| /* SPDX-License-Identifier: GPL-2.0-only */ |
| |
| #ifndef SECURITY_INTEL_TXT_REGISTER_H_ |
| #define SECURITY_INTEL_TXT_REGISTER_H_ |
| |
| #include <types.h> |
| |
| /* |
| * Document: 315168-016 |
| * Intel Trusted Execution Technology (Intel TXT) |
| * Software Development Guide |
| * Chapter B |
| */ |
| #define TXT_BASE 0xfed30000UL |
| |
| #define TXT_STS (TXT_BASE + 0) |
| #define TXT_ESTS (TXT_BASE + 8) |
| #define TXT_ESTS_TXT_RESET_STS (1 << 0) |
| /* |
| * Chapter 6 |
| * Intel Trusted Execution Technology Lab Handout |
| */ |
| #define TXT_ESTS_WAKE_ERROR_STS (1 << 6) |
| |
| #define TXT_ERROR (TXT_BASE + 0x30) |
| #define ACMERROR_TXT_VALID (1ul << 31) |
| #define ACMERROR_TXT_EXTERNAL (1ul << 30) |
| |
| #define ACMERROR_TXT_PROGRESS_SHIFT 16 |
| #define ACMERROR_TXT_MINOR_SHIFT 15 |
| #define ACMERROR_TXT_MAJOR_SHIFT 10 |
| #define ACMERROR_TXT_CLASS_SHIFT 4 |
| #define ACMERROR_TXT_TYPE_SHIFT 0 |
| |
| #define ACMERROR_TXT_PROGRESS_CODE (0xffull << ACMERROR_TXT_PROGRESS_SHIFT) |
| #define ACMERROR_TXT_MINOR_CODE (0x01ull << ACMERROR_TXT_MINOR_SHIFT) |
| #define ACMERROR_TXT_MAJOR_CODE (0x1full << ACMERROR_TXT_MAJOR_SHIFT) |
| #define ACMERROR_TXT_CLASS_CODE (0x3full << ACMERROR_TXT_CLASS_SHIFT) |
| #define ACMERROR_TXT_TYPE_CODE (0x0full << ACMERROR_TXT_TYPE_SHIFT) |
| |
| #define ACMERROR_TXT_AC_MODULE_TYPE_BIOS 0 |
| #define ACMERROR_TXT_AC_MODULE_TYPE_SINIT 1 |
| |
| #define TXT_ERROR_MASK (0x3ff << 0) |
| |
| #define TXT_CMD_RESET (TXT_BASE + 0x38) |
| #define TXT_CMD_CLOSE_PRIVATE (TXT_BASE + 0x48) |
| |
| /* Present in Document Number: 315168-016. */ |
| #define TXT_SPAD (TXT_BASE + 0xa0) |
| #define ACMSTS_IBB_MEASURED (1ull << 63) |
| #define ACMSTS_VERIFICATION_ERROR (1ull << 62) |
| #define ACMSTS_BG_STARTUP_ERROR (1ull << 61) /* CBnT platforms only */ |
| #define ACMSTS_TXT_DISABLED (1ull << 60) /* disabled by FIT type 0xA record */ |
| #define ACMSTS_BIOS_TRUSTED (1ull << 59) |
| #define ACMSTS_MEM_CLEAR_POWER_DOWN (1ull << 47) |
| #define ACMSTS_TXT_STARTUP_SUCCESS (1ull << 30) |
| |
| #define TXT_VER_FSBIF (TXT_BASE + 0x100) |
| #define TXT_VER_PRODUCTION_FUSED (1ull << 31) |
| |
| #define TXT_DIDVID (TXT_BASE + 0x110) |
| |
| /* |
| * Chapter 6 |
| * Intel Trusted Execution Technology Lab Handout |
| */ |
| #define TXT_CAPABILITIES (TXT_BASE + 0x200) |
| #define TXT_CAPABILITIES_DPR (1ull << 26) |
| #define TXT_CAPABILITIES_PMRC (1ull << 19) |
| |
| #define TXT_VER_QPIIF (TXT_BASE + 0x200) |
| |
| #define TXT_SINIT_BASE (TXT_BASE + 0x270) |
| #define TXT_SINIT_SIZE (TXT_BASE + 0x278) |
| #define TXT_MLE_JOIN (TXT_BASE + 0x290) |
| |
| #define TXT_HEAP_BASE (TXT_BASE + 0x300) |
| #define TXT_HEAP_SIZE (TXT_BASE + 0x308) |
| /* |
| * Chapter 6 |
| * Intel Trusted Execution Technology Lab Handout |
| */ |
| #define TXT_MSEG_BASE (TXT_BASE + 0x310) |
| #define TXT_MSEG_SIZE (TXT_BASE + 0x318) |
| |
| /* |
| * Chapter 5.4.2.1 |
| * Intel Trusted Execution Technology Lab Handout |
| */ |
| #define TXT_BIOSACM_ERRORCODE (TXT_BASE + 0x328) |
| |
| #define TXT_DPR (TXT_BASE + 0x330) |
| |
| #define TXT_ACM_KEY_HASH (TXT_BASE + 0x400) |
| #define TXT_ACM_KEY_HASH_LEN 0x4 |
| |
| #define TXT_E2STS (TXT_BASE + 0x8f0) |
| #define TXT_E2STS_SECRET_STS (1ull << 1) |
| |
| /* |
| * TCG PC Client Platform TPM Profile (PTP) Specification |
| * |
| * Note: Only locality 0 registers are publicly accessible. |
| */ |
| |
| #define TPM_BASE 0xfed40000UL |
| |
| #define TPM_ACCESS_REG (TPM_BASE + 0x00) |
| |
| /* |
| * TXT Memory regions |
| * Chapter 5.3 |
| * Intel Trusted Execution Technology Lab Handout |
| */ |
| #define TXT_PRIVATE_SPACE 0xfed20000UL |
| #define TXT_PUBLIC_SPACE 0xfed30000UL |
| #define TXT_TPM_DECODE_AREA 0xfed40000UL |
| #define TXT_RESERVED_SPACE 0xfed50000UL |
| |
| #define TXT_RESERVED_SPACE_SIZE 0x3ffff |
| |
| /* ESI flags for GETSEC[ENTERACCS] see Reference Number: 323372-017 */ |
| #define ACMINPUT_SCLEAN 0 |
| #define ACMINPUT_RESET_TPM_AUXILIARY_INDICIES 2 |
| #define ACMINPUT_NOP 3 |
| #define ACMINPUT_SCHECK 4 |
| #define ACMINPUT_CLEAR_SECRETS 5 |
| #define ACMINPUT_LOCK_CONFIG 6 |
| |
| /* |
| * GetSec EAX value. |
| * SAFER MODE EXTENSIONS REFERENCE. |
| * Intel 64 and IA-32 Architectures Software Developer Manuals Vol 2 |
| * Order Number: 325383-060US |
| */ |
| #define IA32_GETSEC_CAPABILITIES 0 |
| #define IA32_GETSEC_ENTERACCS 2 |
| #define IA32_GETSEC_SENTER 4 |
| #define IA32_GETSEC_SEXIT 5 |
| #define IA32_GETSEC_PARAMETERS 6 |
| #define IA32_GETSEC_SMCTRL 7 |
| #define IA32_GETSEC_WAKEUP 8 |
| |
| #define GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT (1ul << 5) |
| #define GETSEC_PARAMS_TXT_EXT_MACHINE_CHECK (1ul << 6) |
| |
| /* ACM defines */ |
| #define INTEL_ACM_VENDOR 0x00008086 |
| |
| #define ACM_FORMAT_FLAGS_PW 0x00000000 |
| #define ACM_FORMAT_FLAGS_NPW (1 << 14) |
| #define ACM_FORMAT_FLAGS_DEBUG (1 << 15) |
| |
| /* Old ACMs are power of two aligned, newer ACMs are not */ |
| #define ACM_FORMAT_SIZE_64KB (64 * KiB / 4) |
| #define ACM_FORMAT_SIZE_128KB (128 * KiB / 4) |
| #define ACM_FORMAT_SIZE_256KB (256 * KiB / 4) |
| |
| /* MSRs */ |
| #define IA32_MCG_STATUS 0x17a |
| |
| /* DPR register layout, either in PCI config space or TXT MMIO space */ |
| union dpr_register { |
| struct { |
| uint32_t lock : 1; /* [ 0.. 0] */ |
| uint32_t prs : 1; /* [ 1.. 1] and only present on PCI config */ |
| uint32_t epm : 1; /* [ 2.. 2] and only present on PCI config */ |
| uint32_t : 1; |
| uint32_t size : 8; /* [11.. 4] */ |
| uint32_t : 8; |
| uint32_t top : 12; /* [31..20] */ |
| }; |
| uint32_t raw; |
| }; |
| |
| typedef enum { |
| CHIPSET_ACM = 2, |
| } acm_module_type; |
| |
| typedef enum { |
| BIOS = 0, |
| SINIT = 1, |
| } acm_module_sub_type; |
| |
| /* |
| * ACM Header v0.0 without dynamic part |
| * Chapter A.1 |
| * Intel TXT Software Development Guide (Document: 315168-015) |
| */ |
| struct __packed acm_header_v0 { |
| uint16_t module_type; |
| uint16_t module_sub_type; |
| uint32_t header_len; |
| uint16_t header_version[2]; |
| uint16_t chipset_id; |
| uint16_t flags; |
| uint32_t module_vendor; |
| uint32_t date; |
| uint32_t size; |
| uint16_t txt_svn; |
| uint16_t se_svn; |
| uint32_t code_control; |
| uint32_t error_entry_point; |
| uint32_t gdt_limit; |
| uint32_t gdt_ptr; |
| uint32_t seg_sel; |
| uint32_t entry_point; |
| uint8_t reserved2[64]; |
| uint32_t key_size; |
| uint32_t scratch_size; |
| uint8_t rsa2048_pubkey[256]; |
| uint32_t pub_exp; |
| uint8_t rsa2048_sig[256]; |
| uint32_t scratch[143]; |
| uint8_t user_area[]; |
| }; |
| |
| struct __packed acm_info_table { |
| uint8_t uuid[16]; |
| uint8_t chipset_acm_type; |
| uint8_t version; |
| uint16_t length; |
| uint32_t chipset_id_list; |
| uint32_t os_sinit_data_ver; |
| uint32_t min_mle_hdr_ver; |
| uint32_t capabilities; |
| uint8_t acm_ver; |
| uint8_t reserved[3]; |
| }; |
| |
| /* |
| * Extended Data Elements |
| * Chapter C.1 |
| * Intel TXT Software Development Guide (Document: 315168-015) |
| */ |
| struct __packed txt_extended_data_element_header { |
| uint32_t type; |
| uint32_t size; |
| uint8_t data[0]; |
| }; |
| |
| #define HEAP_EXTDATA_TYPE_END 0 |
| #define HEAP_EXTDATA_TYPE_BIOS_SPEC_VER 1 |
| #define HEAP_EXTDATA_TYPE_ACM 2 |
| #define HEAP_EXTDATA_TYPE_CUSTOM 4 |
| |
| struct __packed txt_bios_spec_ver_element { |
| struct txt_extended_data_element_header header; |
| uint16_t ver_major; |
| uint16_t ver_minor; |
| uint16_t ver_revision; |
| }; |
| |
| struct __packed txt_heap_acm_element { |
| struct txt_extended_data_element_header header; |
| uint32_t num_acms; // must greater 0, smaller than 3 |
| uint64_t acm_addrs[2]; |
| }; |
| |
| /* |
| * BIOS Data Format |
| * Chapter C.2 |
| * Intel TXT Software Development Guide (Document: 315168-015) |
| */ |
| struct __packed txt_biosdataregion { |
| uint32_t version; |
| uint32_t bios_sinit_size; |
| uint64_t lcp_pd_base; |
| uint64_t lcp_pd_size; |
| uint32_t no_logical_procs; |
| uint32_t sinit_flags; |
| union { |
| uint32_t mle_flags; |
| struct { |
| uint32_t support_acpi_ppi : 1; |
| uint32_t platform_type : 2; |
| }; |
| }; |
| u8 extended_data_elements[0]; |
| }; |
| |
| void txt_dump_regions(void); |
| void txt_dump_chipset_info(void); |
| void txt_dump_acm_info(const struct acm_header_v0 *acm_header); |
| void txt_dump_getsec_parameters(void); |
| |
| #endif /* SECURITY_INTEL_TXT_REGISTER_H_ */ |