pmu.h - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
pmu.h (9739B)
      1/*
      2 * Definitions for talking to the PMU.  The PMU is a microcontroller
      3 * which controls battery charging and system power on PowerBook 3400
      4 * and 2400 models as well as the RTC and various other things.
      5 *
      6 * Copyright (C) 1998 Paul Mackerras.
      7 * Copyright (C) 2016 Ben Herrenschmidt
      8 */
      9
     10#ifndef PMU_H
     11#define PMU_H
     12
     13#include "hw/misc/mos6522.h"
     14#include "hw/misc/macio/gpio.h"
     15#include "qom/object.h"
     16
     17/*
     18 * PMU commands
     19 */
     20
     21#define PMU_POWER_CTRL0            0x10  /* control power of some devices */
     22#define PMU_POWER_CTRL             0x11  /* control power of some devices */
     23#define PMU_ADB_CMD                0x20  /* send ADB packet */
     24#define PMU_ADB_POLL_OFF           0x21  /* disable ADB auto-poll */
     25#define PMU_WRITE_NVRAM            0x33  /* write non-volatile RAM */
     26#define PMU_READ_NVRAM             0x3b  /* read non-volatile RAM */
     27#define PMU_SET_RTC                0x30  /* set real-time clock */
     28#define PMU_READ_RTC               0x38  /* read real-time clock */
     29#define PMU_SET_VOLBUTTON          0x40  /* set volume up/down position */
     30#define PMU_BACKLIGHT_BRIGHT       0x41  /* set backlight brightness */
     31#define PMU_GET_VOLBUTTON          0x48  /* get volume up/down position */
     32#define PMU_PCEJECT                0x4c  /* eject PC-card from slot */
     33#define PMU_BATTERY_STATE          0x6b  /* report battery state etc. */
     34#define PMU_SMART_BATTERY_STATE    0x6f  /* report battery state (new way) */
     35#define PMU_SET_INTR_MASK          0x70  /* set PMU interrupt mask */
     36#define PMU_INT_ACK                0x78  /* read interrupt bits */
     37#define PMU_SHUTDOWN               0x7e  /* turn power off */
     38#define PMU_CPU_SPEED              0x7d  /* control CPU speed on some models */
     39#define PMU_SLEEP                  0x7f  /* put CPU to sleep */
     40#define PMU_POWER_EVENTS           0x8f  /* Send power-event commands to PMU */
     41#define PMU_I2C_CMD                0x9a  /* I2C operations */
     42#define PMU_RESET                  0xd0  /* reset CPU */
     43#define PMU_GET_BRIGHTBUTTON       0xd9  /* report brightness up/down pos */
     44#define PMU_GET_COVER              0xdc  /* report cover open/closed */
     45#define PMU_SYSTEM_READY           0xdf  /* tell PMU we are awake */
     46#define PMU_DOWNLOAD_STATUS        0xe2  /* Called by MacOS during boot... */
     47#define PMU_READ_PMU_RAM           0xe8  /* read the PMU RAM... ??? */
     48#define PMU_GET_VERSION            0xea  /* read the PMU version */
     49
     50/* Bits to use with the PMU_POWER_CTRL0 command */
     51#define PMU_POW0_ON            0x80    /* OR this to power ON the device */
     52#define PMU_POW0_OFF           0x00    /* leave bit 7 to 0 to power it OFF */
     53#define PMU_POW0_HARD_DRIVE    0x04    /* Hard drive power
     54                                        * (on wallstreet/lombard ?) */
     55
     56/* Bits to use with the PMU_POWER_CTRL command */
     57#define PMU_POW_ON             0x80    /* OR this to power ON the device */
     58#define PMU_POW_OFF            0x00    /* leave bit 7 to 0 to power it OFF */
     59#define PMU_POW_BACKLIGHT      0x01    /* backlight power */
     60#define PMU_POW_CHARGER        0x02    /* battery charger power */
     61#define PMU_POW_IRLED          0x04    /* IR led power (on wallstreet) */
     62#define PMU_POW_MEDIABAY       0x08    /* media bay power
     63                                        * (wallstreet/lombard ?) */
     64
     65/* Bits in PMU interrupt and interrupt mask bytes */
     66#define PMU_INT_PCEJECT        0x04    /* PC-card eject buttons */
     67#define PMU_INT_SNDBRT         0x08    /* sound/brightness up/down buttons */
     68#define PMU_INT_ADB            0x10    /* ADB autopoll or reply data */
     69#define PMU_INT_BATTERY        0x20    /* Battery state change */
     70#define PMU_INT_ENVIRONMENT    0x40    /* Environment interrupts */
     71#define PMU_INT_TICK           0x80    /* 1-second tick interrupt */
     72
     73/* Other bits in PMU interrupt valid when PMU_INT_ADB is set */
     74#define PMU_INT_ADB_AUTO           0x04    /* ADB autopoll, when PMU_INT_ADB */
     75#define PMU_INT_WAITING_CHARGER    0x01    /* ??? */
     76#define PMU_INT_AUTO_SRQ_POLL      0x02    /* ??? */
     77
     78/* Bits in the environement message (either obtained via PMU_GET_COVER,
     79 * or via PMU_INT_ENVIRONMENT on core99 */
     80#define PMU_ENV_LID_CLOSED     0x01    /* The lid is closed */
     81
     82/* I2C related definitions */
     83#define PMU_I2C_MODE_SIMPLE    0
     84#define PMU_I2C_MODE_STDSUB    1
     85#define PMU_I2C_MODE_COMBINED  2
     86
     87#define PMU_I2C_BUS_STATUS     0
     88#define PMU_I2C_BUS_SYSCLK     1
     89#define PMU_I2C_BUS_POWER      2
     90
     91#define PMU_I2C_STATUS_OK          0
     92#define PMU_I2C_STATUS_DATAREAD    1
     93#define PMU_I2C_STATUS_BUSY        0xfe
     94
     95/* Kind of PMU (model) */
     96enum {
     97    PMU_UNKNOWN,
     98    PMU_OHARE_BASED,        /* 2400, 3400, 3500 (old G3 powerbook) */
     99    PMU_HEATHROW_BASED,     /* PowerBook G3 series */
    100    PMU_PADDINGTON_BASED,   /* 1999 PowerBook G3 */
    101    PMU_KEYLARGO_BASED,     /* Core99 motherboard (PMU99) */
    102    PMU_68K_V1,             /* 68K PMU, version 1 */
    103    PMU_68K_V2,             /* 68K PMU, version 2 */
    104};
    105
    106/* PMU PMU_POWER_EVENTS commands */
    107enum {
    108    PMU_PWR_GET_POWERUP_EVENTS = 0x00,
    109    PMU_PWR_SET_POWERUP_EVENTS = 0x01,
    110    PMU_PWR_CLR_POWERUP_EVENTS = 0x02,
    111    PMU_PWR_GET_WAKEUP_EVENTS = 0x03,
    112    PMU_PWR_SET_WAKEUP_EVENTS = 0x04,
    113    PMU_PWR_CLR_WAKEUP_EVENTS = 0x05,
    114};
    115
    116/* Power events wakeup bits */
    117enum {
    118    PMU_PWR_WAKEUP_KEY = 0x01,           /* Wake on key press */
    119    PMU_PWR_WAKEUP_AC_INSERT = 0x02,     /* Wake on AC adapter plug */
    120    PMU_PWR_WAKEUP_AC_CHANGE = 0x04,
    121    PMU_PWR_WAKEUP_LID_OPEN = 0x08,
    122    PMU_PWR_WAKEUP_RING = 0x10,
    123};
    124
    125/*
    126 * This table indicates for each PMU opcode:
    127 * - the number of data bytes to be sent with the command, or -1
    128 *   if a length byte should be sent,
    129 * - the number of response bytes which the PMU will return, or
    130 *   -1 if it will send a length byte.
    131 */
    132
    133static const int8_t pmu_data_len[256][2] = {
    134/*  0        1        2        3        4        5        6        7  */
    135    {-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    136    {-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
    137    { 1,  0},{ 1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    138    { 0,  1},{ 0,  1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{ 0,  0},
    139    {-1,  0},{ 0,  0},{ 2,  0},{ 1,  0},{ 1,  0},{-1,  0},{-1,  0},{-1,  0},
    140    { 0, -1},{ 0, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{ 0, -1},
    141    { 4,  0},{20,  0},{-1,  0},{ 3,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    142    { 0,  4},{ 0, 20},{ 2, -1},{ 2,  1},{ 3, -1},{-1, -1},{-1, -1},{ 4,  0},
    143    { 1,  0},{ 1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    144    { 0,  1},{ 0,  1},{-1, -1},{ 1,  0},{ 1,  0},{-1, -1},{-1, -1},{-1, -1},
    145    { 1,  0},{ 0,  0},{ 2,  0},{ 2,  0},{-1,  0},{ 1,  0},{ 3,  0},{ 1,  0},
    146    { 0,  1},{ 1,  0},{ 0,  2},{ 0,  2},{ 0, -1},{-1, -1},{-1, -1},{-1, -1},
    147    { 2,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    148    { 0,  3},{ 0,  3},{ 0,  2},{ 0,  8},{ 0, -1},{ 0, -1},{-1, -1},{-1, -1},
    149    { 1,  0},{ 1,  0},{ 1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    150    { 0, -1},{ 0, -1},{-1, -1},{-1, -1},{-1, -1},{ 5,  1},{ 4,  1},{ 4,  1},
    151    { 4,  0},{-1,  0},{ 0,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    152    { 0,  5},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
    153    { 1,  0},{ 2,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    154    { 0,  1},{ 0,  1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
    155    { 2,  0},{ 2,  0},{ 2,  0},{ 4,  0},{-1,  0},{ 0,  0},{-1,  0},{-1,  0},
    156    { 1,  1},{ 1,  0},{ 3,  0},{ 2,  0},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
    157    {-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    158    {-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
    159    {-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    160    {-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
    161    { 0,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    162    { 1,  1},{ 1,  1},{-1, -1},{-1, -1},{ 0,  1},{ 0, -1},{-1, -1},{-1, -1},
    163    {-1,  0},{ 4,  0},{ 0,  1},{-1,  0},{-1,  0},{ 4,  0},{-1,  0},{-1,  0},
    164    { 3, -1},{-1, -1},{ 0,  1},{-1, -1},{ 0, -1},{-1, -1},{-1, -1},{ 0,  0},
    165    {-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},{-1,  0},
    166    {-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
    167};
    168
    169/* Command protocol state machine */
    170typedef enum {
    171    pmu_state_idle, /* Waiting for command */
    172    pmu_state_cmd,  /* Receiving command */
    173    pmu_state_rsp,  /* Responding to command */
    174} PMUCmdState;
    175
    176/* MOS6522 PMU */
    177struct MOS6522PMUState {
    178    /*< private >*/
    179    MOS6522State parent_obj;
    180};
    181
    182#define TYPE_MOS6522_PMU "mos6522-pmu"
    183OBJECT_DECLARE_SIMPLE_TYPE(MOS6522PMUState, MOS6522_PMU)
    184/**
    185 * PMUState:
    186 * @last_b: last value of B register
    187 */
    188
    189struct PMUState {
    190    /*< private >*/
    191    SysBusDevice parent_obj;
    192    /*< public >*/
    193
    194    MemoryRegion mem;
    195    uint64_t frequency;
    196    qemu_irq via_irq;
    197    bool via_irq_state;
    198
    199    /* PMU state */
    200    MOS6522PMUState mos6522_pmu;
    201
    202    /* PMU low level protocol state */
    203    PMUCmdState cmd_state;
    204    uint8_t last_b;
    205    uint8_t cmd;
    206    uint32_t cmdlen;
    207    uint32_t rsplen;
    208    uint8_t cmd_buf_pos;
    209    uint8_t cmd_buf[128];
    210    uint8_t cmd_rsp_pos;
    211    uint8_t cmd_rsp_sz;
    212    uint8_t cmd_rsp[128];
    213
    214    /* PMU events/interrupts */
    215    uint8_t intbits;
    216    uint8_t intmask;
    217
    218    /* ADB */
    219    bool has_adb;
    220    ADBBusState adb_bus;
    221    uint8_t adb_reply_size;
    222    uint8_t adb_reply[ADB_MAX_OUT_LEN];
    223
    224    /* RTC */
    225    uint32_t tick_offset;
    226    QEMUTimer *one_sec_timer;
    227    int64_t one_sec_target;
    228
    229    /* GPIO */
    230    MacIOGPIOState *gpio;
    231};
    232
    233#define TYPE_VIA_PMU "via-pmu"
    234OBJECT_DECLARE_SIMPLE_TYPE(PMUState, VIA_PMU)
    235
    236#endif /* PMU_H */