id", revision);
+ dt_add_property_cells(np, "aspeed,mcr-configuration", mcr_configuration);
+ dt_add_property_cells(np, "aspeed,mcr-scu-mpll", mcr_scu_mpll);
+ dt_add_property_cells(np, "aspeed,mcr-scu-strap", mcr_scu_strap);
+ dt_add_property(np, "aspeed,must-init-vga", NULL, 0);
+
+ /*
+ * if
+ * - the petitboot kernel supports an ast driver that uses DT
+ * - every host kernel supports an ast driver that uses DT
+ * - the host can't flash unsigned skiboots
+ *
+ * then enabling the line below will allow the host and the BMC to be
+ * securely isolated from each other, without changing what's running
+ * on the BMC.
+ */
+
+ /* ast_ahb_writel(0x79, 0x1E6E2180); */
+}
+
/* Quirks are: {fixup function, vendor ID, (device ID or PCI_ANY_ID)} */
static const struct pci_quirk quirk_table[] = {
+ /* ASPEED 2400 VGA device */
+ { &quirk_astbmc_vga, 0x1a03, 0x2000 },
+
{0}
};
diff --git a/include/ast.h b/include/ast.h
index 40225e9a..414ff6a3 100644
--- a/include/ast.h
+++ b/include/ast.h
@@ -51,6 +51,13 @@
/* SCU registers */
#define SCU_BASE 0x1e6e2000
#define SCU_HW_STRAPPING (SCU_BASE + 0x70)
+#define SCU_REVISION_ID (SCU_BASE + 0x7C)
+
+/* MCR registers */
+#define MCR_BASE 0x1e6e0000
+#define MCR_CONFIGURATION (MCR_BASE + 0x04)
+#define MCR_SCU_MPLL (MCR_BASE + 0x120)
+#define MCR_SCU_STRAP (MCR_BASE + 0x170)
/*
* AHB Accessors
--
2.11.1
More information about the Skiboot
mailing list