Created
October 26, 2023 05:06
-
-
Save chris-pcguy/06a326e13ba2c83ba29d8ac303fb4f5f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/hw/arm/apple_a13.c b/hw/arm/apple_a13.c | |
index 2188683992..81b6e60db4 100644 | |
--- a/hw/arm/apple_a13.c | |
+++ b/hw/arm/apple_a13.c | |
@@ -504,14 +504,16 @@ static const ARMCPRegInfo apple_a13_cp_reginfo_tcg[] = { | |
A13_CPREG_DEF(ARM64_REG_HID13, 3, 0, 15, 14, 0, PL1_RW, 0), | |
A13_CPREG_DEF(ARM64_REG_HID14, 3, 0, 15, 15, 0, PL1_RW, 0), | |
A13_CPREG_DEF(ARM64_REG_HID16, 3, 0, 15, 15, 2, PL1_RW, 0), | |
- A13_CPREG_DEF(ARM64_REG_LSU_ERR_STS, 3, 3, 15, 0, 0, PL1_RW, 0), | |
+ A13_CPREG_DEF(ARM64_REG_LSU_ERR_STS, 3, 3, 15, 0, 0, PL1_RW, 0), // A14 SYS_LSU_ERR_STS | |
+ A13_CPREG_DEF(SYS_E_LSU_ERR_STS, 3, 3, 15, 2, 0, PL1_RW, 0), // A16 SYS_E_LSU_ERR_STS | |
+ A13_CPREG_DEF(SYS_E_FED_ERR_STS, 3, 4, 15, 0, 2, PL1_RW, 0), // A16 SYS_E_FED_ERR_STS | |
A13_CPREG_DEF(IMP_BARRIER_LBSY_BST_SYNC_W0_EL0, 3, 3, 15, 15, 0, PL1_RW, 0), | |
A13_CPREG_DEF(IMP_BARRIER_LBSY_BST_SYNC_W1_EL0, 3, 3, 15, 15, 1, PL1_RW, 0), | |
A13_CPREG_DEF(ARM64_REG_3_3_15_7, 3, 3, 15, 7, 0, PL1_RW, | |
0x8000000000332211ULL), | |
A13_CPREG_DEF(PMC0, 3, 2, 15, 0, 0, PL1_RW, 0), | |
A13_CPREG_DEF(PMC1, 3, 2, 15, 1, 0, PL1_RW, 0), | |
- A13_CPREG_DEF(PMCR0, 3, 1, 15, 0, 0, PL1_RW, 0), | |
+ A13_CPREG_DEF(PMCR0, 3, 1, 15, 0, 0, PL1_RW, 0), // duplicate of L2ACTLR? | |
A13_CPREG_DEF(PMCR1, 3, 1, 15, 1, 0, PL1_RW, 0), | |
A13_CPREG_DEF(PMSR, 3, 1, 15, 13, 0, PL1_RW, 0), | |
A13_CPREG_DEF(S3_4_c15_c0_5, 3, 4, 15, 0, 5, PL1_RW, 0), | |
@@ -520,7 +522,10 @@ static const ARMCPRegInfo apple_a13_cp_reginfo_tcg[] = { | |
A13_CPREG_DEF(ARM64_REG_CYC_OVRD, 3, 5, 15, 5, 0, PL1_RW, 0), | |
A13_CPREG_DEF(ARM64_REG_ACC_CFG, 3, 5, 15, 4, 0, PL1_RW, 0), | |
A13_CPREG_DEF(S3_5_c15_c10_1, 3, 5, 15, 10, 1, PL0_RW, 0), | |
- A13_CPREG_DEF(SYS_HCR_EL2, 3, 4, 1, 1, 0, PL1_RW, 0), | |
+ A13_CPREG_DEF(SYS_HCR_EL2, 3, 4, 1, 1, 0, PL1_RW, 0), // duplicate of HCR_EL2? | |
+ A13_CPREG_DEF(SYS_PRE_LLCFLUSH_TMR, 3, 5, 15, 7, 0, PL1_RW, 0), | |
+ A13_CPREG_DEF(SYS_ACC_PWR_DN_SAVE, 3, 7, 15, 2, 0, PL1_RW, 0), | |
+ A13_CPREG_DEF(SYS_AON_CNT_CTL, 3, 7, 15, 4, 0, PL1_RW, 0), | |
A13_CPREG_DEF(UPMPCM, 3, 7, 15, 5, 4, PL1_RW, 0), | |
A13_CPREG_DEF(UPMCR0, 3, 7, 15, 0, 4, PL1_RW, 0), | |
A13_CPREG_DEF(UPMSR, 3, 7, 15, 6, 4, PL1_RW, 0), | |
@@ -586,6 +591,24 @@ static const ARMCPRegInfo apple_a13_cp_reginfo_tcg[] = { | |
.readfn = apple_a13_ipi_read_cr, | |
.writefn = apple_a13_ipi_write_cr, | |
}, | |
+#if 0 | |
+ { | |
+ .cp = CP_REG_ARM64_SYSREG_CP, | |
+ .name = "SYS_ACC_PWR_DN_SAVE", | |
+ .opc0 = 3, | |
+ .crn = 15, | |
+ .crm = 2, | |
+ .opc1 = 7, | |
+ .opc2 = 0, | |
+ .access = PL1_RW, | |
+ .resetvalue = 0, | |
+ .state = ARM_CP_STATE_AA64, | |
+ .fieldoffset = | |
+ offsetof(AppleA13State, A13_CPREG_VAR_NAME(SYS_ACC_PWR_DN_SAVE)) - | |
+ offsetof(ARMCPU, env), | |
+ .resetfn = arm_cp_reset_ignore, | |
+ }, | |
+#endif | |
}; | |
static void apple_a13_add_cpregs(AppleA13State *tcpu) | |
@@ -719,7 +742,9 @@ AppleA13State *apple_a13_cpu_create(DTBNode *node, char *name, uint32_t cpu_id, | |
} | |
} | |
- if (tcpu->cpu_id == 0 || node == NULL) { | |
+ if (tcpu->cpu_id == 0/* || node == NULL*/) | |
+ //if (/*tcpu->cpu_id == 0 || */node == NULL) | |
+ { | |
if (node) { | |
set_dtb_prop(node, "state", 8, "running"); | |
} | |
@@ -743,8 +768,12 @@ AppleA13State *apple_a13_cpu_create(DTBNode *node, char *name, uint32_t cpu_id, | |
set_dtb_prop(node, "clock-frequency", sizeof(freq), &freq); | |
} | |
- object_property_set_bool(obj, "has_el3", false, NULL); | |
- object_property_set_bool(obj, "has_el2", false, NULL); | |
+ //if (node != NULL) | |
+ { | |
+ object_property_set_bool(obj, "has_el3", false, NULL); | |
+ object_property_set_bool(obj, "has_el2", false, NULL); | |
+ //object_property_set_bool(obj, "sve", false, NULL); | |
+ } | |
memory_region_init(&tcpu->memory, obj, "cpu-memory", UINT64_MAX); | |
memory_region_init_alias(&tcpu->sysmem, obj, "sysmem", get_system_memory(), | |
@@ -818,9 +847,11 @@ static const VMStateDescription vmstate_apple_a13 = { | |
VMSTATE_A13_CPREG(ARM64_REG_HID14), | |
VMSTATE_A13_CPREG(ARM64_REG_HID16), | |
VMSTATE_A13_CPREG(ARM64_REG_LSU_ERR_STS), | |
+ VMSTATE_A13_CPREG(SYS_E_LSU_ERR_STS), | |
+ VMSTATE_A13_CPREG(SYS_E_FED_ERR_STS), | |
VMSTATE_A13_CPREG(PMC0), | |
VMSTATE_A13_CPREG(PMC1), | |
- VMSTATE_A13_CPREG(PMCR0), | |
+ VMSTATE_A13_CPREG(PMCR0), // | |
VMSTATE_A13_CPREG(PMCR1), | |
VMSTATE_A13_CPREG(PMSR), | |
VMSTATE_A13_CPREG(S3_4_c15_c0_5), | |
@@ -829,7 +860,10 @@ static const VMStateDescription vmstate_apple_a13 = { | |
VMSTATE_A13_CPREG(ARM64_REG_CYC_OVRD), | |
VMSTATE_A13_CPREG(ARM64_REG_ACC_CFG), | |
VMSTATE_A13_CPREG(S3_5_c15_c10_1), | |
- VMSTATE_A13_CPREG(SYS_HCR_EL2), | |
+ VMSTATE_A13_CPREG(SYS_HCR_EL2), // | |
+ VMSTATE_A13_CPREG(SYS_PRE_LLCFLUSH_TMR), | |
+ VMSTATE_A13_CPREG(SYS_ACC_PWR_DN_SAVE), | |
+ VMSTATE_A13_CPREG(SYS_AON_CNT_CTL), | |
VMSTATE_A13_CPREG(UPMPCM), | |
VMSTATE_A13_CPREG(UPMCR0), | |
VMSTATE_A13_CPREG(UPMSR), | |
diff --git a/hw/arm/apple_a13_gxf.c b/hw/arm/apple_a13_gxf.c | |
index 6420b4d451..93b22a7185 100644 | |
--- a/hw/arm/apple_a13_gxf.c | |
+++ b/hw/arm/apple_a13_gxf.c | |
@@ -7,9 +7,6 @@ | |
#include "target/arm/cpu.h" | |
#include "target/arm/internals.h" | |
-CPAccessResult access_tvm_trvm(CPUARMState *env, const ARMCPRegInfo *ri, | |
- bool isread); | |
- | |
static CPAccessResult access_gxf(CPUARMState *env, const ARMCPRegInfo *ri, | |
bool isread) | |
{ | |
diff --git a/hw/arm/apple_sep.c b/hw/arm/apple_sep.c | |
index 36b67dee06..cf31fbfa41 100644 | |
--- a/hw/arm/apple_sep.c | |
+++ b/hw/arm/apple_sep.c | |
@@ -22,16 +22,75 @@ | |
#include "hw/arm/apple_a13.h" | |
#include "hw/arm/apple_a9.h" | |
#include "hw/arm/apple_sep.h" | |
+#include "hw/misc/apple_mbox.h" | |
#include "hw/arm/xnu.h" | |
#include "hw/core/cpu.h" | |
#include "qapi/error.h" | |
#include "qemu/error-report.h" | |
#include "qemu/log.h" | |
#include "qemu/units.h" | |
+#include "hw/arm/t8030.h" | |
+#include "exec/address-spaces.h" | |
+#include "hw/irq.h" | |
+ | |
+//#define DO_SECUREROM 1 | |
+ | |
+static void apple_sep_reset(DeviceState *dev); | |
+static void apple_sep_cpu_reset_work(CPUState *cpu, run_on_cpu_data data); | |
+static void apple_sep_cpu_reset_work_only_pc(CPUState *cpu, run_on_cpu_data data); | |
+ | |
+static void AppleSEPResetMisc_func(vaddr vector) { | |
+ MachineState *machine = MACHINE(qdev_get_machine()); | |
+ T8030MachineState *tms = T8030_MACHINE(machine); | |
+ //CPUARMState *env; | |
+ AppleSEPState *sep; | |
+ sep = APPLE_SEP(object_property_get_link(OBJECT(machine), "sep", &error_fatal)); | |
+ AppleA13State *tcpu = APPLE_A13(sep->cpu); | |
+ fprintf(stderr, "AppleSEPResetMisc: entered function: vector=0x" HWADDR_FMT_plx "\n", vector); | |
+#if 0 | |
+ T8030MachineState *tms = T8030_MACHINE(machine); | |
+ MemoryRegion *sysmem = tms->sysmem; | |
+ AddressSpace *nsas = &address_space_memory; | |
+ size_t garbage = 0; | |
+ macho_load_raw_file(tms->sepfw_filename, nsas, sysmem, "sepfw", 0x800000000ULL, &garbage); | |
+#endif | |
+#if 1 | |
+ sep->base = vector; | |
+ object_property_set_uint(OBJECT(sep->cpu), "rvbar", sep->base & ~0xFFF, NULL); | |
+ //AppleA13State *tcpu = APPLE_A13(sep->cpu); | |
+ //object_property_set_uint(OBJECT(sep->cpu), "x0", 0x800734000ULL, NULL); | |
+ //env = &ARM_CPU(cpu)->env; | |
+ //env->xregs[0] = 0x800734000ULL; | |
+ //apple_sep_reset(DEVICE(sep)); | |
+ //AppleSEPState *s = APPLE_SEP(dev); | |
+ //run_on_cpu(CPU(sep->cpu), apple_sep_cpu_reset_work, RUN_ON_CPU_HOST_PTR(sep)); | |
+ run_on_cpu(CPU(sep->cpu), apple_sep_cpu_reset_work_only_pc, RUN_ON_CPU_HOST_PTR(sep)); | |
+ if (apple_a13_cpu_is_powered_off(APPLE_A13(sep->cpu))) { | |
+ apple_a13_cpu_start(APPLE_A13(sep->cpu)); | |
+ } | |
+#endif | |
+#if 0 | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(sep->cpu), ARM_CPU_IRQ)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(sep->cpu), ARM_CPU_FIQ)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(sep->cpu), GTIMER_VIRT)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(sep->cpu), 0)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(sep->cpu), 1)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(sep->cpu), 2)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(sep->cpu), 3)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(tms->aic), 0xd4)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(tms->aic), 0xd5)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(tms->aic), 0xd6)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(tms->aic), 0xd7)); | |
+ qemu_irq_raise(qdev_get_gpio_in(DEVICE(tms->aic), 0xba)); | |
+ qemu_irq_raise(tcpu->fast_ipi); | |
+#endif | |
+ fprintf(stderr, "AppleSEPResetMisc: left function\n"); | |
+} | |
static void trng_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
unsigned size) | |
{ | |
+ //AppleSEPResetMisc_func(0x800000000ULL); | |
switch (addr) { | |
default: | |
qemu_log_mask(LOG_UNIMP, | |
@@ -152,8 +211,22 @@ static uint64_t misc1_reg_read(void *opaque, hwaddr addr, unsigned size) | |
switch (addr) { | |
case 0xc: // ???? bit1 clear, bit0 set | |
return (0 << 1) | (1 << 0); | |
- // case 0x20: | |
- // return 0x1; | |
+ //case 0x1c: // returning hardcoded values causes panics | |
+ // //return 0; // disabling memory encryption? | |
+ // return (1 << 29); // part1 of enabling FUN_240003fcc_wait_for_DAT_23d2bc004 ; memory encryption? | |
+ // case 0x20: // returning hardcoded values causes panics | |
+ // return 0; // disabling memory encryption? | |
+ // //return 0x1; // part0 of enabling FUN_240003fcc_wait_for_DAT_23d2bc004 ; memory encryption? | |
+#if 0 | |
+ case 0x1c: | |
+ memcpy(&ret, &s->misc1_regs[addr], size); | |
+ ret |= (1 << 29); | |
+ break; | |
+ case 0x20: | |
+ memcpy(&ret, &s->misc1_regs[addr], size); | |
+ ret |= 0x1; | |
+ break; | |
+#endif | |
case 0xe4: // ???? | |
return 0x0; | |
case 0x280: // ???? | |
@@ -203,6 +276,7 @@ static uint64_t misc2_reg_read(void *opaque, hwaddr addr, unsigned size) | |
switch (addr) { | |
case 0x24: // ???? | |
return 0x0; | |
+ //return 0x2; | |
default: | |
memcpy(&ret, &s->misc2_regs[addr], size); | |
qemu_log_mask(LOG_UNIMP, | |
@@ -225,6 +299,396 @@ static const MemoryRegionOps misc2_reg_ops = { | |
.valid.unaligned = false, | |
}; | |
+static void misc39_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
+ unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ switch (addr) { | |
+ default: | |
+ memcpy(&s->misc39_regs[addr], &data, size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC39: Unknown write at 0x" HWADDR_FMT_plx | |
+ " with value 0x" HWADDR_FMT_plx "\n", | |
+ addr, data); | |
+ break; | |
+ } | |
+} | |
+ | |
+static uint64_t misc39_reg_read(void *opaque, hwaddr addr, unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ uint64_t ret = 0; | |
+ // 0x0;0x4 == T8101 | |
+ // 0x4;0x8 == T8020 | |
+ | |
+ switch (addr) { | |
+#if 0 | |
+ //case 0x00: // ???? T8101 | |
+ // return 0x1; | |
+ //case 0x04: // ???? T8101 | |
+ // return 0x1; | |
+ case 0x04: // ???? T8020 | |
+ //return 0x1; | |
+ return 0x0; // required for misc9 0x318 | |
+ case 0x08: // ???? T8020 | |
+ //return 0x1; | |
+ return 0x0; | |
+#endif | |
+ default: | |
+ memcpy(&ret, &s->misc39_regs[addr], size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC39: Unknown read at 0x" HWADDR_FMT_plx "\n", | |
+ addr); | |
+ break; | |
+ } | |
+ | |
+ return ret; | |
+} | |
+ | |
+static const MemoryRegionOps misc39_reg_ops = { | |
+ .write = misc39_reg_write, | |
+ .read = misc39_reg_read, | |
+ .endianness = DEVICE_NATIVE_ENDIAN, | |
+ .valid.min_access_size = 4, | |
+ .valid.max_access_size = 4, | |
+ .impl.min_access_size = 4, | |
+ .impl.max_access_size = 4, | |
+ .valid.unaligned = false, | |
+}; | |
+ | |
+#if 1 | |
+static void misc4_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
+ unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ switch (addr) { | |
+#if 0 | |
+ case 0x14: | |
+ if (!!(data & 1)) { | |
+ uint64_t vector = *(uint64_t*)(&s->misc4_regs[0x20]); | |
+ AppleSEPResetMisc_func(vector); | |
+ } | |
+ break; | |
+#endif | |
+ default: | |
+ memcpy(&s->misc4_regs[addr], &data, size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC4: Unknown write at 0x" HWADDR_FMT_plx | |
+ " with value 0x" HWADDR_FMT_plx "\n", | |
+ addr, data); | |
+ break; | |
+ } | |
+} | |
+ | |
+static uint64_t misc4_reg_read(void *opaque, hwaddr addr, unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ uint64_t ret = 0; | |
+ | |
+ switch (addr) { | |
+ case 0x00: // ???? because of WFE FUN_240011488_DAT_241500000_wfe, hangs otherwise, fix it properly! | |
+ return 0x0; | |
+ case 0x04: // ???? because of WFE FUN_2400113cc_DAT_241500004_wfe, hangs otherwise, fix it properly! | |
+ return 0x0; | |
+ case 0x0c: // ???? because of switch case FUN_2400113ec_DAT_24150000c_should_be_0, panics otherwise | |
+ return 0x0; | |
+ default: | |
+ memcpy(&ret, &s->misc4_regs[addr], size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC4: Unknown read at 0x" HWADDR_FMT_plx "\n", | |
+ addr); | |
+ break; | |
+ } | |
+ | |
+ return ret; | |
+} | |
+ | |
+static const MemoryRegionOps misc4_reg_ops = { | |
+ .write = misc4_reg_write, | |
+ .read = misc4_reg_read, | |
+ .endianness = DEVICE_NATIVE_ENDIAN, | |
+ .valid.min_access_size = 4, | |
+ .valid.max_access_size = 4, | |
+ .impl.min_access_size = 4, | |
+ .impl.max_access_size = 4, | |
+ .valid.unaligned = false, | |
+}; | |
+#endif | |
+ | |
+static void misc5_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
+ unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ switch (addr) { | |
+ default: | |
+ memcpy(&s->misc5_regs[addr], &data, size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC5: Unknown write at 0x" HWADDR_FMT_plx | |
+ " with value 0x" HWADDR_FMT_plx "\n", | |
+ addr, data); | |
+ break; | |
+ } | |
+} | |
+ | |
+static uint64_t misc5_reg_read(void *opaque, hwaddr addr, unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ uint64_t ret = 0; | |
+ | |
+ switch (addr) { | |
+ default: | |
+ memcpy(&ret, &s->misc5_regs[addr], size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC5: Unknown read at 0x" HWADDR_FMT_plx "\n", | |
+ addr); | |
+ break; | |
+ } | |
+ | |
+ return ret; | |
+} | |
+ | |
+static const MemoryRegionOps misc5_reg_ops = { | |
+ .write = misc5_reg_write, | |
+ .read = misc5_reg_read, | |
+ .endianness = DEVICE_NATIVE_ENDIAN, | |
+ .valid.min_access_size = 4, | |
+ .valid.max_access_size = 4, | |
+ .impl.min_access_size = 4, | |
+ .impl.max_access_size = 4, | |
+ .valid.unaligned = false, | |
+}; | |
+ | |
+static void misc6_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
+ unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ switch (addr) { | |
+ default: | |
+ memcpy(&s->misc6_regs[addr], &data, size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC6: Unknown write at 0x" HWADDR_FMT_plx | |
+ " with value 0x" HWADDR_FMT_plx "\n", | |
+ addr, data); | |
+ break; | |
+ } | |
+} | |
+ | |
+static uint64_t misc6_reg_read(void *opaque, hwaddr addr, unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ uint64_t ret = 0; | |
+ | |
+ switch (addr) { | |
+ default: | |
+ memcpy(&ret, &s->misc6_regs[addr], size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC6: Unknown read at 0x" HWADDR_FMT_plx "\n", | |
+ addr); | |
+ break; | |
+ } | |
+ | |
+ return ret; | |
+} | |
+ | |
+static const MemoryRegionOps misc6_reg_ops = { | |
+ .write = misc6_reg_write, | |
+ .read = misc6_reg_read, | |
+ .endianness = DEVICE_NATIVE_ENDIAN, | |
+ .valid.min_access_size = 4, | |
+ .valid.max_access_size = 4, | |
+ .impl.min_access_size = 4, | |
+ .impl.max_access_size = 4, | |
+ .valid.unaligned = false, | |
+}; | |
+ | |
+typedef struct QEMU_PACKED sep_message { | |
+ uint8_t endpoint; | |
+ uint8_t tag; | |
+ uint8_t opcode; | |
+ uint8_t param; | |
+ uint32_t data; | |
+} *sep_message_t; | |
+ | |
+static void misc7_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
+ unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ apple_mbox_msg_t msg0 = NULL; | |
+ apple_mbox_msg_t msg1 = NULL; | |
+ apple_mbox_msg_t msg2 = NULL; | |
+ apple_mbox_msg_t msg3 = NULL; | |
+ apple_mbox_msg_t msg4 = NULL; | |
+ apple_mbox_msg_t msg5 = NULL; | |
+ sep_message_t sep_msg = NULL; | |
+ switch (addr) { | |
+ //case 0x8: | |
+ case 0x4: | |
+ //if (data == 0x2cbd3509) | |
+ if (data == 0xf2e31133) | |
+ { | |
+ sep_msg = g_new0(struct sep_message, 1); | |
+ msg0 = g_new0(struct apple_mbox_msg, 1); | |
+ msg1 = g_new0(struct apple_mbox_msg, 1); | |
+ msg2 = g_new0(struct apple_mbox_msg, 1); | |
+ msg3 = g_new0(struct apple_mbox_msg, 1); | |
+ msg4 = g_new0(struct apple_mbox_msg, 1); | |
+ msg5 = g_new0(struct apple_mbox_msg, 1); | |
+ sep_msg->endpoint = 0xff; | |
+ | |
+#if 0 | |
+ sep_msg->opcode = 1; // kOpCode_Ping | |
+ sep_msg->tag = 0x70; | |
+ memcpy(msg5->data, sep_msg, 16); | |
+ apple_mbox_inbox_push(s->mbox, msg5); | |
+ IOP_LOG_MSG(s->mbox, "SEP MISC7: Sent fake SEPROM_Opcode1/kOpCode_Ping", msg5); | |
+#endif | |
+ | |
+ sep_msg->opcode = 3; // kOpCode_GenerateNonce | |
+ sep_msg->tag = 0x67; | |
+ memcpy(msg0->data, sep_msg, 16); | |
+ apple_mbox_inbox_push(s->mbox, msg0); | |
+ IOP_LOG_MSG(s->mbox, "SEP MISC7: Sent fake SEPROM_Opcode3/kOpCode_GenerateNonce", msg0); | |
+ | |
+#if 0 | |
+ sep_msg->opcode = 4; // Opcode 4 | |
+ sep_msg->tag = 0x6e; | |
+ memcpy(msg4->data, sep_msg, 16); | |
+ apple_mbox_inbox_push(s->mbox, msg4); | |
+ IOP_LOG_MSG(s->mbox, "SEP MISC7: Sent fake SEPROM_Opcode4/kOpCode_GetNonceWord", msg4); | |
+ | |
+ sep_msg->opcode = 15; // Opcode 15 | |
+ sep_msg->tag = 0x0; | |
+ memcpy(msg2->data, sep_msg, 16); | |
+ apple_mbox_inbox_push(s->mbox, msg2); | |
+ IOP_LOG_MSG(s->mbox, "SEP MISC7: Sent fake SEPROM_Opcode15/kOpCode_SendDpa", msg2); | |
+ | |
+ sep_msg->opcode = 16; // Opcode 16 | |
+ sep_msg->tag = 0x0; | |
+ memcpy(msg3->data, sep_msg, 16); | |
+ apple_mbox_inbox_push(s->mbox, msg3); | |
+ IOP_LOG_MSG(s->mbox, "SEP MISC7: Sent fake SEPROM_Opcode16", msg3); | |
+#endif | |
+ | |
+ sep_msg->opcode = 17; // Opcode 17 | |
+ sep_msg->tag = 0x0; | |
+ //sep_msg->data = 0x2000; // 0x2000 | |
+ //sep_msg->data = 0x3200; // iBoot on iOS 12.0 for T8020 says 0x3200 (0x1c52000 bytes). Might not be enough for SEPOS in iOS 14.4.2. | |
+ //sep_msg->data = 0x4000; // iBoot on iOS 13.0/13.7 for T8020 says 0x4000 (0x2440000 bytes). Might not be enough for SEPOS in iOS 14.4.2. | |
+ //sep_msg->data = 0x3400; // SEPFW on iOS 14.4.2 for T8020 wants something higher | |
+ //sep_msg->data = 0x3800; // SEPFW on iOS 14.4.2 for T8020 wants something higher | |
+ //sep_msg->data = 0x6000; // SEPFW on iOS 14.4.2 for T8020 wants something higher | |
+ sep_msg->data = 0x8000; // SEPFW on iOS 14.0/14.4.2 for T8020, if I found the correct data in Ghidra. | |
+ // max value 0x8000, checked in SEPROM:FUN_240011564_maybe_check_amcc. | |
+ // size in bytes == value * 0x910 | |
+ memcpy(msg1->data, sep_msg, 16); | |
+ apple_mbox_inbox_push(s->mbox, msg1); | |
+ IOP_LOG_MSG(s->mbox, "SEP MISC7: Sent fake SEPROM_Opcode17", msg1); | |
+ } | |
+ goto jump_default; | |
+ //QEMU_FALLTHROUGH; | |
+ break; | |
+ default: | |
+ jump_default: | |
+ memcpy(&s->misc7_regs[addr], &data, size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC7: Unknown write at 0x" HWADDR_FMT_plx | |
+ " with value 0x" HWADDR_FMT_plx "\n", | |
+ addr, data); | |
+ break; | |
+ } | |
+} | |
+ | |
+static uint64_t misc7_reg_read(void *opaque, hwaddr addr, unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ uint64_t ret = 0; | |
+ | |
+ switch (addr) { | |
+ default: | |
+ memcpy(&ret, &s->misc7_regs[addr], size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC7: Unknown read at 0x" HWADDR_FMT_plx "\n", | |
+ addr); | |
+ break; | |
+ } | |
+ | |
+ return ret; | |
+} | |
+ | |
+static const MemoryRegionOps misc7_reg_ops = { | |
+ .write = misc7_reg_write, | |
+ .read = misc7_reg_read, | |
+ .endianness = DEVICE_NATIVE_ENDIAN, | |
+ .valid.min_access_size = 4, | |
+ .valid.max_access_size = 4, | |
+ .impl.min_access_size = 4, | |
+ .impl.max_access_size = 4, | |
+ .valid.unaligned = false, | |
+}; | |
+ | |
+static void misc8_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
+ unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ switch (addr) { | |
+ default: | |
+ memcpy(&s->misc8_regs[addr], &data, size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC8: Unknown write at 0x" HWADDR_FMT_plx | |
+ " with value 0x" HWADDR_FMT_plx "\n", | |
+ addr, data); | |
+ break; | |
+ } | |
+} | |
+ | |
+static uint64_t misc8_reg_read(void *opaque, hwaddr addr, unsigned size) | |
+{ | |
+ AppleSEPState *s = APPLE_SEP(opaque); | |
+ uint64_t ret = 0; | |
+ | |
+ switch (addr) { | |
+#if 0 | |
+ case 0x310: | |
+ memcpy(&ret, &s->misc8_regs[addr], size); | |
+ //ret = 8 * 1024; // size in KiB ; param_1_DAT_800013fe0[1] | |
+ ////ret = 1 * 1024 * 1024; // size in KiB ; param_1_DAT_800013fe0[1] | |
+ ////ret = 2 * 1024 * 1024; // size in KiB ; param_1_DAT_800013fe0[1] | |
+ break; | |
+#endif | |
+#if 0 | |
+ case 0x318: | |
+ //memcpy(&ret, &s->misc8_regs[addr], size); | |
+ // maybe size for base 0x800000000 | |
+ //ret = 8 * 1024; // size in KiB ; field489_0x10e0_amcc_entry_base_plus_misc8_00318_bytes = amcc_entry_base + (ulong)misc8_00318 * -0x400 >> 1 & 0x7fffffffffffc000; | |
+ ////ret = 2 * 1024 * 1024; | |
+ ////ret = 0; | |
+ //ret = 0xd00000; | |
+ //ret = 0xe00000; | |
+ ret = 32 * 1024; | |
+ break; | |
+#endif | |
+ default: | |
+ memcpy(&ret, &s->misc8_regs[addr], size); | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "SEP MISC8: Unknown read at 0x" HWADDR_FMT_plx "\n", | |
+ addr); | |
+ break; | |
+ } | |
+ | |
+ return ret; | |
+} | |
+ | |
+static const MemoryRegionOps misc8_reg_ops = { | |
+ .write = misc8_reg_write, | |
+ .read = misc8_reg_read, | |
+ .endianness = DEVICE_NATIVE_ENDIAN, | |
+ .valid.min_access_size = 4, | |
+ .valid.max_access_size = 4, | |
+ .impl.min_access_size = 4, | |
+ .impl.max_access_size = 4, | |
+ .valid.unaligned = false, | |
+}; | |
+ | |
static const struct AppleMboxOps sep_mailbox_ops = {}; | |
@@ -262,6 +726,7 @@ AppleSEPState *apple_sep_create(DTBNode *node, vaddr base, uint32_t cpu_id, | |
BUILD_VERSION_MAJOR(build_version) - 3, | |
&sep_mailbox_ops); | |
apple_mbox_set_real(s->mbox, true); | |
+ //s->mbox->AppleSEPResetMisc_func = (AppleSEPResetMisc*)AppleSEPResetMisc_func; | |
object_property_add_child(OBJECT(s), "mbox", OBJECT(s->mbox)); | |
@@ -271,18 +736,42 @@ AppleSEPState *apple_sep_create(DTBNode *node, vaddr base, uint32_t cpu_id, | |
sysbus_pass_irq(sbd, SYS_BUS_DEVICE(s->mbox)); | |
sysbus_pass_irq(sbd, SYS_BUS_DEVICE(s->cpu)); | |
- memory_region_init_io(&s->trng_mr, OBJECT(dev), &trng_reg_ops, s, | |
- "sep.trng", 0x100); | |
- sysbus_init_mmio(sbd, &s->trng_mr); | |
+ memory_region_init_io(&s->trng_t8101_mr, OBJECT(dev), &trng_reg_ops, s, | |
+ "sep.trng_t8101", 0x100); // TRNG T8101 | |
+ sysbus_init_mmio(sbd, &s->trng_t8101_mr); | |
memory_region_init_io(&s->misc0_mr, OBJECT(dev), &misc0_reg_ops, s, | |
- "sep.misc0", 0x100); | |
+ "sep.misc0", 0x100); // MISC0 | |
sysbus_init_mmio(sbd, &s->misc0_mr); | |
memory_region_init_io(&s->misc1_mr, OBJECT(dev), &misc1_reg_ops, s, | |
- "sep.misc1", 0x1000); | |
+ "sep.misc1", 0x1000); // MISC1 | |
sysbus_init_mmio(sbd, &s->misc1_mr); | |
memory_region_init_io(&s->misc2_mr, OBJECT(dev), &misc2_reg_ops, s, | |
- "sep.misc2", 0x100); | |
+ "sep.misc2", 0x100); // MISC2 | |
sysbus_init_mmio(sbd, &s->misc2_mr); | |
+ memory_region_init_io(&s->misc3_mr, OBJECT(dev), &misc39_reg_ops, s, | |
+ "sep.misc39_t8101", 0x100); // MISC39 T8101 | |
+ sysbus_init_mmio(sbd, &s->misc3_mr); | |
+ memory_region_init_io(&s->misc4_mr, OBJECT(dev), &misc4_reg_ops, s, | |
+ "sep.misc4", 0x100); // MISC4 // T8101 BootMonitor for SEPOS loading? | |
+ sysbus_init_mmio(sbd, &s->misc4_mr); | |
+ memory_region_init_io(&s->misc5_mr, OBJECT(dev), &misc5_reg_ops, s, | |
+ "sep.misc5", 0x100); // MISC5 | |
+ sysbus_init_mmio(sbd, &s->misc5_mr); | |
+ memory_region_init_io(&s->misc6_mr, OBJECT(dev), &misc6_reg_ops, s, | |
+ "sep.misc6", 0x1000); // MISC6 | |
+ sysbus_init_mmio(sbd, &s->misc6_mr); | |
+ memory_region_init_io(&s->misc7_mr, OBJECT(dev), &misc7_reg_ops, s, | |
+ "sep.misc7", 0x1000); // MISC7 ; was: MISC78 Sicily(T8101). now: Some encrypted data from SEPROM. | |
+ sysbus_init_mmio(sbd, &s->misc7_mr); | |
+ memory_region_init_io(&s->misc8_mr, OBJECT(dev), &misc8_reg_ops, s, | |
+ "sep.misc8", 0x40000); // MISC8 ; was: MISC78 T8006/T8020. now: MISC8. | |
+ sysbus_init_mmio(sbd, &s->misc8_mr); | |
+ memory_region_init_io(&s->trng_t8020_mr, OBJECT(dev), &trng_reg_ops, s, | |
+ "sep.trng_t8020", 0x100); // TRNG T8020 | |
+ sysbus_init_mmio(sbd, &s->trng_t8020_mr); | |
+ memory_region_init_io(&s->misc9_mr, OBJECT(dev), &misc39_reg_ops, s, | |
+ "sep.misc39_t8020", 0x100); // MISC39 T8020 | |
+ sysbus_init_mmio(sbd, &s->misc9_mr); | |
DTBNode *child = find_dtb_node(node, "iop-sep-nub"); | |
assert(child); | |
//! SEPFW needs to be loaded by restore, supposedly | |
@@ -294,7 +783,46 @@ AppleSEPState *apple_sep_create(DTBNode *node, vaddr base, uint32_t cpu_id, | |
static void apple_sep_cpu_reset_work(CPUState *cpu, run_on_cpu_data data) | |
{ | |
AppleSEPState *s = data.host_ptr; | |
+ AddressSpace *nsas = &address_space_memory; | |
+ MachineState *machine = MACHINE(qdev_get_machine()); | |
+ T8030MachineState *tms = T8030_MACHINE(machine); | |
cpu_reset(cpu); | |
+#ifdef DO_SECUREROM | |
+ // make it possible to re-run SEPROM after SecureROM panics without powering off | |
+ // replaces e.g.: set *0x241130840=0x0 ; set *0x241130800=0x0 | |
+ //address_space_set(nsas, tms->soc_base_pa + 0x41000000, 0, 0x3000000, MEMTXATTRS_UNSPECIFIED); | |
+ address_space_set(nsas, tms->soc_base_pa + 0x41000000, 0, 0x1000000, MEMTXATTRS_UNSPECIFIED); | |
+#endif | |
+ fprintf(stderr, "apple_sep_cpu_reset_work: before cpu_set_pc: base=0x" HWADDR_FMT_plx "\n", s->base); | |
+ cpu_set_pc(cpu, s->base); | |
+} | |
+ | |
+static void apple_sep_cpu_reset_work_only_pc(CPUState *cpu, run_on_cpu_data data) | |
+{ | |
+ AppleSEPState *s = data.host_ptr; | |
+ CPUARMState *env; | |
+ AppleA13State *tcpu = APPLE_A13(cpu); | |
+ uint64_t pwr_dn_save; | |
+ //uint64_t cpacr_tmp; | |
+ env = &ARM_CPU(cpu)->env; | |
+ pwr_dn_save = tcpu->A13_CPREG_VAR_NAME(SYS_ACC_PWR_DN_SAVE); | |
+ //cpacr_tmp = env->cp15.cpacr_el1; | |
+ //cpacr_tmp = FIELD_EX64(env->cp15.cpacr_el1, CPACR_EL1, FPEN); | |
+ //fprintf(stderr, "apple_sep_cpu_reset_work_only_pc: t0: cpacr_tmp=0x" HWADDR_FMT_plx "\n", cpacr_tmp); | |
+ //fprintf(stderr, "apple_sep_cpu_reset_work_only_pc: t0: env->cp15.cpacr_el1=0x" HWADDR_FMT_plx "\n", env->cp15.cpacr_el1); | |
+ //cpu_reset(cpu); | |
+ tcpu->A13_CPREG_VAR_NAME(SYS_ACC_PWR_DN_SAVE) = pwr_dn_save; | |
+ //tcpu->A13_CPREG_VAR_NAME(CPACR) = cpacr_tmp; | |
+ //env->cp15.cpacr_el1 = cpacr_tmp; | |
+ //env->cp15.cpacr_el1 = FIELD_DP64(env->cp15.cpacr_el1, CPACR_EL1, FPEN, cpacr_tmp); | |
+ //fprintf(stderr, "apple_sep_cpu_reset_work_only_pc: t1: env->cp15.cpacr_el1=0x" HWADDR_FMT_plx "\n", env->cp15.cpacr_el1); | |
+ //arm_rebuild_hflags(env); | |
+ //fprintf(stderr, "apple_sep_cpu_reset_work_only_pc: t2: env->cp15.cpacr_el1=0x" HWADDR_FMT_plx "\n", env->cp15.cpacr_el1); | |
+ fprintf(stderr, "apple_sep_cpu_reset_work_only_pc: before cpu_set_pc: base=0x" HWADDR_FMT_plx "\n", s->base); | |
+ //env->xregs[0] = 0x800734000ULL; | |
+ env->xregs[0] = tcpu->A13_CPREG_VAR_NAME(SYS_ACC_PWR_DN_SAVE); | |
+ env->xregs[1] = s->base; // HACK because the first instruction sometimes gets skipped. Maybe because of the commented out cpu_reset(), because of FPU stuff. (0x800005da4) | |
+ fprintf(stderr, "apple_sep_cpu_reset_work_only_pc: new x0=0x" HWADDR_FMT_plx "\n", env->xregs[0]); | |
cpu_set_pc(cpu, s->base); | |
} | |
@@ -310,8 +838,8 @@ static void apple_sep_realize(DeviceState *dev, Error **errp) | |
sysbus_realize(SYS_BUS_DEVICE(s->mbox), errp); | |
qdev_realize(DEVICE(s->cpu), NULL, errp); | |
- qdev_connect_gpio_out_named(DEVICE(s->mbox), APPLE_MBOX_IOP_IRQ, 0, | |
- qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ)); | |
+ qdev_connect_gpio_out_named(DEVICE(s->mbox), APPLE_MBOX_IOP_IRQ, 0, qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ)); | |
+ //qdev_connect_gpio_out_named(DEVICE(s->mbox), APPLE_MBOX_TEST_IRQ, 0, qdev_get_gpio_in(DEVICE(s->cpu), 1)); | |
} | |
static void apple_sep_unrealize(DeviceState *dev) | |
diff --git a/hw/arm/t8030.c b/hw/arm/t8030.c | |
index 4dd4c14d75..44bb979a6a 100644 | |
--- a/hw/arm/t8030.c | |
+++ b/hw/arm/t8030.c | |
@@ -1,3 +1,6 @@ | |
+ | |
+//#define DO_SECUREROM 1 | |
+ | |
/* | |
* iPhone 11 - T8030 | |
* | |
@@ -164,6 +167,14 @@ static void t8030_create_s3c_uart(const T8030MachineState *tms, uint32_t port, | |
static void t8030_patch_kernel(struct mach_header_64 *hdr) | |
{ | |
+#ifndef DO_SECUREROM | |
+ *(uint32_t *)vtop_static(0xFFFFFFF0077142C8) = 0; | |
+ //*(uint32_t *)vtop_static(0xfffffff009845140) = 0xFFFFFFFF; // AMCC | |
+ // gAppleSMCDebugLevel = 0xFFFFFFFF; | |
+ //*(uint32_t *)vtop_static(0xFFFFFFF0099EAA18) = 0xFFFFFFFF; | |
+ // gAppleSMCDebugPath = 0x2; | |
+ //*(uint32_t *)vtop_static(0xFFFFFFF0099EAA1C) = 0x2; | |
+#endif | |
kpf(); | |
} | |
@@ -311,13 +322,38 @@ static void t8030_load_classic_kc(T8030MachineState *tms, const char *cmdline) | |
dtb_va = ptov_static(info->dtb_pa); | |
phys_ptr += align_16k_high(info->dtb_size); | |
+#if 0 | |
if (tms->sepfw_filename) { | |
info->sepfw_pa = phys_ptr; | |
+ //info->sepfw_pa = 0x800000000ULL; | |
macho_load_raw_file(tms->sepfw_filename, nsas, sysmem, "sepfw", | |
info->sepfw_pa, &info->sepfw_size); | |
- info->sepfw_size = align_16k_high(15 * MiB); | |
+ //info->sepfw_size = align_16k_high(15 * MiB); | |
+ info->sepfw_size = align_16k_high(8 * MiB); | |
+ fprintf(stderr, "sepfw_pa: 0x" TARGET_FMT_lx " sepfw_size: 0x" TARGET_FMT_lx "\n", info->sepfw_pa, info->sepfw_size); | |
+ phys_ptr += info->sepfw_size; | |
+#if 1 | |
+ MemoryRegion *mr = g_new0(MemoryRegion, 1); | |
+ memory_region_init_alias(mr, OBJECT(tms), "t8030.sepfw.alias", tms->sysmem, info->sepfw_pa, info->sepfw_size); | |
+ //memory_region_add_subregion_overlap(tms->sysmem, 0x0, mr, 1); | |
+ memory_region_add_subregion_overlap(tms->sysmem, 0x4000, mr, 1); | |
+#endif | |
+ } | |
+#endif | |
+#if 1 | |
+ if (tms->sepfw_filename) { | |
+ info->sepfw_pa = phys_ptr; | |
+ info->sepfw_size = align_16k_high(8 * MiB); | |
phys_ptr += info->sepfw_size; | |
+ size_t garbage = 0; | |
+ //allocate_ram(sysmem, "SEPFW", 0x4000, info->sepfw_size, 0); | |
+ //allocate_ram(sysmem, "SEPFW", 0x0, info->sepfw_size+0x4000, 0); | |
+ macho_load_raw_file(tms->sepfw_filename, nsas, sysmem, "sepfw", 0x4000ULL, &garbage); | |
+ //macho_load_raw_file(tms->sepfw_filename, nsas, sysmem, "sepfw", 0x240100000ULL, &garbage); | |
+ //macho_load_raw_file("/home/ios/satamnt_1/qemu_t8030_data_0/ios_t8020_v14.4.2_0/iphone/Firmware/all_flash/sep-firmware.d321.RELEASE.im4p.out_offs_4000", nsas, sysmem, "sepfw", 0x240104000ULL, &garbage); | |
+ //macho_load_raw_file(tms->sepfw_filename, nsas, sysmem, "sepfw", info->sepfw_pa, &garbage); | |
} | |
+#endif | |
mem_size = | |
machine->maxram_size - | |
@@ -465,7 +501,7 @@ static void t8030_memory_setup(MachineState *machine) | |
DTBNode *memory_map = get_dtb_node(tms->device_tree, "/chosen/memory-map"); | |
g_autofree char *cmdline = NULL; | |
AddressSpace *nsas = &address_space_memory; | |
- // g_autofree char *securerom = NULL; | |
+ g_autofree char *securerom = NULL; | |
g_autofree char *seprom = NULL; | |
unsigned long fsize = 0; | |
@@ -476,17 +512,19 @@ static void t8030_memory_setup(MachineState *machine) | |
info->dram_base = T8030_DRAM_BASE; | |
info->dram_size = T8030_DRAM_SIZE; | |
- // if (!machine->firmware) { | |
- // error_report("Please set firmware to SecureROM's path"); | |
- // exit(EXIT_FAILURE); | |
- // } | |
+#ifdef DO_SECUREROM | |
+ if (!machine->firmware) { | |
+ error_report("Please set firmware to SecureROM's path"); | |
+ exit(EXIT_FAILURE); | |
+ } | |
- // if (!g_file_get_contents(machine->firmware, &securerom, &fsize, NULL)) { | |
- // error_report("Could not load data from file '%s'", | |
- // machine->firmware); exit(EXIT_FAILURE); | |
- // } | |
- // address_space_rw(nsas, T8030_SROM_BASE, MEMTXATTRS_UNSPECIFIED, | |
- // (uint8_t *)securerom, fsize, 1); | |
+ if (!g_file_get_contents(machine->firmware, &securerom, &fsize, NULL)) { | |
+ error_report("Could not load data from file '%s'", | |
+ machine->firmware); exit(EXIT_FAILURE); | |
+ } | |
+ address_space_rw(nsas, T8030_SROM_BASE, MEMTXATTRS_UNSPECIFIED, | |
+ (uint8_t *)securerom, fsize, 1); | |
+#endif | |
if (tms->seprom_filename == NULL) { | |
error_report("Please set path to SEPROM"); | |
@@ -502,11 +540,103 @@ static void t8030_memory_setup(MachineState *machine) | |
(uint8_t *)seprom, fsize, 1); | |
uint64_t value = 0x8000000000000000; | |
- address_space_write(nsas, tms->soc_base_pa + 0x42140108, | |
- MEMTXATTRS_UNSPECIFIED, &value, sizeof(value)); | |
uint32_t value32 = 0x1; | |
- address_space_write(nsas, tms->soc_base_pa + 0x41448000, | |
- MEMTXATTRS_UNSPECIFIED, &value32, sizeof(value32)); | |
+ uint32_t value32_mov_w8_0 = 0x52800008; // mov w8, #0x0 | |
+ uint32_t value32_mov_w8_1 = 0x52800028; // mov w8, #0x1 | |
+ uint32_t value32_mov_x0_1 = 0xd2800020; // mov x0, #0x1 | |
+ uint32_t value32_mov_x0_0 = 0xd2800000; // mov x0, #0x0 | |
+ uint32_t value32_mov_x0_0x10 = 0xd2800200; // mov x0, #0x10 | |
+ uint32_t value32_mov_x0_0x2000 = 0xd2840000; // mov x0, #0x2000 | |
+ uint32_t value32_mov_x0_0x5000 = 0xd28a0000; // mov x0, #0x5000 | |
+ uint32_t value32_mov_x0_0x200000 = 0xd2a00400; // mov x0, #0x200000 | |
+ uint32_t value32_mov_x0_0xe20 = 0xd281c400; // mov x0, #0xe20 | |
+ uint32_t value32_mov_x20_1 = 0xd2800034; // mov x20, #0x1 | |
+ uint32_t value32_nop = 0xd503201f; // nop | |
+ uint32_t value32_mov_w0_8030 = 0x52900600; // mov w0, #0x8030 | |
+ uint32_t value32_cmp_x0_x0 = 0xeb00001f; // cmp x0, x0 | |
+ uint32_t value32_bl_GenerateNonce_t8101 = 0x9400026d; // bl generate_random_GenerateNonce for T8101 from 0x24000edec | |
+ uint32_t value32_bl_GenerateNonce_t8020 = 0x94000187; // bl generate_random_GenerateNonce for T8020 from 0x24000b574 | |
+ uint32_t value32_mov_x5_0xf0000000 = 0xd2be0005; // mov x5,#0xf0000000 | |
+ uint32_t value32_retab = 0xd65f0fff; // retab | |
+ uint32_t value32_ret = 0xd65f03c0; // ret | |
+ uint32_t value32_mov_w0_minus1 = 0x12800000; // mov w0, #0xffffffff | |
+ uint32_t value32_mov_w0_0x10000000 = 0x52a20000; // mov w0, #0x10000000 | |
+ uint32_t value32_mov_w0_sp_0x4 = 0xb90007e0; // mov w0, [sp, #0x4] | |
+#if 0 // for Sicily | |
+ address_space_write(nsas, tms->soc_base_pa + 0x42140108, MEMTXATTRS_UNSPECIFIED, &value, sizeof(value)); // _entry: prevent busy-loop (data section) | |
+ address_space_write(nsas, tms->soc_base_pa + 0x41448000, MEMTXATTRS_UNSPECIFIED, &value32, sizeof(value32)); // check_first_boot: prevent busy-loop (data section) | |
+ ////address_space_write(nsas, tms->soc_base_pa + 0x40009008, MEMTXATTRS_UNSPECIFIED, &value32, sizeof(value32)); // avoid panic(0x74) | |
+ ////address_space_write(nsas, tms->soc_base_pa + 0x40009510, MEMTXATTRS_UNSPECIFIED, &value32, sizeof(value32)); // avoid panic(0xf1); | |
+ // mov w8, #0x1 ; strb w8,[sp, #0xf8] // avoids both, panic(0x74/0xf1) | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x40009004, MEMTXATTRS_UNSPECIFIED, &value32_mov_w8_1, sizeof(value32_mov_w8_1)); | |
+ //value32 = 0x3903e3e8; // strb w8,[sp, #0xf8] // img4_out[0xc0] | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x40009008, MEMTXATTRS_UNSPECIFIED, &value32, sizeof(value32)); // avoid panic(0x74) | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x4000c824, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_0, sizeof(value32_mov_x0_0)); | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x40010a74, MEMTXATTRS_UNSPECIFIED, &value32_mov_x20_1, sizeof(value32_mov_x20_1)); | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x40010a78, MEMTXATTRS_UNSPECIFIED, &value32_mov_w8_1, sizeof(value32_mov_w8_1)); | |
+ //value32 = 0x3902ea68; // strb w8,[x19, #0xba] // img4_out[0xba] | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x40010a7c, MEMTXATTRS_UNSPECIFIED, &value32, sizeof(value32)); | |
+ //value32 = 0x14000023; // b LAB_240010b0c | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x40010a80, MEMTXATTRS_UNSPECIFIED, &value32, sizeof(value32)); | |
+ address_space_write(nsas, tms->soc_base_pa + 0x4000d2c8, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // image4_validate_property_callback: skip AMNM | |
+ address_space_write(nsas, tms->soc_base_pa + 0x40017bf8, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // maybe_Img4DecodeEvaluateTrust: Skip RSA verification result. | |
+ address_space_write(nsas, tms->soc_base_pa + 0x40017c9c, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // maybe_Img4DecodeEvaluateTrust: payload_raw hashing stuck, nop'ing | |
+ address_space_write(nsas, tms->soc_base_pa + 0x40017ca0, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // maybe_Img4DecodeEvaluateTrust: nop'ing result of payload_raw hashing | |
+ address_space_write(nsas, tms->soc_base_pa + 0x4000e014, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_1, sizeof(value32_mov_x0_1)); // memcmp_validstrs30_true_on_success: fake success | |
+ address_space_write(nsas, tms->soc_base_pa + 0x40010c04, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_1, sizeof(value32_mov_x0_1)); // memcmp_validstrs14_true_on_success: fake success | |
+ address_space_write(nsas, tms->soc_base_pa + 0x4000b484, MEMTXATTRS_UNSPECIFIED, &value32_mov_w0_8030, sizeof(value32_mov_w0_8030)); // get_chipid: patch get_chipid to return 0x8030 instead of 0x8101 | |
+#if 0 | |
+ address_space_write(nsas, tms->soc_base_pa + 0x400107bc, MEMTXATTRS_UNSPECIFIED, &value32_cmp_x0_x0, sizeof(value32_cmp_x0_x0)); // img4_compare_verified_values_true_on_success: jump over ECID check | |
+ ////address_space_write(nsas, tms->soc_base_pa + 0x40010824, MEMTXATTRS_UNSPECIFIED, &value32_cmp_x0_x0, sizeof(value32_cmp_x0_x0)); // img4_compare_verified_values_true_on_success: jump over SDOM check | |
+ address_space_write(nsas, tms->soc_base_pa + 0x40010828, MEMTXATTRS_UNSPECIFIED, &value32_mov_w8_0, sizeof(value32_mov_w8_0)); // img4_compare_verified_values_true_on_success: jump over SDOM check | |
+ address_space_write(nsas, tms->soc_base_pa + 0x400108a4, MEMTXATTRS_UNSPECIFIED, &value32_mov_x20_1, sizeof(value32_mov_x20_1)); // img4_compare_verified_values_true_on_success: jump over CPRO&CSEC check | |
+#endif | |
+ address_space_write(nsas, tms->soc_base_pa + 0x400090d4, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_1, sizeof(value32_mov_x0_1)); // load_sepos: jump over img4_compare_verified_values_true_on_success | |
+#if 0 | |
+ uint8_t securerom_snon[0x14] = {0}; | |
+ //qemu_guest_getrandom(&securerom_snon, sizeof(securerom_snon), NULL); | |
+ qcrypto_random_bytes(&securerom_snon, sizeof(securerom_snon), NULL); | |
+ address_space_write(nsas, tms->soc_base_pa + 0x42214888, MEMTXATTRS_UNSPECIFIED, &securerom_snon, sizeof(securerom_snon)); // maybe_GenerateNonce_validstr0x14_from_DAT_242214888: Normally gets generated by a SecureROM call. | |
+ address_space_write(nsas, tms->soc_base_pa + 0x4000edec, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // boot: prevent calling clear_GenerateNonce_nonce | |
+#endif | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x4000edec, MEMTXATTRS_UNSPECIFIED, &value32_bl_GenerateNonce_t8101, sizeof(value32_bl_GenerateNonce_t8101)); // boot: replace calling clear_GenerateNonce_nonce with a call generating the nonce T8101. Needed because we don't run iBoot. | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x4000426c, MEMTXATTRS_UNSPECIFIED, &value32_mov_x5_0xf0000000, sizeof(value32_mov_x5_0xf0000000)); // provoke crash/exception | |
+ ////address_space_write(nsas, tms->soc_base_pa + 0x40004e44, MEMTXATTRS_UNSPECIFIED, &value32_retab, sizeof(value32_retab)); // bzero: stubbing/nop'ing it | |
+ ////address_space_write(nsas, tms->soc_base_pa + 0x40014c00, MEMTXATTRS_UNSPECIFIED, &value32_ret, sizeof(value32_ret)); // cc_clear: stubbing/nop'ing it | |
+#ifndef DO_SECUREROM | |
+ *(uint32_t *)vtop_static(0xfffffff008b4e018) = value32_mov_w0_0x10000000; // AppleSEPBooter::getBootTimeout: increase timeout for debugging (GDB tracing) | |
+ *(uint32_t *)vtop_static(0xfffffff008b576b4) = value32_nop; // AppleSEPManager::_tracingEnabled: Don't require _PE_i_can_has_debugger. | |
+#else | |
+ address_space_write(nsas, 0x100005b64, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_0, sizeof(value32_mov_x0_0)); // SecureROM: image4_load: fake success for maybe_verify_zero_on_success. unused because of the next patches. | |
+ address_space_write(nsas, 0x1000020e4, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_0, sizeof(value32_mov_x0_0)); // SecureROM: _main: fake success for image_load | |
+ address_space_write(nsas, 0x1000021d4, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // SecureROM: _main: nop because it panics of plain payload | |
+#endif | |
+ | |
+#endif // for Sicily | |
+#if 1 // for T8020 SEPROM | |
+ address_space_write(nsas, tms->soc_base_pa + 0x42140108, MEMTXATTRS_UNSPECIFIED, &value, sizeof(value)); // _entry: prevent busy-loop (data section) | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x4000d2c8, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // image4_validate_property_callback: skip AMNM | |
+ address_space_write(nsas, tms->soc_base_pa + 0x40012144, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // maybe_Img4DecodeEvaluateTrust: Skip RSA verification result. | |
+ address_space_write(nsas, tms->soc_base_pa + 0x400121d8, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // maybe_Img4DecodeEvaluateTrust: payload_raw hashing stuck, nop'ing | |
+ address_space_write(nsas, tms->soc_base_pa + 0x400121dc, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // maybe_Img4DecodeEvaluateTrust: nop'ing result of payload_raw hashing | |
+ address_space_write(nsas, tms->soc_base_pa + 0x4000abd8, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_0, sizeof(value32_mov_x0_0)); // memcmp_validstrs30: fake success | |
+ address_space_write(nsas, tms->soc_base_pa + 0x4000ca84, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_0, sizeof(value32_mov_x0_0)); // memcmp_validstrs14: fake success | |
+ address_space_write(nsas, tms->soc_base_pa + 0x400091b4, MEMTXATTRS_UNSPECIFIED, &value32_mov_w0_8030, sizeof(value32_mov_w0_8030)); // get_chipid: patch get_chipid to return 0x8030 instead of 0x8020 | |
+ address_space_write(nsas, tms->soc_base_pa + 0x400077ac, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_1, sizeof(value32_mov_x0_1)); // load_sepos: jump over img4_compare_verified_values_true_on_success | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x4000b574, MEMTXATTRS_UNSPECIFIED, &value32_bl_GenerateNonce_t8020, sizeof(value32_bl_GenerateNonce_t8020)); // boot: replace calling clear_GenerateNonce_nonce with a call generating the nonce T8020 (Opcode3). Needed because we don't run iBoot/SecureROM. | |
+ ////address_space_write(nsas, tms->soc_base_pa + 0x4000b584, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_1, sizeof(value32_mov_x0_1)); // boot: set opcode_17_inbox_msg_data | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x4000b584, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_0x2000, sizeof(value32_mov_x0_0x2000)); // boot: set opcode_17_inbox_msg_data | |
+ //address_space_write(nsas, tms->soc_base_pa + 0x4000b588, MEMTXATTRS_UNSPECIFIED, &value32_mov_w0_sp_0x4, sizeof(value32_mov_w0_sp_0x4)); // boot: set opcode_17_inbox_msg_data | |
+#ifndef DO_SECUREROM | |
+ *(uint32_t *)vtop_static(0xfffffff008b4e018) = value32_mov_w0_0x10000000; // AppleSEPBooter::getBootTimeout: increase timeout for debugging (GDB tracing) | |
+ *(uint32_t *)vtop_static(0xfffffff008b576b4) = value32_nop; // AppleSEPManager::_tracingEnabled: Don't require _PE_i_can_has_debugger. | |
+#else | |
+ address_space_write(nsas, 0x100005b64, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_0, sizeof(value32_mov_x0_0)); // SecureROM: image4_load: fake success for maybe_verify_zero_on_success. unused because of the next patches. | |
+ address_space_write(nsas, 0x1000020e4, MEMTXATTRS_UNSPECIFIED, &value32_mov_x0_0, sizeof(value32_mov_x0_0)); // SecureROM: _main: fake success for image_load | |
+ address_space_write(nsas, 0x1000021d4, MEMTXATTRS_UNSPECIFIED, &value32_nop, sizeof(value32_nop)); // SecureROM: _main: nop because it panics of plain payload | |
+#endif | |
+ | |
+#endif // for T8020 SEPROM | |
nvram = APPLE_NVRAM(qdev_find_recursive(sysbus_get_default(), "nvram")); | |
if (!nvram) { | |
@@ -567,11 +697,10 @@ static void t8030_memory_setup(MachineState *machine) | |
if (xnu_contains_boot_arg(cmdline, "-restore", false)) { | |
//! HACK: Use DEV Hardware model to restore without FDR errors | |
- set_dtb_prop(tms->device_tree, "compatible", 29, | |
- "N104DEV\0iPhone12,1\0AppleARM\0$"); | |
+ set_dtb_prop(tms->device_tree, "compatible", 29, "N104DEV\0iPhone12,1\0AppleARM\0$"); | |
+ //set_dtb_prop(tms->device_tree, "compatible", 28, "N104AP\0iPhone12,1\0AppleARM\0$"); | |
} else { | |
- set_dtb_prop(tms->device_tree, "compatible", 28, | |
- "N104AP\0iPhone12,1\0AppleARM\0$"); | |
+ set_dtb_prop(tms->device_tree, "compatible", 28, "N104AP\0iPhone12,1\0AppleARM\0$"); | |
} | |
if (!xnu_contains_boot_arg(cmdline, "rd=", true)) { | |
@@ -612,6 +741,7 @@ static void t8030_memory_setup(MachineState *machine) | |
set_dtb_prop(vram, "reg", sizeof(vram_reg), &vram_reg); | |
} | |
+#ifndef DO_SECUREROM | |
hdr = tms->kernel; | |
g_assert(hdr); | |
@@ -631,12 +761,26 @@ static void t8030_memory_setup(MachineState *machine) | |
__func__, hdr->filetype); | |
break; | |
} | |
+#endif | |
} | |
+static uint64_t pmgr_unk_e4800 = 0; | |
+static uint32_t pmgr_unk_e4000[0x180/4] = {0}; | |
+ | |
static void pmgr_unk_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
unsigned size) | |
{ | |
hwaddr base = (hwaddr)opaque; | |
+ switch (base + addr) { | |
+ case 0x3D2E4800: // ???? 0x240002c00 and 0x2400037a4 | |
+ pmgr_unk_e4800 = data; // 0x240002c00 and 0x2400037a4 | |
+ break; | |
+ case 0x3D2E4000 ... 0x3D2E417f: // ???? 0x24000377c | |
+ pmgr_unk_e4000[((base + addr) - 0x3D2E4000)/4] = data; // 0x24000377c | |
+ break; | |
+ default: | |
+ break; | |
+ } | |
#if 1 | |
qemu_log_mask(LOG_UNIMP, | |
"PMGR reg WRITE unk @ 0x" TARGET_FMT_lx | |
@@ -647,7 +791,11 @@ static void pmgr_unk_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
static uint64_t pmgr_unk_reg_read(void *opaque, hwaddr addr, unsigned size) | |
{ | |
+ MachineState *machine = MACHINE(qdev_get_machine()); | |
+ T8030MachineState *tms = T8030_MACHINE(machine); | |
+ AppleSEPState *sep; | |
hwaddr base = (hwaddr)opaque; | |
+ sep = APPLE_SEP(object_property_get_link(OBJECT(machine), "sep", &error_fatal)); | |
#if 1 | |
qemu_log_mask(LOG_UNIMP, | |
@@ -655,43 +803,120 @@ static uint64_t pmgr_unk_reg_read(void *opaque, hwaddr addr, unsigned size) | |
" base: 0x" TARGET_FMT_lx "\n", | |
base + addr, base); | |
#endif | |
+ uint32_t chip_revision; | |
+ //chip_revision = 0x01; | |
+ chip_revision = 0x11; | |
switch (base + addr) { | |
- case 0x3D2BC000: | |
- // return 0xA050C030; // IBFL | 0x00 | |
- return 0xA55AC33C; // IBFL | 0x10 | |
- case 0x3D2BC008: | |
+ case 0x3D2BC000: // DPRO | |
+ case 0x3D2BC200: | |
+ //// return 0xA050C030; // IBFL | 0x00 | |
+ return 0xA55AC33C; // IBFL | 0x10 // my | |
+ //return 0xA050C030; // Ntrung | |
+ case 0x3D2BC004: // ??? DPRO? is value==0xA050C030 (disabled), take value from 0xbc600 | |
+ case 0x3D2BC204: | |
+ return 0xA55AC33C; // force return enabled | |
+ //return 0xA050C030; // force return disabled ; skip loop inside FUN_240003fcc_wait_for_DAT_23d2bc004_maybe_memory_encryption | |
+ // FUN_240003fcc_wait_for_DAT_23d2bc004 | |
+ if ((sep->misc5_regs[0] & 0x2) != 0) | |
+ return 0xA050C030; // if bit1 is set | |
+ else | |
+ return 0xA55AC33C; // if bit1 is unset | |
+ case 0x3D2BC008: // EDOM_0? Effective SDOM_0? (Security Domain) T8030? | |
+ case 0x3D2BC208: // EDOM_0? Effective SDOM_0? (Security Domain) AppleSEPROM-A12-D331pAP | |
+ //case 0x3D2BC308: // EDOM_0? Effective SDOM_0? (Security Domain) AppleSEPROM-S4-S5-B1 | |
+ case 0x3D2BC608: // SDOM_0? (Security Domain) AppleSEPROM-Sicily-A0 | |
return 0xA55AC33C; // security domain | 0x1 | |
- case 0x3D2BC00C: | |
- // return 0xA55AC33C; // security domain | 0x2 | |
+ //return 0xA050C030; // MAYBE security domain | 0x0 | |
+ case 0x3D2BC00C: // EDOM_1? Effective SDOM_1? (Security Domain) T8030? | |
+ case 0x3D2BC20C: // EDOM_1? Effective SDOM_1? (Security Domain) AppleSEPROM-A12-D331pAP | |
+ //case 0x3D2BC30C: // EDOM_1? Effective SDOM_1? (Security Domain) AppleSEPROM-S4-S5-B1 | |
+ case 0x3D2BC60C: // SDOM_1? (Security Domain) AppleSEPROM-Sicily-A0 | |
+ //return 0xA55AC33C; // security domain | 0x2 | |
return 0xA050C030; // security domain | 0x0 | |
- case 0x3D2BC010: | |
- return (1 << 5) | (1 << 31); // _rCFG_FUSE0 ; (security epoch & 0x7F) << | |
- // 5 ;; (1 << 31) for SEP | |
- case 0x3D2BC030: | |
- // return 0xFFFFFFFF; // CPRV | |
- // return 0x7 << 6; // LOW NIBBLE | |
- // return 0x70 << 5; // HIGH NIBBLE | |
- return 0x1 << 6; | |
- case 0x3D2BC300: // TODO | |
- return 0xCAFEBABE; // ECID lower | |
- case 0x3D2BC304: // TODO | |
- return 0xDEADBEEF; // ECID upper | |
- case 0x3D2BC400: | |
+ case 0x3D2BC010: // maybe effective CEPO? SEPO/BOARDID (upper three??/five bits stored in the three lower bits) | |
+ case 0x3D2BC210: // CEPO? SEPO? AppleSEPROM-A12-D331pAP | |
+ //case 0x3D2BC310: // CEPO? SEPO? AppleSEPROM-S4-S5-B1 | |
+ case 0x3D2BC610: // CEPO? SEPO? AppleSEPROM-Sicily-A0 | |
+ uint64_t sep_bit30 = ((sep->misc5_regs[0] & 0x1) != 0); | |
+ //return (1 << 5) | (0 << 30) | (1 << 31); // _rCFG_FUSE0 ; (security epoch & 0x7F) << 5 ;; (0 << 30) | (1 << 31) for SEP | |
+ return (1 << 5) | (sep_bit30 << 30) | (1 << 31); // _rCFG_FUSE0 ; (security epoch & 0x7F) << 5 ;; (sep_bit30 << 30) | (1 << 31) for SEP | |
+ case 0x3D2BC020: // T8030 iBSS: FUN_19c07feac_return_value_causes_crash | |
+ //return 0xA050C030; // causes panic, so does a invalid value | |
+ return 0xA55AC33C; | |
+ //0x3d2bc024 T8030 | |
+ //0x3d2bc028 T8030 | |
+ //0x3d2bc02c T8030 | |
+ //case 0x3D2BC028: // CPRV (Chip Revision) AppleSEPROM-S4-S5-B1 | |
+ //case 0x3D2BC02c: // T8030 iBSS: _DAT_23d2bc02c >> 30 | (_DAT_23d2bc030 & 15) << 2; | |
+ case 0x3D2BC030: // CPRV (Chip Revision) T8030? T8020? | |
+ return ((chip_revision & 0x7) << 6) | (((chip_revision & 0x70) >> 4) << 5); // LOW&HIGH NIBBLE T8030 and AppleSEPROM-S4-S5-B1 | |
+ case 0x3D2BC03c: // CPRV (Chip Revision) AppleSEPROM-Sicily-A0 | |
+ return ((chip_revision & 0x7) << 10) | (((chip_revision & 0x70) >> 4) << 9); // LOW&HIGH NIBBLE AppleSEPROM-Sicily-A0 | |
+ //// return 0xFFFFFFFF; // CPRV | |
+ //// return (0x7 << 6) | (0x70 << 5); // LOW&HIGH NIBBLE T8030 and AppleSEPROM-S4-S5-B1 | |
+ //// return (0x7 << 10) | (0x70 << 9); // LOW&HIGH NIBBLE AppleSEPROM-Sicily-A0 | |
+ //return 0x1 << 6; // my ; (1 << 6) == 0x40 == revision:0x1 | |
+ //return 0x240; // Ntrung // == revision:0x11 | |
+ case 0x3D2BC100: // ECID lower T8020? | |
+ //case 0x3D2BC200: // ECID lower AppleSEPROM-S4-S5-B1 | |
+ case 0x3D2BC300: // ECID lower T8030? | |
+ case 0x3D2BC500: // ECID lower AppleSEPROM-Sicily-A0 | |
+ //return 0xCAFEBABE; // ECID lower | |
+ return tms->ecid & 0xffffffff; // ECID lower | |
+ case 0x3D2BC104: // ECID upper T8020? | |
+ //case 0x3D2BC204: // ECID upper AppleSEPROM-S4-S5-B1 | |
+ case 0x3D2BC304: // ECID upper T8030? | |
+ case 0x3D2BC504: // ECID upper AppleSEPROM-Sicily-A0 | |
+ //return 0xDEADBEEF; // ECID upper | |
+ return tms->ecid >> 32; // ECID upper | |
+ case 0x3D2BC400: // EKEY_0 | |
// if 0xBC404 returns 1==0xA55AC33C, this will get ignored | |
- // return 0xA050C030; // CPFM | 0x00 ; IBFL_base == 0x04 | |
- return 0xA55AC33C; // CPFM | 0x03 ; IBFL_base == 0x0C | |
- case 0x3D2BC404: | |
- // return 0xA55AC33C; // CPFM | 0x01 ; IBFL_base == 0x0C | |
- return 0xA050C030; // CPFM | 0x00 ; IBFL_base == 0x04 | |
- case 0x3D2BC604: //? | |
- return 0xA050C030; | |
+ //// return 0xA050C030; // CPFM | 0x00 ; IBFL_base == 0x04 | |
+ return 0xA55AC33C; // CPFM | 0x03 ; IBFL_base == 0x0C // my | |
+ //return 0xA050C030; // Ntrung | |
+ case 0x3D2BC404: // EKEY_1 | |
+ return 0xA55AC33C; // CPFM | 0x01 ; IBFL_base == 0x0C | |
+ //return 0xA050C030; // CPFM | 0x00 ; IBFL_base == 0x04 | |
+ case 0x3D2BC600: //? EPRO (Effective Production Status)? CPRO (Certificate Production Status)? | |
+ //return 0xA55AC33C; // avoided panic(0x74/0xf1) with patches | |
+ //return 0xA050C030; // needed to avoid panic(0x74) ? // maybe AMK off | |
+ //return 0; | |
+ return 0xA55AC33C; // EPRO enabled | |
+ //return 0xA050C030; // EPRO disabled | |
+ case 0x3D2BC604: //? CSEC (Certificate Security Mode)? | |
+ //return 0xA55AC33C; // set at 0x24000b070, causes crash at 0x240008928 // avoided panic(0x74/0xf1) with patches | |
+ //return 0xA050C030; // needed to avoid panic(0x74) ? // maybe AMK off | |
+ //return 0; // panic(0x74) ? | |
+ return 0xA55AC33C; // CSEC enabled | |
+ //return 0xA050C030; // CSEC disabled | |
case 0x3D2E8000: // ???? | |
- return 0x32B3; // memory encryption AMK (Authentication Master Key) | |
- // disabled | |
- // return 0xC2E9; // memory encryption AMK (Authentication Master Key) | |
- // enabled | |
- case 0x3D2D0034: //? | |
- return (1 << 24) | (1 << 25); | |
+ //return 0x32B3; // memory encryption AMK (Authentication Master Key) disabled // avoided panic(0x74/0xf1) with patches | |
+ return 0xC2E9; // memory encryption AMK (Authentication Master Key) enabled // needed to avoid panic(0x74) ? | |
+ case 0x3D2E4800: // ???? 0x240002c00 and 0x2400037a4 | |
+ //////return 0x3; // 0x2400037a4 | |
+ return pmgr_unk_e4800; // 0x240002c00 and 0x2400037a4 | |
+ case 0x3D2E4000 ... 0x3D2E417f: // ???? 0x24000377c | |
+ return pmgr_unk_e4000[((base + addr) - 0x3D2E4000)/4]; // 0x24000377c | |
+#if 0 | |
+ //case 0x3D2D0034: //? in AES | |
+ // return (1 << 24) | (1 << 25); | |
+#endif | |
+#if 1 | |
+#if 0 | |
+ //case 0x3D2D0020: // ???? in AES | |
+ // return 4; | |
+#endif | |
+ //case 0x3D2BC200: // ???? | |
+ // return 0xA050C030; | |
+ //case 0x3D2BC204: // ???? | |
+ // return 0xA050C030; | |
+#endif | |
+#ifdef DO_SECUREROM | |
+ case 0x3d2d4040: // SecureROM: prevent panic in platform_bootprep(_panics_on_plain_payload) | |
+ return (1 << 16); | |
+ case 0x3d12c014: // while ((*(int64_t*)0x23d12c014 & 0x1ff) == 0) | |
+ return 0x1; | |
+#endif | |
default: | |
if (((base + addr) & 0x10E70000) == 0x10E70000) { | |
return (108 << 4) | 0x200000; //? | |
@@ -710,6 +935,7 @@ static void pmgr_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
{ | |
MachineState *machine = MACHINE(opaque); | |
T8030MachineState *tms = T8030_MACHINE(opaque); | |
+ AppleSEPState *sep; | |
uint32_t value = data; | |
if (addr >= 0x80000 && addr <= 0x8C000) { | |
@@ -725,6 +951,32 @@ static void pmgr_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
case 0xD4004: | |
t8030_start_cpus(machine, data); | |
return; | |
+ case 0x80C00: | |
+ sep = APPLE_SEP(object_property_get_link(OBJECT(machine), "sep", &error_fatal)); | |
+#ifdef DO_SECUREROM | |
+ if ((data & 0xf) == 0xf) { | |
+ if (apple_a13_cpu_is_powered_off(APPLE_A13(sep->cpu))) { | |
+ apple_a13_cpu_start(APPLE_A13(sep->cpu)); | |
+ } | |
+ } | |
+#else | |
+ //if ((data >> 31) == 1) { | |
+ if (((data >> 31) & 1) == 1) { | |
+ apple_a13_cpu_reset(APPLE_A13(sep->cpu)); | |
+ //} else if ((data & 0xf) == 0xf) { | |
+ //} else if (((data & (1 << 28)) == 0) && ((data & (1 << 10)) == 0)) { | |
+ } else if (((data >> 10) & 1) == 0) { | |
+ if (apple_a13_cpu_is_powered_off(APPLE_A13(sep->cpu))) { | |
+ apple_a13_cpu_start(APPLE_A13(sep->cpu)); | |
+ } | |
+ //} else if ((data & 0xf) == 0x0) { | |
+ //} else if (((data & (1 << 28)) != 0) && ((data & (1 << 10)) != 0)) { | |
+ //} else if (((data & (1 << 28)) != 0) || ((data & (1 << 10)) != 0)) { | |
+ } else if (((data >> 10) & 1) == 1) { | |
+ apple_a13_cpu_off(APPLE_A13(sep->cpu)); | |
+ } | |
+#endif | |
+ break; | |
} | |
memcpy(tms->pmgr_reg + addr, &value, size); | |
} | |
@@ -737,9 +989,15 @@ static uint64_t pmgr_reg_read(void *opaque, hwaddr addr, unsigned size) | |
case 0xF0010: //! AppleT8030PMGR::commonSramCheck | |
result = 0x5000; | |
break; | |
+#ifdef DO_SECUREROM | |
case 0x80C00: //! SEP Power State, Manual & Actual: Run Max | |
result = 0xFF; | |
break; | |
+ case 0x30000: // ??? T8030 IBSS | |
+ memcpy(&result, tms->pmgr_reg + addr, size); | |
+ result &= ~(1 << 25); // prevent two busy-loops in T8030 IBSS | |
+ break; | |
+#endif | |
#if 0 | |
case 0xBC008: | |
result = 0xFFFFFFFF; | |
@@ -772,44 +1030,146 @@ static void amcc_reg_write(void *opaque, hwaddr addr, uint64_t data, | |
T8030MachineState *tms = T8030_MACHINE(opaque); | |
uint32_t value = data; | |
+#if 1 | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "AMCC reg WRITE @ 0x" TARGET_FMT_lx " value: 0x" TARGET_FMT_lx | |
+ "\n", | |
+ addr, data); | |
+#endif | |
memcpy(tms->amcc_reg + addr, &value, size); | |
} | |
static uint64_t amcc_reg_read(void *opaque, hwaddr addr, unsigned size) | |
{ | |
- T8030MachineState *tms = T8030_MACHINE(opaque); | |
+ MachineState *machine = MACHINE(opaque); | |
+ T8030MachineState *tms = T8030_MACHINE(machine); | |
+ hwaddr orig_addr = addr; | |
+ uint64_t result = 0; | |
+#if 0 | |
+ if (current_cpu && current_cpu->cpu_index == machine->smp.cpus - 1) { | |
+ if ((addr & 0xfb0) == 0x6a0) { | |
+ addr -= 0x20; | |
+ }// else if ((addr & 0xfb0) == 0x6b0) { | |
+ // addr -= 0x30; | |
+ //} | |
+ //if ((addr & 0xf) == 0x8) { | |
+ // addr |= 0x4; | |
+ //} | |
+ } | |
+#endif | |
switch (addr) { | |
+#if 1 | |
case 0x6A0: | |
+ //result = 0x800000; | |
+ //break; | |
case 0x406A0: | |
case 0x806A0: | |
case 0xC06A0: | |
- return 0x0; | |
+ //result = 0x0; | |
+ //result = 0x800000; | |
+ //result = 0x340000; | |
+ //result = 0x810000; | |
+ //result = 0x8f0000; | |
+ //result = 0x7f0000; | |
+ //result = 0x3f0000; | |
+ //result = 0x430000; // at least 0x430000? ; if (misc8_0x318_1_KiB_blocks <= misc8_0x300_amcc_0x6a0_1_KiB_blocks) panic_0_wrapper_0(&DAT_000137c0); | |
+ //result = 0xff0000; | |
+ //result = 0xbf0000; | |
+ //result = 0x18f0000; | |
+ //result = 0x7ffff0; | |
+ //result = 0x7ff000; | |
+ //result = 0x7f8000; | |
+ //result = 0x300000; | |
+ //result = 0x340000; | |
+ //result = 0x2c0000; | |
+ //result = 0x080000; // Don't know if this is correct. | |
+ result = 0x000000; | |
+ break; | |
case 0x6A4: | |
+ //result = 0x8007ff; | |
+ //break; | |
// return 0x1003; | |
case 0x406A4: | |
// return 0x2003; | |
case 0x806A4: | |
// return 0x3003; | |
case 0xC06A4: | |
- // return 0x3; | |
- return 0x1003; // 0x1003 == 0x1004000 | |
- // return 0x4003; | |
+ // result = 0x3; | |
+ //result = 0x1003; // 0x1003 << 12 + 0x1000 == 0x1004000 | |
+ // result = 0x4003; | |
+ //result = 0x8007ff; | |
+ //result = 0x3407ff; | |
+ //result = 0x340803; | |
+ //result = 0x3412ff; // 0x1300000 | |
+ //result = 0x341cff; | |
+ //result = 0x34243f; // opcode17_val: hex(((0x340000000+(0x4000*0x910)-1))>>12) | |
+ //result = 0x34aeff; | |
+ //result = 0x34ffff; | |
+ //result = 0x34ad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0x80ad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0x81ad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0x8fad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0x7fad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0x3fad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0x43ad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0xffad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0xbfad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0x18fad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0x80ad9f; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0x81ffff; // SEPOS: SEPOS: init_0: pc=0x0000e060 | |
+ //result = 0xad9f+0x7f8000; | |
+ //result = 0xad9f+0x300000; | |
+ //result = 0xad9f+0x340000; | |
+ //result = 0xad9f+0x080000; // Don't know if this is correct. | |
+ result = 0x20000+0x000000-1; | |
+ break; | |
case 0x6A8: | |
case 0x406A8: | |
case 0x806A8: | |
case 0xC06A8: | |
- return 0x1; | |
+ result = 0x1; | |
+ break; | |
case 0x6B8: | |
case 0x406B8: | |
case 0x806B8: | |
case 0xC06B8: | |
- return 0x1; | |
+ result = 0x1; | |
+ break; | |
+ case 0x4: | |
+ result = 0xcf; | |
+ break; | |
+#endif | |
default: { | |
- uint64_t result = 0; | |
memcpy(&result, tms->amcc_reg + addr, size); | |
- return result; | |
+ break; | |
} | |
} | |
+#if 1 | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "AMCC reg READ @ 0x" TARGET_FMT_lx " value: 0x" TARGET_FMT_lx | |
+ "\n", | |
+ orig_addr, result); | |
+#endif | |
+#if 0 | |
+ if (current_cpu && current_cpu->cpu_index == machine->smp.cpus - 1) { | |
+ /*if ((addr & 0xff) == 0x80) { | |
+ //result = 0x0; | |
+ } else */if ((addr & 0xff) == 0x84) { | |
+ //result += 0x1000; | |
+ result |= 0x3; | |
+ //result = 0x1003; | |
+ } else if ((addr & 0xf) == 0x8) { | |
+ result = 0x1; | |
+ } | |
+ } | |
+#if 1 | |
+ qemu_log_mask(LOG_UNIMP, | |
+ "AMCC reg READ MOD @ 0x" TARGET_FMT_lx " value: 0x" TARGET_FMT_lx | |
+ "\n", | |
+ addr, result); | |
+#endif | |
+#endif | |
+ return result; | |
} | |
static const MemoryRegionOps amcc_reg_ops = { | |
@@ -1741,13 +2101,29 @@ static void t8030_create_sep(MachineState *machine) | |
reg = (uint64_t *)prop->value; | |
sysbus_mmio_map(SYS_BUS_DEVICE(sep), 0, tms->soc_base_pa + reg[0]); | |
sysbus_mmio_map(SYS_BUS_DEVICE(sep), 1, | |
- tms->soc_base_pa + 0x41180000); // TRNG | |
+ tms->soc_base_pa + 0x41180000); // TRNG T8101 | |
sysbus_mmio_map(SYS_BUS_DEVICE(sep), 2, | |
tms->soc_base_pa + 0x41080000); // MISC0 | |
sysbus_mmio_map(SYS_BUS_DEVICE(sep), 3, | |
tms->soc_base_pa + 0x41040000); // MISC1 | |
sysbus_mmio_map(SYS_BUS_DEVICE(sep), 4, | |
tms->soc_base_pa + 0x410C4000); // MISC2 | |
+ sysbus_mmio_map(SYS_BUS_DEVICE(sep), 5, | |
+ tms->soc_base_pa + 0x413CA000); // MISC39 T8101 | |
+ sysbus_mmio_map(SYS_BUS_DEVICE(sep), 6, | |
+ tms->soc_base_pa + 0x41500000); // MISC4 // T8101 BootMonitor for SEPOS loading? | |
+ sysbus_mmio_map(SYS_BUS_DEVICE(sep), 7, | |
+ tms->soc_base_pa + 0x41008000); // MISC5 | |
+ sysbus_mmio_map(SYS_BUS_DEVICE(sep), 8, | |
+ tms->soc_base_pa + 0x41280000); // MISC6 | |
+ sysbus_mmio_map(SYS_BUS_DEVICE(sep), 9, | |
+ tms->soc_base_pa + 0x41240000); // MISC7 ; was: MISC78 Sicily(T8101). now: Some encrypted data from SEPROM. | |
+ sysbus_mmio_map(SYS_BUS_DEVICE(sep), 10, | |
+ tms->soc_base_pa + 0x41200000); // MISC8 ; was: MISC78 T8006/T8020. now: MISC8. | |
+ sysbus_mmio_map(SYS_BUS_DEVICE(sep), 11, | |
+ tms->soc_base_pa + 0x41100000); // TRNG T8020 | |
+ sysbus_mmio_map(SYS_BUS_DEVICE(sep), 12, | |
+ tms->soc_base_pa + 0x41388000); // MISC39 T8020 | |
prop = find_dtb_prop(child, "interrupts"); | |
g_assert(prop); | |
@@ -1788,9 +2164,12 @@ static void t8030_cpu_reset_work(CPUState *cpu, run_on_cpu_data data) | |
} | |
cpu_reset(cpu); | |
env = &ARM_CPU(cpu)->env; | |
+#ifndef DO_SECUREROM | |
env->xregs[0] = tms->bootinfo.bootargs_pa; | |
cpu_set_pc(cpu, tms->bootinfo.entry); | |
- // cpu_set_pc(cpu, T8030_SROM_BASE); | |
+#else | |
+ cpu_set_pc(cpu, T8030_SROM_BASE); | |
+#endif | |
} | |
static void t8030_cpu_reset(void *opaque) | |
@@ -1866,13 +2245,55 @@ static void t8030_machine_init(MachineState *machine) | |
tms = T8030_MACHINE(machine); | |
tms->sysmem = get_system_memory(); | |
- // allocate_ram(tms->sysmem, "SROM", T8030_SROM_BASE, T8030_SROM_SIZE, 0); | |
- // allocate_ram(tms->sysmem, "SRAM", T8030_SRAM_BASE, T8030_SRAM_SIZE, 0); | |
+#ifdef DO_SECUREROM | |
+ allocate_ram(tms->sysmem, "SROM", T8030_SROM_BASE, T8030_SROM_SIZE, 0); | |
+ allocate_ram(tms->sysmem, "SRAM", T8030_SRAM_BASE, T8030_SRAM_SIZE, 0); | |
+ //allocate_ram(tms->sysmem, "SRAM_TEST_0", 0x24a820000, 0x00000038 * 4, 0); | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_0", 0x24a820000, 0x1000, 0); | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_1", 0x23b2c4000, 0x1000, 0); // 0x23b2c401c | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_2", 0x23b2c8000, 0x1000, 0); // 0x23b2c801c | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_3", 0x23b2cc000, 0x1000, 0); // 0x23b2cc01c | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_4", 0x23e804000, 0x1000, 0); // 0x23e8040fc | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_5", 0x23e808000, 0x1000, 0); // 0x23e808004 | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_6", 0x23D008000, 0x1000, 0); // 0x23D008000 | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_7", 0x24A854000, 0x1000, 0); // 0x24A85401C | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_8", 0x24a858000, 0x1000, 0); // 0x24a85801c | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_9", 0x23C260000, 0x1000, 0); // 0x23C260000 | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_10", 0x23C280000, 0x1000, 0); // 0x23C280000 | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_11", 0x23c290000, 0x1000, 0); // 0x23c290000 | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_12", 0x23c2a0000, 0x1000, 0); // 0x23c2a0000 | |
+ //allocate_ram(tms->sysmem, "SRAM_TEST_13", 0x23FE00000, 0x1000, 0); // 0x23FE00000 | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_13", 0x23FE00000, 0x60000, 0); // 0x23FE00000 | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_14", 0x23E041000, 0x1000, 0); // 0x23E041010 | |
+ allocate_ram(tms->sysmem, "SRAM_TEST_15", 0x23E80C000, 0x1000, 0); // 0x23E80C000 | |
+#endif | |
allocate_ram(tms->sysmem, "DRAM", T8030_DRAM_BASE, T8030_DRAM_SIZE, 0); | |
- allocate_ram(tms->sysmem, "SEPROM", T8030_SEPROM_BASE, T8030_SEPROM_SIZE, | |
- 0); | |
- allocate_ram(tms->sysmem, "DRAM_3", 0x300000000ULL, 0x100000000ULL, 0); | |
+ allocate_ram(tms->sysmem, "SEPROM", T8030_SEPROM_BASE, T8030_SEPROM_SIZE, 0); | |
+ //allocate_ram(tms->sysmem, "DRAM_3", 0x300000000ULL, 0x100000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "DRAM_3", 0x300000000ULL, 0x500000000ULL, 0); | |
+ allocate_ram(tms->sysmem, "DRAM_3", 0x300000000ULL, 0x60000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "DRAM_30", 0x300000000ULL, 0x20000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "DRAM_32", 0x320000000ULL, 0x20000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "DRAM_34", 0x340000000ULL, 0x20000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "DRAM_3_8", 0x300000000ULL, 0x80000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "DRAM_3_8_0", 0x380000000ULL, 0x80000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "DRAM_f_8", 0xf00000000ULL, 0x80000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "DRAM_f_8_0", 0xf80000000ULL, 0x80000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "SEPFW_0", 0x000000000ULL, 0x800000ULL, 0); | |
+ ////allocate_ram(sysmem, "SEPFW", 0x0, info->sepfw_size+0x4000, 0); | |
+ //allocate_ram(tms->sysmem, "SEPFW", 0x000000000ULL, 0x800000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "SEPFW", 0x000000000ULL, 0x800000ULL+0x4000ULL, 0); | |
+ allocate_ram(tms->sysmem, "SEPFW", 0x000000000ULL, 0x1000000ULL, 0); | |
+ //allocate_ram(tms->sysmem, "SEPFW", 0x000000000ULL, 0x2000000ULL, 0); | |
+ | |
+#if 0 | |
+ MemoryRegion *mr = g_new0(MemoryRegion, 1); | |
+ memory_region_init_alias(mr, OBJECT(tms), "t8030.seprom.alias", tms->sysmem, | |
+ T8030_SEPROM_BASE, T8030_SEPROM_SIZE); | |
+ memory_region_add_subregion_overlap(tms->sysmem, 0, mr, 1); | |
+#endif | |
+#ifndef DO_SECUREROM | |
hdr = macho_load_file(machine->kernel_filename); | |
g_assert(hdr); | |
tms->kernel = hdr; | |
@@ -1911,10 +2332,15 @@ static void t8030_machine_init(MachineState *machine) | |
g_phys_base = (hwaddr)macho_get_buffer(hdr); | |
t8030_patch_kernel(hdr); | |
+#else | |
+ tms->rtbuddyv2_protocol_version = 11; | |
+#endif | |
tms->device_tree = load_dtb_from_file(machine->dtb); | |
+#ifndef DO_SECUREROM | |
tms->trustcache = load_trustcache_from_file(tms->trustcache_filename, | |
&tms->bootinfo.trustcache_size); | |
+#endif | |
data = 24000000; | |
set_dtb_prop(tms->device_tree, "clock-frequency", sizeof(data), &data); | |
child = find_dtb_node(tms->device_tree, "arm-io"); | |
diff --git a/hw/arm/xnu.c b/hw/arm/xnu.c | |
index fd1529e93f..5b5e857e9a 100644 | |
--- a/hw/arm/xnu.c | |
+++ b/hw/arm/xnu.c | |
@@ -423,6 +423,38 @@ void macho_populate_dtb(DTBNode *root, macho_boot_info_t info) | |
set_dtb_prop(child, "amfi-allows-trust-cache-load", sizeof(data), &data); | |
// data = 1; | |
// set_dtb_prop(child, "debug-enabled", sizeof(data), &data); | |
+#if 0 | |
+ data = 1; | |
+ set_dtb_prop(child, "protected-data-access", sizeof(data), &data); | |
+ set_dtb_prop(child, "sepfw-load-at-boot", sizeof(data), &data); | |
+ data = 0; | |
+ set_dtb_prop(child, "no-protected-data-access", sizeof(data), &data); | |
+ set_dtb_prop(child, "no-sepfw-load-at-boot", sizeof(data), &data); | |
+#endif | |
+#if 0 | |
+ data = 0; | |
+ set_dtb_prop(child, "protected-data-access", sizeof(data), &data); | |
+ set_dtb_prop(child, "sepfw-load-at-boot", sizeof(data), &data); | |
+ data = 1; | |
+ set_dtb_prop(child, "no-protected-data-access", sizeof(data), &data); | |
+ set_dtb_prop(child, "no-sepfw-load-at-boot", sizeof(data), &data); | |
+#endif | |
+#if 0 | |
+ data = 1; | |
+ set_dtb_prop(child, "protected-data-access", sizeof(data), &data); | |
+ set_dtb_prop(child, "no-sepfw-load-at-boot", sizeof(data), &data); | |
+ data = 0; | |
+ set_dtb_prop(child, "no-protected-data-access", sizeof(data), &data); | |
+ set_dtb_prop(child, "sepfw-load-at-boot", sizeof(data), &data); | |
+#endif | |
+#if 0 | |
+ data = 0; | |
+ set_dtb_prop(child, "protected-data-access", sizeof(data), &data); | |
+ set_dtb_prop(child, "no-sepfw-load-at-boot", sizeof(data), &data); | |
+ data = 1; | |
+ set_dtb_prop(child, "no-protected-data-access", sizeof(data), &data); | |
+ set_dtb_prop(child, "sepfw-load-at-boot", sizeof(data), &data); | |
+#endif | |
child = get_dtb_node(root, "chosen/manifest-properties"); | |
set_dtb_prop(child, "BNCH", sizeof(info->boot_nonce_hash), | |
diff --git a/hw/misc/apple_aes.c b/hw/misc/apple_aes.c | |
index cd55638d3c..bb665150d1 100644 | |
--- a/hw/misc/apple_aes.c | |
+++ b/hw/misc/apple_aes.c | |
@@ -372,8 +372,9 @@ static uint64_t aes_security_reg_read(void *opaque, hwaddr addr, unsigned size) | |
switch (addr) { | |
case 0x20: //! board-id | |
return 0x4; | |
- case 0x34: //? bit 24 = is fresh boot? | |
- return (1 << 24) | (1 << 25); | |
+ case 0x34: //? bit 24 = is first boot ; bit 25 = something with memory encryption? | |
+ //return (1 << 24) | (1 << 25); | |
+ return (1 << 24) | (0 << 25); | |
default: //! We don't know the rest | |
return 0xFF; | |
} | |
diff --git a/hw/misc/apple_mbox.c b/hw/misc/apple_mbox.c | |
index fbe337fce3..25eb3351c9 100644 | |
--- a/hw/misc/apple_mbox.c | |
+++ b/hw/misc/apple_mbox.c | |
@@ -9,25 +9,6 @@ | |
#include "qemu/main-loop.h" | |
#include "trace.h" | |
-#define IOP_LOG_MSG(s, t, msg) \ | |
- do { \ | |
- qemu_log_mask(LOG_GUEST_ERROR, \ | |
- "%s: %s message (msg->endpoint: 0x%X " \ | |
- "msg->data[0]: 0x" HWADDR_FMT_plx \ | |
- " msg->data[1]: 0x" HWADDR_FMT_plx \ | |
- " s->ep0_status: 0x%X)\n", \ | |
- s->role, t, msg->endpoint, msg->data[0], msg->data[1], \ | |
- s->ep0_status); \ | |
- } while (0) | |
- | |
-#define IOP_LOG_MGMT_MSG(s, msg) \ | |
- do { \ | |
- qemu_log_mask(LOG_GUEST_ERROR, \ | |
- "%s: IOP received management message (msg->endpoint: " \ | |
- "0x0 msg->raw: 0x" HWADDR_FMT_plx \ | |
- " s->ep0_status: 0x%X)\n", \ | |
- s->role, msg->raw, s->ep0_status); \ | |
- } while (0) | |
//! ------ V3 ------ | |
@@ -36,21 +17,30 @@ | |
#define REG_V3_CPU_STATUS (0x0048) | |
#define V3_CPU_STATUS_IDLE (0x1) | |
+ | |
+#define REG_V3_UNKNOWN0 (0x004c) | |
+#define REG_V3_UNKNOWN1 (0x0818) | |
+#define REG_V3_UNKNOWN2 (0x081c) | |
#define REG_V3_NMI0 (0xC04) // ?? | |
#define REG_V3_NMI1 (0xC14) // ?? | |
#define REG_AKF_CONFIG (0x2043) // ?? | |
-#define REG_V3_IOP_INT_MASK_SET (0x4100) | |
-#define REG_V3_IOP_INT_MASK_CLR (0x4108) | |
+//#define REG_V3_IOP_INT_MASK_SET (0x4100) // T8101 64-bit | |
+//#define REG_V3_IOP_INT_MASK_CLR (0x4108) // T8101 64-bit | |
+#define REG_V3_IOP_INT_MASK_SET (0x4100) // T8020 32-bit | |
+#define REG_V3_IOP_INT_MASK_CLR (0x4104) // T8020 32-bit | |
-#define REG_V3_IOP_I2A_CTRL (0x4114) | |
+ | |
+//#define REG_V3_IOP_I2A_CTRL (0x4114) // T8101 32-bit | |
+#define REG_V3_IOP_I2A_CTRL (0x410c) // T8020 32-bit | |
#define REG_V3_IOP_I2A_SEND0 (0x4820) | |
#define REG_V3_IOP_I2A_SEND1 (0x4824) | |
#define REG_V3_IOP_I2A_SEND2 (0x4828) | |
#define REG_V3_IOP_I2A_SEND3 (0x482C) | |
-#define REG_V3_IOP_A2I_CTRL (0x4110) | |
+//#define REG_V3_IOP_A2I_CTRL (0x4110) // T8101 32-bit | |
+#define REG_V3_IOP_A2I_CTRL (0x4108) // T8020 32-bit | |
#define REG_V3_IOP_A2I_RECV0 (0x4810) | |
#define REG_V3_IOP_A2I_RECV1 (0x4814) | |
#define REG_V3_IOP_A2I_RECV2 (0x4818) | |
@@ -203,7 +193,7 @@ static void ap_update_irq(AppleMboxState *s) | |
* Push a message from AP to IOP, | |
* take ownership of msg | |
*/ | |
-static void apple_mbox_inbox_push(AppleMboxState *s, apple_mbox_msg_t msg) | |
+void apple_mbox_inbox_push(AppleMboxState *s, apple_mbox_msg_t msg) | |
{ | |
QTAILQ_INSERT_TAIL(&s->inbox, msg, entry); | |
s->inboxCount++; | |
@@ -463,7 +453,9 @@ static void apple_mbox_v3_reg_write(void *opaque, hwaddr addr, | |
switch (addr) { | |
case REG_V3_CPU_CTRL: | |
- if (data & V3_CPU_CTRL_RUN) { | |
+ if (data & V3_CPU_CTRL_RUN) | |
+ //if ((data & V3_CPU_CTRL_RUN) || (data & 0x10000)) | |
+ { | |
struct apple_mbox_mgmt_msg m = { 0 }; | |
s->regs[REG_V3_CPU_STATUS] &= ~V3_CPU_STATUS_IDLE; | |
iop_start(s); | |
@@ -475,6 +467,16 @@ static void apple_mbox_v3_reg_write(void *opaque, hwaddr addr, | |
apple_mbox_send_control_message(s, 0, m.raw); | |
} | |
+#if 0 | |
+ if ((data & (1 << 16)) != 0) { | |
+ //qemu_set_irq(s->iop_irq, 1); | |
+ //qemu_set_irq(s->test_irq, 1); | |
+ ////qemu_set_irq(qdev_get_gpio_in(gpio, T8030_GPIO_FORCE_DFU), 1); | |
+ //if (s->AppleSEPResetMisc_func != NULL) { | |
+ // //s->AppleSEPResetMisc_func(0x800000000ULL); | |
+ //} | |
+ } | |
+#endif | |
break; | |
case REG_V3_A2I_PUSH0: | |
QEMU_FALLTHROUGH; | |
@@ -602,6 +604,24 @@ static uint64_t apple_mbox_v3_reg_read(void *opaque, hwaddr addr, unsigned size) | |
break; | |
case REG_V3_CPU_STATUS: | |
break; | |
+ case REG_V3_UNKNOWN0: | |
+#if 0 | |
+ ret = ((apple_mbox_inbox_empty(s) && | |
+ !(s->iop_int_mask & V2_A2I_EMPTY)) || | |
+ (!apple_mbox_inbox_empty(s) && | |
+ !(s->iop_int_mask & V2_A2I_NONEMPTY)) || | |
+ (apple_mbox_outbox_empty(s) && | |
+ !(s->iop_int_mask & V2_I2A_EMPTY)) || | |
+ (!apple_mbox_outbox_empty(s) && | |
+ !(s->iop_int_mask & V2_I2A_NONEMPTY))); | |
+#endif | |
+ ret = 1; | |
+ // TODO: response not interrupt available, but something with REG_V3_CPU_CTRL? | |
+ break; | |
+ case REG_V3_UNKNOWN1: | |
+ break; | |
+ case REG_V3_UNKNOWN2: | |
+ break; | |
case REG_V3_IOP_A2I_RECV0: | |
msg = apple_mbox_inbox_pop(s); | |
if (!msg) { | |
@@ -882,6 +902,7 @@ AppleMboxState *apple_mbox_create(const char *role, void *opaque, | |
s->protocol_version = protocol_version; | |
s->role = g_strdup(role); | |
s->ops = ops; | |
+ //s->AppleSEPResetMisc_func = NULL; | |
snprintf(name, sizeof(name), TYPE_APPLE_MBOX ".%s.akf-reg", s->role); | |
@@ -901,6 +922,7 @@ AppleMboxState *apple_mbox_create(const char *role, void *opaque, | |
} | |
qdev_init_gpio_out_named(DEVICE(dev), &s->iop_irq, APPLE_MBOX_IOP_IRQ, 1); | |
+ qdev_init_gpio_out_named(DEVICE(dev), &s->test_irq, APPLE_MBOX_TEST_IRQ, 1); | |
QTAILQ_INIT(&s->inbox); | |
QTAILQ_INIT(&s->outbox); | |
QTAILQ_INIT(&s->rollcall); | |
diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c | |
index b5e29fbdd5..316127a239 100644 | |
--- a/hw/usb/hcd-dwc2.c | |
+++ b/hw/usb/hcd-dwc2.c | |
@@ -44,8 +44,13 @@ | |
#include "qemu/units.h" | |
#include "trace.h" | |
-// #define SOC_DMA_BASE (0x100000000ULL) | |
+//#define DO_T8030_SECUREROM 1 | |
+ | |
+#ifdef DO_T8030_SECUREROM | |
+#define SOC_DMA_BASE (0x100000000ULL) | |
+#else | |
#define SOC_DMA_BASE (0x0ULL) | |
+#endif | |
#define USB_HZ_FS 12000000 | |
#define USB_HZ_HS 96000000 | |
diff --git a/include/hw/arm/apple_a13.h b/include/hw/arm/apple_a13.h | |
index 44ecfefd46..51b9a6b251 100644 | |
--- a/include/hw/arm/apple_a13.h | |
+++ b/include/hw/arm/apple_a13.h | |
@@ -66,6 +66,8 @@ typedef struct AppleA13State { | |
A13_CPREG_VAR_DEF(ARM64_REG_HID14); | |
A13_CPREG_VAR_DEF(ARM64_REG_HID16); | |
A13_CPREG_VAR_DEF(ARM64_REG_LSU_ERR_STS); | |
+ A13_CPREG_VAR_DEF(SYS_E_LSU_ERR_STS); | |
+ A13_CPREG_VAR_DEF(SYS_E_FED_ERR_STS); | |
A13_CPREG_VAR_DEF(IMP_BARRIER_LBSY_BST_SYNC_W0_EL0); | |
A13_CPREG_VAR_DEF(IMP_BARRIER_LBSY_BST_SYNC_W1_EL0); | |
A13_CPREG_VAR_DEF(ARM64_REG_3_3_15_7); | |
@@ -75,7 +77,10 @@ typedef struct AppleA13State { | |
A13_CPREG_VAR_DEF(PMCR1); | |
A13_CPREG_VAR_DEF(PMSR); | |
A13_CPREG_VAR_DEF(S3_4_c15_c0_5); | |
- A13_CPREG_VAR_DEF(SYS_HCR_EL2); | |
+ A13_CPREG_VAR_DEF(SYS_HCR_EL2); // TODO: already exists in target/arm/helper.c | |
+ A13_CPREG_VAR_DEF(SYS_PRE_LLCFLUSH_TMR); | |
+ A13_CPREG_VAR_DEF(SYS_ACC_PWR_DN_SAVE); | |
+ A13_CPREG_VAR_DEF(SYS_AON_CNT_CTL); | |
A13_CPREG_VAR_DEF(AMX_STATUS_EL1); | |
A13_CPREG_VAR_DEF(AMX_CTL_EL1); | |
A13_CPREG_VAR_DEF(ARM64_REG_CYC_OVRD); | |
diff --git a/include/hw/arm/apple_sep.h b/include/hw/arm/apple_sep.h | |
index 96740ccd58..e5a8540394 100644 | |
--- a/include/hw/arm/apple_sep.h | |
+++ b/include/hw/arm/apple_sep.h | |
@@ -24,6 +24,7 @@ | |
#include "hw/arm/apple_a13.h" | |
#include "hw/arm/xnu_dtb.h" | |
#include "hw/misc/apple_mbox.h" | |
+#include "hw/boards.h" | |
#include "hw/sysbus.h" | |
#include "qemu/typedefs.h" | |
#include "qom/object.h" | |
@@ -42,13 +43,27 @@ struct AppleSEPState { | |
AppleMboxState *mbox; | |
MemoryRegion *dma_mr; | |
AddressSpace *dma_as; | |
- MemoryRegion trng_mr; | |
+ MemoryRegion trng_t8020_mr; | |
+ MemoryRegion trng_t8101_mr; | |
MemoryRegion misc0_mr; | |
MemoryRegion misc1_mr; | |
MemoryRegion misc2_mr; | |
+ MemoryRegion misc3_mr; | |
+ MemoryRegion misc4_mr; // MISC4 // T8101 BootMonitor for SEPOS loading? | |
+ MemoryRegion misc5_mr; | |
+ MemoryRegion misc6_mr; | |
+ MemoryRegion misc7_mr; | |
+ MemoryRegion misc8_mr; | |
+ MemoryRegion misc9_mr; | |
uint8_t misc0_regs[REG_SIZE]; | |
uint8_t misc1_regs[REG_SIZE]; | |
uint8_t misc2_regs[REG_SIZE]; | |
+ uint8_t misc39_regs[REG_SIZE]; | |
+ uint8_t misc4_regs[REG_SIZE]; | |
+ uint8_t misc5_regs[REG_SIZE]; | |
+ uint8_t misc6_regs[REG_SIZE]; | |
+ uint8_t misc7_regs[REG_SIZE]; | |
+ uint8_t misc8_regs[REG_SIZE]; | |
}; | |
AppleSEPState *apple_sep_create(DTBNode *node, vaddr base, uint32_t cpu_id, | |
diff --git a/include/hw/misc/apple_mbox.h b/include/hw/misc/apple_mbox.h | |
index d802cffd40..c65f8ad51a 100644 | |
--- a/include/hw/misc/apple_mbox.h | |
+++ b/include/hw/misc/apple_mbox.h | |
@@ -11,6 +11,7 @@ | |
#define APPLE_MBOX_IRQ_I2A_NONEMPTY 2 | |
#define APPLE_MBOX_IRQ_I2A_EMPTY 3 | |
#define APPLE_MBOX_IOP_IRQ "apple-mbox-iop-irq" | |
+#define APPLE_MBOX_TEST_IRQ "apple-mbox-test-irq" | |
#define APPLE_MBOX_MMIO_V3 0 | |
#define APPLE_MBOX_MMIO_V2 1 | |
@@ -23,6 +24,28 @@ OBJECT_DECLARE_SIMPLE_TYPE(AppleMboxState, APPLE_MBOX) | |
#define EP_MANAGEMENT (0) | |
#define EP_CRASHLOG (1) | |
+ | |
+#define IOP_LOG_MSG(s, t, msg) \ | |
+ do { \ | |
+ qemu_log_mask(LOG_GUEST_ERROR, \ | |
+ "%s: %s message (msg->endpoint: 0x%X " \ | |
+ "msg->data[0]: 0x" HWADDR_FMT_plx \ | |
+ " msg->data[1]: 0x" HWADDR_FMT_plx \ | |
+ " s->ep0_status: 0x%X)\n", \ | |
+ s->role, t, msg->endpoint, msg->data[0], msg->data[1], \ | |
+ s->ep0_status); \ | |
+ } while (0) | |
+ | |
+#define IOP_LOG_MGMT_MSG(s, msg) \ | |
+ do { \ | |
+ qemu_log_mask(LOG_GUEST_ERROR, \ | |
+ "%s: IOP received management message (msg->endpoint: " \ | |
+ "0x0 msg->raw: 0x" HWADDR_FMT_plx \ | |
+ " s->ep0_status: 0x%X)\n", \ | |
+ s->role, msg->raw, s->ep0_status); \ | |
+ } while (0) | |
+ | |
+ | |
enum apple_mbox_ep0_state { | |
EP0_IDLE, | |
EP0_WAIT_HELLO, | |
@@ -89,6 +112,8 @@ typedef struct apple_mbox_ep_handler_data { | |
void *opaque; | |
} apple_mbox_ep_handler_data; | |
+typedef void AppleSEPResetMisc(vaddr vector); | |
+ | |
struct AppleMboxState { | |
SysBusDevice parent_obj; | |
@@ -102,6 +127,7 @@ struct AppleMboxState { | |
uint32_t protocol_version; | |
qemu_irq irqs[4]; | |
qemu_irq iop_irq; | |
+ qemu_irq test_irq; | |
QTAILQ_HEAD(, apple_mbox_msg) inbox; | |
QTAILQ_HEAD(, apple_mbox_msg) outbox; | |
QTAILQ_HEAD(, apple_mbox_msg) rollcall; | |
@@ -114,6 +140,7 @@ struct AppleMboxState { | |
uint32_t int_mask; | |
uint32_t iop_int_mask; | |
bool real; | |
+ //AppleSEPResetMisc *AppleSEPResetMisc_func; | |
}; | |
struct iop_rollcall_data { | |
@@ -128,6 +155,8 @@ struct AppleMboxOps { | |
void (*wakeup)(void *opaque); | |
}; | |
+void apple_mbox_inbox_push(AppleMboxState *s, apple_mbox_msg_t msg); | |
+ | |
/* | |
* Send message to an endpoint | |
*/ | |
diff --git a/meson.build b/meson.build | |
index 89bef2d3d4..4e02ceeaff 100644 | |
--- a/meson.build | |
+++ b/meson.build | |
@@ -1092,9 +1092,11 @@ endif | |
liblzfse = not_found | |
if not get_option('lzfse').auto() or have_block | |
- liblzfse = cc.find_library('lzfse', has_headers: ['lzfse.h'], | |
- required: get_option('lzfse'), | |
- kwargs: static_kwargs) | |
+ liblzfse = dependency('lzfse', required: get_option('lzfse'), | |
+ method: 'pkg-config', kwargs: static_kwargs) | |
+# liblzfse = cc.find_library('lzfse', has_headers: ['lzfse.h'], | |
+# required: get_option('lzfse'), | |
+# kwargs: static_kwargs) | |
endif | |
if liblzfse.found() and not cc.links(''' | |
#include <lzfse.h> | |
diff --git a/pc-bios/keymaps/meson.build b/pc-bios/keymaps/meson.build | |
index 1cbcdebefa..1815cce47f 100644 | |
--- a/pc-bios/keymaps/meson.build | |
+++ b/pc-bios/keymaps/meson.build | |
@@ -1,36 +1,6 @@ | |
keymaps = { | |
- 'ar': '-l ara', | |
- 'bepo': '-l fr -v dvorak', | |
- 'cz': '-l cz', | |
- 'da': '-l dk', | |
'de': '-l de -v nodeadkeys', | |
- 'de-ch': '-l ch', | |
- 'en-gb': '-l gb', | |
'en-us': '-l us', | |
- 'es': '-l es', | |
- 'et': '-l et', | |
- 'fi': '-l fi', | |
- 'fo': '-l fo', | |
- 'fr': '-l fr -v nodeadkeys', | |
- 'fr-be': '-l be', | |
- 'fr-ca': '-l ca -v fr', | |
- 'fr-ch': '-l ch -v fr', | |
- 'hr': '-l hr', | |
- 'hu': '-l hu', | |
- 'is': '-l is', | |
- 'it': '-l it', | |
- 'ja': '-l jp -m jp106', | |
- 'lt': '-l lt', | |
- 'lv': '-l lv', | |
- 'mk': '-l mk', | |
- 'nl': '-l nl', | |
- 'no': '-l no', | |
- 'pl': '-l pl', | |
- 'pt': '-l pt', | |
- 'pt-br': '-l br', | |
- 'ru': '-l ru', | |
- 'th': '-l th', | |
- 'tr': '-l tr', | |
} | |
if meson.is_cross_build() or not xkbcommon.found() | |
diff --git a/softmmu/memory.c b/softmmu/memory.c | |
index b1a6cae6f5..a8ccd4154b 100644 | |
--- a/softmmu/memory.c | |
+++ b/softmmu/memory.c | |
@@ -1379,6 +1379,8 @@ bool memory_region_access_valid(MemoryRegion *mr, | |
{ | |
if (mr->ops->valid.accepts | |
&& !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, attrs)) { | |
+ CPUState *cpu = first_cpu; | |
+ cpu_dump_state(cpu, stderr, CPU_DUMP_CODE); | |
qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX | |
", size %u, region '%s', reason: rejected\n", | |
is_write ? "write" : "read", | |
@@ -1451,6 +1453,8 @@ MemTxResult memory_region_dispatch_read(MemoryRegion *mr, | |
pval, op, attrs); | |
} | |
if (!memory_region_access_valid(mr, addr, size, false, attrs)) { | |
+ fprintf(stderr, "Invalid read: addr: 0x%llx ; size : %d\n", addr, size); | |
+ //__asm__("int3"); | |
*pval = unassigned_mem_read(mr, addr, size); | |
return MEMTX_DECODE_ERROR; | |
} | |
@@ -1500,6 +1504,8 @@ MemTxResult memory_region_dispatch_write(MemoryRegion *mr, | |
data, op, attrs); | |
} | |
if (!memory_region_access_valid(mr, addr, size, true, attrs)) { | |
+ fprintf(stderr, "Invalid write: addr: 0x%llx ; data: 0x%llx ; size : %d\n", addr, data, size); | |
+ //__asm__("int3"); | |
unassigned_mem_write(mr, addr, data, size); | |
return MEMTX_DECODE_ERROR; | |
} | |
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c | |
index 21e29ed88c..823410116b 100644 | |
--- a/target/arm/cpu64.c | |
+++ b/target/arm/cpu64.c | |
@@ -1193,6 +1193,7 @@ static void aarch64_max_initfn(Object *obj) | |
ARMCPU *cpu = ARM_CPU(obj); | |
uint64_t t; | |
uint32_t u; | |
+ fprintf(stderr, "aarch64_max_initfn: test0: entered\n"); | |
if (kvm_enabled() || hvf_enabled()) { | |
/* With KVM or HVF, '-cpu max' is identical to '-cpu host' */ | |
@@ -1425,17 +1426,30 @@ static void aarch64_cpu_finalizefn(Object *obj) | |
static gchar *aarch64_gdb_arch_name(CPUState *cs) | |
{ | |
return g_strdup("aarch64"); | |
+ //return g_strdup("arm"); | |
} | |
+static int classinit_index = 0; | |
+ | |
static void aarch64_cpu_class_init(ObjectClass *oc, void *data) | |
{ | |
CPUClass *cc = CPU_CLASS(oc); | |
+ fprintf(stderr, "aarch64_cpu_class_init: test0: entered\n"); | |
+ //if (classinit_index == 0) | |
+ //if (0) | |
+#if 1 | |
+ { | |
cc->gdb_read_register = aarch64_cpu_gdb_read_register; | |
cc->gdb_write_register = aarch64_cpu_gdb_write_register; | |
cc->gdb_num_core_regs = 34; | |
cc->gdb_core_xml_file = "aarch64-core.xml"; | |
+ //cc->gdb_num_core_regs = 26; | |
+ //cc->gdb_core_xml_file = "arm-core.xml"; | |
cc->gdb_arch_name = aarch64_gdb_arch_name; | |
+ } | |
+#endif | |
+ classinit_index++; | |
object_class_property_add_bool(oc, "aarch64", aarch64_cpu_get_aarch64, | |
aarch64_cpu_set_aarch64); | |
diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c | |
index 13fbe9b0d7..df6aea25e7 100644 | |
--- a/target/arm/gdbstub.c | |
+++ b/target/arm/gdbstub.c | |
@@ -506,6 +506,7 @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu) | |
CPUARMState *env = &cpu->env; | |
if (arm_feature(env, ARM_FEATURE_AARCH64)) { | |
+ fprintf(stderr, "arm_cpu_register_gdb_regs_for_features: test0: AARCH64 true\n"); | |
/* | |
* The lower part of each SVE register aliases to the FPU | |
* registers so we don't need to include both. | |
diff --git a/target/arm/helper.c b/target/arm/helper.c | |
index 0370c62ceb..eae7c0361e 100644 | |
--- a/target/arm/helper.c | |
+++ b/target/arm/helper.c | |
@@ -11787,22 +11787,26 @@ int fp_exception_el(CPUARMState *env, int cur_el) | |
* always accessible | |
*/ | |
if (!arm_feature(env, ARM_FEATURE_V6)) { | |
+ //fprintf(stderr, "fp_exception_el: test0\n"); | |
return 0; | |
} | |
if (arm_feature(env, ARM_FEATURE_M)) { | |
/* CPACR can cause a NOCP UsageFault taken to current security state */ | |
if (!v7m_cpacr_pass(env, env->v7m.secure, cur_el != 0)) { | |
+ //fprintf(stderr, "fp_exception_el: test1\n"); | |
return 1; | |
} | |
if (arm_feature(env, ARM_FEATURE_M_SECURITY) && !env->v7m.secure) { | |
if (!extract32(env->v7m.nsacr, 10, 1)) { | |
/* FP insns cause a NOCP UsageFault taken to Secure */ | |
+ //fprintf(stderr, "fp_exception_el: test2\n"); | |
return 3; | |
} | |
} | |
+ //fprintf(stderr, "fp_exception_el: test3\n"); | |
return 0; | |
} | |
@@ -11829,9 +11833,11 @@ int fp_exception_el(CPUARMState *env, int cur_el) | |
/* Trap from Secure PL0 or PL1 to Secure PL1. */ | |
if (!arm_el_is_aa64(env, 3) | |
&& (cur_el == 3 || arm_is_secure_below_el3(env))) { | |
+ //fprintf(stderr, "fp_exception_el: test4\n"); | |
return 3; | |
} | |
if (cur_el <= 1) { | |
+ //fprintf(stderr, "fp_exception_el: test5\n"); | |
return 1; | |
} | |
break; | |
@@ -11847,6 +11853,7 @@ int fp_exception_el(CPUARMState *env, int cur_el) | |
cur_el <= 2 && !arm_is_secure_below_el3(env))) { | |
if (!extract32(env->cp15.nsacr, 10, 1)) { | |
/* FP insns act as UNDEF */ | |
+ //fprintf(stderr, "fp_exception_el: test6\n"); | |
return cur_el == 2 ? 2 : 1; | |
} | |
} | |
@@ -11865,10 +11872,12 @@ int fp_exception_el(CPUARMState *env, int cur_el) | |
/* fall through */ | |
case 0: | |
case 2: | |
+ //fprintf(stderr, "fp_exception_el: test7\n"); | |
return 2; | |
} | |
} else if (arm_is_el2_enabled(env)) { | |
if (FIELD_EX64(env->cp15.cptr_el[2], CPTR_EL2, TFP)) { | |
+ //fprintf(stderr, "fp_exception_el: test8\n"); | |
return 2; | |
} | |
} | |
@@ -11877,9 +11886,11 @@ int fp_exception_el(CPUARMState *env, int cur_el) | |
/* CPTR_EL3 : present in v8 */ | |
if (FIELD_EX64(env->cp15.cptr_el[3], CPTR_EL3, TFP)) { | |
/* Trap all FP ops to EL3 */ | |
+ //fprintf(stderr, "fp_exception_el: test9\n"); | |
return 3; | |
} | |
#endif | |
+ //fprintf(stderr, "fp_exception_el: test10\n"); | |
return 0; | |
} | |
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c | |
index 97bc141aa8..21509a6bba 100644 | |
--- a/target/arm/tcg/translate-a64.c | |
+++ b/target/arm/tcg/translate-a64.c | |
@@ -36,6 +36,11 @@ | |
#include "translate-a64.h" | |
#include "qemu/atomic128.h" | |
+ | |
+//#define ENABLE_DUMPING 1 | |
+ | |
+ | |
+ | |
static TCGv_i64 cpu_X[32]; | |
static TCGv_i64 cpu_pc; | |
@@ -67,6 +72,9 @@ typedef struct AArch64DecodeTable { | |
AArch64DecodeFn *disas_fn; | |
} AArch64DecodeTable; | |
+static CPUARMState *global_testenv = NULL; | |
+ | |
+ | |
/* initialize TCG globals. */ | |
void a64_translate_init(void) | |
{ | |
@@ -1096,9 +1104,14 @@ static void do_vec_ld(DisasContext *s, int destidx, int element, | |
*/ | |
static bool fp_access_check_only(DisasContext *s) | |
{ | |
+ //fprintf(stderr, "fp_access_check_only: entered function\n"); | |
+ //s->fp_excp_el = false; | |
if (s->fp_excp_el) { | |
assert(!s->fp_access_checked); | |
s->fp_access_checked = true; | |
+ //fprintf(stderr, "fp_access_check_only: no soup^H^H^H^Hexception for you\n"); | |
+ //s->fp_excp_el = false; | |
+ //return true; | |
gen_exception_insn_el(s, 0, EXCP_UDEF, | |
syn_fp_access_trap(1, 0xe, false, 0), | |
@@ -1111,12 +1124,15 @@ static bool fp_access_check_only(DisasContext *s) | |
static bool fp_access_check(DisasContext *s) | |
{ | |
+ //fprintf(stderr, "fp_access_check: entered function\n"); | |
if (!fp_access_check_only(s)) { | |
+ fprintf(stderr, "fp_access_check: fp_access_check_only returned false\n"); | |
return false; | |
} | |
if (s->sme_trap_nonstreaming && s->is_nonstreaming) { | |
gen_exception_insn(s, 0, EXCP_UDEF, | |
syn_smetrap(SME_ET_Streaming, false)); | |
+ fprintf(stderr, "fp_access_check: s->sme_trap_nonstreaming && s->is_nonstreaming\n"); | |
return false; | |
} | |
return true; | |
@@ -1129,6 +1145,7 @@ static bool fp_access_check(DisasContext *s) | |
*/ | |
bool sve_access_check(DisasContext *s) | |
{ | |
+ fprintf(stderr, "sve_access_check: entered function\n"); | |
if (s->pstate_sm || !dc_isar_feature(aa64_sve, s)) { | |
assert(dc_isar_feature(aa64_sme, s)); | |
if (!sme_sm_enabled_check(s)) { | |
@@ -1156,7 +1173,9 @@ bool sve_access_check(DisasContext *s) | |
*/ | |
static bool sme_access_check(DisasContext *s) | |
{ | |
+ fprintf(stderr, "sme_access_check: entered function\n"); | |
if (s->sme_excp_el) { | |
+ fprintf(stderr, "sme_access_check: do exception\n"); | |
gen_exception_insn_el(s, 0, EXCP_UDEF, | |
syn_smetrap(SME_ET_AccessTrap, false), | |
s->sme_excp_el); | |
@@ -2179,12 +2198,23 @@ static void disas_exc(DisasContext *s, uint32_t insn) | |
* | 1 1 0 1 0 1 1 | opc | op2 | op3 | Rn | op4 | | |
* +---------------+-------+-------+-------+------+-------+ | |
*/ | |
+ | |
+static FILE *testfp0 = NULL; | |
+ | |
static void disas_uncond_b_reg(DisasContext *s, uint32_t insn) | |
{ | |
unsigned int opc, op2, op3, rn, op4; | |
unsigned btype_mod = 2; /* 0: BR, 1: BLR, 2: other */ | |
TCGv_i64 dst; | |
TCGv_i64 modifier; | |
+ uint64_t testvar0, testvar1, testvar0_high; | |
+ | |
+#if ENABLE_DUMPING | |
+ /* test0 */ | |
+ //gen_a64_update_pc(s, 0); | |
+ //gen_ss_advance(s); | |
+ //s->base.is_jmp = DISAS_TOO_MANY; | |
+#endif | |
opc = extract32(insn, 21, 4); | |
op2 = extract32(insn, 16, 5); | |
@@ -2254,6 +2284,22 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn) | |
} | |
gen_pc_plus_diff(s, lr, curr_insn_len(s)); | |
} | |
+#if ENABLE_DUMPING | |
+ testvar0 = s->pc_curr; | |
+ testvar1 = global_testenv->xregs[rn]; | |
+ testvar0_high = (testvar0 >> 36); | |
+ testvar1 &= ~(0xfffffffULL << 36); | |
+ testvar1 |= (testvar0_high << 36); | |
+ if (testfp0 == NULL) { | |
+ testfp0 = fopen("/home/ios/satamnt_1/gdb_indirect_tracelog2", "a"); | |
+ } | |
+ if (testfp0 != NULL) { | |
+ fprintf(testfp0, "%016llx %016llx\n", testvar0, testvar1); | |
+ fflush(testfp0); | |
+ //fclose(testfp0); | |
+ //testfp0 = NULL; | |
+ } | |
+#endif | |
gen_a64_set_pc(s, dst); | |
break; | |
@@ -2287,6 +2333,22 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn) | |
} | |
gen_pc_plus_diff(s, lr, curr_insn_len(s)); | |
} | |
+#if ENABLE_DUMPING | |
+ testvar0 = s->pc_curr; | |
+ testvar1 = global_testenv->xregs[rn]; | |
+ testvar0_high = (testvar0 >> 36); | |
+ testvar1 &= ~(0xfffffffULL << 36); | |
+ testvar1 |= (testvar0_high << 36); | |
+ if (testfp0 == NULL) { | |
+ testfp0 = fopen("/home/ios/satamnt_1/gdb_indirect_tracelog2", "a"); | |
+ } | |
+ if (testfp0 != NULL) { | |
+ fprintf(testfp0, "%016llx %016llx\n", testvar0, testvar1); | |
+ fflush(testfp0); | |
+ //fclose(testfp0); | |
+ //testfp0 = NULL; | |
+ } | |
+#endif | |
gen_a64_set_pc(s, dst); | |
break; | |
@@ -4166,6 +4228,13 @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn) | |
/* Loads and stores */ | |
static void disas_ldst(DisasContext *s, uint32_t insn) | |
{ | |
+#if ENABLE_DUMPING | |
+ /* test0 */ | |
+ gen_a64_update_pc(s, 0); | |
+ gen_ss_advance(s); | |
+ s->base.is_jmp = DISAS_TOO_MANY; | |
+#endif | |
+ | |
switch (extract32(insn, 24, 6)) { | |
case 0x08: /* Load/store exclusive */ | |
disas_ldst_excl(s, insn); | |
@@ -8056,6 +8125,7 @@ static void disas_simd_mod_imm(DisasContext *s, uint32_t insn) | |
} | |
if (!fp_access_check(s)) { | |
+ fprintf(stderr, "disas_simd_mod_imm: fp_access_check returned false\n"); | |
return; | |
} | |
@@ -14393,6 +14463,7 @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) | |
CPUARMState *env = cpu->env_ptr; | |
uint64_t pc = s->base.pc_next; | |
uint32_t insn; | |
+ global_testenv = env; | |
/* Singlestep exceptions have the highest priority. */ | |
if (s->ss_active && !s->pstate_ss) { | |
diff --git a/ui/gtk.c b/ui/gtk.c | |
index 0a9f24ee0a..1492ab1b21 100644 | |
--- a/ui/gtk.c | |
+++ b/ui/gtk.c | |
@@ -960,10 +960,9 @@ static gboolean gd_button_event(GtkWidget *widget, GdkEventButton *button, | |
if (button->button == 1 && button->type == GDK_BUTTON_PRESS && | |
!qemu_input_is_absolute() && s->ptr_owner != vc) { | |
if (!vc->window) { | |
- gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), | |
- TRUE); | |
+ //gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), TRUE); | |
} else { | |
- gd_grab_pointer(vc, "relative-mode-click"); | |
+ //gd_grab_pointer(vc, "relative-mode-click"); | |
} | |
return TRUE; | |
} | |
@@ -1332,7 +1331,7 @@ static gboolean gd_win_grab(void *opaque) | |
if (vc->s->ptr_owner) { | |
gd_ungrab_pointer(vc->s); | |
} else { | |
- gd_grab_pointer(vc, "user-request-detached-tab"); | |
+ //gd_grab_pointer(vc, "user-request-detached-tab"); | |
} | |
return TRUE; | |
} | |
@@ -1408,7 +1407,7 @@ static void gd_menu_full_screen(GtkMenuItem *item, void *opaque) | |
{ | |
GtkDisplayState *s = opaque; | |
VirtualConsole *vc = gd_vc_find_current(s); | |
- | |
+#if 0 | |
if (!s->full_screen) { | |
gtk_notebook_set_show_tabs(GTK_NOTEBOOK(s->notebook), FALSE); | |
gtk_widget_hide(s->menu_bar); | |
@@ -1431,7 +1430,7 @@ static void gd_menu_full_screen(GtkMenuItem *item, void *opaque) | |
gd_update_windowsize(vc); | |
} | |
} | |
- | |
+#endif | |
gd_update_cursor(vc); | |
} | |
@@ -1607,8 +1606,8 @@ static void gd_menu_grab_input(GtkMenuItem *item, void *opaque) | |
VirtualConsole *vc = gd_vc_find_current(s); | |
if (gd_is_grab_active(s)) { | |
- gd_grab_keyboard(vc, "user-request-main-window"); | |
- gd_grab_pointer(vc, "user-request-main-window"); | |
+ //gd_grab_keyboard(vc, "user-request-main-window"); | |
+ //gd_grab_pointer(vc, "user-request-main-window"); | |
} else { | |
gd_ungrab_keyboard(s); | |
gd_ungrab_pointer(s); | |
@@ -1632,16 +1631,13 @@ static void gd_change_page(GtkNotebook *nb, gpointer arg1, guint arg2, | |
if (!vc) { | |
return; | |
} | |
- gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(vc->menu_item), | |
- TRUE); | |
+ gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(vc->menu_item), TRUE); | |
on_vga = (vc->type == GD_VC_GFX && | |
qemu_console_is_graphic(vc->gfx.dcl.con)); | |
if (!on_vga) { | |
- gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), | |
- FALSE); | |
+ gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), FALSE); | |
} else if (s->full_screen) { | |
- gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), | |
- TRUE); | |
+ //gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), TRUE); | |
} | |
gtk_widget_set_sensitive(s->grab_item, on_vga); | |
#ifdef CONFIG_VTE | |
@@ -1659,7 +1655,7 @@ static gboolean gd_enter_event(GtkWidget *widget, GdkEventCrossing *crossing, | |
GtkDisplayState *s = vc->s; | |
if (gd_grab_on_hover(s)) { | |
- gd_grab_keyboard(vc, "grab-on-hover"); | |
+ //gd_grab_keyboard(vc, "grab-on-hover"); | |
} | |
return TRUE; | |
} | |
diff --git a/ui/sdl2.c b/ui/sdl2.c | |
index 9d703200bf..3ac1374074 100644 | |
--- a/ui/sdl2.c | |
+++ b/ui/sdl2.c | |
@@ -270,24 +270,25 @@ static void absolute_mouse_grab(struct sdl2_console *scon) | |
SDL_GetWindowSize(scon->real_window, &scr_w, &scr_h); | |
if (mouse_x > 0 && mouse_x < scr_w - 1 && | |
mouse_y > 0 && mouse_y < scr_h - 1) { | |
- sdl_grab_start(scon); | |
+ //sdl_grab_start(scon); | |
} | |
} | |
static void sdl_mouse_mode_change(Notifier *notify, void *data) | |
{ | |
- if (qemu_input_is_absolute()) { | |
+ if (qemu_input_is_absolute() && 0) { | |
if (!absolute_enabled) { | |
- absolute_enabled = 1; | |
- SDL_SetRelativeMouseMode(SDL_FALSE); | |
- absolute_mouse_grab(&sdl2_console[0]); | |
+ //absolute_enabled = 1; | |
+ //SDL_SetRelativeMouseMode(SDL_FALSE); | |
+ //absolute_mouse_grab(&sdl2_console[0]); | |
} | |
} else if (absolute_enabled) { | |
if (!gui_fullscreen) { | |
- sdl_grab_end(&sdl2_console[0]); | |
+ //sdl_grab_end(&sdl2_console[0]); | |
} | |
absolute_enabled = 0; | |
} | |
+ absolute_enabled = 0; | |
} | |
static void sdl_send_mouse_event(struct sdl2_console *scon, int dx, int dy, | |
@@ -329,15 +330,14 @@ static void sdl_send_mouse_event(struct sdl2_console *scon, int dx, int dy, | |
static void toggle_full_screen(struct sdl2_console *scon) | |
{ | |
- gui_fullscreen = !gui_fullscreen; | |
+ gui_fullscreen = 0;//!gui_fullscreen; | |
if (gui_fullscreen) { | |
- SDL_SetWindowFullscreen(scon->real_window, | |
- SDL_WINDOW_FULLSCREEN_DESKTOP); | |
- gui_saved_grab = gui_grab; | |
- sdl_grab_start(scon); | |
+ //SDL_SetWindowFullscreen(scon->real_window, SDL_WINDOW_FULLSCREEN_DESKTOP); | |
+ //gui_saved_grab = gui_grab; | |
+ //sdl_grab_start(scon); | |
} else { | |
if (!gui_saved_grab) { | |
- sdl_grab_end(scon); | |
+ //sdl_grab_end(scon); | |
} | |
SDL_SetWindowFullscreen(scon->real_window, 0); | |
} | |
@@ -393,7 +393,7 @@ static void handle_keydown(SDL_Event *ev) | |
case SDL_SCANCODE_8: | |
case SDL_SCANCODE_9: | |
if (gui_grab) { | |
- sdl_grab_end(scon); | |
+ //sdl_grab_end(scon); | |
} | |
win = ev->key.keysym.scancode - SDL_SCANCODE_1; | |
@@ -410,15 +410,15 @@ static void handle_keydown(SDL_Event *ev) | |
} | |
break; | |
case SDL_SCANCODE_F: | |
- toggle_full_screen(scon); | |
+ //toggle_full_screen(scon); | |
gui_keysym = 1; | |
break; | |
case SDL_SCANCODE_G: | |
gui_keysym = 1; | |
if (!gui_grab) { | |
- sdl_grab_start(scon); | |
+ //sdl_grab_start(scon); | |
} else if (!gui_fullscreen) { | |
- sdl_grab_end(scon); | |
+ //sdl_grab_end(scon); | |
} | |
break; | |
case SDL_SCANCODE_U: | |
@@ -502,12 +502,12 @@ static void handle_mousemotion(SDL_Event *ev) | |
if (gui_grab && !gui_fullscreen | |
&& (ev->motion.x == 0 || ev->motion.y == 0 || | |
ev->motion.x == max_x || ev->motion.y == max_y)) { | |
- sdl_grab_end(scon); | |
+ //sdl_grab_end(scon); | |
} | |
if (!gui_grab && | |
(ev->motion.x > 0 && ev->motion.x < max_x && | |
ev->motion.y > 0 && ev->motion.y < max_y)) { | |
- sdl_grab_start(scon); | |
+ //sdl_grab_start(scon); | |
} | |
} | |
if (gui_grab || qemu_input_is_absolute() || absolute_enabled) { | |
@@ -530,7 +530,7 @@ static void handle_mousebutton(SDL_Event *ev) | |
if (!gui_grab && !qemu_input_is_absolute()) { | |
if (ev->type == SDL_MOUSEBUTTONUP && bev->button == SDL_BUTTON_LEFT) { | |
/* start grabbing all events */ | |
- sdl_grab_start(scon); | |
+ //sdl_grab_start(scon); | |
} | |
} else { | |
if (ev->type == SDL_MOUSEBUTTONDOWN) { | |
@@ -601,7 +601,7 @@ static void handle_windowevent(SDL_Event *ev) | |
/* fall through */ | |
case SDL_WINDOWEVENT_ENTER: | |
if (!gui_grab && (qemu_input_is_absolute() || absolute_enabled)) { | |
- absolute_mouse_grab(scon); | |
+ //absolute_mouse_grab(scon); | |
} | |
/* If a new console window opened using a hotkey receives the | |
* focus, SDL sends another KEYDOWN event to the new window, | |
@@ -617,7 +617,7 @@ static void handle_windowevent(SDL_Event *ev) | |
win32_kbd_set_window(NULL); | |
} | |
if (gui_grab && !gui_fullscreen) { | |
- sdl_grab_end(scon); | |
+ //sdl_grab_end(scon); | |
} | |
break; | |
case SDL_WINDOWEVENT_RESTORED: | |
@@ -946,7 +946,7 @@ static void sdl2_display_init(DisplayState *ds, DisplayOptions *o) | |
sdl_cursor_normal = SDL_GetCursor(); | |
if (gui_fullscreen) { | |
- sdl_grab_start(&sdl2_console[0]); | |
+ //sdl_grab_start(&sdl2_console[0]); | |
} | |
atexit(sdl_cleanup); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment