1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33#include "qemu/osdep.h"
34#include "hw/isa/isa.h"
35#include "hw/qdev-properties.h"
36#include "ui/console.h"
37#include "qemu/module.h"
38#include "qemu/timer.h"
39#include "qom/object.h"
40#include "hw/acpi/acpi_aml_interface.h"
41
42
43
44#define APPLESMC_DEFAULT_IOBASE 0x300
45#define TYPE_APPLE_SMC "isa-applesmc"
46#define APPLESMC_MAX_DATA_LENGTH 32
47#define APPLESMC_PROP_IO_BASE "iobase"
48
49enum {
50 APPLESMC_DATA_PORT = 0x00,
51 APPLESMC_CMD_PORT = 0x04,
52 APPLESMC_ERR_PORT = 0x1e,
53 APPLESMC_NUM_PORTS = 0x20,
54};
55
56enum {
57 APPLESMC_READ_CMD = 0x10,
58 APPLESMC_WRITE_CMD = 0x11,
59 APPLESMC_GET_KEY_BY_INDEX_CMD = 0x12,
60 APPLESMC_GET_KEY_TYPE_CMD = 0x13,
61};
62
63enum {
64 APPLESMC_ST_CMD_DONE = 0x00,
65 APPLESMC_ST_DATA_READY = 0x01,
66 APPLESMC_ST_BUSY = 0x02,
67 APPLESMC_ST_ACK = 0x04,
68 APPLESMC_ST_NEW_CMD = 0x08,
69};
70
71enum {
72 APPLESMC_ST_1E_CMD_INTRUPTED = 0x80,
73 APPLESMC_ST_1E_STILL_BAD_CMD = 0x81,
74 APPLESMC_ST_1E_BAD_CMD = 0x82,
75 APPLESMC_ST_1E_NOEXIST = 0x84,
76 APPLESMC_ST_1E_WRITEONLY = 0x85,
77 APPLESMC_ST_1E_READONLY = 0x86,
78 APPLESMC_ST_1E_BAD_INDEX = 0xb8,
79};
80
81#ifdef DEBUG_SMC
82#define smc_debug(...) fprintf(stderr, "AppleSMC: " __VA_ARGS__)
83#else
84#define smc_debug(...) do { } while (0)
85#endif
86
87static char default_osk[64] = "This is a dummy key. Enter the real key "
88 "using the -osk parameter";
89
90struct AppleSMCData {
91 uint8_t len;
92 const char *key;
93 const char *data;
94 QLIST_ENTRY(AppleSMCData) node;
95};
96
97OBJECT_DECLARE_SIMPLE_TYPE(AppleSMCState, APPLE_SMC)
98
99struct AppleSMCState {
100 ISADevice parent_obj;
101
102 MemoryRegion io_data;
103 MemoryRegion io_cmd;
104 MemoryRegion io_err;
105 uint32_t iobase;
106 uint8_t cmd;
107 uint8_t status;
108 uint8_t status_1e;
109 uint8_t last_ret;
110 char key[4];
111 uint8_t read_pos;
112 uint8_t data_len;
113 uint8_t data_pos;
114 uint8_t data[255];
115 char *osk;
116 QLIST_HEAD(, AppleSMCData) data_def;
117};
118
119static void applesmc_io_cmd_write(void *opaque, hwaddr addr, uint64_t val,
120 unsigned size)
121{
122 AppleSMCState *s = opaque;
123 uint8_t status = s->status & 0x0f;
124
125 smc_debug("CMD received: 0x%02x\n", (uint8_t)val);
126 switch (val) {
127 case APPLESMC_READ_CMD:
128
129 if (status == APPLESMC_ST_CMD_DONE || status == APPLESMC_ST_NEW_CMD) {
130 s->cmd = val;
131 s->status = APPLESMC_ST_NEW_CMD | APPLESMC_ST_ACK;
132 } else {
133 smc_debug("ERROR: previous command interrupted!\n");
134 s->status = APPLESMC_ST_NEW_CMD;
135 s->status_1e = APPLESMC_ST_1E_CMD_INTRUPTED;
136 }
137 break;
138 default:
139 smc_debug("UNEXPECTED CMD 0x%02x\n", (uint8_t)val);
140 s->status = APPLESMC_ST_NEW_CMD;
141 s->status_1e = APPLESMC_ST_1E_BAD_CMD;
142 }
143 s->read_pos = 0;
144 s->data_pos = 0;
145}
146
147static struct AppleSMCData *applesmc_find_key(AppleSMCState *s)
148{
149 struct AppleSMCData *d;
150
151 QLIST_FOREACH(d, &s->data_def, node) {
152 if (!memcmp(d->key, s->key, 4)) {
153 return d;
154 }
155 }
156 return NULL;
157}
158
159static void applesmc_io_data_write(void *opaque, hwaddr addr, uint64_t val,
160 unsigned size)
161{
162 AppleSMCState *s = opaque;
163 struct AppleSMCData *d;
164
165 smc_debug("DATA received: 0x%02x\n", (uint8_t)val);
166 switch (s->cmd) {
167 case APPLESMC_READ_CMD:
168 if ((s->status & 0x0f) == APPLESMC_ST_CMD_DONE) {
169 break;
170 }
171 if (s->read_pos < 4) {
172 s->key[s->read_pos] = val;
173 s->status = APPLESMC_ST_ACK;
174 } else if (s->read_pos == 4) {
175 d = applesmc_find_key(s);
176 if (d != NULL) {
177 memcpy(s->data, d->data, d->len);
178 s->data_len = d->len;
179 s->data_pos = 0;
180 s->status = APPLESMC_ST_ACK | APPLESMC_ST_DATA_READY;
181 s->status_1e = APPLESMC_ST_CMD_DONE;
182 } else {
183 smc_debug("READ_CMD: key '%c%c%c%c' not found!\n",
184 s->key[0], s->key[1], s->key[2], s->key[3]);
185 s->status = APPLESMC_ST_CMD_DONE;
186 s->status_1e = APPLESMC_ST_1E_NOEXIST;
187 }
188 }
189 s->read_pos++;
190 break;
191 default:
192 s->status = APPLESMC_ST_CMD_DONE;
193 s->status_1e = APPLESMC_ST_1E_STILL_BAD_CMD;
194 }
195}
196
197static void applesmc_io_err_write(void *opaque, hwaddr addr, uint64_t val,
198 unsigned size)
199{
200 smc_debug("ERR_CODE received: 0x%02x, ignoring!\n", (uint8_t)val);
201
202}
203
204static uint64_t applesmc_io_data_read(void *opaque, hwaddr addr, unsigned size)
205{
206 AppleSMCState *s = opaque;
207
208 switch (s->cmd) {
209 case APPLESMC_READ_CMD:
210 if (!(s->status & APPLESMC_ST_DATA_READY)) {
211 break;
212 }
213 if (s->data_pos < s->data_len) {
214 s->last_ret = s->data[s->data_pos];
215 smc_debug("READ '%c%c%c%c'[%d] = %02x\n",
216 s->key[0], s->key[1], s->key[2], s->key[3],
217 s->data_pos, s->last_ret);
218 s->data_pos++;
219 if (s->data_pos == s->data_len) {
220 s->status = APPLESMC_ST_CMD_DONE;
221 smc_debug("READ '%c%c%c%c' Len=%d complete!\n",
222 s->key[0], s->key[1], s->key[2], s->key[3],
223 s->data_len);
224 } else {
225 s->status = APPLESMC_ST_ACK | APPLESMC_ST_DATA_READY;
226 }
227 }
228 break;
229 default:
230 s->status = APPLESMC_ST_CMD_DONE;
231 s->status_1e = APPLESMC_ST_1E_STILL_BAD_CMD;
232 }
233 smc_debug("DATA sent: 0x%02x\n", s->last_ret);
234
235 return s->last_ret;
236}
237
238static uint64_t applesmc_io_cmd_read(void *opaque, hwaddr addr, unsigned size)
239{
240 AppleSMCState *s = opaque;
241
242 smc_debug("CMD sent: 0x%02x\n", s->status);
243 return s->status;
244}
245
246static uint64_t applesmc_io_err_read(void *opaque, hwaddr addr, unsigned size)
247{
248 AppleSMCState *s = opaque;
249
250
251 smc_debug("ERR_CODE sent: 0x%02x\n", s->status_1e);
252 return s->status_1e;
253}
254
255static void applesmc_add_key(AppleSMCState *s, const char *key,
256 int len, const char *data)
257{
258 struct AppleSMCData *def;
259
260 def = g_new0(struct AppleSMCData, 1);
261 def->key = key;
262 def->len = len;
263 def->data = data;
264
265 QLIST_INSERT_HEAD(&s->data_def, def, node);
266}
267
268static void qdev_applesmc_isa_reset(DeviceState *dev)
269{
270 AppleSMCState *s = APPLE_SMC(dev);
271 struct AppleSMCData *d, *next;
272
273
274 QLIST_FOREACH_SAFE(d, &s->data_def, node, next) {
275 QLIST_REMOVE(d, node);
276 }
277 s->status = 0x00;
278 s->status_1e = 0x00;
279 s->last_ret = 0x00;
280
281 applesmc_add_key(s, "REV ", 6, "\x01\x13\x0f\x00\x00\x03");
282 applesmc_add_key(s, "OSK0", 32, s->osk);
283 applesmc_add_key(s, "OSK1", 32, s->osk + 32);
284 applesmc_add_key(s, "NATJ", 1, "\0");
285 applesmc_add_key(s, "MSSP", 1, "\0");
286 applesmc_add_key(s, "MSSD", 1, "\0x3");
287}
288
289static const MemoryRegionOps applesmc_data_io_ops = {
290 .write = applesmc_io_data_write,
291 .read = applesmc_io_data_read,
292 .endianness = DEVICE_NATIVE_ENDIAN,
293 .impl = {
294 .min_access_size = 1,
295 .max_access_size = 1,
296 },
297};
298
299static const MemoryRegionOps applesmc_cmd_io_ops = {
300 .write = applesmc_io_cmd_write,
301 .read = applesmc_io_cmd_read,
302 .endianness = DEVICE_NATIVE_ENDIAN,
303 .impl = {
304 .min_access_size = 1,
305 .max_access_size = 1,
306 },
307};
308
309static const MemoryRegionOps applesmc_err_io_ops = {
310 .write = applesmc_io_err_write,
311 .read = applesmc_io_err_read,
312 .endianness = DEVICE_NATIVE_ENDIAN,
313 .impl = {
314 .min_access_size = 1,
315 .max_access_size = 1,
316 },
317};
318
319static void applesmc_isa_realize(DeviceState *dev, Error **errp)
320{
321 AppleSMCState *s = APPLE_SMC(dev);
322
323 memory_region_init_io(&s->io_data, OBJECT(s), &applesmc_data_io_ops, s,
324 "applesmc-data", 1);
325 isa_register_ioport(&s->parent_obj, &s->io_data,
326 s->iobase + APPLESMC_DATA_PORT);
327
328 memory_region_init_io(&s->io_cmd, OBJECT(s), &applesmc_cmd_io_ops, s,
329 "applesmc-cmd", 1);
330 isa_register_ioport(&s->parent_obj, &s->io_cmd,
331 s->iobase + APPLESMC_CMD_PORT);
332
333 memory_region_init_io(&s->io_err, OBJECT(s), &applesmc_err_io_ops, s,
334 "applesmc-err", 1);
335 isa_register_ioport(&s->parent_obj, &s->io_err,
336 s->iobase + APPLESMC_ERR_PORT);
337
338 if (!s->osk || (strlen(s->osk) != 64)) {
339 warn_report("Using AppleSMC with invalid key");
340 s->osk = default_osk;
341 }
342
343 QLIST_INIT(&s->data_def);
344 qdev_applesmc_isa_reset(dev);
345}
346
347static Property applesmc_isa_properties[] = {
348 DEFINE_PROP_UINT32(APPLESMC_PROP_IO_BASE, AppleSMCState, iobase,
349 APPLESMC_DEFAULT_IOBASE),
350 DEFINE_PROP_STRING("osk", AppleSMCState, osk),
351 DEFINE_PROP_END_OF_LIST(),
352};
353
354static void build_applesmc_aml(AcpiDevAmlIf *adev, Aml *scope)
355{
356 Aml *crs;
357 AppleSMCState *s = APPLE_SMC(adev);
358 uint32_t iobase = s->iobase;
359 Aml *dev = aml_device("SMC");
360
361 aml_append(dev, aml_name_decl("_HID", aml_eisaid("APP0001")));
362
363 aml_append(dev, aml_name_decl("_STA", aml_int(0xB)));
364 crs = aml_resource_template();
365 aml_append(crs,
366 aml_io(AML_DECODE16, iobase, iobase, 0x01, APPLESMC_MAX_DATA_LENGTH)
367 );
368 aml_append(crs, aml_irq_no_flags(6));
369 aml_append(dev, aml_name_decl("_CRS", crs));
370 aml_append(scope, dev);
371}
372
373static void qdev_applesmc_class_init(ObjectClass *klass, void *data)
374{
375 DeviceClass *dc = DEVICE_CLASS(klass);
376 AcpiDevAmlIfClass *adevc = ACPI_DEV_AML_IF_CLASS(klass);
377
378 dc->realize = applesmc_isa_realize;
379 dc->reset = qdev_applesmc_isa_reset;
380 device_class_set_props(dc, applesmc_isa_properties);
381 set_bit(DEVICE_CATEGORY_MISC, dc->categories);
382 adevc->build_dev_aml = build_applesmc_aml;
383}
384
385static const TypeInfo applesmc_isa_info = {
386 .name = TYPE_APPLE_SMC,
387 .parent = TYPE_ISA_DEVICE,
388 .instance_size = sizeof(AppleSMCState),
389 .class_init = qdev_applesmc_class_init,
390 .interfaces = (InterfaceInfo[]) {
391 { TYPE_ACPI_DEV_AML_IF },
392 { },
393 },
394};
395
396static void applesmc_register_types(void)
397{
398 type_register_static(&applesmc_isa_info);
399}
400
401type_init(applesmc_register_types)
402
