1 | /* |
2 | * Apple SMC controller |
3 | * |
4 | * Copyright (c) 2007 Alexander Graf |
5 | * |
6 | * Authors: Alexander Graf <agraf@suse.de> |
7 | * Susanne Graf <suse@csgraf.de> |
8 | * |
9 | * This library is free software; you can redistribute it and/or |
10 | * modify it under the terms of the GNU Lesser General Public |
11 | * License as published by the Free Software Foundation; either |
12 | * version 2 of the License, or (at your option) any later version. |
13 | * |
14 | * This library is distributed in the hope that it will be useful, |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | * Lesser General Public License for more details. |
18 | * |
19 | * You should have received a copy of the GNU Lesser General Public |
20 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
21 | * |
22 | * ***************************************************************** |
23 | * |
24 | * In all Intel-based Apple hardware there is an SMC chip to control the |
25 | * backlight, fans and several other generic device parameters. It also |
26 | * contains the magic keys used to dongle Mac OS X to the device. |
27 | * |
28 | * This driver was mostly created by looking at the Linux AppleSMC driver |
29 | * implementation and does not support IRQ. |
30 | * |
31 | */ |
32 | |
33 | #include "qemu/osdep.h" |
34 | #include "hw/isa/isa.h" |
35 | #include "hw/qdev-properties.h" |
36 | #include "ui/console.h" |
37 | #include "qemu/module.h" |
38 | #include "qemu/timer.h" |
39 | |
40 | /* #define DEBUG_SMC */ |
41 | |
42 | #define APPLESMC_DEFAULT_IOBASE 0x300 |
43 | |
44 | enum { |
45 | APPLESMC_DATA_PORT = 0x00, |
46 | APPLESMC_CMD_PORT = 0x04, |
47 | APPLESMC_ERR_PORT = 0x1e, |
48 | APPLESMC_NUM_PORTS = 0x20, |
49 | }; |
50 | |
51 | enum { |
52 | APPLESMC_READ_CMD = 0x10, |
53 | APPLESMC_WRITE_CMD = 0x11, |
54 | APPLESMC_GET_KEY_BY_INDEX_CMD = 0x12, |
55 | APPLESMC_GET_KEY_TYPE_CMD = 0x13, |
56 | }; |
57 | |
58 | enum { |
59 | APPLESMC_ST_CMD_DONE = 0x00, |
60 | APPLESMC_ST_DATA_READY = 0x01, |
61 | APPLESMC_ST_BUSY = 0x02, |
62 | APPLESMC_ST_ACK = 0x04, |
63 | APPLESMC_ST_NEW_CMD = 0x08, |
64 | }; |
65 | |
66 | enum { |
67 | APPLESMC_ST_1E_CMD_INTRUPTED = 0x80, |
68 | APPLESMC_ST_1E_STILL_BAD_CMD = 0x81, |
69 | APPLESMC_ST_1E_BAD_CMD = 0x82, |
70 | APPLESMC_ST_1E_NOEXIST = 0x84, |
71 | APPLESMC_ST_1E_WRITEONLY = 0x85, |
72 | APPLESMC_ST_1E_READONLY = 0x86, |
73 | APPLESMC_ST_1E_BAD_INDEX = 0xb8, |
74 | }; |
75 | |
76 | #ifdef DEBUG_SMC |
77 | #define smc_debug(...) fprintf(stderr, "AppleSMC: " __VA_ARGS__) |
78 | #else |
79 | #define smc_debug(...) do { } while (0) |
80 | #endif |
81 | |
82 | static char default_osk[64] = "This is a dummy key. Enter the real key " |
83 | "using the -osk parameter" ; |
84 | |
85 | struct AppleSMCData { |
86 | uint8_t len; |
87 | const char *key; |
88 | const char *data; |
89 | QLIST_ENTRY(AppleSMCData) node; |
90 | }; |
91 | |
92 | #define APPLE_SMC(obj) OBJECT_CHECK(AppleSMCState, (obj), TYPE_APPLE_SMC) |
93 | |
94 | typedef struct AppleSMCState AppleSMCState; |
95 | struct AppleSMCState { |
96 | ISADevice parent_obj; |
97 | |
98 | MemoryRegion io_data; |
99 | MemoryRegion io_cmd; |
100 | MemoryRegion io_err; |
101 | uint32_t iobase; |
102 | uint8_t cmd; |
103 | uint8_t status; |
104 | uint8_t status_1e; |
105 | uint8_t last_ret; |
106 | char key[4]; |
107 | uint8_t read_pos; |
108 | uint8_t data_len; |
109 | uint8_t data_pos; |
110 | uint8_t data[255]; |
111 | char *osk; |
112 | QLIST_HEAD(, AppleSMCData) data_def; |
113 | }; |
114 | |
115 | static void applesmc_io_cmd_write(void *opaque, hwaddr addr, uint64_t val, |
116 | unsigned size) |
117 | { |
118 | AppleSMCState *s = opaque; |
119 | uint8_t status = s->status & 0x0f; |
120 | |
121 | smc_debug("CMD received: 0x%02x\n" , (uint8_t)val); |
122 | switch (val) { |
123 | case APPLESMC_READ_CMD: |
124 | /* did last command run through OK? */ |
125 | if (status == APPLESMC_ST_CMD_DONE || status == APPLESMC_ST_NEW_CMD) { |
126 | s->cmd = val; |
127 | s->status = APPLESMC_ST_NEW_CMD | APPLESMC_ST_ACK; |
128 | } else { |
129 | smc_debug("ERROR: previous command interrupted!\n" ); |
130 | s->status = APPLESMC_ST_NEW_CMD; |
131 | s->status_1e = APPLESMC_ST_1E_CMD_INTRUPTED; |
132 | } |
133 | break; |
134 | default: |
135 | smc_debug("UNEXPECTED CMD 0x%02x\n" , (uint8_t)val); |
136 | s->status = APPLESMC_ST_NEW_CMD; |
137 | s->status_1e = APPLESMC_ST_1E_BAD_CMD; |
138 | } |
139 | s->read_pos = 0; |
140 | s->data_pos = 0; |
141 | } |
142 | |
143 | static struct AppleSMCData *applesmc_find_key(AppleSMCState *s) |
144 | { |
145 | struct AppleSMCData *d; |
146 | |
147 | QLIST_FOREACH(d, &s->data_def, node) { |
148 | if (!memcmp(d->key, s->key, 4)) { |
149 | return d; |
150 | } |
151 | } |
152 | return NULL; |
153 | } |
154 | |
155 | static void applesmc_io_data_write(void *opaque, hwaddr addr, uint64_t val, |
156 | unsigned size) |
157 | { |
158 | AppleSMCState *s = opaque; |
159 | struct AppleSMCData *d; |
160 | |
161 | smc_debug("DATA received: 0x%02x\n" , (uint8_t)val); |
162 | switch (s->cmd) { |
163 | case APPLESMC_READ_CMD: |
164 | if ((s->status & 0x0f) == APPLESMC_ST_CMD_DONE) { |
165 | break; |
166 | } |
167 | if (s->read_pos < 4) { |
168 | s->key[s->read_pos] = val; |
169 | s->status = APPLESMC_ST_ACK; |
170 | } else if (s->read_pos == 4) { |
171 | d = applesmc_find_key(s); |
172 | if (d != NULL) { |
173 | memcpy(s->data, d->data, d->len); |
174 | s->data_len = d->len; |
175 | s->data_pos = 0; |
176 | s->status = APPLESMC_ST_ACK | APPLESMC_ST_DATA_READY; |
177 | s->status_1e = APPLESMC_ST_CMD_DONE; /* clear on valid key */ |
178 | } else { |
179 | smc_debug("READ_CMD: key '%c%c%c%c' not found!\n" , |
180 | s->key[0], s->key[1], s->key[2], s->key[3]); |
181 | s->status = APPLESMC_ST_CMD_DONE; |
182 | s->status_1e = APPLESMC_ST_1E_NOEXIST; |
183 | } |
184 | } |
185 | s->read_pos++; |
186 | break; |
187 | default: |
188 | s->status = APPLESMC_ST_CMD_DONE; |
189 | s->status_1e = APPLESMC_ST_1E_STILL_BAD_CMD; |
190 | } |
191 | } |
192 | |
193 | static void applesmc_io_err_write(void *opaque, hwaddr addr, uint64_t val, |
194 | unsigned size) |
195 | { |
196 | smc_debug("ERR_CODE received: 0x%02x, ignoring!\n" , (uint8_t)val); |
197 | /* NOTE: writing to the error port not supported! */ |
198 | } |
199 | |
200 | static uint64_t applesmc_io_data_read(void *opaque, hwaddr addr, unsigned size) |
201 | { |
202 | AppleSMCState *s = opaque; |
203 | |
204 | switch (s->cmd) { |
205 | case APPLESMC_READ_CMD: |
206 | if (!(s->status & APPLESMC_ST_DATA_READY)) { |
207 | break; |
208 | } |
209 | if (s->data_pos < s->data_len) { |
210 | s->last_ret = s->data[s->data_pos]; |
211 | smc_debug("READ '%c%c%c%c'[%d] = %02x\n" , |
212 | s->key[0], s->key[1], s->key[2], s->key[3], |
213 | s->data_pos, s->last_ret); |
214 | s->data_pos++; |
215 | if (s->data_pos == s->data_len) { |
216 | s->status = APPLESMC_ST_CMD_DONE; |
217 | smc_debug("READ '%c%c%c%c' Len=%d complete!\n" , |
218 | s->key[0], s->key[1], s->key[2], s->key[3], |
219 | s->data_len); |
220 | } else { |
221 | s->status = APPLESMC_ST_ACK | APPLESMC_ST_DATA_READY; |
222 | } |
223 | } |
224 | break; |
225 | default: |
226 | s->status = APPLESMC_ST_CMD_DONE; |
227 | s->status_1e = APPLESMC_ST_1E_STILL_BAD_CMD; |
228 | } |
229 | smc_debug("DATA sent: 0x%02x\n" , s->last_ret); |
230 | |
231 | return s->last_ret; |
232 | } |
233 | |
234 | static uint64_t applesmc_io_cmd_read(void *opaque, hwaddr addr, unsigned size) |
235 | { |
236 | AppleSMCState *s = opaque; |
237 | |
238 | smc_debug("CMD sent: 0x%02x\n" , s->status); |
239 | return s->status; |
240 | } |
241 | |
242 | static uint64_t applesmc_io_err_read(void *opaque, hwaddr addr, unsigned size) |
243 | { |
244 | AppleSMCState *s = opaque; |
245 | |
246 | /* NOTE: read does not clear the 1e status */ |
247 | smc_debug("ERR_CODE sent: 0x%02x\n" , s->status_1e); |
248 | return s->status_1e; |
249 | } |
250 | |
251 | static void applesmc_add_key(AppleSMCState *s, const char *key, |
252 | int len, const char *data) |
253 | { |
254 | struct AppleSMCData *def; |
255 | |
256 | def = g_malloc0(sizeof(struct AppleSMCData)); |
257 | def->key = key; |
258 | def->len = len; |
259 | def->data = data; |
260 | |
261 | QLIST_INSERT_HEAD(&s->data_def, def, node); |
262 | } |
263 | |
264 | static void qdev_applesmc_isa_reset(DeviceState *dev) |
265 | { |
266 | AppleSMCState *s = APPLE_SMC(dev); |
267 | struct AppleSMCData *d, *next; |
268 | |
269 | /* Remove existing entries */ |
270 | QLIST_FOREACH_SAFE(d, &s->data_def, node, next) { |
271 | QLIST_REMOVE(d, node); |
272 | } |
273 | s->status = 0x00; |
274 | s->status_1e = 0x00; |
275 | s->last_ret = 0x00; |
276 | |
277 | applesmc_add_key(s, "REV " , 6, "\x01\x13\x0f\x00\x00\x03" ); |
278 | applesmc_add_key(s, "OSK0" , 32, s->osk); |
279 | applesmc_add_key(s, "OSK1" , 32, s->osk + 32); |
280 | applesmc_add_key(s, "NATJ" , 1, "\0" ); |
281 | applesmc_add_key(s, "MSSP" , 1, "\0" ); |
282 | applesmc_add_key(s, "MSSD" , 1, "\0x3" ); |
283 | } |
284 | |
285 | static const MemoryRegionOps applesmc_data_io_ops = { |
286 | .write = applesmc_io_data_write, |
287 | .read = applesmc_io_data_read, |
288 | .endianness = DEVICE_NATIVE_ENDIAN, |
289 | .impl = { |
290 | .min_access_size = 1, |
291 | .max_access_size = 1, |
292 | }, |
293 | }; |
294 | |
295 | static const MemoryRegionOps applesmc_cmd_io_ops = { |
296 | .write = applesmc_io_cmd_write, |
297 | .read = applesmc_io_cmd_read, |
298 | .endianness = DEVICE_NATIVE_ENDIAN, |
299 | .impl = { |
300 | .min_access_size = 1, |
301 | .max_access_size = 1, |
302 | }, |
303 | }; |
304 | |
305 | static const MemoryRegionOps applesmc_err_io_ops = { |
306 | .write = applesmc_io_err_write, |
307 | .read = applesmc_io_err_read, |
308 | .endianness = DEVICE_NATIVE_ENDIAN, |
309 | .impl = { |
310 | .min_access_size = 1, |
311 | .max_access_size = 1, |
312 | }, |
313 | }; |
314 | |
315 | static void applesmc_isa_realize(DeviceState *dev, Error **errp) |
316 | { |
317 | AppleSMCState *s = APPLE_SMC(dev); |
318 | |
319 | memory_region_init_io(&s->io_data, OBJECT(s), &applesmc_data_io_ops, s, |
320 | "applesmc-data" , 1); |
321 | isa_register_ioport(&s->parent_obj, &s->io_data, |
322 | s->iobase + APPLESMC_DATA_PORT); |
323 | |
324 | memory_region_init_io(&s->io_cmd, OBJECT(s), &applesmc_cmd_io_ops, s, |
325 | "applesmc-cmd" , 1); |
326 | isa_register_ioport(&s->parent_obj, &s->io_cmd, |
327 | s->iobase + APPLESMC_CMD_PORT); |
328 | |
329 | memory_region_init_io(&s->io_err, OBJECT(s), &applesmc_err_io_ops, s, |
330 | "applesmc-err" , 1); |
331 | isa_register_ioport(&s->parent_obj, &s->io_err, |
332 | s->iobase + APPLESMC_ERR_PORT); |
333 | |
334 | if (!s->osk || (strlen(s->osk) != 64)) { |
335 | warn_report("Using AppleSMC with invalid key" ); |
336 | s->osk = default_osk; |
337 | } |
338 | |
339 | QLIST_INIT(&s->data_def); |
340 | qdev_applesmc_isa_reset(dev); |
341 | } |
342 | |
343 | static Property applesmc_isa_properties[] = { |
344 | DEFINE_PROP_UINT32(APPLESMC_PROP_IO_BASE, AppleSMCState, iobase, |
345 | APPLESMC_DEFAULT_IOBASE), |
346 | DEFINE_PROP_STRING("osk" , AppleSMCState, osk), |
347 | DEFINE_PROP_END_OF_LIST(), |
348 | }; |
349 | |
350 | static void qdev_applesmc_class_init(ObjectClass *klass, void *data) |
351 | { |
352 | DeviceClass *dc = DEVICE_CLASS(klass); |
353 | |
354 | dc->realize = applesmc_isa_realize; |
355 | dc->reset = qdev_applesmc_isa_reset; |
356 | dc->props = applesmc_isa_properties; |
357 | set_bit(DEVICE_CATEGORY_MISC, dc->categories); |
358 | } |
359 | |
360 | static const TypeInfo applesmc_isa_info = { |
361 | .name = TYPE_APPLE_SMC, |
362 | .parent = TYPE_ISA_DEVICE, |
363 | .instance_size = sizeof(AppleSMCState), |
364 | .class_init = qdev_applesmc_class_init, |
365 | }; |
366 | |
367 | static void applesmc_register_types(void) |
368 | { |
369 | type_register_static(&applesmc_isa_info); |
370 | } |
371 | |
372 | type_init(applesmc_register_types) |
373 | |