# enable AMCC read-only region lockdown in m1n1 on M1 (Mac Mini 2020) for testing
# see https://github.com/AsahiLinux/m1n1/blob/v1.1.4/src/mcc.c
# https://github.com/apple-oss-distributions/xnu/blob/xnu-7195.50.7.100.1/osfmk/arm64/amcc_rorgn.c
lockdownstart = 0x8_4000_0000
# amcc's protection page size seems to be 0x8000?
lockdownend = 0x8_4000_8000
rambase = 0x8_0000_0000
for plane in range(3, -1, -1):
    print(hex(0x2_0000_0000 + 0x40000*plane + 0x680))
    write32(0x2_0000_0000 + 0x40000*plane + 0x680, (lockdownstart - rambase) >> 14)
    write32(0x2_0000_0000 + 0x40000*plane + 0x684, (lockdownend - rambase) >> 14)
    write32(0x2_0000_0000 + 0x40000*plane + 0x688, 1)
    write32(0x2_0000_0000 + 0x40000*plane + 0x68c, 1)

# wait a second, then check that it's dropping writes:
read32(lockdownstart) # 0x0
write32(lockdownstart, 1)
read32(lockdownstart) # 0x1
# now do a large memcpy to evict out of cache
memcpy64(0x8_6000_0000, 0x8_7000_0000, 0x1000_0000)
read32(lockdownstart) # 0x0

# for some reason errsts0 doesn't populate for write32 but does for writemem???
# see https://github.com/AsahiLinux/m1n1/blob/v1.1.4/proxyclient/experiments/amcc_err_handler.py
writemem(0x8_4000_0000, [0x41]*0x1000000)
read32(0x200000708) # AFERRLOG0 = 0x40000200