GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

T210: Add 128MB VPR allocation/carveout 

The NV security team requested that coreboot allocate a 128MB
region in SDRAM for VPR (Video Protection Region). We had
previously just disabled the VPR by setting BOM/SIZE to 0.

Once allocated, the VPR will be locked from further access.
The ALLOW_TZ_WRITE_ACCESS bit is _not_ set, as dynamic VPR config
is not supported at this time (i.e. trusted code can _not_ remap
or resize the VPR).

BUG=None
BRANCH=None
TEST=Built and booted on my P5 A44. Saw the VPR region in the
boot spew (ID:3 [f6800000 - fe800000]). Dumped the MC VideoProtect
registers and verified their values.

Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Original-Commit-Id: a7481dba31dc39f482f8a7bfdaba1d1f4fc3cb81
Original-Change-Id: Ia19af485430bc09dbba28fcef5de16de851f81aa
Original-Signed-off-by: Tom Warren <twarren@nvidia.com>
Original-Reviewed-on: https://chromium-review.googlesource.com/290475
Original-Reviewed-by: Hyung Taek Ryoo <hryoo@nvidia.com>
Original-Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Original-Reviewed-by: Hridya Valsaraju <hvalsaraju@nvidia.com>
Original-(cherry picked from commit 9629b318eb17b145315531509f950da02483114f)
Original-Reviewed-on: https://chromium-review.googlesource.com/291095
Original-Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Original-Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Original-Tested-by: Furquan Shaikh <furquan@chromium.org>

Change-Id: I19a93c915990644177c491c8212f2cf356d4d17d
Reviewed-on: http://review.coreboot.org/11384
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
This commit is contained in:
Tom Warren 2015-08-04 13:08:50 -07:00 committed by Patrick Georgi
parent 8b3851969d
commit 50967870a9
4 changed files with 26 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/soc/nvidia/tegra210/addressmap.c
View File

@ -91,6 +91,10 @@ void carveout_range(int id, uintptr_t *base_mib, size_t *size_mib)
read32(&mc->mts_carveout_size_mb));
break;
case CARVEOUT_VPR:
/*
* A 128MB VPR carveout is felt to be sufficient as per syseng.
* Set it up in vpr_region_init, below.
*/
carveout_from_regs(base_mib, size_mib,
read32(&mc->video_protect_bom),
read32(&mc->video_protect_bom_adr_hi),
@ -347,3 +351,22 @@ void tsec_region_init(void)
setbits_le32(&mc->security_carveout4_cfg0, MC_SECURITY_CARVEOUT_LOCKED);
setbits_le32(&mc->security_carveout5_cfg0, MC_SECURITY_CARVEOUT_LOCKED);
}
void vpr_region_init(void)
{
struct tegra_mc_regs * const mc = (void *)(uintptr_t)TEGRA_MC_BASE;
uintptr_t vpr_base_mib = 0, end = 4096;
size_t vpr_size_mib = VPR_CARVEOUT_SIZE_MB;
/* Get memory layout below 4GiB */
memory_in_range(&vpr_base_mib, &end, CARVEOUT_VPR);
vpr_base_mib = end - vpr_size_mib;
/* Set the carveout base address and size */
write32(&mc->video_protect_bom, vpr_base_mib << 20);
write32(&mc->video_protect_bom_adr_hi, 0);
write32(&mc->video_protect_size_mb, vpr_size_mib);
/* Set the locked bit. This will lock out any other writes! */
write32(&mc->video_protect_reg_ctrl, MC_VPR_WR_ACCESS_DISABLE);
}

2
src/soc/nvidia/tegra210/include/soc/addressmap.h
View File

@ -107,6 +107,7 @@ enum {
#define GPU_CARVEOUT_SIZE_MB 1
#define NVDEC_CARVEOUT_SIZE_MB 1
#define TSEC_CARVEOUT_SIZE_MB 2
#define VPR_CARVEOUT_SIZE_MB 128
/* Return total size of DRAM memory configured on the platform. */
int sdram_size_mb(void);
@ -148,5 +149,6 @@ void trustzone_region_init(void);
void gpu_region_init(void);
void nvdec_region_init(void);
void tsec_region_init(void);
void vpr_region_init(void);
#endif /* __SOC_NVIDIA_TEGRA210_INCLUDE_SOC_ADDRESS_MAP_H__ */

1
src/soc/nvidia/tegra210/romstage.c
View File

@ -71,6 +71,7 @@ void romstage(void)
gpu_region_init();
nvdec_region_init();
tsec_region_init();
vpr_region_init();
/*
* When romstage is running it's always on the reboot path -- never a

20
src/soc/nvidia/tegra210/soc.c
View File

@ -82,23 +82,6 @@ static struct cpu_control_ops cntrl_ops = {
};
static void lock_down_vpr(void)
{
struct tegra_mc_regs *regs = (void *)(uintptr_t)TEGRA_MC_BASE;
write32(&regs->video_protect_bom, 0);
write32(&regs->video_protect_size_mb, 0);
write32(&regs->video_protect_gpu_override_0, 1);
/*
* Set both _ACCESS bits so that kernel/secure code
* can reconfig VPR careveout as needed from the TrustZone.
*/
write32(&regs->video_protect_reg_ctrl,
(MC_VPR_WR_ACCESS_DISABLE | MC_VPR_ALLOW_TZ_WR_ACCESS_ENABLE));
}
static void soc_init(device_t dev)
{
struct soc_nvidia_tegra210_config *cfg;
@ -109,9 +92,6 @@ static void soc_init(device_t dev)
spintable_init((void *)cfg->spintable_addr);
arch_initialize_cpus(dev, &cntrl_ops);
/* Lock down VPR */
lock_down_vpr();
#if IS_ENABLED(CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT)
if (vboot_skip_display_init())
printk(BIOS_INFO, "Skipping display init.\n");