Yu-Ping Wu has submitted this change. ( https://review.coreboot.org/c/coreboot/+/77862?usp=email )

(

2 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: soc/mediatek/mt8188: devapc: Set master domains ......................................................................

soc/mediatek/mt8188: devapc: Set master domains

Currently, all the masters controlled by DAPC are in domain 0. With this setting, there is a potential security problem. For example, if a certain master is somehow hacked, it may attempt to access registers that it is not supposed to, with successful results. This is due to the fact that, in the current setting, all masters are in domain 0 and can access almost all registers. To prevent this problem, we assign masters to different domains and restrict access to registers based on each domain.

This patch sets domains for masters: SSPM - domain 3 CPUEB - domain 14 PCIE0 - domain 2 SPM - domain 9

Change-Id: Ie3e1d5055e72824257b66d6257982652eeb05953 Signed-off-by: Nina Wu nina-cm.wu@mediatek.com Signed-off-by: Jason Chen Jason-ch.Chen@mediatek.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/77862 Reviewed-by: Yu-Ping Wu yupingso@google.com Reviewed-by: Yidi Lin yidilin@google.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/soc/mediatek/mt8188/devapc.c M src/soc/mediatek/mt8188/include/soc/devapc.h 2 files changed, 22 insertions(+), 0 deletions(-)

Approvals: build bot (Jenkins): Verified Yu-Ping Wu: Looks good to me, approved Yidi Lin: Looks good to me, but someone else must approve

diff --git a/src/soc/mediatek/mt8188/devapc.c b/src/soc/mediatek/mt8188/devapc.c index 72ba222..b30856f 100644 --- a/src/soc/mediatek/mt8188/devapc.c +++ b/src/soc/mediatek/mt8188/devapc.c @@ -1636,6 +1636,11 @@ SET32_BITFIELDS(getreg(base, MAS_SEC_0), CPU_EB_SEC, SECURE_TRANS); SET32_BITFIELDS(getreg(base, MAS_SEC_0), SCP_SSPM_SEC, SECURE_TRANS);

+ /* Master Domain */ + SET32_BITFIELDS(getreg(base, MAS_DOM_0), + SCP_SSPM_DOM, DOMAIN_3, + CPU_EB_DOM, DOMAIN_14); + /* * Domain Remap: INFRA (4-bit) -> MMSYS (2-bit) * domain 0 -> domain 0 @@ -1670,6 +1675,9 @@ /* Default APC setting */ set_peri_ao_apc(base);

+ /* Master Domain */ + SET32_BITFIELDS(getreg(base, MAS_DOM_0), SPM_DOM, DOMAIN_9); + /* * Domain Remap: INFRA (4-bit) -> TINYSYS (3-bit) * domain 0 -> domain 0 @@ -1694,6 +1702,11 @@ { /* Default APC setting */ set_peri_par_ao_apc(base); + + /* Master Domain */ + SET32_BITFIELDS(getreg_domain(base, MAS_DOM_0, 0, 4), + PCIE0_DOM, DOMAIN_2); + }

static void fmem_master_init(uintptr_t base) diff --git a/src/soc/mediatek/mt8188/include/soc/devapc.h b/src/soc/mediatek/mt8188/include/soc/devapc.h index 0f320ba..177cd3c 100644 --- a/src/soc/mediatek/mt8188/include/soc/devapc.h +++ b/src/soc/mediatek/mt8188/include/soc/devapc.h @@ -59,4 +59,13 @@ DEFINE_BIT(CPU_EB_SEC, 1) DEFINE_BIT(SCP_SSPM_SEC, 2)

+DEFINE_BITFIELD(CPU_EB_DOM, 11, 8) /* 1 */ +DEFINE_BITFIELD(SCP_SSPM_DOM, 19, 16) /* 2 */ + +/* PERI */ +DEFINE_BITFIELD(SPM_DOM, 3, 0) /* 0 */ + +/* PERI_PAR */ +DEFINE_BITFIELD(PCIE0_DOM, 27, 24) /* 19 */ + #endif /* SOC_MEDIATEK_MT8188_DEVAPC_H */