util/intelmetool: Add bootguard information dump support
With this implementation it's possible to detect the state of bootguard in intel based systems. Currently it's WIP and in a testphase. Handle it with care! Changes done: * Add support for reading msr * Read ME firmware version * Print bootguard state for ME > 9.1 * Make argument -s legacy * Add argument -b for bootguard (and ME) dumping * Add argument -m for ME dumping * Opt out early if CPU is non Intel Change-Id: Ifeec8e20fa8efc35d7db4c6a84be1f118dccfc4a Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Signed-off-by: Patrick Rudolph <siro@das-labor.org> Reviewed-on: https://review.coreboot.org/16328 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
This commit is contained in:
parent
5e9dc37818
commit
73add175cd
|
@ -20,7 +20,7 @@ PREFIX ?= /usr/local
|
||||||
CFLAGS ?= -O0 -g -Wall -W -Wno-unused-parameter -Wno-sign-compare -Wno-unused-function
|
CFLAGS ?= -O0 -g -Wall -W -Wno-unused-parameter -Wno-sign-compare -Wno-unused-function
|
||||||
LDFLAGS += -lpci -lz
|
LDFLAGS += -lpci -lz
|
||||||
|
|
||||||
OBJS = intelmetool.o me.o me_status.o mmap.o rcba.o
|
OBJS = intelmetool.o me.o me_status.o mmap.o rcba.o msr.o
|
||||||
|
|
||||||
OS_ARCH = $(shell uname)
|
OS_ARCH = $(shell uname)
|
||||||
ifeq ($(OS_ARCH), Darwin)
|
ifeq ($(OS_ARCH), Darwin)
|
||||||
|
|
|
@ -16,23 +16,25 @@
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <getopt.h>
|
#include <getopt.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <cpuid.h>
|
||||||
|
|
||||||
#ifdef __NetBSD__
|
#ifdef __NetBSD__
|
||||||
#include <machine/sysarch.h>
|
#include <machine/sysarch.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include "intelmetool.h"
|
||||||
#include "me.h"
|
#include "me.h"
|
||||||
#include "mmap.h"
|
#include "mmap.h"
|
||||||
#include "intelmetool.h"
|
#include "msr.h"
|
||||||
#include "rcba.h"
|
#include "rcba.h"
|
||||||
|
|
||||||
#define FD2 0x3428
|
|
||||||
#define ME_COMMAND_DELAY 10000
|
|
||||||
|
|
||||||
extern int fd_mem;
|
extern int fd_mem;
|
||||||
int debug = 0;
|
int debug = 0;
|
||||||
|
|
||||||
static uint32_t fd2 = 0;
|
static uint32_t fd2 = 0;
|
||||||
|
static int ME_major_ver = 0;
|
||||||
|
static int ME_minor_ver = 0;
|
||||||
|
|
||||||
static void dumpmem(uint8_t *phys, uint32_t size)
|
static void dumpmem(uint8_t *phys, uint32_t size)
|
||||||
{
|
{
|
||||||
|
@ -62,6 +64,17 @@ static void dumpmemfile(uint8_t *phys, uint32_t size)
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int isCPUGenuineIntel(void)
|
||||||
|
{
|
||||||
|
regs_t regs;
|
||||||
|
unsigned int level = 0;
|
||||||
|
unsigned int eax = 0;
|
||||||
|
|
||||||
|
__get_cpuid(level, &eax, ®s.ebx, ®s.ecx, ®s.edx);
|
||||||
|
|
||||||
|
return !strncmp((char *)®s, "GenuineIntel", CPU_ID_SIZE-1);
|
||||||
|
}
|
||||||
|
|
||||||
/* You need >4GB total ram, in kernel cmdline, use 'mem=1000m'
|
/* You need >4GB total ram, in kernel cmdline, use 'mem=1000m'
|
||||||
* then this code will clone to absolute memory address 0xe0000000
|
* then this code will clone to absolute memory address 0xe0000000
|
||||||
* which can be read using a mmap tool at that offset.
|
* which can be read using a mmap tool at that offset.
|
||||||
|
@ -278,7 +291,7 @@ static void dump_me_info(void)
|
||||||
usleep(ME_COMMAND_DELAY);
|
usleep(ME_COMMAND_DELAY);
|
||||||
mei_reset();
|
mei_reset();
|
||||||
usleep(ME_COMMAND_DELAY);
|
usleep(ME_COMMAND_DELAY);
|
||||||
mkhi_get_fw_version();
|
mkhi_get_fw_version(&ME_major_ver, &ME_minor_ver);
|
||||||
usleep(ME_COMMAND_DELAY);
|
usleep(ME_COMMAND_DELAY);
|
||||||
mei_reset();
|
mei_reset();
|
||||||
usleep(ME_COMMAND_DELAY);
|
usleep(ME_COMMAND_DELAY);
|
||||||
|
@ -288,21 +301,98 @@ static void dump_me_info(void)
|
||||||
rehide_me();
|
rehide_me();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void dump_bootguard_info(void)
|
||||||
|
{
|
||||||
|
struct pci_dev *dev;
|
||||||
|
char namebuf[1024];
|
||||||
|
const char *name;
|
||||||
|
uint64_t bootguard = 0;
|
||||||
|
|
||||||
|
if (msr_bootguard(&bootguard, debug) < 0)
|
||||||
|
return;
|
||||||
|
|
||||||
|
if (pci_platform_scan())
|
||||||
|
exit(1);
|
||||||
|
|
||||||
|
if (activate_me())
|
||||||
|
exit(1);
|
||||||
|
|
||||||
|
dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
|
||||||
|
if (!dev) {
|
||||||
|
printf("Can't access ME PCI device\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (debug) {
|
||||||
|
printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
|
||||||
|
bootguard &= ~0xff;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ME_major_ver < 9 ||
|
||||||
|
(ME_major_ver == 9 && ME_minor_ver < 5) ||
|
||||||
|
!BOOTGUARD_CAPABILITY(bootguard)) {
|
||||||
|
print_cap("BootGuard ", 0);
|
||||||
|
printf(CGRN "\nYour system isn't bootguard ready. You can "
|
||||||
|
"flash other firmware!\n" RESET);
|
||||||
|
rehide_me();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
print_cap("BootGuard ", 1);
|
||||||
|
if (pci_read_long(dev, 0x40) & 0x10)
|
||||||
|
printf(CYEL "Your southbridge configuration is insecure!! "
|
||||||
|
"BootGuard keys can be overwritten or wiped, or you are "
|
||||||
|
"in developer mode.\n"
|
||||||
|
RESET);
|
||||||
|
|
||||||
|
switch (bootguard) {
|
||||||
|
case BOOTGUARD_DISABLED:
|
||||||
|
printf("ME Capability: %-43s: " CGRN "%s\n" RESET,
|
||||||
|
"BootGuard Mode", "Disabled");
|
||||||
|
printf(CGRN "\nYour system is bootguard ready but your vendor "
|
||||||
|
"disabled it. You can flash other firmware!\n" RESET);
|
||||||
|
break;
|
||||||
|
case BOOTGUARD_ENABLED_COMBI_MODE:
|
||||||
|
printf("ME Capability: %-43s: " CGRN "%s\n" RESET,
|
||||||
|
"BootGuard Mode", "Verified & Measured Boot");
|
||||||
|
printf(CRED "\nVerified boot is enabled. You can't flash other "
|
||||||
|
"firmware. !\n" RESET);
|
||||||
|
break;
|
||||||
|
case BOOTGUARD_ENABLED_MEASUREMENT_MODE:
|
||||||
|
printf("ME Capability: %-43s: " CGRN "%s\n" RESET,
|
||||||
|
"BootGuard Mode", "Measured Boot");
|
||||||
|
printf(CGRN "\nYour system is bootguard ready but only running "
|
||||||
|
"the measured boot mode. You can flash other firmware!\n"
|
||||||
|
RESET);
|
||||||
|
break;
|
||||||
|
case BOOTGUARD_ENABLED_VERIFIED_MODE:
|
||||||
|
printf("ME Capability: %-43s: " CGRN "%s\n" RESET,
|
||||||
|
"BootGuard Mode", "Verified Boot");
|
||||||
|
printf(CRED "\nVerified boot is enabled! You can't flash other "
|
||||||
|
"firmware.\n" RESET);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
rehide_me();
|
||||||
|
}
|
||||||
|
|
||||||
static void print_version(void)
|
static void print_version(void)
|
||||||
{
|
{
|
||||||
printf("intelmetool v%s -- ", INTELMETOOL_VERSION);
|
printf("intelmetool v%s -- ", INTELMETOOL_VERSION);
|
||||||
printf("Copyright (C) 2015 Damien Zammit\n\n");
|
printf("Copyright (C) 2015 Damien Zammit\n");
|
||||||
|
printf("Copyright (C) 2017 Philipp Deppenwiese\n");
|
||||||
|
printf("Copyright (C) 2017 Patrick Rudolph\n\n");
|
||||||
printf(GPLV2COPYRIGHT);
|
printf(GPLV2COPYRIGHT);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_usage(const char *name)
|
static void print_usage(const char *name)
|
||||||
{
|
{
|
||||||
printf("usage: %s [-vh?sd]\n", name);
|
printf("usage: %s [-vh?smdb]\n", name);
|
||||||
printf("\n"
|
printf("\n"
|
||||||
" -v | --version: print the version\n"
|
" -v | --version: print the version\n"
|
||||||
" -h | --help: print this help\n\n"
|
" -h | --help: print this help\n\n"
|
||||||
" -s | --show: dump all me information on console\n"
|
" -d | --debug: enable debug output\n"
|
||||||
" -d | --debug: enable debug output\n"
|
" -m | --me dump all me information on console\n"
|
||||||
|
" -b | --bootguard dump bootguard state of the platform\n"
|
||||||
"\n");
|
"\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
@ -315,21 +405,27 @@ int main(int argc, char *argv[])
|
||||||
static struct option long_options[] = {
|
static struct option long_options[] = {
|
||||||
{"version", 0, 0, 'v'},
|
{"version", 0, 0, 'v'},
|
||||||
{"help", 0, 0, 'h'},
|
{"help", 0, 0, 'h'},
|
||||||
{"show", 0, 0, 's'},
|
{"me", 0, 0, 'm'},
|
||||||
|
{"bootguard", 0, 0, 'b'},
|
||||||
{"debug", 0, 0, 'd'},
|
{"debug", 0, 0, 'd'},
|
||||||
{0, 0, 0, 0}
|
{0, 0, 0, 0}
|
||||||
};
|
};
|
||||||
|
|
||||||
while ((opt = getopt_long(argc, argv, "vh?sd",
|
while ((opt = getopt_long(argc, argv, "vh?smdb",
|
||||||
long_options, &option_index)) != EOF) {
|
long_options, &option_index)) != EOF) {
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
case 'v':
|
case 'v':
|
||||||
print_version();
|
print_version();
|
||||||
exit(0);
|
exit(0);
|
||||||
break;
|
break;
|
||||||
case 's':
|
case 's': /* Legacy fallthrough */
|
||||||
|
case 'm':
|
||||||
cmd_exec = 1;
|
cmd_exec = 1;
|
||||||
break;
|
break;
|
||||||
|
case 'b':
|
||||||
|
cmd_exec = 2;
|
||||||
|
break;
|
||||||
|
break;
|
||||||
case 'd':
|
case 'd':
|
||||||
debug = 1;
|
debug = 1;
|
||||||
break;
|
break;
|
||||||
|
@ -342,6 +438,9 @@ int main(int argc, char *argv[])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!cmd_exec)
|
||||||
|
print_usage(argv[0]);
|
||||||
|
|
||||||
#if defined(__FreeBSD__)
|
#if defined(__FreeBSD__)
|
||||||
if (open("/dev/io", O_RDWR) < 0) {
|
if (open("/dev/io", O_RDWR) < 0) {
|
||||||
perror("/dev/io");
|
perror("/dev/io");
|
||||||
|
@ -367,16 +466,17 @@ int main(int argc, char *argv[])
|
||||||
perror("Can not open /dev/mem");
|
perror("Can not open /dev/mem");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!isCPUGenuineIntel()) {
|
||||||
|
perror("Error CPU is not from Intel.");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
switch(cmd_exec) {
|
if (cmd_exec & 3)
|
||||||
case 1:
|
|
||||||
dump_me_info();
|
dump_me_info();
|
||||||
break;
|
if (cmd_exec & 2)
|
||||||
default:
|
dump_bootguard_info();
|
||||||
print_usage(argv[0]);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
#define ME_PRESENT_CAN_DISABLE 4
|
#define ME_PRESENT_CAN_DISABLE 4
|
||||||
#define ME_PRESENT_CANNOT_DISABLE 5
|
#define ME_PRESENT_CANNOT_DISABLE 5
|
||||||
|
|
||||||
#define INTELMETOOL_VERSION "1.0"
|
#define INTELMETOOL_VERSION "1.1"
|
||||||
|
|
||||||
#define GPLV2COPYRIGHT \
|
#define GPLV2COPYRIGHT \
|
||||||
"This program is free software: you can redistribute it and/or modify\n" \
|
"This program is free software: you can redistribute it and/or modify\n" \
|
||||||
|
@ -57,7 +57,17 @@
|
||||||
#define CWHT "\x1B[37m"
|
#define CWHT "\x1B[37m"
|
||||||
#define RESET "\033[0m"
|
#define RESET "\033[0m"
|
||||||
|
|
||||||
|
#define CPU_ID_SIZE 13
|
||||||
|
#define FD2 0x3428
|
||||||
|
#define ME_COMMAND_DELAY 10000
|
||||||
|
#define ME_MESSAGE_LEN 256
|
||||||
|
|
||||||
extern int debug;
|
extern int debug;
|
||||||
|
static inline void print_cap(const char *name, int state)
|
||||||
|
{
|
||||||
|
printf("ME Capability: %-30s : %s\n",
|
||||||
|
name, state ? CRED "ON" RESET : CGRN "OFF" RESET);
|
||||||
|
}
|
||||||
|
|
||||||
#define PCI_VENDOR_ID_INTEL 0x8086
|
#define PCI_VENDOR_ID_INTEL 0x8086
|
||||||
|
|
||||||
|
@ -295,3 +305,13 @@ extern int debug;
|
||||||
((x) == PCI_DEVICE_ID_INTEL_SUNRISE_H1) || \
|
((x) == PCI_DEVICE_ID_INTEL_SUNRISE_H1) || \
|
||||||
((x) == PCI_DEVICE_ID_INTEL_SUNRISE_H2) || \
|
((x) == PCI_DEVICE_ID_INTEL_SUNRISE_H2) || \
|
||||||
((x) == PCI_DEVICE_ID_INTEL_SUNRISE_LP))
|
((x) == PCI_DEVICE_ID_INTEL_SUNRISE_LP))
|
||||||
|
|
||||||
|
#define BOOTGUARD_DISABLED 0x400000000
|
||||||
|
#define BOOTGUARD_ENABLED_VERIFIED_MODE 0x100000000
|
||||||
|
#define BOOTGUARD_ENABLED_MEASUREMENT_MODE 0x200000000
|
||||||
|
#define BOOTGUARD_ENABLED_COMBI_MODE 0x300000000
|
||||||
|
#define BOOTGUARD_CAPABILITY(x) ( \
|
||||||
|
((x) == BOOTGUARD_DISABLED) || \
|
||||||
|
((x) == BOOTGUARD_ENABLED_VERIFIED_MODE) || \
|
||||||
|
((x) == BOOTGUARD_ENABLED_MEASUREMENT_MODE) || \
|
||||||
|
((x) == BOOTGUARD_ENABLED_COMBI_MODE))
|
||||||
|
|
|
@ -22,9 +22,9 @@
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include "intelmetool.h"
|
||||||
#include "me.h"
|
#include "me.h"
|
||||||
#include "mmap.h"
|
#include "mmap.h"
|
||||||
#include "intelmetool.h"
|
|
||||||
|
|
||||||
#define read32(addr, off) ( *((uint32_t *) (addr + off)) )
|
#define read32(addr, off) ( *((uint32_t *) (addr + off)) )
|
||||||
#define write32(addr, off, val) ( *((uint32_t *) (addr + off)) = val)
|
#define write32(addr, off, val) ( *((uint32_t *) (addr + off)) = val)
|
||||||
|
@ -378,7 +378,7 @@ static int mkhi_end_of_post(void)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Get ME firmware version */
|
/* Get ME firmware version */
|
||||||
int mkhi_get_fw_version(void)
|
int mkhi_get_fw_version(int *major, int *minor)
|
||||||
{
|
{
|
||||||
uint32_t data = 0;
|
uint32_t data = 0;
|
||||||
struct me_fw_version version = {0};
|
struct me_fw_version version = {0};
|
||||||
|
@ -420,15 +420,13 @@ int mkhi_get_fw_version(void)
|
||||||
printf("ME: Firmware Version %u.%u (code)\n\n"
|
printf("ME: Firmware Version %u.%u (code)\n\n"
|
||||||
version.code_major, version.code_minor);
|
version.code_major, version.code_minor);
|
||||||
#endif
|
#endif
|
||||||
|
if (major)
|
||||||
|
*major = version.code_major;
|
||||||
|
if (minor)
|
||||||
|
*minor = version.code_minor;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void print_cap(const char *name, int state)
|
|
||||||
{
|
|
||||||
printf("ME Capability: %-30s : %s\n",
|
|
||||||
name, state ? CRED "ON" RESET : CGRN "OFF" RESET);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Get ME Firmware Capabilities */
|
/* Get ME Firmware Capabilities */
|
||||||
int mkhi_get_fwcaps(void)
|
int mkhi_get_fwcaps(void)
|
||||||
{
|
{
|
||||||
|
|
|
@ -400,7 +400,7 @@ void mkhi_thermal(void);
|
||||||
uint32_t intel_mei_setup(struct pci_dev *dev);
|
uint32_t intel_mei_setup(struct pci_dev *dev);
|
||||||
void intel_mei_unmap(void);
|
void intel_mei_unmap(void);
|
||||||
int mkhi_get_fwcaps(void);
|
int mkhi_get_fwcaps(void);
|
||||||
int mkhi_get_fw_version(void);
|
int mkhi_get_fw_version(int *major, int *minor);
|
||||||
int mkhi_debug_me_memory(void *addr);
|
int mkhi_debug_me_memory(void *addr);
|
||||||
void mei_reset(void);
|
void mei_reset(void);
|
||||||
int intel_me_extend_valid(struct pci_dev *dev);
|
int intel_me_extend_valid(struct pci_dev *dev);
|
||||||
|
|
|
@ -0,0 +1,78 @@
|
||||||
|
/* intelmetool
|
||||||
|
*
|
||||||
|
* Copyright (C) 2013-2016 Philipp Deppenwiese <zaolin@das-labor.org>,
|
||||||
|
* Copyright (C) 2013-2016 Alexander Couzens <lynxis@fe80.eu>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2 of
|
||||||
|
* the License, or any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <errno.h>
|
||||||
|
|
||||||
|
#include "msr.h"
|
||||||
|
|
||||||
|
#ifndef __DARWIN__
|
||||||
|
static int fd_msr = 0;
|
||||||
|
|
||||||
|
static uint64_t rdmsr(int addr)
|
||||||
|
{
|
||||||
|
uint32_t buf[2];
|
||||||
|
uint64_t msr = 0;
|
||||||
|
|
||||||
|
if (lseek(fd_msr, (off_t) addr, SEEK_SET) == -1) {
|
||||||
|
perror("Could not lseek() to MSR");
|
||||||
|
close(fd_msr);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (read(fd_msr, buf, 8) == 8) {
|
||||||
|
msr = buf[1];
|
||||||
|
msr <<= 32;
|
||||||
|
msr |= buf[0];
|
||||||
|
close(fd_msr);
|
||||||
|
return msr;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (errno == EIO) {
|
||||||
|
perror("IO error couldn't read MSR.");
|
||||||
|
close(fd_msr);
|
||||||
|
return -2;
|
||||||
|
}
|
||||||
|
|
||||||
|
perror("Couldn't read() MSR");
|
||||||
|
close(fd_msr);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int msr_bootguard(uint64_t *msr, int debug)
|
||||||
|
{
|
||||||
|
|
||||||
|
#ifndef __DARWIN__
|
||||||
|
fd_msr = open("/dev/cpu/0/msr", O_RDONLY);
|
||||||
|
if (fd_msr < 0) {
|
||||||
|
perror("Error while opening /dev/cpu/0/msr");
|
||||||
|
printf("Did you run 'modprobe msr'?\n");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
*msr = rdmsr(MSR_BOOTGUARD);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (!debug)
|
||||||
|
*msr &= ~0xff;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
/* intelmetool
|
||||||
|
*
|
||||||
|
* Copyright (C) 2013-2016 Philipp Deppenwiese <zaolin@das-labor.org>
|
||||||
|
* Copyright (C) 2013-2016 Alexander Couzens <lynxis@fe80.eu>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2 of
|
||||||
|
* the License, or any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <inttypes.h>
|
||||||
|
|
||||||
|
#ifndef __DARWIN__
|
||||||
|
|
||||||
|
#define MSR_BOOTGUARD 0x13A
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
unsigned int ebx;
|
||||||
|
unsigned int edx;
|
||||||
|
unsigned int ecx;
|
||||||
|
} regs_t;
|
||||||
|
|
||||||
|
extern int msr_bootguard(uint64_t *msr, int debug);
|
||||||
|
#endif
|
Loading…
Reference in New Issue