util/intelmetool: Add intelmetool from Damien Zammit
The intelmetool shows information about the Intel Management Engine for different platforms. Original source code can be found under following link: https://github.com/zamaudio/intelmetool.git Change-Id: I0eb17833a21eb04cf9245a7312289a4102bec1a9 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/14136 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
This commit is contained in:
committed by
Martin Roth
parent
77e351d9d1
commit
d8fe4431ec
369
util/intelmetool/intelmetool.c
Normal file
369
util/intelmetool/intelmetool.c
Normal file
@@ -0,0 +1,369 @@
|
||||
/* intelmetool Dump interesting things about Management Engine even if hidden
|
||||
* Copyright (C) 2014 Damien Zammit <damien@zamaudio.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <inttypes.h>
|
||||
#include <stdlib.h>
|
||||
#include <getopt.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#ifdef __NetBSD__
|
||||
#include <machine/sysarch.h>
|
||||
#endif
|
||||
|
||||
#include "me.h"
|
||||
#include "mmap.h"
|
||||
#include "intelmetool.h"
|
||||
|
||||
#define FD2 0x3428
|
||||
#define ME_COMMAND_DELAY 10000
|
||||
|
||||
extern int fd_mem;
|
||||
int debug = 0;
|
||||
|
||||
static uint32_t fd2 = 0;
|
||||
static const int size = 0x4000;
|
||||
static volatile uint8_t *rcba;
|
||||
|
||||
static void dumpmem(uint8_t *phys, uint32_t size)
|
||||
{
|
||||
uint32_t i;
|
||||
printf("Dumping cloned ME memory:\n");
|
||||
for (i = 0; i < size; i++) {
|
||||
printf("%02X",*((uint8_t *) (phys + i)));
|
||||
}
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
static void zeroit(uint8_t *phys, uint32_t size)
|
||||
{
|
||||
uint32_t i;
|
||||
for (i = 0; i < size; i++) {
|
||||
*((uint8_t *) (phys + i)) = 0x00;
|
||||
}
|
||||
}
|
||||
|
||||
static void dumpmemfile(uint8_t *phys, uint32_t size)
|
||||
{
|
||||
FILE *fp = fopen("medump.bin", "w");
|
||||
uint32_t i;
|
||||
for (i = 0; i < size; i++) {
|
||||
fprintf(fp, "%c", *((uint8_t *) (phys + i)));
|
||||
}
|
||||
fclose(fp);
|
||||
}
|
||||
|
||||
static void rehide_me() {
|
||||
if (fd2 & 0x2) {
|
||||
printf("Re-hiding MEI device...");
|
||||
fd2 = *(uint32_t *)(rcba + FD2);
|
||||
*(uint32_t *)(rcba + FD2) = fd2 | 0x2;
|
||||
printf("done, ");
|
||||
}
|
||||
}
|
||||
|
||||
/* You need >4GB total ram, in kernel cmdline, use 'mem=1000m'
|
||||
* then this code will clone to absolute memory address 0xe0000000
|
||||
* which can be read using a mmap tool at that offset.
|
||||
* Real ME memory is located around top of memory minus 64MB. (I think)
|
||||
* so we avoid cloning to this part.
|
||||
*/
|
||||
static void dump_me_memory() {
|
||||
uint32_t me_clone = 0x60000000;
|
||||
uint8_t *dump;
|
||||
|
||||
dump = map_physical_exact(me_clone, me_clone, 0x2000000);
|
||||
zeroit(dump, 0x2000000);
|
||||
printf("Send magic command for memory clone\n");
|
||||
|
||||
mei_reset();
|
||||
usleep(ME_COMMAND_DELAY);
|
||||
void* ptr = &me_clone;
|
||||
int err = mkhi_debug_me_memory(ptr);
|
||||
|
||||
if (!err) {
|
||||
printf("Wait a second...");
|
||||
usleep(ME_COMMAND_DELAY);
|
||||
printf("done\n\nHere are the first bytes:\n");
|
||||
dumpmemfile(dump, 0x2000000);
|
||||
//printf("Try reading 0x%zx with other mmap tool...\n"
|
||||
// "Press enter to quit, you only get one chance to run this tool before reboot required for some reason\n", me_clone);
|
||||
while (getc(stdin) != '\n') {};
|
||||
unmap_physical(dump, 0x2000000);
|
||||
}
|
||||
}
|
||||
|
||||
static int pci_platform_scan() {
|
||||
struct pci_access *pacc;
|
||||
struct pci_dev *dev;
|
||||
char namebuf[1024], *name;
|
||||
|
||||
pacc = pci_alloc();
|
||||
pacc->method = PCI_ACCESS_I386_TYPE1;
|
||||
|
||||
pci_init(pacc);
|
||||
pci_scan_bus(pacc);
|
||||
|
||||
for (dev=pacc->devices; dev; dev=dev->next) {
|
||||
pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | PCI_FILL_SIZES | PCI_FILL_CLASS);
|
||||
name = pci_lookup_name(pacc, namebuf, sizeof(namebuf),
|
||||
PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
|
||||
if (dev->vendor_id == 0x8086) {
|
||||
if (PCI_DEV_HAS_ME_DISABLE(dev->device_id)) {
|
||||
printf(CGRN "Good news, you have a `%s` so ME is present but can be disabled, continuing...\n\n" RESET, name);
|
||||
break;
|
||||
} else if (PCI_DEV_HAS_ME_DIFFICULT(dev->device_id)) {
|
||||
printf(CRED "Bad news, you have a `%s` so you have ME hardware on board and you can't control or disable it, continuing...\n\n" RESET, name);
|
||||
break;
|
||||
} else if (PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id)) {
|
||||
printf(CYEL "Not sure if ME hardware is present because you have a `%s`, but it is possible to disable it if you do, continuing...\n\n" RESET, name);
|
||||
break;
|
||||
} else if (PCI_DEV_ME_NOT_SURE(dev->device_id)) {
|
||||
printf(CYEL "Found `%s`. Not sure whether you have ME hardware, exiting\n\n" RESET, name);
|
||||
pci_cleanup(pacc);
|
||||
return 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!PCI_DEV_HAS_ME_DISABLE(dev->device_id) &&
|
||||
!PCI_DEV_HAS_ME_DIFFICULT(dev->device_id) &&
|
||||
!PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(dev->device_id) &&
|
||||
!PCI_DEV_ME_NOT_SURE(dev->device_id)) {
|
||||
printf(CCYN "ME is not present on your board or unkown\n\n" RESET);
|
||||
pci_cleanup(pacc);
|
||||
return 1;
|
||||
}
|
||||
|
||||
pci_cleanup(pacc);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct pci_dev *pci_me_interface_scan(char **name) {
|
||||
struct pci_access *pacc;
|
||||
struct pci_dev *dev;
|
||||
char namebuf[1024];
|
||||
|
||||
pacc = pci_alloc();
|
||||
pacc->method = PCI_ACCESS_I386_TYPE1;
|
||||
|
||||
pci_init(pacc);
|
||||
pci_scan_bus(pacc);
|
||||
|
||||
for (dev=pacc->devices; dev; dev=dev->next) {
|
||||
pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | PCI_FILL_SIZES | PCI_FILL_CLASS);
|
||||
*name = pci_lookup_name(pacc, namebuf, sizeof(namebuf),
|
||||
PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
|
||||
if (dev->vendor_id == 0x8086) {
|
||||
if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) {
|
||||
rehide_me();
|
||||
|
||||
printf("MEI device not found\n");
|
||||
pci_cleanup(pacc);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return dev;
|
||||
}
|
||||
|
||||
static int activate_me() {
|
||||
struct pci_access *pacc;
|
||||
struct pci_dev *sb;
|
||||
uint32_t rcba_phys;
|
||||
|
||||
pacc = pci_alloc();
|
||||
pacc->method = PCI_ACCESS_I386_TYPE1;
|
||||
|
||||
pci_init(pacc);
|
||||
pci_scan_bus(pacc);
|
||||
|
||||
sb = pci_get_dev(pacc, 0, 0, 0x1f, 0);
|
||||
if (!sb) {
|
||||
printf("Uh oh, southbridge not on BDF(0:31:0), please report this error, exiting.\n");
|
||||
pci_cleanup(pacc);
|
||||
return 1;
|
||||
}
|
||||
pci_fill_info(sb, PCI_FILL_IDENT | PCI_FILL_BASES | PCI_FILL_SIZES | PCI_FILL_CLASS);
|
||||
|
||||
rcba_phys = pci_read_long(sb, 0xf0) & 0xfffffffe;
|
||||
rcba = map_physical(rcba_phys, size);
|
||||
|
||||
//printf("RCBA at 0x%08" PRIx32 "\n", (uint32_t)rcba_phys);
|
||||
fd2 = *(uint32_t *)(rcba + FD2);
|
||||
*(uint32_t *)(rcba + FD2) = fd2 & ~0x2;
|
||||
if (fd2 & 0x2) {
|
||||
printf("MEI was hidden on PCI, now unlocked\n");
|
||||
} else {
|
||||
printf("MEI not hidden on PCI, checking if visible\n");
|
||||
}
|
||||
|
||||
pci_cleanup(pacc);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void dump_me_info() {
|
||||
struct pci_dev *dev;
|
||||
uint32_t stat, stat2;
|
||||
char *name;
|
||||
|
||||
if (pci_platform_scan()) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
dev = pci_me_interface_scan(&name);
|
||||
if (!dev) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (activate_me()) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
printf("MEI found: [%x:%x] %s\n\n", dev->vendor_id, dev->device_id, name);
|
||||
stat = pci_read_long(dev, 0x40);
|
||||
printf("ME Status : 0x%x\n", stat);
|
||||
stat2 = pci_read_long(dev, 0x48);
|
||||
printf("ME Status 2 : 0x%x\n\n", stat2);
|
||||
|
||||
intel_me_status(stat, stat2);
|
||||
printf("\n");
|
||||
intel_me_extend_valid(dev);
|
||||
printf("\n");
|
||||
|
||||
if ((stat & 0xf000) >> 12 != 0) {
|
||||
printf("ME: has a broken implementation on your board with this BIOS\n");
|
||||
}
|
||||
|
||||
intel_mei_setup(dev);
|
||||
usleep(ME_COMMAND_DELAY);
|
||||
mei_reset();
|
||||
usleep(ME_COMMAND_DELAY);
|
||||
mkhi_get_fw_version();
|
||||
usleep(ME_COMMAND_DELAY);
|
||||
mei_reset();
|
||||
usleep(ME_COMMAND_DELAY);
|
||||
mkhi_get_fwcaps();
|
||||
usleep(ME_COMMAND_DELAY);
|
||||
|
||||
rehide_me();
|
||||
|
||||
munmap((void*)rcba, size);
|
||||
}
|
||||
|
||||
static void print_version(void)
|
||||
{
|
||||
printf("intelmetool v%s -- ", INTELMETOOL_VERSION);
|
||||
printf("Copyright (C) 2015 Damien Zammit\n\n");
|
||||
printf(
|
||||
"This program is free software: you can redistribute it and/or modify\n"
|
||||
"it under the terms of the GNU General Public License as published by\n"
|
||||
"the Free Software Foundation, version 2 of the License.\n\n"
|
||||
"This program is distributed in the hope that it will be useful,\n"
|
||||
"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
|
||||
"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
|
||||
"GNU General Public License for more details.\n\n");
|
||||
}
|
||||
|
||||
static void print_usage(const char *name)
|
||||
{
|
||||
printf("usage: %s [-vh?sd]\n", name);
|
||||
printf("\n"
|
||||
" -v | --version: print the version\n"
|
||||
" -h | --help: print this help\n\n"
|
||||
" -s | --show: dump all me information on console\n"
|
||||
" -d | --debug: enable debug output\n"
|
||||
"\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int opt, option_index = 0;
|
||||
unsigned cmd_exec = 0;
|
||||
|
||||
static struct option long_options[] = {
|
||||
{"version", 0, 0, 'v'},
|
||||
{"help", 0, 0, 'h'},
|
||||
{"show", 0, 0, 's'},
|
||||
{"debug", 0, 0, 'd'},
|
||||
{0, 0, 0, 0}
|
||||
};
|
||||
|
||||
while ((opt = getopt_long(argc, argv, "vh?sd",
|
||||
long_options, &option_index)) != EOF) {
|
||||
switch (opt) {
|
||||
case 'v':
|
||||
print_version();
|
||||
exit(0);
|
||||
break;
|
||||
case 's':
|
||||
cmd_exec = 1;
|
||||
break;
|
||||
case 'd':
|
||||
debug = 1;
|
||||
break;
|
||||
case 'h':
|
||||
case '?':
|
||||
default:
|
||||
print_usage(argv[0]);
|
||||
exit(0);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(__FreeBSD__)
|
||||
if (open("/dev/io", O_RDWR) < 0) {
|
||||
perror("/dev/io");
|
||||
#elif defined(__NetBSD__)
|
||||
# ifdef __i386__
|
||||
if (i386_iopl(3)) {
|
||||
perror("iopl");
|
||||
# else
|
||||
if (x86_64_iopl(3)) {
|
||||
perror("iopl");
|
||||
# endif
|
||||
#else
|
||||
if (iopl(3)) {
|
||||
perror("iopl");
|
||||
#endif
|
||||
printf("You need to be root.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
#ifndef __DARWIN__
|
||||
if ((fd_mem = open("/dev/mem", O_RDWR)) < 0) {
|
||||
perror("Can not open /dev/mem");
|
||||
exit(1);
|
||||
}
|
||||
#endif
|
||||
|
||||
switch(cmd_exec) {
|
||||
case 1:
|
||||
dump_me_info();
|
||||
break;
|
||||
default:
|
||||
print_usage(argv[0]);
|
||||
break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
Reference in New Issue
Block a user