soc/mediatek/mt8188: devapc: Set master domains

Currently, all the masters controlled by DAPC are in domain 0. With this setting, there is a potential security problem. For example, if a certain master is somehow hacked, it may attempt to access registers that it is not supposed to, with successful results. This is due to the fact that, in the current setting, all masters are in domain 0 and can access almost all registers. To prevent this problem, we assign masters to different domains and restrict access to registers based on each domain. This patch sets domains for masters: SSPM - domain 3 CPUEB - domain 14 PCIE0 - domain 2 SPM - domain 9 Change-Id: Ie3e1d5055e72824257b66d6257982652eeb05953 Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com> Signed-off-by: Jason Chen <Jason-ch.Chen@mediatek.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77862 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Yidi Lin <yidilin@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-08 10:03:09 +08:00 · 2023-09-08 10:03:09 +08:00 · 95a3c79d55
parent 244ec489f2
commit 95a3c79d55
2 changed files with 22 additions and 0 deletions
--- a/src/soc/mediatek/mt8188/devapc.c
+++ b/src/soc/mediatek/mt8188/devapc.c
@ -1636,6 +1636,11 @@ static void infra_init(uintptr_t base)
 	SET32_BITFIELDS(getreg(base, MAS_SEC_0), CPU_EB_SEC, SECURE_TRANS);
 	SET32_BITFIELDS(getreg(base, MAS_SEC_0), SCP_SSPM_SEC, SECURE_TRANS);

+	/* Master Domain */
+	SET32_BITFIELDS(getreg(base, MAS_DOM_0),
+			SCP_SSPM_DOM, DOMAIN_3,
+			CPU_EB_DOM, DOMAIN_14);
+
 	/*
 	 * Domain Remap: INFRA (4-bit) -> MMSYS (2-bit)
 	 *               domain 0      -> domain 0
@ -1670,6 +1675,9 @@ static void peri_init(uintptr_t base)
 	/* Default APC setting */
 	set_peri_ao_apc(base);

+	/* Master Domain */
+	SET32_BITFIELDS(getreg(base, MAS_DOM_0), SPM_DOM, DOMAIN_9);
+
 	/*
 	 * Domain Remap: INFRA (4-bit) -> TINYSYS (3-bit)
 	 *               domain 0      -> domain 0
@ -1694,6 +1702,11 @@ static void peri_par_init(uintptr_t base)
 {
 	/* Default APC setting */
 	set_peri_par_ao_apc(base);
+
+	/* Master Domain */
+	SET32_BITFIELDS(getreg_domain(base, MAS_DOM_0, 0, 4),
+			PCIE0_DOM, DOMAIN_2);
+
 }

 static void fmem_master_init(uintptr_t base)
--- a/src/soc/mediatek/mt8188/include/soc/devapc.h
+++ b/src/soc/mediatek/mt8188/include/soc/devapc.h
@ -59,4 +59,13 @@ enum devapc_cfg_index {
 DEFINE_BIT(CPU_EB_SEC, 1)
 DEFINE_BIT(SCP_SSPM_SEC, 2)

+DEFINE_BITFIELD(CPU_EB_DOM, 11, 8)	/* 1 */
+DEFINE_BITFIELD(SCP_SSPM_DOM, 19, 16)	/* 2 */
+
+/* PERI */
+DEFINE_BITFIELD(SPM_DOM, 3, 0)		/* 0 */
+
+/* PERI_PAR */
+DEFINE_BITFIELD(PCIE0_DOM, 27, 24)	/* 19 */
+
 #endif /* SOC_MEDIATEK_MT8188_DEVAPC_H */