Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 5d8ad8598bc5043bde2329aa5be561f6a1e308cd / . / util / intelmetool / intelmetool.c
blob: 37cd357a8c4116c24f9dc3cb1944c3287684c789 [file] [log] [blame]
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]1/* intelmetool Dump interesting things about Management Engine even if hidden
2 * Copyright (C) 2014 Damien Zammit <damien@zamaudio.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
Damien Zammitf0a91282019-02-23 12:38:15 +1100[diff] [blame]6 * the Free Software Foundation; either version 2 of the License,
7 * or (at your option), any later version.
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 */
14
15#include <stdio.h>
16#include <inttypes.h>
17#include <stdlib.h>
18#include <getopt.h>
19#include <unistd.h>
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]20#include <string.h>
21#include <cpuid.h>
Ivan J85c76c92018-02-21 10:52:51 +0100[diff] [blame]22#include <sys/io.h>
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]23
24#ifdef __NetBSD__
25#include <machine/sysarch.h>
26#endif
27
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]28#include "intelmetool.h"
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]29#include "me.h"
30#include "mmap.h"
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]31#include "msr.h"
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]32#include "rcba.h"
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]33
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]34extern int fd_mem;
35int debug = 0;
36
37static uint32_t fd2 = 0;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]38static int ME_major_ver = 0;
39static int ME_minor_ver = 0;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]40
41static void dumpmem(uint8_t *phys, uint32_t size)
42{
43 uint32_t i;
44 printf("Dumping cloned ME memory:\n");
45 for (i = 0; i < size; i++) {
46 printf("%02X",*((uint8_t *) (phys + i)));
47 }
48 printf("\n");
49}
50
51static void zeroit(uint8_t *phys, uint32_t size)
52{
53 uint32_t i;
54 for (i = 0; i < size; i++) {
55 *((uint8_t *) (phys + i)) = 0x00;
56 }
57}
58
59static void dumpmemfile(uint8_t *phys, uint32_t size)
60{
61 FILE *fp = fopen("medump.bin", "w");
62 uint32_t i;
63 for (i = 0; i < size; i++) {
64 fprintf(fp, "%c", *((uint8_t *) (phys + i)));
65 }
66 fclose(fp);
67}
68
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]69static int isCPUGenuineIntel(void)
70{
71 regs_t regs;
72 unsigned int level = 0;
73 unsigned int eax = 0;
74
75 __get_cpuid(level, &eax, &regs.ebx, &regs.ecx, &regs.edx);
76
77 return !strncmp((char *)&regs, "GenuineIntel", CPU_ID_SIZE-1);
78}
79
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]80/* You need >4GB total ram, in kernel cmdline, use 'mem=1000m'
81 * then this code will clone to absolute memory address 0xe0000000
82 * which can be read using a mmap tool at that offset.
83 * Real ME memory is located around top of memory minus 64MB. (I think)
84 * so we avoid cloning to this part.
85 */
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]86static void dump_me_memory(void)
87{
Paul Menzel57d912b2017-05-04 16:35:25 +0200[diff] [blame]88 uintptr_t me_clone = 0x60000000;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]89 uint8_t *dump;
90
Paul Menzel1e7911e2016-12-27 15:24:02 +0100[diff] [blame]91 dump = map_physical_exact((off_t)me_clone, (void *)me_clone, 0x2000000);
Paul Wisee311f942017-05-04 14:13:38 +0800[diff] [blame]92 if (dump == NULL) {
93 printf("Could not map ME memory\n");
94 return;
95 }
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]96 zeroit(dump, 0x2000000);
97 printf("Send magic command for memory clone\n");
98
99 mei_reset();
100 usleep(ME_COMMAND_DELAY);
101 void* ptr = &me_clone;
102 int err = mkhi_debug_me_memory(ptr);
103
104 if (!err) {
105 printf("Wait a second...");
106 usleep(ME_COMMAND_DELAY);
107 printf("done\n\nHere are the first bytes:\n");
108 dumpmemfile(dump, 0x2000000);
109 //printf("Try reading 0x%zx with other mmap tool...\n"
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]110 // "Press enter to quit, you only get one chance to run"
111 // "this tool before reboot required for some reason\n",
112 // me_clone);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]113 while (getc(stdin) != '\n') {};
114 unmap_physical(dump, 0x2000000);
115 }
116}
117
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]118static int pci_platform_scan(void)
119{
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]120 struct pci_access *pacc;
121 struct pci_dev *dev;
Youness Alaouie0c53af2017-03-31 16:21:50 -0400[diff] [blame]122 char namebuf[1024];
123 const char *name;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]124
125 pacc = pci_alloc();
126 pacc->method = PCI_ACCESS_I386_TYPE1;
127
128 pci_init(pacc);
129 pci_scan_bus(pacc);
130
131 for (dev=pacc->devices; dev; dev=dev->next) {
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]132 pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES |
133 PCI_FILL_SIZES | PCI_FILL_CLASS);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]134 name = pci_lookup_name(pacc, namebuf, sizeof(namebuf),
135 PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
Youness Alaouib85ddc782017-04-03 14:02:04 -0400[diff] [blame]136 if (name == NULL)
137 name = "<unknown>";
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]138 if (dev->vendor_id != PCI_VENDOR_ID_INTEL)
139 continue;
140
Damien Zammitf4491e72019-02-23 14:01:00 +1100[diff] [blame]141 if (PCI_DEV_NO_ME(dev->device_id)) {
142 printf(CGRN "Good news, you have a `%s` so you have "
143 "no ME present at all, continuing...\n\n"
144 RESET, name);
145 break;
146 } else if (PCI_DEV_HAS_ME_DISABLE(dev->device_id)) {
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]147 printf(CGRN "Good news, you have a `%s` so ME is "
148 "present but can be disabled, continuing...\n\n"
149 RESET, name);
150 break;
151 } else if (PCI_DEV_HAS_ME_DIFFICULT(dev->device_id)) {
152 printf(CRED "Bad news, you have a `%s` so you have ME "
153 "hardware on board and you can't control or "
154 "disable it, continuing...\n\n" RESET, name);
155 break;
156 } else if (PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id)) {
157 printf(CYEL "Not sure if ME hardware is present "
158 "because you have a `%s`, but it is possible to "
159 "disable it if you do, continuing...\n\n" RESET,
160 name);
161 break;
162 } else if (PCI_DEV_ME_NOT_SURE(dev->device_id)) {
163 printf(CYEL "Found `%s`. Not sure whether you have ME "
164 "hardware, exiting\n\n" RESET, name);
165 pci_cleanup(pacc);
166 return 1;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]167 }
168 }
169
Huan Truong2a1ae052017-03-05 02:24:51 -0600[diff] [blame]170 if (dev != NULL &&
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]171 !PCI_DEV_HAS_ME_DISABLE(dev->device_id) &&
172 !PCI_DEV_HAS_ME_DIFFICULT(dev->device_id) &&
173 !PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id) &&
174 !PCI_DEV_ME_NOT_SURE(dev->device_id)) {
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]175 printf(CCYN "ME is not present on your board or unknown\n\n"
176 RESET);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]177 pci_cleanup(pacc);
178 return 1;
179 }
180
181 pci_cleanup(pacc);
182
183 return 0;
184}
185
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]186static int activate_me(void)
187{
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]188 const uint32_t rcba = get_rcba_phys();
189 if (debug)
190 printf("RCBA addr: 0x%08x\n", rcba);
191 if (rcba > 0) {
192 if (read_rcba32(FD2, &fd2)) {
193 printf("Error reading RCBA\n");
194 return 1;
195 }
196 if (write_rcba32(FD2, fd2 & ~0x2)) {
197 printf("Error writing RCBA\n");
198 return 1;
199 }
200 if (debug && (fd2 & 0x2))
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]201 printf("MEI was hidden on PCI, now unlocked\n");
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]202 else if (debug)
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]203 printf("MEI not hidden on PCI, checking if visible\n");
204 }
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]205
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]206 return 0;
207}
208
209static void rehide_me(void)
210{
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]211 const uint32_t rcba = get_rcba_phys();
212 if (rcba > 0) {
213 if (fd2 & 0x2) {
214 if (debug)
215 printf("Re-hiding MEI device...");
216 if (read_rcba32(FD2, &fd2)) {
217 printf("Error reading RCBA\n");
218 return;
219 }
220 if (write_rcba32(FD2, fd2 | 0x2)) {
221 printf("Error writing RCBA\n");
222 return;
223 }
224 if (debug)
225 printf("done\n");
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]226 }
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]227 }
228}
229
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]230static struct pci_dev *pci_me_interface_scan(const char **name, char *namebuf,
231 int namebuf_size)
232{
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]233 struct pci_access *pacc;
234 struct pci_dev *dev;
Damien Zammit711a4782016-04-12 20:35:16 +1000[diff] [blame]235 int me = 0;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]236
237 pacc = pci_alloc();
238 pacc->method = PCI_ACCESS_I386_TYPE1;
239
240 pci_init(pacc);
241 pci_scan_bus(pacc);
242
243 for (dev=pacc->devices; dev; dev=dev->next) {
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]244 pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES |
245 PCI_FILL_SIZES | PCI_FILL_CLASS);
Youness Alaouie0c53af2017-03-31 16:21:50 -0400[diff] [blame]246 *name = pci_lookup_name(pacc, namebuf, namebuf_size,
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]247 PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]248 if (dev->vendor_id != PCI_VENDOR_ID_INTEL)
249 continue;
250
251 if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) {
252 me = 1;
253 break;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]254 }
255 }
256
Damien Zammit711a4782016-04-12 20:35:16 +1000[diff] [blame]257 if (!me) {
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]258 rehide_me();
259
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]260 pci_cleanup(pacc);
261 return NULL;
262 }
263
264 return dev;
265}
266
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]267static void dump_me_info(void)
268{
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]269 struct pci_dev *dev;
270 uint32_t stat, stat2;
Youness Alaouie0c53af2017-03-31 16:21:50 -0400[diff] [blame]271 char namebuf[1024];
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]272 const char *name = NULL;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]273
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]274 if (pci_platform_scan())
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]275 return;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]276
Youness Alaouie0c53af2017-03-31 16:21:50 -0400[diff] [blame]277 dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]278 if (!dev) {
279 if (debug)
280 printf("ME PCI device is hidden\n");
281
282 if (activate_me())
283 return;
284 dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
285 if (!dev) {
286 printf("Can't find ME PCI device\n");
287 return;
288 }
289 }
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]290
Youness Alaouib85ddc782017-04-03 14:02:04 -0400[diff] [blame]291 if (name == NULL)
292 name = "<unknown>";
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]293
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]294 printf("MEI found: [%x:%x] %s\n\n",
295 dev->vendor_id, dev->device_id, name);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]296 stat = pci_read_long(dev, 0x40);
297 printf("ME Status : 0x%x\n", stat);
298 stat2 = pci_read_long(dev, 0x48);
299 printf("ME Status 2 : 0x%x\n\n", stat2);
300
301 intel_me_status(stat, stat2);
302 printf("\n");
303 intel_me_extend_valid(dev);
304 printf("\n");
305
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]306 if (stat & 0xf000)
307 printf("ME: has a broken implementation on your board with"
308 "this firmware\n");
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]309
Patrick Rudolphaac3b312018-02-01 16:12:47 +0100[diff] [blame]310 if (intel_mei_setup(dev))
311 goto out;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]312 usleep(ME_COMMAND_DELAY);
313 mei_reset();
314 usleep(ME_COMMAND_DELAY);
Patrick Rudolphaac3b312018-02-01 16:12:47 +0100[diff] [blame]315 if (mkhi_get_fw_version(&ME_major_ver, &ME_minor_ver))
316 goto out;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]317 usleep(ME_COMMAND_DELAY);
318 mei_reset();
319 usleep(ME_COMMAND_DELAY);
Patrick Rudolphaac3b312018-02-01 16:12:47 +0100[diff] [blame]320 if (mkhi_get_fwcaps())
321 goto out;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]322 usleep(ME_COMMAND_DELAY);
323
Patrick Rudolphaac3b312018-02-01 16:12:47 +0100[diff] [blame]324out:
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]325 rehide_me();
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]326}
327
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]328static void dump_bootguard_info(void)
329{
330 struct pci_dev *dev;
331 char namebuf[1024];
Patrick Rudolph405d2ea2018-02-02 14:43:28 +0100[diff] [blame]332 const char *name = NULL;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]333 uint64_t bootguard = 0;
334
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]335 if (pci_platform_scan())
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]336 return;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]337
338 dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
339 if (!dev) {
Patrick Rudolph0391d0b2018-02-01 16:14:19 +0100[diff] [blame]340 if (debug)
341 printf("ME PCI device is hidden\n");
342
343 if (activate_me())
344 return;
345 dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
346 if (!dev) {
347 printf("Can't find ME PCI device\n");
348 return;
349 }
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]350 }
351
Patrick Rudolph3df9dbe2017-11-25 14:43:06 +0100[diff] [blame]352 /* ME_major_ver is zero on some platforms (Mac) */
353 if (ME_major_ver &&
354 (ME_major_ver < 9 ||
Patrick Rudolph405d2ea2018-02-02 14:43:28 +0100[diff] [blame]355 (ME_major_ver == 9 && ME_minor_ver < 5))) {
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]356 print_cap("BootGuard ", 0);
357 printf(CGRN "\nYour system isn't bootguard ready. You can "
358 "flash other firmware!\n" RESET);
359 rehide_me();
360 return;
361 }
362
Patrick Rudolph3df9dbe2017-11-25 14:43:06 +0100[diff] [blame]363 if (msr_bootguard(&bootguard, debug) < 0) {
364 printf("ME Capability: %-43s: " CCYN "%s\n" RESET,
365 "BootGuard Mode", "Unknown");
Patrick Rudolph405d2ea2018-02-02 14:43:28 +0100[diff] [blame]366 rehide_me();
Patrick Rudolph3df9dbe2017-11-25 14:43:06 +0100[diff] [blame]367 return;
368 }
369
Patrick Rudolph405d2ea2018-02-02 14:43:28 +0100[diff] [blame]370 if (debug) {
371 printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard);
372 bootguard &= ~0xff;
373 }
374
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]375 print_cap("BootGuard ", 1);
376 if (pci_read_long(dev, 0x40) & 0x10)
377 printf(CYEL "Your southbridge configuration is insecure!! "
378 "BootGuard keys can be overwritten or wiped, or you are "
379 "in developer mode.\n"
380 RESET);
Patrick Rudolph405d2ea2018-02-02 14:43:28 +0100[diff] [blame]381 rehide_me();
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]382
383 switch (bootguard) {
384 case BOOTGUARD_DISABLED:
385 printf("ME Capability: %-43s: " CGRN "%s\n" RESET,
386 "BootGuard Mode", "Disabled");
387 printf(CGRN "\nYour system is bootguard ready but your vendor "
388 "disabled it. You can flash other firmware!\n" RESET);
389 break;
390 case BOOTGUARD_ENABLED_COMBI_MODE:
391 printf("ME Capability: %-43s: " CGRN "%s\n" RESET,
392 "BootGuard Mode", "Verified & Measured Boot");
393 printf(CRED "\nVerified boot is enabled. You can't flash other "
394 "firmware. !\n" RESET);
395 break;
396 case BOOTGUARD_ENABLED_MEASUREMENT_MODE:
397 printf("ME Capability: %-43s: " CGRN "%s\n" RESET,
398 "BootGuard Mode", "Measured Boot");
399 printf(CGRN "\nYour system is bootguard ready but only running "
400 "the measured boot mode. You can flash other firmware!\n"
401 RESET);
402 break;
403 case BOOTGUARD_ENABLED_VERIFIED_MODE:
404 printf("ME Capability: %-43s: " CGRN "%s\n" RESET,
405 "BootGuard Mode", "Verified Boot");
406 printf(CRED "\nVerified boot is enabled! You can't flash other "
407 "firmware.\n" RESET);
408 break;
409 }
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]410}
411
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]412static void print_version(void)
413{
414 printf("intelmetool v%s -- ", INTELMETOOL_VERSION);
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]415 printf("Copyright (C) 2015 Damien Zammit\n");
416 printf("Copyright (C) 2017 Philipp Deppenwiese\n");
417 printf("Copyright (C) 2017 Patrick Rudolph\n\n");
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]418 printf(GPLV2COPYRIGHT);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]419}
420
421static void print_usage(const char *name)
422{
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]423 printf("usage: %s [-vh?smdb]\n", name);
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]424 printf("\n"
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]425 " -v | --version: print the version\n"
426 " -h | --help: print this help\n\n"
427 " -d | --debug: enable debug output\n"
428 " -m | --me dump all me information on console\n"
429 " -b | --bootguard dump bootguard state of the platform\n"
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]430 "\n");
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]431 exit(1);
432}
433
434int main(int argc, char *argv[])
435{
436 int opt, option_index = 0;
437 unsigned cmd_exec = 0;
438
439 static struct option long_options[] = {
440 {"version", 0, 0, 'v'},
441 {"help", 0, 0, 'h'},
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]442 {"me", 0, 0, 'm'},
443 {"bootguard", 0, 0, 'b'},
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]444 {"debug", 0, 0, 'd'},
445 {0, 0, 0, 0}
446 };
447
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]448 while ((opt = getopt_long(argc, argv, "vh?smdb",
449 long_options, &option_index)) != EOF) {
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]450 switch (opt) {
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]451 case 'v':
452 print_version();
453 exit(0);
454 break;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]455 case 's': /* Legacy fallthrough */
456 case 'm':
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]457 cmd_exec = 1;
458 break;
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]459 case 'b':
460 cmd_exec = 2;
461 break;
462 break;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]463 case 'd':
464 debug = 1;
465 break;
466 case 'h':
467 case '?':
468 default:
469 print_usage(argv[0]);
470 exit(0);
471 break;
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]472 }
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]473 }
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]474
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]475 if (!cmd_exec)
476 print_usage(argv[0]);
477
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]478 #if defined(__FreeBSD__)
479 if (open("/dev/io", O_RDWR) < 0) {
480 perror("/dev/io");
481 #elif defined(__NetBSD__)
482 # ifdef __i386__
483 if (i386_iopl(3)) {
484 perror("iopl");
485 # else
486 if (x86_64_iopl(3)) {
487 perror("iopl");
488 # endif
489 #else
490 if (iopl(3)) {
491 perror("iopl");
492 #endif
493 printf("You need to be root.\n");
494 exit(1);
495 }
496
497 #ifndef __DARWIN__
Patrick Rudolph5e9dc372017-11-19 09:11:58 +0100[diff] [blame]498 fd_mem = open("/dev/mem", O_RDWR);
499 if (fd_mem < 0) {
Patrick Rudolphad4ddfc2018-02-02 15:07:09 +0100[diff] [blame]500 perror("Can not open /dev/mem. Do you have disabled "
501 "Secure Boot ?");
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]502 exit(1);
503 }
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]504
505 if (!isCPUGenuineIntel()) {
506 perror("Error CPU is not from Intel.");
507 exit(1);
508 }
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]509 #endif
510
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]511 if (cmd_exec & 3)
Maximilian Schanderdf5b83f2017-10-28 18:33:07 +0200[diff] [blame]512 dump_me_info();
Philipp Deppenwiese73add172016-08-26 02:10:51 +0200[diff] [blame]513 if (cmd_exec & 2)
514 dump_bootguard_info();
Philipp Deppenwiesed8fe4432016-03-18 00:52:54 +0100[diff] [blame]515
516 return 0;
517}