Patrick Georgi | ea063cb | 2020-05-08 19:28:13 +0200 | [diff] [blame] | 1 | /* intelmetool Dump interesting things about Management Engine even if hidden */ |
Patrick Georgi | 7333a11 | 2020-05-08 20:48:04 +0200 | [diff] [blame] | 2 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 3 | |
| 4 | #include <stdio.h> |
| 5 | #include <inttypes.h> |
| 6 | #include <stdlib.h> |
| 7 | #include <getopt.h> |
| 8 | #include <unistd.h> |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 9 | #include <string.h> |
| 10 | #include <cpuid.h> |
Ivan J | 85c76c9 | 2018-02-21 10:52:51 +0100 | [diff] [blame] | 11 | #include <sys/io.h> |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 12 | |
| 13 | #ifdef __NetBSD__ |
| 14 | #include <machine/sysarch.h> |
| 15 | #endif |
| 16 | |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 17 | #include "intelmetool.h" |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 18 | #include "me.h" |
| 19 | #include "mmap.h" |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 20 | #include "msr.h" |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 21 | #include "rcba.h" |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 22 | |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 23 | extern int fd_mem; |
| 24 | int debug = 0; |
| 25 | |
| 26 | static uint32_t fd2 = 0; |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 27 | static int ME_major_ver = 0; |
| 28 | static int ME_minor_ver = 0; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 29 | |
| 30 | static void dumpmem(uint8_t *phys, uint32_t size) |
| 31 | { |
| 32 | uint32_t i; |
| 33 | printf("Dumping cloned ME memory:\n"); |
| 34 | for (i = 0; i < size; i++) { |
| 35 | printf("%02X",*((uint8_t *) (phys + i))); |
| 36 | } |
| 37 | printf("\n"); |
| 38 | } |
| 39 | |
| 40 | static void zeroit(uint8_t *phys, uint32_t size) |
| 41 | { |
| 42 | uint32_t i; |
| 43 | for (i = 0; i < size; i++) { |
| 44 | *((uint8_t *) (phys + i)) = 0x00; |
| 45 | } |
| 46 | } |
| 47 | |
| 48 | static void dumpmemfile(uint8_t *phys, uint32_t size) |
| 49 | { |
| 50 | FILE *fp = fopen("medump.bin", "w"); |
| 51 | uint32_t i; |
| 52 | for (i = 0; i < size; i++) { |
| 53 | fprintf(fp, "%c", *((uint8_t *) (phys + i))); |
| 54 | } |
| 55 | fclose(fp); |
| 56 | } |
| 57 | |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 58 | static int isCPUGenuineIntel(void) |
| 59 | { |
| 60 | regs_t regs; |
| 61 | unsigned int level = 0; |
| 62 | unsigned int eax = 0; |
| 63 | |
| 64 | __get_cpuid(level, &eax, ®s.ebx, ®s.ecx, ®s.edx); |
| 65 | |
| 66 | return !strncmp((char *)®s, "GenuineIntel", CPU_ID_SIZE-1); |
| 67 | } |
| 68 | |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 69 | /* You need >4GB total ram, in kernel cmdline, use 'mem=1000m' |
| 70 | * then this code will clone to absolute memory address 0xe0000000 |
| 71 | * which can be read using a mmap tool at that offset. |
| 72 | * Real ME memory is located around top of memory minus 64MB. (I think) |
| 73 | * so we avoid cloning to this part. |
| 74 | */ |
Maximilian Schander | df5b83f | 2017-10-28 18:33:07 +0200 | [diff] [blame] | 75 | static void dump_me_memory(void) |
| 76 | { |
Paul Menzel | 57d912b | 2017-05-04 16:35:25 +0200 | [diff] [blame] | 77 | uintptr_t me_clone = 0x60000000; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 78 | uint8_t *dump; |
| 79 | |
Paul Menzel | 1e7911e | 2016-12-27 15:24:02 +0100 | [diff] [blame] | 80 | dump = map_physical_exact((off_t)me_clone, (void *)me_clone, 0x2000000); |
Paul Wise | e311f94 | 2017-05-04 14:13:38 +0800 | [diff] [blame] | 81 | if (dump == NULL) { |
| 82 | printf("Could not map ME memory\n"); |
| 83 | return; |
| 84 | } |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 85 | zeroit(dump, 0x2000000); |
| 86 | printf("Send magic command for memory clone\n"); |
| 87 | |
| 88 | mei_reset(); |
| 89 | usleep(ME_COMMAND_DELAY); |
| 90 | void* ptr = &me_clone; |
| 91 | int err = mkhi_debug_me_memory(ptr); |
| 92 | |
| 93 | if (!err) { |
| 94 | printf("Wait a second..."); |
| 95 | usleep(ME_COMMAND_DELAY); |
| 96 | printf("done\n\nHere are the first bytes:\n"); |
| 97 | dumpmemfile(dump, 0x2000000); |
| 98 | //printf("Try reading 0x%zx with other mmap tool...\n" |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 99 | // "Press enter to quit, you only get one chance to run" |
| 100 | // "this tool before reboot required for some reason\n", |
| 101 | // me_clone); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 102 | while (getc(stdin) != '\n') {}; |
| 103 | unmap_physical(dump, 0x2000000); |
| 104 | } |
| 105 | } |
| 106 | |
Maximilian Schander | df5b83f | 2017-10-28 18:33:07 +0200 | [diff] [blame] | 107 | static int pci_platform_scan(void) |
| 108 | { |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 109 | struct pci_access *pacc; |
| 110 | struct pci_dev *dev; |
Youness Alaoui | e0c53af | 2017-03-31 16:21:50 -0400 | [diff] [blame] | 111 | char namebuf[1024]; |
| 112 | const char *name; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 113 | |
| 114 | pacc = pci_alloc(); |
| 115 | pacc->method = PCI_ACCESS_I386_TYPE1; |
| 116 | |
| 117 | pci_init(pacc); |
| 118 | pci_scan_bus(pacc); |
| 119 | |
| 120 | for (dev=pacc->devices; dev; dev=dev->next) { |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 121 | pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | |
| 122 | PCI_FILL_SIZES | PCI_FILL_CLASS); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 123 | name = pci_lookup_name(pacc, namebuf, sizeof(namebuf), |
| 124 | PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id); |
Youness Alaoui | b85ddc78 | 2017-04-03 14:02:04 -0400 | [diff] [blame] | 125 | if (name == NULL) |
| 126 | name = "<unknown>"; |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 127 | if (dev->vendor_id != PCI_VENDOR_ID_INTEL) |
| 128 | continue; |
| 129 | |
Damien Zammit | f4491e7 | 2019-02-23 14:01:00 +1100 | [diff] [blame] | 130 | if (PCI_DEV_NO_ME(dev->device_id)) { |
| 131 | printf(CGRN "Good news, you have a `%s` so you have " |
| 132 | "no ME present at all, continuing...\n\n" |
| 133 | RESET, name); |
| 134 | break; |
| 135 | } else if (PCI_DEV_HAS_ME_DISABLE(dev->device_id)) { |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 136 | printf(CGRN "Good news, you have a `%s` so ME is " |
| 137 | "present but can be disabled, continuing...\n\n" |
| 138 | RESET, name); |
| 139 | break; |
| 140 | } else if (PCI_DEV_HAS_ME_DIFFICULT(dev->device_id)) { |
| 141 | printf(CRED "Bad news, you have a `%s` so you have ME " |
| 142 | "hardware on board and you can't control or " |
| 143 | "disable it, continuing...\n\n" RESET, name); |
| 144 | break; |
| 145 | } else if (PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id)) { |
| 146 | printf(CYEL "Not sure if ME hardware is present " |
| 147 | "because you have a `%s`, but it is possible to " |
| 148 | "disable it if you do, continuing...\n\n" RESET, |
| 149 | name); |
| 150 | break; |
| 151 | } else if (PCI_DEV_ME_NOT_SURE(dev->device_id)) { |
| 152 | printf(CYEL "Found `%s`. Not sure whether you have ME " |
| 153 | "hardware, exiting\n\n" RESET, name); |
| 154 | pci_cleanup(pacc); |
| 155 | return 1; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 156 | } |
| 157 | } |
| 158 | |
Huan Truong | 2a1ae05 | 2017-03-05 02:24:51 -0600 | [diff] [blame] | 159 | if (dev != NULL && |
Maximilian Schander | df5b83f | 2017-10-28 18:33:07 +0200 | [diff] [blame] | 160 | !PCI_DEV_HAS_ME_DISABLE(dev->device_id) && |
| 161 | !PCI_DEV_HAS_ME_DIFFICULT(dev->device_id) && |
| 162 | !PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id) && |
| 163 | !PCI_DEV_ME_NOT_SURE(dev->device_id)) { |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 164 | printf(CCYN "ME is not present on your board or unknown\n\n" |
| 165 | RESET); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 166 | pci_cleanup(pacc); |
| 167 | return 1; |
| 168 | } |
| 169 | |
| 170 | pci_cleanup(pacc); |
| 171 | |
| 172 | return 0; |
| 173 | } |
| 174 | |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 175 | static int activate_me(void) |
| 176 | { |
Patrick Rudolph | 0391d0b | 2018-02-01 16:14:19 +0100 | [diff] [blame] | 177 | const uint32_t rcba = get_rcba_phys(); |
| 178 | if (debug) |
| 179 | printf("RCBA addr: 0x%08x\n", rcba); |
| 180 | if (rcba > 0) { |
| 181 | if (read_rcba32(FD2, &fd2)) { |
| 182 | printf("Error reading RCBA\n"); |
| 183 | return 1; |
| 184 | } |
| 185 | if (write_rcba32(FD2, fd2 & ~0x2)) { |
| 186 | printf("Error writing RCBA\n"); |
| 187 | return 1; |
| 188 | } |
| 189 | if (debug && (fd2 & 0x2)) |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 190 | printf("MEI was hidden on PCI, now unlocked\n"); |
Patrick Rudolph | 0391d0b | 2018-02-01 16:14:19 +0100 | [diff] [blame] | 191 | else if (debug) |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 192 | printf("MEI not hidden on PCI, checking if visible\n"); |
| 193 | } |
Patrick Rudolph | 0391d0b | 2018-02-01 16:14:19 +0100 | [diff] [blame] | 194 | |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 195 | return 0; |
| 196 | } |
| 197 | |
| 198 | static void rehide_me(void) |
| 199 | { |
Patrick Rudolph | 0391d0b | 2018-02-01 16:14:19 +0100 | [diff] [blame] | 200 | const uint32_t rcba = get_rcba_phys(); |
| 201 | if (rcba > 0) { |
| 202 | if (fd2 & 0x2) { |
| 203 | if (debug) |
| 204 | printf("Re-hiding MEI device..."); |
| 205 | if (read_rcba32(FD2, &fd2)) { |
| 206 | printf("Error reading RCBA\n"); |
| 207 | return; |
| 208 | } |
| 209 | if (write_rcba32(FD2, fd2 | 0x2)) { |
| 210 | printf("Error writing RCBA\n"); |
| 211 | return; |
| 212 | } |
| 213 | if (debug) |
| 214 | printf("done\n"); |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 215 | } |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 216 | } |
| 217 | } |
| 218 | |
Maximilian Schander | df5b83f | 2017-10-28 18:33:07 +0200 | [diff] [blame] | 219 | static struct pci_dev *pci_me_interface_scan(const char **name, char *namebuf, |
| 220 | int namebuf_size) |
| 221 | { |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 222 | struct pci_access *pacc; |
| 223 | struct pci_dev *dev; |
Damien Zammit | 711a478 | 2016-04-12 20:35:16 +1000 | [diff] [blame] | 224 | int me = 0; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 225 | |
| 226 | pacc = pci_alloc(); |
| 227 | pacc->method = PCI_ACCESS_I386_TYPE1; |
| 228 | |
| 229 | pci_init(pacc); |
| 230 | pci_scan_bus(pacc); |
| 231 | |
| 232 | for (dev=pacc->devices; dev; dev=dev->next) { |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 233 | pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | |
| 234 | PCI_FILL_SIZES | PCI_FILL_CLASS); |
Youness Alaoui | e0c53af | 2017-03-31 16:21:50 -0400 | [diff] [blame] | 235 | *name = pci_lookup_name(pacc, namebuf, namebuf_size, |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 236 | PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id); |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 237 | if (dev->vendor_id != PCI_VENDOR_ID_INTEL) |
| 238 | continue; |
| 239 | |
| 240 | if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) { |
| 241 | me = 1; |
| 242 | break; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 243 | } |
| 244 | } |
| 245 | |
Damien Zammit | 711a478 | 2016-04-12 20:35:16 +1000 | [diff] [blame] | 246 | if (!me) { |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 247 | rehide_me(); |
| 248 | |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 249 | pci_cleanup(pacc); |
| 250 | return NULL; |
| 251 | } |
| 252 | |
| 253 | return dev; |
| 254 | } |
| 255 | |
Maximilian Schander | df5b83f | 2017-10-28 18:33:07 +0200 | [diff] [blame] | 256 | static void dump_me_info(void) |
| 257 | { |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 258 | struct pci_dev *dev; |
| 259 | uint32_t stat, stat2; |
Youness Alaoui | e0c53af | 2017-03-31 16:21:50 -0400 | [diff] [blame] | 260 | char namebuf[1024]; |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 261 | const char *name = NULL; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 262 | |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 263 | if (pci_platform_scan()) |
Patrick Rudolph | 0391d0b | 2018-02-01 16:14:19 +0100 | [diff] [blame] | 264 | return; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 265 | |
Youness Alaoui | e0c53af | 2017-03-31 16:21:50 -0400 | [diff] [blame] | 266 | dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf)); |
Patrick Rudolph | 0391d0b | 2018-02-01 16:14:19 +0100 | [diff] [blame] | 267 | if (!dev) { |
| 268 | if (debug) |
| 269 | printf("ME PCI device is hidden\n"); |
| 270 | |
| 271 | if (activate_me()) |
| 272 | return; |
| 273 | dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf)); |
| 274 | if (!dev) { |
| 275 | printf("Can't find ME PCI device\n"); |
| 276 | return; |
| 277 | } |
| 278 | } |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 279 | |
Youness Alaoui | b85ddc78 | 2017-04-03 14:02:04 -0400 | [diff] [blame] | 280 | if (name == NULL) |
| 281 | name = "<unknown>"; |
Maximilian Schander | df5b83f | 2017-10-28 18:33:07 +0200 | [diff] [blame] | 282 | |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 283 | printf("MEI found: [%x:%x] %s\n\n", |
| 284 | dev->vendor_id, dev->device_id, name); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 285 | stat = pci_read_long(dev, 0x40); |
| 286 | printf("ME Status : 0x%x\n", stat); |
| 287 | stat2 = pci_read_long(dev, 0x48); |
| 288 | printf("ME Status 2 : 0x%x\n\n", stat2); |
| 289 | |
| 290 | intel_me_status(stat, stat2); |
| 291 | printf("\n"); |
| 292 | intel_me_extend_valid(dev); |
| 293 | printf("\n"); |
| 294 | |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 295 | if (stat & 0xf000) |
Evgeny Zinoviev | 7c1fe4b | 2020-07-11 01:01:04 +0300 | [diff] [blame] | 296 | printf("ME: has a broken implementation on your board with " |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 297 | "this firmware\n"); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 298 | |
Patrick Rudolph | aac3b31 | 2018-02-01 16:12:47 +0100 | [diff] [blame] | 299 | if (intel_mei_setup(dev)) |
| 300 | goto out; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 301 | usleep(ME_COMMAND_DELAY); |
| 302 | mei_reset(); |
| 303 | usleep(ME_COMMAND_DELAY); |
Patrick Rudolph | aac3b31 | 2018-02-01 16:12:47 +0100 | [diff] [blame] | 304 | if (mkhi_get_fw_version(&ME_major_ver, &ME_minor_ver)) |
| 305 | goto out; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 306 | usleep(ME_COMMAND_DELAY); |
| 307 | mei_reset(); |
| 308 | usleep(ME_COMMAND_DELAY); |
Patrick Rudolph | aac3b31 | 2018-02-01 16:12:47 +0100 | [diff] [blame] | 309 | if (mkhi_get_fwcaps()) |
| 310 | goto out; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 311 | usleep(ME_COMMAND_DELAY); |
| 312 | |
Patrick Rudolph | aac3b31 | 2018-02-01 16:12:47 +0100 | [diff] [blame] | 313 | out: |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 314 | rehide_me(); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 315 | } |
| 316 | |
Pablo Stebler | 9ac91d2 | 2020-09-18 10:32:22 +0200 | [diff] [blame] | 317 | static void print_btg_bool_param(const char *name, u8 state) |
| 318 | { |
| 319 | printf("%-20s : %s\n", name, state ? "ON" : "OFF"); |
| 320 | } |
| 321 | |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 322 | static void dump_bootguard_info(void) |
| 323 | { |
| 324 | struct pci_dev *dev; |
| 325 | char namebuf[1024]; |
Patrick Rudolph | 405d2ea | 2018-02-02 14:43:28 +0100 | [diff] [blame] | 326 | const char *name = NULL; |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 327 | |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 328 | if (pci_platform_scan()) |
Patrick Rudolph | 0391d0b | 2018-02-01 16:14:19 +0100 | [diff] [blame] | 329 | return; |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 330 | |
| 331 | dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf)); |
| 332 | if (!dev) { |
Patrick Rudolph | 0391d0b | 2018-02-01 16:14:19 +0100 | [diff] [blame] | 333 | if (debug) |
| 334 | printf("ME PCI device is hidden\n"); |
| 335 | |
| 336 | if (activate_me()) |
| 337 | return; |
| 338 | dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf)); |
| 339 | if (!dev) { |
| 340 | printf("Can't find ME PCI device\n"); |
| 341 | return; |
| 342 | } |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 343 | } |
| 344 | |
Patrick Rudolph | 3df9dbe | 2017-11-25 14:43:06 +0100 | [diff] [blame] | 345 | /* ME_major_ver is zero on some platforms (Mac) */ |
| 346 | if (ME_major_ver && |
| 347 | (ME_major_ver < 9 || |
Patrick Rudolph | 405d2ea | 2018-02-02 14:43:28 +0100 | [diff] [blame] | 348 | (ME_major_ver == 9 && ME_minor_ver < 5))) { |
Paul Menzel | 7f5a1ee | 2021-12-15 10:47:05 +0100 | [diff] [blame] | 349 | printf(CGRN "Your system isn't Boot Guard ready.\n" |
Pablo Stebler | 9ac91d2 | 2020-09-18 10:32:22 +0200 | [diff] [blame] | 350 | "You can flash other firmware!\n" RESET); |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 351 | rehide_me(); |
| 352 | return; |
| 353 | } |
| 354 | |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 355 | if (pci_read_long(dev, 0x40) & 0x10) |
Pablo Stebler | 9ac91d2 | 2020-09-18 10:32:22 +0200 | [diff] [blame] | 356 | printf(CYEL "Your southbridge configuration is insecure!!\n" |
Paul Menzel | 7f5a1ee | 2021-12-15 10:47:05 +0100 | [diff] [blame] | 357 | "Boot Guard keys can be overwritten or wiped, or you are " |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 358 | "in developer mode.\n" |
| 359 | RESET); |
Patrick Rudolph | 405d2ea | 2018-02-02 14:43:28 +0100 | [diff] [blame] | 360 | rehide_me(); |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 361 | |
Pablo Stebler | 9ac91d2 | 2020-09-18 10:32:22 +0200 | [diff] [blame] | 362 | union { |
| 363 | struct { |
| 364 | u8 nem_enabled : 1; /* [ 0.. 0] */ |
| 365 | u8 tpm_type : 2; /* [ 2.. 1] */ |
| 366 | u8 tpm_success : 1; /* [ 3.. 3] */ |
| 367 | u8 facb_fpf : 1; /* [ 4.. 4] */ |
| 368 | u8 measured_boot : 1; /* [ 5.. 5] */ |
| 369 | u8 verified_boot : 1; /* [ 6.. 6] */ |
| 370 | u8 module_revoked : 1; /* [ 7.. 7] */ |
| 371 | u32 : 24; |
| 372 | u8 btg_capability : 1; /* [32..32] */ |
| 373 | u32 : 31; |
| 374 | }; |
| 375 | u64 raw; |
| 376 | } btg; |
| 377 | |
| 378 | if (msr_bootguard(&btg.raw) < 0) { |
| 379 | printf("Could not read the BOOTGUARD_SACM_INFO MSR.\n"); |
| 380 | return; |
| 381 | } |
| 382 | |
Paul Menzel | 7f5a1ee | 2021-12-15 10:47:05 +0100 | [diff] [blame] | 383 | printf("Boot Guard MSR Output : 0x%" PRIx64 "\n", btg.raw); |
Pablo Stebler | 9ac91d2 | 2020-09-18 10:32:22 +0200 | [diff] [blame] | 384 | |
| 385 | if (!btg.btg_capability) { |
Paul Menzel | 7f5a1ee | 2021-12-15 10:47:05 +0100 | [diff] [blame] | 386 | printf(CGRN "Your system isn't Boot Guard ready.\n" |
Pablo Stebler | 9ac91d2 | 2020-09-18 10:32:22 +0200 | [diff] [blame] | 387 | "You can flash other firmware!\n" RESET); |
| 388 | return; |
| 389 | } |
| 390 | |
| 391 | print_btg_bool_param("Measured boot", btg.measured_boot); |
| 392 | print_btg_bool_param("Verified boot", btg.verified_boot); |
| 393 | print_btg_bool_param("FACB in FPFs", btg.facb_fpf); |
| 394 | print_btg_bool_param("Module revoked", btg.module_revoked); |
| 395 | if (btg.measured_boot) { |
| 396 | const char *const tpm_type_strs[] = { |
| 397 | "None", |
| 398 | "TPM 1.2", |
| 399 | "TPM 2.0", |
| 400 | "PTT", |
| 401 | }; |
| 402 | printf("%-20s : %s\n", "TPM type", tpm_type_strs[btg.tpm_type]); |
| 403 | print_btg_bool_param("TPM success", btg.tpm_success); |
| 404 | } |
| 405 | if (btg.verified_boot) { |
| 406 | print_btg_bool_param("NEM enabled", btg.nem_enabled); |
| 407 | if (btg.nem_enabled) |
| 408 | printf(CRED "Verified boot is enabled and ACM has enabled " |
| 409 | "Cache-As-RAM.\nYou can't flash other firmware!\n" RESET); |
| 410 | else |
| 411 | printf(CYEL "Verified boot is enabled, but ACM did not enable " |
| 412 | "Cache-As-RAM.\nIt might be possible to flash other firmware.\n" |
| 413 | RESET); |
| 414 | } else { |
Paul Menzel | 7f5a1ee | 2021-12-15 10:47:05 +0100 | [diff] [blame] | 415 | printf(CGRN "Your system is Boot Guard ready but verified boot is disabled.\n" |
Pablo Stebler | 9ac91d2 | 2020-09-18 10:32:22 +0200 | [diff] [blame] | 416 | "You can flash other firmware!\n" RESET); |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 417 | } |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 418 | } |
| 419 | |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 420 | static void print_version(void) |
| 421 | { |
| 422 | printf("intelmetool v%s -- ", INTELMETOOL_VERSION); |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 423 | printf("Copyright (C) 2015 Damien Zammit\n"); |
| 424 | printf("Copyright (C) 2017 Philipp Deppenwiese\n"); |
| 425 | printf("Copyright (C) 2017 Patrick Rudolph\n\n"); |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 426 | printf(GPLV2COPYRIGHT); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 427 | } |
| 428 | |
| 429 | static void print_usage(const char *name) |
| 430 | { |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 431 | printf("usage: %s [-vh?smdb]\n", name); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 432 | printf("\n" |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 433 | " -v | --version: print the version\n" |
| 434 | " -h | --help: print this help\n\n" |
| 435 | " -d | --debug: enable debug output\n" |
| 436 | " -m | --me dump all me information on console\n" |
| 437 | " -b | --bootguard dump bootguard state of the platform\n" |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 438 | "\n"); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 439 | exit(1); |
| 440 | } |
| 441 | |
| 442 | int main(int argc, char *argv[]) |
| 443 | { |
| 444 | int opt, option_index = 0; |
| 445 | unsigned cmd_exec = 0; |
| 446 | |
| 447 | static struct option long_options[] = { |
| 448 | {"version", 0, 0, 'v'}, |
| 449 | {"help", 0, 0, 'h'}, |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 450 | {"me", 0, 0, 'm'}, |
| 451 | {"bootguard", 0, 0, 'b'}, |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 452 | {"debug", 0, 0, 'd'}, |
| 453 | {0, 0, 0, 0} |
| 454 | }; |
| 455 | |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 456 | while ((opt = getopt_long(argc, argv, "vh?smdb", |
| 457 | long_options, &option_index)) != EOF) { |
Maximilian Schander | df5b83f | 2017-10-28 18:33:07 +0200 | [diff] [blame] | 458 | switch (opt) { |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 459 | case 'v': |
| 460 | print_version(); |
| 461 | exit(0); |
| 462 | break; |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 463 | case 's': /* Legacy fallthrough */ |
| 464 | case 'm': |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 465 | cmd_exec = 1; |
| 466 | break; |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 467 | case 'b': |
| 468 | cmd_exec = 2; |
| 469 | break; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 470 | case 'd': |
| 471 | debug = 1; |
| 472 | break; |
| 473 | case 'h': |
| 474 | case '?': |
| 475 | default: |
| 476 | print_usage(argv[0]); |
| 477 | exit(0); |
| 478 | break; |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 479 | } |
Maximilian Schander | df5b83f | 2017-10-28 18:33:07 +0200 | [diff] [blame] | 480 | } |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 481 | |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 482 | if (!cmd_exec) |
| 483 | print_usage(argv[0]); |
| 484 | |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 485 | #if defined(__FreeBSD__) |
| 486 | if (open("/dev/io", O_RDWR) < 0) { |
| 487 | perror("/dev/io"); |
| 488 | #elif defined(__NetBSD__) |
| 489 | # ifdef __i386__ |
| 490 | if (i386_iopl(3)) { |
| 491 | perror("iopl"); |
| 492 | # else |
| 493 | if (x86_64_iopl(3)) { |
| 494 | perror("iopl"); |
| 495 | # endif |
| 496 | #else |
| 497 | if (iopl(3)) { |
| 498 | perror("iopl"); |
| 499 | #endif |
| 500 | printf("You need to be root.\n"); |
| 501 | exit(1); |
| 502 | } |
| 503 | |
| 504 | #ifndef __DARWIN__ |
Patrick Rudolph | 5e9dc37 | 2017-11-19 09:11:58 +0100 | [diff] [blame] | 505 | fd_mem = open("/dev/mem", O_RDWR); |
| 506 | if (fd_mem < 0) { |
Patrick Rudolph | ad4ddfc | 2018-02-02 15:07:09 +0100 | [diff] [blame] | 507 | perror("Can not open /dev/mem. Do you have disabled " |
| 508 | "Secure Boot ?"); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 509 | exit(1); |
| 510 | } |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 511 | |
| 512 | if (!isCPUGenuineIntel()) { |
| 513 | perror("Error CPU is not from Intel."); |
| 514 | exit(1); |
| 515 | } |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 516 | #endif |
| 517 | |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 518 | if (cmd_exec & 3) |
Maximilian Schander | df5b83f | 2017-10-28 18:33:07 +0200 | [diff] [blame] | 519 | dump_me_info(); |
Philipp Deppenwiese | 73add17 | 2016-08-26 02:10:51 +0200 | [diff] [blame] | 520 | if (cmd_exec & 2) |
| 521 | dump_bootguard_info(); |
Philipp Deppenwiese | d8fe443 | 2016-03-18 00:52:54 +0100 | [diff] [blame] | 522 | |
| 523 | return 0; |
| 524 | } |