warmboot: add fuse bypass init

This commit is contained in:
Michael Scire 2018-12-17 13:58:28 -08:00
parent 5f905c6b42
commit a94bee71d2
8 changed files with 250 additions and 3 deletions

84
exosphere/lp0fw/src/car.c Normal file
View File

@ -0,0 +1,84 @@
/*
* Copyright (c) 2018 Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include "utils.h"
#include "car.h"
#include "timer.h"
#include "lp0.h"
static inline uint32_t get_special_clk_reg(CarDevice dev) {
switch (dev) {
case CARDEVICE_UARTA: return 0x178;
case CARDEVICE_UARTB: return 0x17C;
case CARDEVICE_I2C1: return 0x124;
case CARDEVICE_I2C5: return 0x128;
case CARDEVICE_ACTMON: return 0x3E8;
case CARDEVICE_BPMP: return 0;
default: reboot();
}
}
static inline uint32_t get_special_clk_val(CarDevice dev) {
switch (dev) {
case CARDEVICE_UARTA: return 0;
case CARDEVICE_UARTB: return 0;
case CARDEVICE_I2C1: return (6 << 29);
case CARDEVICE_I2C5: return (6 << 29);
case CARDEVICE_ACTMON: return (6 << 29);
case CARDEVICE_BPMP: return 0;
default: reboot();
}
}
static uint32_t g_clk_reg_offsets[NUM_CAR_BANKS] = {0x010, 0x014, 0x018, 0x360, 0x364, 0x280, 0x298};
static uint32_t g_rst_reg_offsets[NUM_CAR_BANKS] = {0x004, 0x008, 0x00C, 0x358, 0x35C, 0x28C, 0x2A4};
void clk_enable(CarDevice dev) {
uint32_t special_reg;
if ((special_reg = get_special_clk_reg(dev))) {
MAKE_CAR_REG(special_reg) = get_special_clk_val(dev);
}
MAKE_CAR_REG(g_clk_reg_offsets[dev >> 5]) |= BIT(dev & 0x1F);
}
void clk_disable(CarDevice dev) {
MAKE_CAR_REG(g_clk_reg_offsets[dev >> 5]) &= ~(BIT(dev & 0x1F));
}
void rst_enable(CarDevice dev) {
MAKE_CAR_REG(g_rst_reg_offsets[dev >> 5]) |= BIT(dev & 0x1F);
}
void rst_disable(CarDevice dev) {
MAKE_CAR_REG(g_rst_reg_offsets[dev >> 5]) &= ~(BIT(dev & 0x1F));
}
void clkrst_enable(CarDevice dev) {
clk_enable(dev);
rst_disable(dev);
}
void clkrst_disable(CarDevice dev) {
rst_enable(dev);
clk_disable(dev);
}
void clkrst_reboot(CarDevice dev) {
clkrst_disable(dev);
clkrst_enable(dev);
}

53
exosphere/lp0fw/src/car.h Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright (c) 2018 Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef EXOSPHERE_WARMBOOT_BIN_CLOCK_AND_RESET_H
#define EXOSPHERE_WARMBOOT_BIN_CLOCK_AND_RESET_H
#include <stdint.h>
#define CAR_BASE 0x60006000
#define MAKE_CAR_REG(n) MAKE_REG32(CAR_BASE + n)
#define CLK_RST_CONTROLLER_MISC_CLK_ENB_0 MAKE_CAR_REG(0x048)
#define CLK_RST_CONTROLLER_RST_DEVICES_H_0 MAKE_CAR_REG(0x008)
#define CLK_RST_CONTROLLER_LVL2_CLK_GATE_OVRD_0 MAKE_CAR_REG(0x3A4)
#define CLK_RST_CONTROLLER_RST_CPUG_CMPLX_SET_0 MAKE_CAR_REG(0x450)
#define CLK_RST_CONTROLLER_RST_CPUG_CMPLX_CLR_0 MAKE_CAR_REG(0x454)
#define NUM_CAR_BANKS 7
typedef enum {
CARDEVICE_UARTA = 6,
CARDEVICE_UARTB = 7,
CARDEVICE_I2C1 = 12,
CARDEVICE_I2C5 = 47,
CARDEVICE_ACTMON = 119,
CARDEVICE_BPMP = 1
} CarDevice;
void clk_enable(CarDevice dev);
void clk_disable(CarDevice dev);
void rst_enable(CarDevice dev);
void rst_disable(CarDevice dev);
void clkrst_enable(CarDevice dev);
void clkrst_disable(CarDevice dev);
void clkrst_reboot(CarDevice dev);
#endif

View File

@ -0,0 +1,71 @@
/*
* Copyright (c) 2018 Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include "utils.h"
#include "fuse.h"
#include "car.h"
#include "pmc.h"
#define NUM_FUSE_BYPASS_ENTRIES 0
bool fuse_check_downgrade_status(void) {
/* We aren't going to implement anti-downgrade. */
return false;
}
static fuse_bypass_data_t g_fuse_bypass_entries[NUM_FUSE_BYPASS_ENTRIES] = {
/* No entries here. */
};
void fuse_configure_fuse_bypass(void) {
/* Enable fuses in CAR? This seems to affect fuse data visibility. */
CLK_RST_CONTROLLER_MISC_CLK_ENB_0 |= 0x10000000;
/* Configure bypass/override, only if programming is allowed. */
if (!(FUSE_REGS->FUSE_DIS_PGM & 1)) {
/* Enable write access. */
FUSE_REGS->FUSE_WRITE_ACCESS = (FUSE_REGS->FUSE_WRITE_ACCESS & ~0x1) | 0x10000;
/* Enable fuse bypass config. */
FUSE_REGS->FUSE_FUSEBYPASS = 1;
/* Override fuses. */
for (size_t i = 0; i < NUM_FUSE_BYPASS_ENTRIES; i++) {
MAKE_FUSE_REG(g_fuse_bypass_entries[i].offset) = g_fuse_bypass_entries[i].value;
}
/* Disable fuse write access. */
FUSE_REGS->FUSE_WRITE_ACCESS |= 1;
/* Enable fuse bypass config. */
/* I think this is a bug, and Nintendo meant to write 0 here? */
FUSE_REGS->FUSE_FUSEBYPASS = 1;
/* This...clears the disable programming bit(?). */
/* I have no idea why this happens. What? */
/* This is probably also either a bug or does nothing. */
/* Is this bit even clearable? */
FUSE_REGS->FUSE_DIS_PGM &= 0xFFFFFFFE;
/* Restore saved private key disable bit. */
FUSE_REGS->FUSE_PRIVATEKEYDISABLE |= (APBDEV_PMC_SECURE_SCRATCH21_0 & 0x10);
/* Lock private key disable secure scratch. */
APBDEV_PMC_SEC_DISABLE2_0 |= 0x4000000;
}
}

View File

@ -186,4 +186,15 @@ typedef struct {
#define FUSE_REGS ((volatile fuse_registers_t *)(0x7000F800))
#define FUSE_CHIP_REGS ((volatile fuse_chip_registers_t *)(0x7000F900))
#define MAKE_FUSE_REG(n) MAKE_REG32(0x7000F800 + n)
typedef struct {
uint32_t offset;
uint32_t value;
} fuse_bypass_data_t;
bool fuse_check_downgrade_status(void);
void fuse_configure_fuse_bypass(void);
#endif

View File

@ -19,6 +19,7 @@
#include "mc.h"
#include "pmc.h"
#include "misc.h"
#include "fuse.h"
#include "timer.h"
void reboot(void) {
@ -30,19 +31,40 @@ void reboot(void) {
}
void lp0_entry_main(warmboot_metadata_t *meta) {
const uint32_t target_firmware = meta->target_firmware;
/* Before doing anything else, ensure some sanity. */
if (meta->magic != WARMBOOT_MAGIC || meta->target_firmware > ATMOSPHERE_TARGET_FIRMWARE_MAX) {
if (meta->magic != WARMBOOT_MAGIC || target_firmware > ATMOSPHERE_TARGET_FIRMWARE_MAX) {
reboot();
}
/* [4.0.0+] First thing warmboot does is disable BPMP access to memory. */
if (meta->target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_400) {
if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_400) {
disable_bpmp_access_to_dram();
}
/* Configure debugging depending on FUSE_PRODUCTION_MODE */
configure_device_dbg_settings();
/* Check for downgrade. */
/* NOTE: We implemented this as "return false" */
if (fuse_check_downgrade_status()) {
reboot();
}
if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_300) {
/* Nintendo's firmware checks APBDEV_PMC_SECURE_SCRATCH32_0 against a per-warmboot binary value here. */
/* We won't bother with that. */
if (false /* APBDEV_PMC_SECURE_SCRATCH32_0 == WARMBOOT_MAGIC_NUMBER */) {
reboot();
}
}
/* TODO: Check that we're running at the correct physical address. */
/* Setup fuses, disable bypass. */
fuse_configure_fuse_bypass();
/* TODO: stuff */
while (true) { /* TODO: Halt BPMP */ }

View File

@ -30,6 +30,6 @@ typedef struct {
void lp0_entry_main(warmboot_metadata_t *meta);
void reboot(void);
void __attribute__((noreturn)) reboot(void);
#endif

View File

@ -19,6 +19,8 @@
#include <stdint.h>
#include "utils.h"
#define MISC_BASE (0x70000000)
#define MAKE_MISC_REG(n) MAKE_REG32(MISC_BASE + n)

View File

@ -38,8 +38,12 @@
#define APBDEV_PMC_SCRATCH18_0 MAKE_PMC_REG(0x098)
#define APBDEV_PMC_STICKY_BITS_0 MAKE_PMC_REG(0x2C0)
#define APBDEV_PMC_SEC_DISABLE2_0 MAKE_PMC_REG(0x2C4)
#define APBDEV_PMC_WEAK_BIAS_0 MAKE_PMC_REG(0x2C8)
#define APBDEV_PMC_SECURE_SCRATCH21_0 MAKE_PMC_REG(0x334)
#define APBDEV_PMC_SECURE_SCRATCH32_0 MAKE_PMC_REG(0x360)
#define APBDEV_PMC_IO_DPD3_REQ_0 MAKE_PMC_REG(0x45C)
#define APBDEV_PMC_IO_DPD3_STATUS_0 MAKE_PMC_REG(0x460)