Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 40cb3fe94dacfba0b146aae2be9c03c0a0ddb691 / . / util / intelmetool / intelmetool.c
blob: 4216189e0ed9d6255b66496cabbbd1e876674e3c [file] [log] [blame]
Patrick Georgiea063cb2020-05-08 19:28:13 +0200[diff] [blame]1/* intelmetool Dump interesting things about Management Engine even if hidden */
Patrick Georgi7333a112020-05-08 20:48:04 +0200[diff] [blame]2/* SPDX-License-Identifier: GPL-2.0-or-later */
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]3
4#include <stdio.h>
5#include <inttypes.h>
6#include <stdlib.h>
7#include <getopt.h>
8#include <unistd.h>
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]9#include <string.h>
10#include <cpuid.h>
Ivan J85c76c92018-02-21 10:52:51 +0100[diff] [blame]11#include <sys/io.h>
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]12
13#ifdef __NetBSD__
14#include <machine/sysarch.h>
15#endif
16
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]17#include "intelmetool.h"
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]18#include "me.h"
19#include "mmap.h"
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]20#include "msr.h"
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]21#include "rcba.h"
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]22
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]23extern int fd_mem;
24int debug = 0;
25
26static uint32_t fd2 = 0;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]27static int ME_major_ver = 0;
28static int ME_minor_ver = 0;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]29
30static void dumpmem(uint8_t *phys, uint32_t size)
31{
32 uint32_t i;
33 printf("Dumping cloned ME memory:\n");
34 for (i = 0; i < size; i++) {
35 printf("%02X",*((uint8_t *) (phys + i)));
36 }
37 printf("\n");
38}
39
40static void zeroit(uint8_t *phys, uint32_t size)
41{
42 uint32_t i;
43 for (i = 0; i < size; i++) {
44 *((uint8_t *) (phys + i)) = 0x00;
45 }
46}
47
48static void dumpmemfile(uint8_t *phys, uint32_t size)
49{
50 FILE *fp = fopen("medump.bin", "w");
51 uint32_t i;
52 for (i = 0; i < size; i++) {
53 fprintf(fp, "%c", *((uint8_t *) (phys + i)));
54 }
55 fclose(fp);
56}
57
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]58static int isCPUGenuineIntel(void)
59{
60 regs_t regs;
61 unsigned int level = 0;
62 unsigned int eax = 0;
63
64 __get_cpuid(level, &eax, &regs.ebx, &regs.ecx, &regs.edx);
65
66 return !strncmp((char *)&regs, "GenuineIntel", CPU_ID_SIZE-1);
67}
68
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]69/* You need >4GB total ram, in kernel cmdline, use 'mem=1000m'
70 * then this code will clone to absolute memory address 0xe0000000
71 * which can be read using a mmap tool at that offset.
72 * Real ME memory is located around top of memory minus 64MB. (I think)
73 * so we avoid cloning to this part.
74 */
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]75static void dump_me_memory(void)
76{
Paul Menzel57d912b2017-05-04 16:35:25 +0200[diff] [blame]77 uintptr_t me_clone = 0x60000000;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]78 uint8_t *dump;
79
Paul Menzel1e7911e2016-12-27 15:24:02 +0100[diff] [blame]80 dump = map_physical_exact((off_t)me_clone, (void *)me_clone, 0x2000000);
Paul Wisee311f942017-05-04 14:13:38 +0800[diff] [blame]81 if (dump == NULL) {
82 printf("Could not map ME memory\n");
83 return;
84 }
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]85 zeroit(dump, 0x2000000);
86 printf("Send magic command for memory clone\n");
87
88 mei_reset();
89 usleep(ME_COMMAND_DELAY);
90 void* ptr = &me_clone;
91 int err = mkhi_debug_me_memory(ptr);
92
93 if (!err) {
94 printf("Wait a second...");
95 usleep(ME_COMMAND_DELAY);
96 printf("done\n\nHere are the first bytes:\n");
97 dumpmemfile(dump, 0x2000000);
98 //printf("Try reading 0x%zx with other mmap tool...\n"
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]99 // "Press enter to quit, you only get one chance to run"
100 // "this tool before reboot required for some reason\n",
101 // me_clone);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]102 while (getc(stdin) != '\n') {};
103 unmap_physical(dump, 0x2000000);
104 }
105}
106
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]107static int pci_platform_scan(void)
108{
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]109 struct pci_access *pacc;
110 struct pci_dev *dev;
Youness Alaouie0c53af2017-03-31 16:21:50 -0400[diff] [blame]111 char namebuf[1024];
112 const char *name;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]113
114 pacc = pci_alloc();
115 pacc->method = PCI_ACCESS_I386_TYPE1;
116
117 pci_init(pacc);
118 pci_scan_bus(pacc);
119
120 for (dev=pacc->devices; dev; dev=dev->next) {
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]121 pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES |
122 PCI_FILL_SIZES | PCI_FILL_CLASS);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]123 name = pci_lookup_name(pacc, namebuf, sizeof(namebuf),
124 PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
Youness Alaouib85ddc782017-04-03 14:02:04 -0400[diff] [blame]125 if (name == NULL)
126 name = "<unknown>";
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]127 if (dev->vendor_id != PCI_VENDOR_ID_INTEL)
128 continue;
129
Damien Zammitf4491e72019-02-23 14:01:00 +1100[diff] [blame]130 if (PCI_DEV_NO_ME(dev->device_id)) {
131 printf(CGRN "Good news, you have a `%s` so you have "
132 "no ME present at all, continuing...\n\n"
133 RESET, name);
134 break;
135 } else if (PCI_DEV_HAS_ME_DISABLE(dev->device_id)) {
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]136 printf(CGRN "Good news, you have a `%s` so ME is "
137 "present but can be disabled, continuing...\n\n"
138 RESET, name);
139 break;
140 } else if (PCI_DEV_HAS_ME_DIFFICULT(dev->device_id)) {
141 printf(CRED "Bad news, you have a `%s` so you have ME "
142 "hardware on board and you can't control or "
143 "disable it, continuing...\n\n" RESET, name);
144 break;
145 } else if (PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id)) {
146 printf(CYEL "Not sure if ME hardware is present "
147 "because you have a `%s`, but it is possible to "
148 "disable it if you do, continuing...\n\n" RESET,
149 name);
150 break;
151 } else if (PCI_DEV_ME_NOT_SURE(dev->device_id)) {
152 printf(CYEL "Found `%s`. Not sure whether you have ME "
153 "hardware, exiting\n\n" RESET, name);
154 pci_cleanup(pacc);
155 return 1;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]156 }
157 }
158
Huan Truong2a1ae052017-03-05 02:24:51 -0600[diff] [blame]159 if (dev != NULL &&
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]160 !PCI_DEV_HAS_ME_DISABLE(dev->device_id) &&
161 !PCI_DEV_HAS_ME_DIFFICULT(dev->device_id) &&
162 !PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id) &&
163 !PCI_DEV_ME_NOT_SURE(dev->device_id)) {
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]164 printf(CCYN "ME is not present on your board or unknown\n\n"
165 RESET);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]166 pci_cleanup(pacc);
167 return 1;
168 }
169
170 pci_cleanup(pacc);
171
172 return 0;
173}
174
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]175static int activate_me(void)
176{
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]177 const uint32_t rcba = get_rcba_phys();
178 if (debug)
179 printf("RCBA addr: 0x%08x\n", rcba);
180 if (rcba > 0) {
181 if (read_rcba32(FD2, &fd2)) {
182 printf("Error reading RCBA\n");
183 return 1;
184 }
185 if (write_rcba32(FD2, fd2 & ~0x2)) {
186 printf("Error writing RCBA\n");
187 return 1;
188 }
189 if (debug && (fd2 & 0x2))
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]190 printf("MEI was hidden on PCI, now unlocked\n");
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]191 else if (debug)
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]192 printf("MEI not hidden on PCI, checking if visible\n");
193 }
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]194
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]195 return 0;
196}
197
198static void rehide_me(void)
199{
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]200 const uint32_t rcba = get_rcba_phys();
201 if (rcba > 0) {
202 if (fd2 & 0x2) {
203 if (debug)
204 printf("Re-hiding MEI device...");
205 if (read_rcba32(FD2, &fd2)) {
206 printf("Error reading RCBA\n");
207 return;
208 }
209 if (write_rcba32(FD2, fd2 | 0x2)) {
210 printf("Error writing RCBA\n");
211 return;
212 }
213 if (debug)
214 printf("done\n");
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]215 }
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]216 }
217}
218
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]219static struct pci_dev *pci_me_interface_scan(const char **name, char *namebuf,
220 int namebuf_size)
221{
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]222 struct pci_access *pacc;
223 struct pci_dev *dev;
Damien Zammit711a4782016-04-12 20:35:16 +1000[diff] [blame]224 int me = 0;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]225
226 pacc = pci_alloc();
227 pacc->method = PCI_ACCESS_I386_TYPE1;
228
229 pci_init(pacc);
230 pci_scan_bus(pacc);
231
232 for (dev=pacc->devices; dev; dev=dev->next) {
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]233 pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES |
234 PCI_FILL_SIZES | PCI_FILL_CLASS);
Youness Alaouie0c53af2017-03-31 16:21:50 -0400[diff] [blame]235 *name = pci_lookup_name(pacc, namebuf, namebuf_size,
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]236 PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]237 if (dev->vendor_id != PCI_VENDOR_ID_INTEL)
238 continue;
239
240 if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) {
241 me = 1;
242 break;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]243 }
244 }
245
Damien Zammit711a4782016-04-12 20:35:16 +1000[diff] [blame]246 if (!me) {
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]247 rehide_me();
248
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]249 pci_cleanup(pacc);
250 return NULL;
251 }
252
253 return dev;
254}
255
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]256static void dump_me_info(void)
257{
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]258 struct pci_dev *dev;
259 uint32_t stat, stat2;
Youness Alaouie0c53af2017-03-31 16:21:50 -0400[diff] [blame]260 char namebuf[1024];
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]261 const char *name = NULL;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]262
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]263 if (pci_platform_scan())
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]264 return;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]265
Youness Alaouie0c53af2017-03-31 16:21:50 -0400[diff] [blame]266 dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]267 if (!dev) {
268 if (debug)
269 printf("ME PCI device is hidden\n");
270
271 if (activate_me())
272 return;
273 dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
274 if (!dev) {
275 printf("Can't find ME PCI device\n");
276 return;
277 }
278 }
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]279
Youness Alaouib85ddc782017-04-03 14:02:04 -0400[diff] [blame]280 if (name == NULL)
281 name = "<unknown>";
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]282
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]283 printf("MEI found: [%x:%x] %s\n\n",
284 dev->vendor_id, dev->device_id, name);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]285 stat = pci_read_long(dev, 0x40);
286 printf("ME Status : 0x%x\n", stat);
287 stat2 = pci_read_long(dev, 0x48);
288 printf("ME Status 2 : 0x%x\n\n", stat2);
289
290 intel_me_status(stat, stat2);
291 printf("\n");
292 intel_me_extend_valid(dev);
293 printf("\n");
294
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]295 if (stat & 0xf000)
Evgeny Zinoviev7c1fe4b2020-07-11 01:01:04 +0300[diff] [blame]296 printf("ME: has a broken implementation on your board with "
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]297 "this firmware\n");
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]298
Patrick Rudolphaac3b312018-02-01 16:12:47 +0100[diff] [blame]299 if (intel_mei_setup(dev))
300 goto out;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]301 usleep(ME_COMMAND_DELAY);
302 mei_reset();
303 usleep(ME_COMMAND_DELAY);
Patrick Rudolphaac3b312018-02-01 16:12:47 +0100[diff] [blame]304 if (mkhi_get_fw_version(&ME_major_ver, &ME_minor_ver))
305 goto out;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]306 usleep(ME_COMMAND_DELAY);
307 mei_reset();
308 usleep(ME_COMMAND_DELAY);
Patrick Rudolphaac3b312018-02-01 16:12:47 +0100[diff] [blame]309 if (mkhi_get_fwcaps())
310 goto out;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]311 usleep(ME_COMMAND_DELAY);
312
Patrick Rudolphaac3b312018-02-01 16:12:47 +0100[diff] [blame]313out:
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]314 rehide_me();
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]315}
316
Pablo Stebler9ac91d22020-09-18 10:32:22 +0200[diff] [blame]317static void print_btg_bool_param(const char *name, u8 state)
318{
319 printf("%-20s : %s\n", name, state ? "ON" : "OFF");
320}
321
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]322static void dump_bootguard_info(void)
323{
324 struct pci_dev *dev;
325 char namebuf[1024];
Patrick Rudolph405d2ea2018-02-02 14:43:28 +0100[diff] [blame]326 const char *name = NULL;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]327
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]328 if (pci_platform_scan())
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]329 return;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]330
331 dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
332 if (!dev) {
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]333 if (debug)
334 printf("ME PCI device is hidden\n");
335
336 if (activate_me())
337 return;
338 dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
339 if (!dev) {
340 printf("Can't find ME PCI device\n");
341 return;
342 }
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]343 }
344
Patrick Rudolph3df9dbe2017-11-25 14:43:06 +0100[diff] [blame]345 /* ME_major_ver is zero on some platforms (Mac) */
346 if (ME_major_ver &&
347 (ME_major_ver < 9 ||
Patrick Rudolph405d2ea2018-02-02 14:43:28 +0100[diff] [blame]348 (ME_major_ver == 9 && ME_minor_ver < 5))) {
Paul Menzel7f5a1ee2021-12-15 10:47:05 +0100[diff] [blame]349 printf(CGRN "Your system isn't Boot Guard ready.\n"
Pablo Stebler9ac91d22020-09-18 10:32:22 +0200[diff] [blame]350 "You can flash other firmware!\n" RESET);
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]351 rehide_me();
352 return;
353 }
354
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]355 if (pci_read_long(dev, 0x40) & 0x10)
Pablo Stebler9ac91d22020-09-18 10:32:22 +0200[diff] [blame]356 printf(CYEL "Your southbridge configuration is insecure!!\n"
Paul Menzel7f5a1ee2021-12-15 10:47:05 +0100[diff] [blame]357 "Boot Guard keys can be overwritten or wiped, or you are "
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]358 "in developer mode.\n"
359 RESET);
Patrick Rudolph405d2ea2018-02-02 14:43:28 +0100[diff] [blame]360 rehide_me();
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]361
Pablo Stebler9ac91d22020-09-18 10:32:22 +0200[diff] [blame]362 union {
363 struct {
364 u8 nem_enabled : 1; /* [ 0.. 0] */
365 u8 tpm_type : 2; /* [ 2.. 1] */
366 u8 tpm_success : 1; /* [ 3.. 3] */
367 u8 facb_fpf : 1; /* [ 4.. 4] */
368 u8 measured_boot : 1; /* [ 5.. 5] */
369 u8 verified_boot : 1; /* [ 6.. 6] */
370 u8 module_revoked : 1; /* [ 7.. 7] */
371 u32 : 24;
372 u8 btg_capability : 1; /* [32..32] */
373 u32 : 31;
374 };
375 u64 raw;
376 } btg;
377
378 if (msr_bootguard(&btg.raw) < 0) {
379 printf("Could not read the BOOTGUARD_SACM_INFO MSR.\n");
380 return;
381 }
382
Paul Menzel7f5a1ee2021-12-15 10:47:05 +0100[diff] [blame]383 printf("Boot Guard MSR Output : 0x%" PRIx64 "\n", btg.raw);
Pablo Stebler9ac91d22020-09-18 10:32:22 +0200[diff] [blame]384
385 if (!btg.btg_capability) {
Paul Menzel7f5a1ee2021-12-15 10:47:05 +0100[diff] [blame]386 printf(CGRN "Your system isn't Boot Guard ready.\n"
Pablo Stebler9ac91d22020-09-18 10:32:22 +0200[diff] [blame]387 "You can flash other firmware!\n" RESET);
388 return;
389 }
390
391 print_btg_bool_param("Measured boot", btg.measured_boot);
392 print_btg_bool_param("Verified boot", btg.verified_boot);
393 print_btg_bool_param("FACB in FPFs", btg.facb_fpf);
394 print_btg_bool_param("Module revoked", btg.module_revoked);
395 if (btg.measured_boot) {
396 const char *const tpm_type_strs[] = {
397 "None",
398 "TPM 1.2",
399 "TPM 2.0",
400 "PTT",
401 };
402 printf("%-20s : %s\n", "TPM type", tpm_type_strs[btg.tpm_type]);
403 print_btg_bool_param("TPM success", btg.tpm_success);
404 }
405 if (btg.verified_boot) {
406 print_btg_bool_param("NEM enabled", btg.nem_enabled);
407 if (btg.nem_enabled)
408 printf(CRED "Verified boot is enabled and ACM has enabled "
409 "Cache-As-RAM.\nYou can't flash other firmware!\n" RESET);
410 else
411 printf(CYEL "Verified boot is enabled, but ACM did not enable "
412 "Cache-As-RAM.\nIt might be possible to flash other firmware.\n"
413 RESET);
414 } else {
Paul Menzel7f5a1ee2021-12-15 10:47:05 +0100[diff] [blame]415 printf(CGRN "Your system is Boot Guard ready but verified boot is disabled.\n"
Pablo Stebler9ac91d22020-09-18 10:32:22 +0200[diff] [blame]416 "You can flash other firmware!\n" RESET);
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]417 }
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]418}
419
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]420static void print_version(void)
421{
422 printf("intelmetool v%s -- ", INTELMETOOL_VERSION);
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]423 printf("Copyright (C) 2015 Damien Zammit\n");
424 printf("Copyright (C) 2017 Philipp Deppenwiese\n");
425 printf("Copyright (C) 2017 Patrick Rudolph\n\n");
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]426 printf(GPLV2COPYRIGHT);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]427}
428
429static void print_usage(const char *name)
430{
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]431 printf("usage: %s [-vh?smdb]\n", name);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]432 printf("\n"
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]433 " -v | --version: print the version\n"
434 " -h | --help: print this help\n\n"
435 " -d | --debug: enable debug output\n"
436 " -m | --me dump all me information on console\n"
437 " -b | --bootguard dump bootguard state of the platform\n"
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]438 "\n");
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]439 exit(1);
440}
441
442int main(int argc, char *argv[])
443{
444 int opt, option_index = 0;
445 unsigned cmd_exec = 0;
446
447 static struct option long_options[] = {
448 {"version", 0, 0, 'v'},
449 {"help", 0, 0, 'h'},
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]450 {"me", 0, 0, 'm'},
451 {"bootguard", 0, 0, 'b'},
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]452 {"debug", 0, 0, 'd'},
453 {0, 0, 0, 0}
454 };
455
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]456 while ((opt = getopt_long(argc, argv, "vh?smdb",
457 long_options, &option_index)) != EOF) {
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]458 switch (opt) {
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]459 case 'v':
460 print_version();
461 exit(0);
462 break;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]463 case 's': /* Legacy fallthrough */
464 case 'm':
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]465 cmd_exec = 1;
466 break;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]467 case 'b':
468 cmd_exec = 2;
469 break;
470 break;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]471 case 'd':
472 debug = 1;
473 break;
474 case 'h':
475 case '?':
476 default:
477 print_usage(argv[0]);
478 exit(0);
479 break;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]480 }
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]481 }
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]482
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]483 if (!cmd_exec)
484 print_usage(argv[0]);
485
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]486 #if defined(__FreeBSD__)
487 if (open("/dev/io", O_RDWR) < 0) {
488 perror("/dev/io");
489 #elif defined(__NetBSD__)
490 # ifdef __i386__
491 if (i386_iopl(3)) {
492 perror("iopl");
493 # else
494 if (x86_64_iopl(3)) {
495 perror("iopl");
496 # endif
497 #else
498 if (iopl(3)) {
499 perror("iopl");
500 #endif
501 printf("You need to be root.\n");
502 exit(1);
503 }
504
505 #ifndef __DARWIN__
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]506 fd_mem = open("/dev/mem", O_RDWR);
507 if (fd_mem < 0) {
Patrick Rudolphad4ddfc2018-02-02 15:07:09 +0100[diff] [blame]508 perror("Can not open /dev/mem. Do you have disabled "
509 "Secure Boot ?");
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]510 exit(1);
511 }
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]512
513 if (!isCPUGenuineIntel()) {
514 perror("Error CPU is not from Intel.");
515 exit(1);
516 }
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]517 #endif
518
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]519 if (cmd_exec & 3)
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]520 dump_me_info();
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]521 if (cmd_exec & 2)
522 dump_bootguard_info();
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]523
524 return 0;
525}