[PATCH v4 11/20] rockchip: rk3588: disable force_jtag by default
Quentin Schulz
foss+uboot at 0leil.net
Mon Mar 11 13:01:54 CET 2024
From: Quentin Schulz <quentin.schulz at theobroma-systems.com>
Rockchip SoCs can automatically switch between jtag and sdmmc based on
the following rules:
- all the SDMMC pins including SDMMC_DET set as SDMMC function in GRF,
- force_jtag bit in GRF is 1,
- SDMMC_DET is low (no card detected),
Note that the BootROM may mux all SDMMC pins in their SDMMC function or
not, depending on the boot medium that were tried.
Because SDMMC_DET pin is not guaranteed to be used as an SD card card
detect pin, it could be low at boot or even switch at runtime, which
would enable the jtag function and render the SD card unusable.
This is the case for RK3588 Jaguar for example which has an SD card
connector without an SD card card detect signal and has SDMMC_DET
connected to ground.
Because enabling JTAG at runtime could be a security issue and also to
make sure that we have a consistent behavior on all boards by default,
let's disable this force_jtag feature.
However, let's make it easy to reenable it for debugging purposes by
hiding it behind a Kconfig symbol.
Note that soc_con[0] is reserved. But considering that it's way more
user-friendly to access soc_con1 from the TRM with soc_con[1] than
soc_con[0], and that soc_con0 would actually be located at 4 bytes
before soc_con1, let's just make soc_con0 part of the soc_con array.
Cc: Quentin Schulz <foss+uboot at 0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz at theobroma-systems.com>
---
arch/arm/include/asm/arch-rockchip/grf_rk3588.h | 24 ++++++++++++++++++++++++
arch/arm/mach-rockchip/Kconfig | 24 ++++++++++++++++++++++++
arch/arm/mach-rockchip/rk3588/rk3588.c | 11 +++++++++++
3 files changed, 59 insertions(+)
diff --git a/arch/arm/include/asm/arch-rockchip/grf_rk3588.h b/arch/arm/include/asm/arch-rockchip/grf_rk3588.h
index e0694068bb1..f0ecff97f0b 100644
--- a/arch/arm/include/asm/arch-rockchip/grf_rk3588.h
+++ b/arch/arm/include/asm/arch-rockchip/grf_rk3588.h
@@ -32,4 +32,28 @@ struct rk3588_pmu1grf {
check_member(rk3588_pmu1grf, sd_detect_cnt, 0x03b0);
+#define SYS_GRF_BASE 0xfd58c000
+
+struct rk3588_sysgrf {
+ unsigned int wdt_con0;
+ unsigned int reserved0[(0x0010 - 0x0000) / 4 - 1];
+ unsigned int uart_con[2];
+ unsigned int reserved1[(0x00c0 - 0x0014) / 4 - 1];
+ unsigned int gic_con0;
+ unsigned int reserved2[(0x0200 - 0x00c0) / 4 - 1];
+ unsigned int memcfg_con[32];
+ unsigned int reserved3[(0x0300 - 0x027c) / 4 - 1];
+ /* soc_con0 is reserved */
+ unsigned int soc_con[14];
+ unsigned int reserved4[(0x0380 - 0x0334) / 4 - 1];
+ unsigned int soc_status[4];
+ unsigned int reserved5[(0x0500 - 0x038c) / 4 - 1];
+ unsigned int otp_key08;
+ unsigned int otp_key0d;
+ unsigned int otp_key0e;
+ unsigned int reserved6[(0x0600 - 0x0508) / 4 - 1];
+ unsigned int chip_id;
+};
+
+check_member(rk3588_sysgrf, chip_id, 0x0600);
#endif /*__SOC_ROCKCHIP_RK3588_GRF_H__ */
diff --git a/arch/arm/mach-rockchip/Kconfig b/arch/arm/mach-rockchip/Kconfig
index 1bc7ee90427..343361a5327 100644
--- a/arch/arm/mach-rockchip/Kconfig
+++ b/arch/arm/mach-rockchip/Kconfig
@@ -501,6 +501,30 @@ config SPL_ROCKCHIP_EARLYRETURN_TO_BROM
This enables support code in the BOOT0 hook for the SPL stage
to allow multiple entries.
+config ROCKCHIP_DISABLE_FORCE_JTAG
+ bool "Disable force_jtag feature"
+ default y
+ depends on SPL
+ help
+ Rockchip SoCs can automatically switch between jtag and sdmmc based
+ on the following rules:
+ - all the SDMMC pins including SDMMC_DET set as SDMMC function in
+ GRF,
+ - force_jtag bit in GRF is 1,
+ - SDMMC_DET is low (no card detected),
+
+ Some HW design may not route the SD card card detect to SDMMC_DET
+ pin, thus breaking the SD card support in some cases because JTAG
+ would be auto-enabled by mistake.
+
+ Also, enabling JTAG at runtime may be an undesired feature, e.g.
+ because it could be a security vulnerability.
+
+ This disables force_jtag feature, which you may want for debugging
+ purposes.
+
+ If unsure, say Y.
+
config TPL_ROCKCHIP_EARLYRETURN_TO_BROM
bool "TPL requires early-return (for RK3188-style BROM) to BROM"
depends on TPL && ENABLE_ARM_SOC_BOOT0_HOOK
diff --git a/arch/arm/mach-rockchip/rk3588/rk3588.c b/arch/arm/mach-rockchip/rk3588/rk3588.c
index 38e95a6e2b2..d18c4e4b411 100644
--- a/arch/arm/mach-rockchip/rk3588/rk3588.c
+++ b/arch/arm/mach-rockchip/rk3588/rk3588.c
@@ -9,6 +9,7 @@
#include <asm/armv8/mmu.h>
#include <asm/io.h>
#include <asm/arch-rockchip/bootrom.h>
+#include <asm/arch-rockchip/grf_rk3588.h>
#include <asm/arch-rockchip/hardware.h>
#include <asm/arch-rockchip/ioc_rk3588.h>
@@ -35,6 +36,8 @@
#define BUS_IOC_GPIO2D_IOMUX_SEL_H 0x5c
#define BUS_IOC_GPIO3A_IOMUX_SEL_L 0x60
+#define SYS_GRF_FORCE_JTAG BIT(14)
+
/**
* Boot-device identifiers used by the BROM on RK3588 when device is booted
* from SPI flash. IOMUX used for SPI flash affect the value used by the BROM
@@ -134,6 +137,9 @@ void rockchip_stimer_init(void)
int arch_cpu_init(void)
{
#ifdef CONFIG_SPL_BUILD
+#ifdef CONFIG_ROCKCHIP_DISABLE_FORCE_JTAG
+ static struct rk3588_sysgrf * const sys_grf = (void *)SYS_GRF_BASE;
+#endif
int secure_reg;
/* Set the SDMMC eMMC crypto_ns FSPI access secure area */
@@ -168,6 +174,11 @@ int arch_cpu_init(void)
secure_reg = readl(FIREWALL_SYSMEM_BASE + FW_SYSM_MST27_REG);
secure_reg &= 0xffff0000;
writel(secure_reg, FIREWALL_SYSMEM_BASE + FW_SYSM_MST27_REG);
+
+#ifdef CONFIG_ROCKCHIP_DISABLE_FORCE_JTAG
+ /* Disable JTAG exposed on SDMMC */
+ rk_clrreg(&sys_grf->soc_con[6], SYS_GRF_FORCE_JTAG);
+#endif
#endif
return 0;
--
2.44.0
More information about the U-Boot
mailing list