T210: Add 128MB VPR allocation/carveout
The NV security team requested that coreboot allocate a 128MB region in SDRAM for VPR (Video Protection Region). We had previously just disabled the VPR by setting BOM/SIZE to 0. Once allocated, the VPR will be locked from further access. The ALLOW_TZ_WRITE_ACCESS bit is _not_ set, as dynamic VPR config is not supported at this time (i.e. trusted code can _not_ remap or resize the VPR). BUG=None BRANCH=None TEST=Built and booted on my P5 A44. Saw the VPR region in the boot spew (ID:3 [f6800000 - fe800000]). Dumped the MC VideoProtect registers and verified their values. Signed-off-by: Patrick Georgi <patrick@georgi-clan.de> Original-Commit-Id: a7481dba31dc39f482f8a7bfdaba1d1f4fc3cb81 Original-Change-Id: Ia19af485430bc09dbba28fcef5de16de851f81aa Original-Signed-off-by: Tom Warren <twarren@nvidia.com> Original-Reviewed-on: https://chromium-review.googlesource.com/290475 Original-Reviewed-by: Hyung Taek Ryoo <hryoo@nvidia.com> Original-Reviewed-by: Furquan Shaikh <furquan@chromium.org> Original-Reviewed-by: Hridya Valsaraju <hvalsaraju@nvidia.com> Original-(cherry picked from commit 9629b318eb17b145315531509f950da02483114f) Original-Reviewed-on: https://chromium-review.googlesource.com/291095 Original-Commit-Queue: Furquan Shaikh <furquan@chromium.org> Original-Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Original-Tested-by: Furquan Shaikh <furquan@chromium.org> Change-Id: I19a93c915990644177c491c8212f2cf356d4d17d Reviewed-on: http://review.coreboot.org/11384 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
This commit is contained in:
parent
8b3851969d
commit
50967870a9
4 changed files with 26 additions and 20 deletions
|
@ -91,6 +91,10 @@ void carveout_range(int id, uintptr_t *base_mib, size_t *size_mib)
|
|||
read32(&mc->mts_carveout_size_mb));
|
||||
break;
|
||||
case CARVEOUT_VPR:
|
||||
/*
|
||||
* A 128MB VPR carveout is felt to be sufficient as per syseng.
|
||||
* Set it up in vpr_region_init, below.
|
||||
*/
|
||||
carveout_from_regs(base_mib, size_mib,
|
||||
read32(&mc->video_protect_bom),
|
||||
read32(&mc->video_protect_bom_adr_hi),
|
||||
|
@ -347,3 +351,22 @@ void tsec_region_init(void)
|
|||
setbits_le32(&mc->security_carveout4_cfg0, MC_SECURITY_CARVEOUT_LOCKED);
|
||||
setbits_le32(&mc->security_carveout5_cfg0, MC_SECURITY_CARVEOUT_LOCKED);
|
||||
}
|
||||
|
||||
void vpr_region_init(void)
|
||||
{
|
||||
struct tegra_mc_regs * const mc = (void *)(uintptr_t)TEGRA_MC_BASE;
|
||||
uintptr_t vpr_base_mib = 0, end = 4096;
|
||||
size_t vpr_size_mib = VPR_CARVEOUT_SIZE_MB;
|
||||
|
||||
/* Get memory layout below 4GiB */
|
||||
memory_in_range(&vpr_base_mib, &end, CARVEOUT_VPR);
|
||||
vpr_base_mib = end - vpr_size_mib;
|
||||
|
||||
/* Set the carveout base address and size */
|
||||
write32(&mc->video_protect_bom, vpr_base_mib << 20);
|
||||
write32(&mc->video_protect_bom_adr_hi, 0);
|
||||
write32(&mc->video_protect_size_mb, vpr_size_mib);
|
||||
|
||||
/* Set the locked bit. This will lock out any other writes! */
|
||||
write32(&mc->video_protect_reg_ctrl, MC_VPR_WR_ACCESS_DISABLE);
|
||||
}
|
||||
|
|
|
@ -107,6 +107,7 @@ enum {
|
|||
#define GPU_CARVEOUT_SIZE_MB 1
|
||||
#define NVDEC_CARVEOUT_SIZE_MB 1
|
||||
#define TSEC_CARVEOUT_SIZE_MB 2
|
||||
#define VPR_CARVEOUT_SIZE_MB 128
|
||||
|
||||
/* Return total size of DRAM memory configured on the platform. */
|
||||
int sdram_size_mb(void);
|
||||
|
@ -148,5 +149,6 @@ void trustzone_region_init(void);
|
|||
void gpu_region_init(void);
|
||||
void nvdec_region_init(void);
|
||||
void tsec_region_init(void);
|
||||
void vpr_region_init(void);
|
||||
|
||||
#endif /* __SOC_NVIDIA_TEGRA210_INCLUDE_SOC_ADDRESS_MAP_H__ */
|
||||
|
|
|
@ -71,6 +71,7 @@ void romstage(void)
|
|||
gpu_region_init();
|
||||
nvdec_region_init();
|
||||
tsec_region_init();
|
||||
vpr_region_init();
|
||||
|
||||
/*
|
||||
* When romstage is running it's always on the reboot path -- never a
|
||||
|
|
|
@ -82,23 +82,6 @@ static struct cpu_control_ops cntrl_ops = {
|
|||
};
|
||||
|
||||
|
||||
static void lock_down_vpr(void)
|
||||
{
|
||||
struct tegra_mc_regs *regs = (void *)(uintptr_t)TEGRA_MC_BASE;
|
||||
|
||||
write32(®s->video_protect_bom, 0);
|
||||
write32(®s->video_protect_size_mb, 0);
|
||||
|
||||
write32(®s->video_protect_gpu_override_0, 1);
|
||||
/*
|
||||
* Set both _ACCESS bits so that kernel/secure code
|
||||
* can reconfig VPR careveout as needed from the TrustZone.
|
||||
*/
|
||||
|
||||
write32(®s->video_protect_reg_ctrl,
|
||||
(MC_VPR_WR_ACCESS_DISABLE | MC_VPR_ALLOW_TZ_WR_ACCESS_ENABLE));
|
||||
}
|
||||
|
||||
static void soc_init(device_t dev)
|
||||
{
|
||||
struct soc_nvidia_tegra210_config *cfg;
|
||||
|
@ -109,9 +92,6 @@ static void soc_init(device_t dev)
|
|||
spintable_init((void *)cfg->spintable_addr);
|
||||
arch_initialize_cpus(dev, &cntrl_ops);
|
||||
|
||||
/* Lock down VPR */
|
||||
lock_down_vpr();
|
||||
|
||||
#if IS_ENABLED(CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT)
|
||||
if (vboot_skip_display_init())
|
||||
printk(BIOS_INFO, "Skipping display init.\n");
|
||||
|
|
Loading…
Reference in a new issue