7f5a1eeb24
See for example Intel document *Secure the Network Infrastructure – Secure Boot Methodologies* [1]. Change all occurrences with the command below: $ git grep -l BootGuard | xargs sed -i 's/BootGuard/Boot Guard/g' [1]: https://builders.intel.com/docs/networkbuilders/secure-the-network-infrastructure-secure-boot-methodologies.pdf Change-Id: I69fb64b525fb4799bcb9d75624003c0d59b885b5 Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60136 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
525 lines
12 KiB
C
525 lines
12 KiB
C
/* intelmetool Dump interesting things about Management Engine even if hidden */
|
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
|
|
#include <stdio.h>
|
|
#include <inttypes.h>
|
|
#include <stdlib.h>
|
|
#include <getopt.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <cpuid.h>
|
|
#include <sys/io.h>
|
|
|
|
#ifdef __NetBSD__
|
|
#include <machine/sysarch.h>
|
|
#endif
|
|
|
|
#include "intelmetool.h"
|
|
#include "me.h"
|
|
#include "mmap.h"
|
|
#include "msr.h"
|
|
#include "rcba.h"
|
|
|
|
extern int fd_mem;
|
|
int debug = 0;
|
|
|
|
static uint32_t fd2 = 0;
|
|
static int ME_major_ver = 0;
|
|
static int ME_minor_ver = 0;
|
|
|
|
static void dumpmem(uint8_t *phys, uint32_t size)
|
|
{
|
|
uint32_t i;
|
|
printf("Dumping cloned ME memory:\n");
|
|
for (i = 0; i < size; i++) {
|
|
printf("%02X",*((uint8_t *) (phys + i)));
|
|
}
|
|
printf("\n");
|
|
}
|
|
|
|
static void zeroit(uint8_t *phys, uint32_t size)
|
|
{
|
|
uint32_t i;
|
|
for (i = 0; i < size; i++) {
|
|
*((uint8_t *) (phys + i)) = 0x00;
|
|
}
|
|
}
|
|
|
|
static void dumpmemfile(uint8_t *phys, uint32_t size)
|
|
{
|
|
FILE *fp = fopen("medump.bin", "w");
|
|
uint32_t i;
|
|
for (i = 0; i < size; i++) {
|
|
fprintf(fp, "%c", *((uint8_t *) (phys + i)));
|
|
}
|
|
fclose(fp);
|
|
}
|
|
|
|
static int isCPUGenuineIntel(void)
|
|
{
|
|
regs_t regs;
|
|
unsigned int level = 0;
|
|
unsigned int eax = 0;
|
|
|
|
__get_cpuid(level, &eax, ®s.ebx, ®s.ecx, ®s.edx);
|
|
|
|
return !strncmp((char *)®s, "GenuineIntel", CPU_ID_SIZE-1);
|
|
}
|
|
|
|
/* You need >4GB total ram, in kernel cmdline, use 'mem=1000m'
|
|
* then this code will clone to absolute memory address 0xe0000000
|
|
* which can be read using a mmap tool at that offset.
|
|
* Real ME memory is located around top of memory minus 64MB. (I think)
|
|
* so we avoid cloning to this part.
|
|
*/
|
|
static void dump_me_memory(void)
|
|
{
|
|
uintptr_t me_clone = 0x60000000;
|
|
uint8_t *dump;
|
|
|
|
dump = map_physical_exact((off_t)me_clone, (void *)me_clone, 0x2000000);
|
|
if (dump == NULL) {
|
|
printf("Could not map ME memory\n");
|
|
return;
|
|
}
|
|
zeroit(dump, 0x2000000);
|
|
printf("Send magic command for memory clone\n");
|
|
|
|
mei_reset();
|
|
usleep(ME_COMMAND_DELAY);
|
|
void* ptr = &me_clone;
|
|
int err = mkhi_debug_me_memory(ptr);
|
|
|
|
if (!err) {
|
|
printf("Wait a second...");
|
|
usleep(ME_COMMAND_DELAY);
|
|
printf("done\n\nHere are the first bytes:\n");
|
|
dumpmemfile(dump, 0x2000000);
|
|
//printf("Try reading 0x%zx with other mmap tool...\n"
|
|
// "Press enter to quit, you only get one chance to run"
|
|
// "this tool before reboot required for some reason\n",
|
|
// me_clone);
|
|
while (getc(stdin) != '\n') {};
|
|
unmap_physical(dump, 0x2000000);
|
|
}
|
|
}
|
|
|
|
static int pci_platform_scan(void)
|
|
{
|
|
struct pci_access *pacc;
|
|
struct pci_dev *dev;
|
|
char namebuf[1024];
|
|
const char *name;
|
|
|
|
pacc = pci_alloc();
|
|
pacc->method = PCI_ACCESS_I386_TYPE1;
|
|
|
|
pci_init(pacc);
|
|
pci_scan_bus(pacc);
|
|
|
|
for (dev=pacc->devices; dev; dev=dev->next) {
|
|
pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES |
|
|
PCI_FILL_SIZES | PCI_FILL_CLASS);
|
|
name = pci_lookup_name(pacc, namebuf, sizeof(namebuf),
|
|
PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
|
|
if (name == NULL)
|
|
name = "<unknown>";
|
|
if (dev->vendor_id != PCI_VENDOR_ID_INTEL)
|
|
continue;
|
|
|
|
if (PCI_DEV_NO_ME(dev->device_id)) {
|
|
printf(CGRN "Good news, you have a `%s` so you have "
|
|
"no ME present at all, continuing...\n\n"
|
|
RESET, name);
|
|
break;
|
|
} else if (PCI_DEV_HAS_ME_DISABLE(dev->device_id)) {
|
|
printf(CGRN "Good news, you have a `%s` so ME is "
|
|
"present but can be disabled, continuing...\n\n"
|
|
RESET, name);
|
|
break;
|
|
} else if (PCI_DEV_HAS_ME_DIFFICULT(dev->device_id)) {
|
|
printf(CRED "Bad news, you have a `%s` so you have ME "
|
|
"hardware on board and you can't control or "
|
|
"disable it, continuing...\n\n" RESET, name);
|
|
break;
|
|
} else if (PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id)) {
|
|
printf(CYEL "Not sure if ME hardware is present "
|
|
"because you have a `%s`, but it is possible to "
|
|
"disable it if you do, continuing...\n\n" RESET,
|
|
name);
|
|
break;
|
|
} else if (PCI_DEV_ME_NOT_SURE(dev->device_id)) {
|
|
printf(CYEL "Found `%s`. Not sure whether you have ME "
|
|
"hardware, exiting\n\n" RESET, name);
|
|
pci_cleanup(pacc);
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
if (dev != NULL &&
|
|
!PCI_DEV_HAS_ME_DISABLE(dev->device_id) &&
|
|
!PCI_DEV_HAS_ME_DIFFICULT(dev->device_id) &&
|
|
!PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id) &&
|
|
!PCI_DEV_ME_NOT_SURE(dev->device_id)) {
|
|
printf(CCYN "ME is not present on your board or unknown\n\n"
|
|
RESET);
|
|
pci_cleanup(pacc);
|
|
return 1;
|
|
}
|
|
|
|
pci_cleanup(pacc);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int activate_me(void)
|
|
{
|
|
const uint32_t rcba = get_rcba_phys();
|
|
if (debug)
|
|
printf("RCBA addr: 0x%08x\n", rcba);
|
|
if (rcba > 0) {
|
|
if (read_rcba32(FD2, &fd2)) {
|
|
printf("Error reading RCBA\n");
|
|
return 1;
|
|
}
|
|
if (write_rcba32(FD2, fd2 & ~0x2)) {
|
|
printf("Error writing RCBA\n");
|
|
return 1;
|
|
}
|
|
if (debug && (fd2 & 0x2))
|
|
printf("MEI was hidden on PCI, now unlocked\n");
|
|
else if (debug)
|
|
printf("MEI not hidden on PCI, checking if visible\n");
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void rehide_me(void)
|
|
{
|
|
const uint32_t rcba = get_rcba_phys();
|
|
if (rcba > 0) {
|
|
if (fd2 & 0x2) {
|
|
if (debug)
|
|
printf("Re-hiding MEI device...");
|
|
if (read_rcba32(FD2, &fd2)) {
|
|
printf("Error reading RCBA\n");
|
|
return;
|
|
}
|
|
if (write_rcba32(FD2, fd2 | 0x2)) {
|
|
printf("Error writing RCBA\n");
|
|
return;
|
|
}
|
|
if (debug)
|
|
printf("done\n");
|
|
}
|
|
}
|
|
}
|
|
|
|
static struct pci_dev *pci_me_interface_scan(const char **name, char *namebuf,
|
|
int namebuf_size)
|
|
{
|
|
struct pci_access *pacc;
|
|
struct pci_dev *dev;
|
|
int me = 0;
|
|
|
|
pacc = pci_alloc();
|
|
pacc->method = PCI_ACCESS_I386_TYPE1;
|
|
|
|
pci_init(pacc);
|
|
pci_scan_bus(pacc);
|
|
|
|
for (dev=pacc->devices; dev; dev=dev->next) {
|
|
pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES |
|
|
PCI_FILL_SIZES | PCI_FILL_CLASS);
|
|
*name = pci_lookup_name(pacc, namebuf, namebuf_size,
|
|
PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
|
|
if (dev->vendor_id != PCI_VENDOR_ID_INTEL)
|
|
continue;
|
|
|
|
if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) {
|
|
me = 1;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!me) {
|
|
rehide_me();
|
|
|
|
pci_cleanup(pacc);
|
|
return NULL;
|
|
}
|
|
|
|
return dev;
|
|
}
|
|
|
|
static void dump_me_info(void)
|
|
{
|
|
struct pci_dev *dev;
|
|
uint32_t stat, stat2;
|
|
char namebuf[1024];
|
|
const char *name = NULL;
|
|
|
|
if (pci_platform_scan())
|
|
return;
|
|
|
|
dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
|
|
if (!dev) {
|
|
if (debug)
|
|
printf("ME PCI device is hidden\n");
|
|
|
|
if (activate_me())
|
|
return;
|
|
dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
|
|
if (!dev) {
|
|
printf("Can't find ME PCI device\n");
|
|
return;
|
|
}
|
|
}
|
|
|
|
if (name == NULL)
|
|
name = "<unknown>";
|
|
|
|
printf("MEI found: [%x:%x] %s\n\n",
|
|
dev->vendor_id, dev->device_id, name);
|
|
stat = pci_read_long(dev, 0x40);
|
|
printf("ME Status : 0x%x\n", stat);
|
|
stat2 = pci_read_long(dev, 0x48);
|
|
printf("ME Status 2 : 0x%x\n\n", stat2);
|
|
|
|
intel_me_status(stat, stat2);
|
|
printf("\n");
|
|
intel_me_extend_valid(dev);
|
|
printf("\n");
|
|
|
|
if (stat & 0xf000)
|
|
printf("ME: has a broken implementation on your board with "
|
|
"this firmware\n");
|
|
|
|
if (intel_mei_setup(dev))
|
|
goto out;
|
|
usleep(ME_COMMAND_DELAY);
|
|
mei_reset();
|
|
usleep(ME_COMMAND_DELAY);
|
|
if (mkhi_get_fw_version(&ME_major_ver, &ME_minor_ver))
|
|
goto out;
|
|
usleep(ME_COMMAND_DELAY);
|
|
mei_reset();
|
|
usleep(ME_COMMAND_DELAY);
|
|
if (mkhi_get_fwcaps())
|
|
goto out;
|
|
usleep(ME_COMMAND_DELAY);
|
|
|
|
out:
|
|
rehide_me();
|
|
}
|
|
|
|
static void print_btg_bool_param(const char *name, u8 state)
|
|
{
|
|
printf("%-20s : %s\n", name, state ? "ON" : "OFF");
|
|
}
|
|
|
|
static void dump_bootguard_info(void)
|
|
{
|
|
struct pci_dev *dev;
|
|
char namebuf[1024];
|
|
const char *name = NULL;
|
|
|
|
if (pci_platform_scan())
|
|
return;
|
|
|
|
dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
|
|
if (!dev) {
|
|
if (debug)
|
|
printf("ME PCI device is hidden\n");
|
|
|
|
if (activate_me())
|
|
return;
|
|
dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
|
|
if (!dev) {
|
|
printf("Can't find ME PCI device\n");
|
|
return;
|
|
}
|
|
}
|
|
|
|
/* ME_major_ver is zero on some platforms (Mac) */
|
|
if (ME_major_ver &&
|
|
(ME_major_ver < 9 ||
|
|
(ME_major_ver == 9 && ME_minor_ver < 5))) {
|
|
printf(CGRN "Your system isn't Boot Guard ready.\n"
|
|
"You can flash other firmware!\n" RESET);
|
|
rehide_me();
|
|
return;
|
|
}
|
|
|
|
if (pci_read_long(dev, 0x40) & 0x10)
|
|
printf(CYEL "Your southbridge configuration is insecure!!\n"
|
|
"Boot Guard keys can be overwritten or wiped, or you are "
|
|
"in developer mode.\n"
|
|
RESET);
|
|
rehide_me();
|
|
|
|
union {
|
|
struct {
|
|
u8 nem_enabled : 1; /* [ 0.. 0] */
|
|
u8 tpm_type : 2; /* [ 2.. 1] */
|
|
u8 tpm_success : 1; /* [ 3.. 3] */
|
|
u8 facb_fpf : 1; /* [ 4.. 4] */
|
|
u8 measured_boot : 1; /* [ 5.. 5] */
|
|
u8 verified_boot : 1; /* [ 6.. 6] */
|
|
u8 module_revoked : 1; /* [ 7.. 7] */
|
|
u32 : 24;
|
|
u8 btg_capability : 1; /* [32..32] */
|
|
u32 : 31;
|
|
};
|
|
u64 raw;
|
|
} btg;
|
|
|
|
if (msr_bootguard(&btg.raw) < 0) {
|
|
printf("Could not read the BOOTGUARD_SACM_INFO MSR.\n");
|
|
return;
|
|
}
|
|
|
|
printf("Boot Guard MSR Output : 0x%" PRIx64 "\n", btg.raw);
|
|
|
|
if (!btg.btg_capability) {
|
|
printf(CGRN "Your system isn't Boot Guard ready.\n"
|
|
"You can flash other firmware!\n" RESET);
|
|
return;
|
|
}
|
|
|
|
print_btg_bool_param("Measured boot", btg.measured_boot);
|
|
print_btg_bool_param("Verified boot", btg.verified_boot);
|
|
print_btg_bool_param("FACB in FPFs", btg.facb_fpf);
|
|
print_btg_bool_param("Module revoked", btg.module_revoked);
|
|
if (btg.measured_boot) {
|
|
const char *const tpm_type_strs[] = {
|
|
"None",
|
|
"TPM 1.2",
|
|
"TPM 2.0",
|
|
"PTT",
|
|
};
|
|
printf("%-20s : %s\n", "TPM type", tpm_type_strs[btg.tpm_type]);
|
|
print_btg_bool_param("TPM success", btg.tpm_success);
|
|
}
|
|
if (btg.verified_boot) {
|
|
print_btg_bool_param("NEM enabled", btg.nem_enabled);
|
|
if (btg.nem_enabled)
|
|
printf(CRED "Verified boot is enabled and ACM has enabled "
|
|
"Cache-As-RAM.\nYou can't flash other firmware!\n" RESET);
|
|
else
|
|
printf(CYEL "Verified boot is enabled, but ACM did not enable "
|
|
"Cache-As-RAM.\nIt might be possible to flash other firmware.\n"
|
|
RESET);
|
|
} else {
|
|
printf(CGRN "Your system is Boot Guard ready but verified boot is disabled.\n"
|
|
"You can flash other firmware!\n" RESET);
|
|
}
|
|
}
|
|
|
|
static void print_version(void)
|
|
{
|
|
printf("intelmetool v%s -- ", INTELMETOOL_VERSION);
|
|
printf("Copyright (C) 2015 Damien Zammit\n");
|
|
printf("Copyright (C) 2017 Philipp Deppenwiese\n");
|
|
printf("Copyright (C) 2017 Patrick Rudolph\n\n");
|
|
printf(GPLV2COPYRIGHT);
|
|
}
|
|
|
|
static void print_usage(const char *name)
|
|
{
|
|
printf("usage: %s [-vh?smdb]\n", name);
|
|
printf("\n"
|
|
" -v | --version: print the version\n"
|
|
" -h | --help: print this help\n\n"
|
|
" -d | --debug: enable debug output\n"
|
|
" -m | --me dump all me information on console\n"
|
|
" -b | --bootguard dump bootguard state of the platform\n"
|
|
"\n");
|
|
exit(1);
|
|
}
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
int opt, option_index = 0;
|
|
unsigned cmd_exec = 0;
|
|
|
|
static struct option long_options[] = {
|
|
{"version", 0, 0, 'v'},
|
|
{"help", 0, 0, 'h'},
|
|
{"me", 0, 0, 'm'},
|
|
{"bootguard", 0, 0, 'b'},
|
|
{"debug", 0, 0, 'd'},
|
|
{0, 0, 0, 0}
|
|
};
|
|
|
|
while ((opt = getopt_long(argc, argv, "vh?smdb",
|
|
long_options, &option_index)) != EOF) {
|
|
switch (opt) {
|
|
case 'v':
|
|
print_version();
|
|
exit(0);
|
|
break;
|
|
case 's': /* Legacy fallthrough */
|
|
case 'm':
|
|
cmd_exec = 1;
|
|
break;
|
|
case 'b':
|
|
cmd_exec = 2;
|
|
break;
|
|
break;
|
|
case 'd':
|
|
debug = 1;
|
|
break;
|
|
case 'h':
|
|
case '?':
|
|
default:
|
|
print_usage(argv[0]);
|
|
exit(0);
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!cmd_exec)
|
|
print_usage(argv[0]);
|
|
|
|
#if defined(__FreeBSD__)
|
|
if (open("/dev/io", O_RDWR) < 0) {
|
|
perror("/dev/io");
|
|
#elif defined(__NetBSD__)
|
|
# ifdef __i386__
|
|
if (i386_iopl(3)) {
|
|
perror("iopl");
|
|
# else
|
|
if (x86_64_iopl(3)) {
|
|
perror("iopl");
|
|
# endif
|
|
#else
|
|
if (iopl(3)) {
|
|
perror("iopl");
|
|
#endif
|
|
printf("You need to be root.\n");
|
|
exit(1);
|
|
}
|
|
|
|
#ifndef __DARWIN__
|
|
fd_mem = open("/dev/mem", O_RDWR);
|
|
if (fd_mem < 0) {
|
|
perror("Can not open /dev/mem. Do you have disabled "
|
|
"Secure Boot ?");
|
|
exit(1);
|
|
}
|
|
|
|
if (!isCPUGenuineIntel()) {
|
|
perror("Error CPU is not from Intel.");
|
|
exit(1);
|
|
}
|
|
#endif
|
|
|
|
if (cmd_exec & 3)
|
|
dump_me_info();
|
|
if (cmd_exec & 2)
|
|
dump_bootguard_info();
|
|
|
|
return 0;
|
|
}
|