From e2dd218f3355599816d51b846a7fc7989e87e24b Mon Sep 17 00:00:00 2001
From: CTCaer <ctcaer@gmail.com>
Date: Sat, 26 Dec 2020 16:48:00 +0200
Subject: [PATCH] pmc: Add latest pmc secure scratch lock

---
 bdk/soc/pmc.c        | 58 ++++++++++++++++++++++++++++++++++++++++++++
 bdk/soc/pmc.h        | 18 +++++++++++++-
 bootloader/hos/hos.c | 31 ++---------------------
 3 files changed, 77 insertions(+), 30 deletions(-)

diff --git a/bdk/soc/pmc.c b/bdk/soc/pmc.c
index 62caa22..3c1fba4 100644
--- a/bdk/soc/pmc.c
+++ b/bdk/soc/pmc.c
@@ -14,10 +14,68 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <soc/hw_init.h>
 #include <soc/pmc.h>
 #include <soc/t210.h>
 #include <utils/util.h>
 
+void pmc_scratch_lock(pmc_sec_lock_t lock_mask)
+{
+	// Lock Private key disable, Fuse write enable, MC carveout, Warmboot PA id and Warmboot address.
+	if (lock_mask & PMC_SEC_LOCK_MISC)
+	{
+		PMC(APBDEV_PMC_SEC_DISABLE)  |= 0x700FF0;   // RW lock: 0-3.
+		PMC(APBDEV_PMC_SEC_DISABLE2) |= 0xFC000000; // RW lock: 21-23.
+		PMC(APBDEV_PMC_SEC_DISABLE3) |= 0x3F0FFF00; // RW lock: 28-33, 36-38.
+		PMC(APBDEV_PMC_SEC_DISABLE6) |= 0xC000000;  // RW lock: 85.
+		PMC(APBDEV_PMC_SEC_DISABLE8) |= 0xFF00FF00; // RW lock: 108-111, 116-119.
+
+		// SE2 context.
+		if (hw_get_chip_id() == GP_HIDREV_MAJOR_T210B01)
+		{
+			PMC(APBDEV_PMC_SEC_DISABLE9) |= 0x3FF;      // RW lock: 120-124. (0xB38)
+			PMC(APBDEV_PMC_SEC_DISABLE10) = 0xFFFFFFFF; // RW lock: 135-150.
+		}
+ 	}
+
+	if (lock_mask & PMC_SEC_LOCK_LP0_PARAMS)
+	{
+		PMC(APBDEV_PMC_SEC_DISABLE2) |= 0x3FCFFFF;  // RW lock: 8-15, 17-20.
+		PMC(APBDEV_PMC_SEC_DISABLE4) |= 0x3F3FFFFF; // RW lock: 40-50, 52-54.
+		PMC(APBDEV_PMC_SEC_DISABLE5)  = 0xFFFFFFFF; // RW lock: 56-71.
+		PMC(APBDEV_PMC_SEC_DISABLE6) |= 0xF3FFC00F; // RW lock: 72-73, 79-84, 86-87.
+		PMC(APBDEV_PMC_SEC_DISABLE7) |= 0x3FFFFF;   // RW lock: 88-98.
+		PMC(APBDEV_PMC_SEC_DISABLE8) |= 0xFF;       // RW lock: 104-107.
+	}
+
+	if (lock_mask & PMC_SEC_LOCK_RST_VECTOR)
+		PMC(APBDEV_PMC_SEC_DISABLE3) |= 0xF00000;   // RW lock: 34-35.
+
+	if (lock_mask & PMC_SEC_LOCK_CARVEOUTS)
+	{
+		PMC(APBDEV_PMC_SEC_DISABLE2) |= 0x30000;    // RW lock: 16.
+		PMC(APBDEV_PMC_SEC_DISABLE3) |= 0xC0000000; // RW lock: 39.
+		PMC(APBDEV_PMC_SEC_DISABLE4) |= 0xC0C00000; // RW lock: 51, 55.
+		PMC(APBDEV_PMC_SEC_DISABLE6) |= 0x3FF0;     // RW lock: 74-78.
+		PMC(APBDEV_PMC_SEC_DISABLE7) |= 0xFFC00000; // RW lock: 99-103.
+	}
+
+	if (lock_mask & PMC_SEC_LOCK_TZ_CMAC_W)
+		PMC(APBDEV_PMC_SEC_DISABLE8) |= 0x550000;   // W lock: 112-115.
+
+	if (lock_mask & PMC_SEC_LOCK_TZ_CMAC_R)
+		PMC(APBDEV_PMC_SEC_DISABLE8) |= 0xAA0000;   // R lock: 112-115.
+
+	if (lock_mask & PMC_SEC_LOCK_TZ_KEK_W)
+		PMC(APBDEV_PMC_SEC_DISABLE3) |= 0x55;       // W lock: 24-27.
+
+	if (lock_mask & PMC_SEC_LOCK_TZ_KEK_R)
+		PMC(APBDEV_PMC_SEC_DISABLE3) |= 0xAA;       // R lock: 24-27.
+
+	if (lock_mask & PMC_SEC_LOCK_SE_SRK)
+		PMC(APBDEV_PMC_SEC_DISABLE)  |= 0xFF000;    // RW lock: 4-7
+}
+
 int pmc_enable_partition(u32 part, int enable)
 {
 	u32 part_mask = BIT(part);
diff --git a/bdk/soc/pmc.h b/bdk/soc/pmc.h
index c27d937..d8a84e2 100644
--- a/bdk/soc/pmc.h
+++ b/bdk/soc/pmc.h
@@ -91,6 +91,8 @@
 #define APBDEV_PMC_SEC_DISABLE6 0x5B8
 #define APBDEV_PMC_SEC_DISABLE7 0x5BC
 #define APBDEV_PMC_SEC_DISABLE8 0x5C0
+#define APBDEV_PMC_SEC_DISABLE9 0x5C4
+#define APBDEV_PMC_SEC_DISABLE10 0x5C8
 #define APBDEV_PMC_SCRATCH188 0x810
 #define APBDEV_PMC_SCRATCH190 0x818
 #define APBDEV_PMC_SCRATCH200 0x840
@@ -98,6 +100,20 @@
 #define APBDEV_PMC_TZRAM_SEC_DISABLE 0xBEC
 #define APBDEV_PMC_TZRAM_NON_SEC_DISABLE 0xBF0
 
-int pmc_enable_partition(u32 part, int enable);
+typedef enum _pmc_sec_lock_t
+{
+	PMC_SEC_LOCK_MISC       = BIT(0),
+	PMC_SEC_LOCK_LP0_PARAMS = BIT(1),
+	PMC_SEC_LOCK_RST_VECTOR = BIT(2),
+	PMC_SEC_LOCK_CARVEOUTS  = BIT(3),
+	PMC_SEC_LOCK_TZ_CMAC_W  = BIT(4),
+	PMC_SEC_LOCK_TZ_CMAC_R  = BIT(5),
+	PMC_SEC_LOCK_TZ_KEK_W   = BIT(6),
+	PMC_SEC_LOCK_TZ_KEK_R   = BIT(7),
+	PMC_SEC_LOCK_SE_SRK     = BIT(8),
+} pmc_sec_lock_t;
+
+void pmc_scratch_lock(pmc_sec_lock_t lock_mask);
+int  pmc_enable_partition(u32 part, int enable);
 
 #endif
diff --git a/bootloader/hos/hos.c b/bootloader/hos/hos.c
index e4ee889..7ed8712 100644
--- a/bootloader/hos/hos.c
+++ b/bootloader/hos/hos.c
@@ -152,33 +152,6 @@ static void _se_lock(bool lock_se)
 	gfx_hexdump(SE_BASE, (void *)SE_BASE, 0x400);*/
 }
 
-void _pmc_scratch_lock(u32 kb)
-{
-	switch (kb)
-	{
-	case KB_FIRMWARE_VERSION_100_200:
-	case KB_FIRMWARE_VERSION_300:
-	case KB_FIRMWARE_VERSION_301:
-		PMC(APBDEV_PMC_SEC_DISABLE)  = 0x7FFFF3;
-		PMC(APBDEV_PMC_SEC_DISABLE2) = 0xFFFFFFFF;
-		PMC(APBDEV_PMC_SEC_DISABLE3) = 0xFFAFFFFF;
-		PMC(APBDEV_PMC_SEC_DISABLE4) = 0xFFFFFFFF;
-		PMC(APBDEV_PMC_SEC_DISABLE5) = 0xFFFFFFFF;
-		PMC(APBDEV_PMC_SEC_DISABLE6) = 0xFFFFFFFF;
-		PMC(APBDEV_PMC_SEC_DISABLE7) = 0xFFFFFFFF;
-		PMC(APBDEV_PMC_SEC_DISABLE8) = 0xFFAAFFFF;
-		break;
-	default:
-		PMC(APBDEV_PMC_SEC_DISABLE2) |= 0x3FCFFFF;
-	    PMC(APBDEV_PMC_SEC_DISABLE4) |= 0x3F3FFFFF;
-	    PMC(APBDEV_PMC_SEC_DISABLE5)  = 0xFFFFFFFF;
-	    PMC(APBDEV_PMC_SEC_DISABLE6) |= 0xF3FFC00F;
-	    PMC(APBDEV_PMC_SEC_DISABLE7) |= 0x3FFFFF;
-	    PMC(APBDEV_PMC_SEC_DISABLE8) |= 0xFF;
-		break;
-	}
-}
-
 void _sysctr0_reset()
 {
 	SYSCTR0(SYSCTR0_CNTCR) = 0;
@@ -1090,8 +1063,8 @@ int hos_launch(ini_sec_t *cfg)
 	if (kb >= KB_FIRMWARE_VERSION_620)
 		_sysctr0_reset();
 
-	// < 4.0.0 pkg1.1 locks PMC scratches.
-	//_pmc_scratch_lock(kb);
+	// NX Bootloader locks LP0 Carveout secure scratch registers.
+	//pmc_scratch_lock(PMC_SEC_LOCK_LP0_PARAMS);
 
 	// Set secmon mailbox address and clear it.
 	if (kb >= KB_FIRMWARE_VERSION_700 || exo_new)