diff options
author | Stefan Reinauer <reinauer@chromium.org> | 2012-09-26 17:33:39 -0700 |
---|---|---|
committer | Stefan Reinauer <stefan.reinauer@coreboot.org> | 2012-11-09 18:59:42 +0100 |
commit | 3c53d33c780f67666e9f8645fd87035d42bfb947 (patch) | |
tree | 53fd3366c236c2a58db9f6e0711094f4e9bf250e | |
parent | 0e6d0edccea45c4dd8e3d7af25b3667330433699 (diff) |
ifdtool: Add locking/unlocking and dumping of access permissions
ifdtool will now dump access permissions of system comonents to
certain IFD sections:
Found Master Section
FLMSTR1: 0xffff0000 (Host CPU/BIOS)
Platform Data Region Write Access: enabled
GbE Region Write Access: enabled
Intel ME Region Write Access: enabled
Host CPU/BIOS Region Write Access: enabled
Flash Descriptor Write Access: enabled
Platform Data Region Read Access: enabled
GbE Region Read Access: enabled
Intel ME Region Read Access: enabled
Host CPU/BIOS Region Read Access: enabled
Flash Descriptor Read Access: enabled
Requester ID: 0x0000
FLMSTR2: 0x0c0d0000 (Intel ME)
Platform Data Region Write Access: disabled
GbE Region Write Access: enabled
Intel ME Region Write Access: enabled
Host CPU/BIOS Region Write Access: disabled
Flash Descriptor Write Access: disabled
Platform Data Region Read Access: disabled
GbE Region Read Access: enabled
Intel ME Region Read Access: enabled
Host CPU/BIOS Region Read Access: disabled
Flash Descriptor Read Access: enabled
Requester ID: 0x0000
FLMSTR3: 0x08080118 (GbE)
Platform Data Region Write Access: disabled
GbE Region Write Access: enabled
Intel ME Region Write Access: disabled
Host CPU/BIOS Region Write Access: disabled
Flash Descriptor Write Access: disabled
Platform Data Region Read Access: disabled
GbE Region Read Access: enabled
Intel ME Region Read Access: disabled
Host CPU/BIOS Region Read Access: disabled
Flash Descriptor Read Access: disabled
Requester ID: 0x0118
Also, ifdtool -u /path/to/image will unlock the host's
access to the firmware descriptor and ME region.
ifdtool -l /path/to/image will lock down the host's
access to the firmware descriptor and ME region.
Change-Id: I3e081b80a9bcb398772416f143b794bf307b1c36
Signed-off-by: Stefan Reinauer <reinauer@google.com>
Reviewed-on: http://review.coreboot.org/1755
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
Tested-by: build bot (Jenkins)
-rw-r--r-- | util/ifdtool/ifdtool.c | 108 | ||||
-rw-r--r-- | util/ifdtool/ifdtool.h | 2 |
2 files changed, 96 insertions, 14 deletions
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c index 1a8bf85059..7655fd4dce 100644 --- a/util/ifdtool/ifdtool.c +++ b/util/ifdtool/ifdtool.c @@ -200,12 +200,12 @@ static void dump_fcba(fcba_t * fcba) decode_component_density(fcba->flcomp & 7); printf("\n"); printf("FLILL 0x%08x\n", fcba->flill); - printf("FLPB 0x%08x\n", fcba->flpb); + printf("FLPB 0x%08x\n\n", fcba->flpb); } static void dump_fpsba(fpsba_t * fpsba) { - printf("\nFound PCH Strap Section\n"); + printf("Found PCH Strap Section\n"); printf("PCHSTRP0: 0x%08x\n", fpsba->pchstrp0); printf("PCHSTRP1: 0x%08x\n", fpsba->pchstrp1); printf("PCHSTRP2: 0x%08x\n", fpsba->pchstrp2); @@ -221,20 +221,51 @@ static void dump_fpsba(fpsba_t * fpsba) printf("PCHSTRP12: 0x%08x\n", fpsba->pchstrp12); printf("PCHSTRP13: 0x%08x\n", fpsba->pchstrp13); printf("PCHSTRP14: 0x%08x\n", fpsba->pchstrp14); - printf("PCHSTRP15: 0x%08x\n", fpsba->pchstrp15); + printf("PCHSTRP15: 0x%08x\n\n", fpsba->pchstrp15); +} + +static void decode_flmstr(uint32_t flmstr) +{ + printf(" Platform Data Region Write Access: %s\n", + (flmstr & (1 << 28)) ? "enabled" : "disabled"); + printf(" GbE Region Write Access: %s\n", + (flmstr & (1 << 27)) ? "enabled" : "disabled"); + printf(" Intel ME Region Write Access: %s\n", + (flmstr & (1 << 26)) ? "enabled" : "disabled"); + printf(" Host CPU/BIOS Region Write Access: %s\n", + (flmstr & (1 << 25)) ? "enabled" : "disabled"); + printf(" Flash Descriptor Write Access: %s\n", + (flmstr & (1 << 24)) ? "enabled" : "disabled"); + + printf(" Platform Data Region Read Access: %s\n", + (flmstr & (1 << 20)) ? "enabled" : "disabled"); + printf(" GbE Region Read Access: %s\n", + (flmstr & (1 << 19)) ? "enabled" : "disabled"); + printf(" Intel ME Region Read Access: %s\n", + (flmstr & (1 << 18)) ? "enabled" : "disabled"); + printf(" Host CPU/BIOS Region Read Access: %s\n", + (flmstr & (1 << 17)) ? "enabled" : "disabled"); + printf(" Flash Descriptor Read Access: %s\n", + (flmstr & (1 << 16)) ? "enabled" : "disabled"); + + printf(" Requester ID: 0x%04x\n\n", + flmstr & 0xffff); } static void dump_fmba(fmba_t * fmba) { - printf("\nFound Master Section\n"); - printf("FLMSTR1: 0x%08x\n", fmba->flmstr1); - printf("FLMSTR2: 0x%08x\n", fmba->flmstr2); - printf("FLMSTR3: 0x%08x\n", fmba->flmstr3); + printf("Found Master Section\n"); + printf("FLMSTR1: 0x%08x (Host CPU/BIOS)\n", fmba->flmstr1); + decode_flmstr(fmba->flmstr1); + printf("FLMSTR2: 0x%08x (Intel ME)\n", fmba->flmstr2); + decode_flmstr(fmba->flmstr2); + printf("FLMSTR3: 0x%08x (GbE)\n", fmba->flmstr3); + decode_flmstr(fmba->flmstr3); } static void dump_fmsba(fmsba_t * fmsba) { - printf("\nFound Processor Strap Section\n"); + printf("Found Processor Strap Section\n"); printf("????: 0x%08x\n", fmsba->data[0]); printf("????: 0x%08x\n", fmsba->data[1]); printf("????: 0x%08x\n", fmsba->data[2]); @@ -348,6 +379,31 @@ static void set_em100_mode(char *filename, char *image, int size) set_spi_frequency(filename, image, size, SPI_FREQUENCY_20MHZ); } +static void lock_descriptor(char *filename, char *image, int size) +{ + fdbar_t *fdb = find_fd(image, size); + fmba_t *fmba = (fmba_t *) (image + (((fdb->flmap1) & 0xff) << 4)); + /* TODO: Dynamically take Platform Data Region and GbE Region + * into regard. + */ + fmba->flmstr1 = 0x0a0b0000; + fmba->flmstr2 = 0x0c0d0000; + fmba->flmstr3 = 0x08080118; + + write_image(filename, image, size); +} + +static void unlock_descriptor(char *filename, char *image, int size) +{ + fdbar_t *fdb = find_fd(image, size); + fmba_t *fmba = (fmba_t *) (image + (((fdb->flmap1) & 0xff) << 4)); + fmba->flmstr1 = 0xffff0000; + fmba->flmstr2 = 0xffff0000; + fmba->flmstr3 = 0x08080118; + + write_image(filename, image, size); +} + void inject_region(char *filename, char *image, int size, int region_type, char *region_fname) { @@ -442,6 +498,8 @@ static void print_usage(const char *name) " -s | --spifreq <20|33|50> set the SPI frequency\n" " -e | --em100 set SPI frequency to 20MHz and disable\n" " Dual Output Fast Read Support\n" + " -l | --lock Lock firmware descriptor and ME region\n" + " -u | --unlock Unlock firmware descriptor and ME region\n" " -v | --version: print the version\n" " -h | --help: print this help\n\n" "<region> is one of Descriptor, BIOS, ME, GbE, Platform\n" @@ -452,7 +510,7 @@ int main(int argc, char *argv[]) { int opt, option_index = 0; int mode_dump = 0, mode_extract = 0, mode_inject = 0, mode_spifreq = 0; - int mode_em100 = 0; + int mode_em100 = 0, mode_locked = 0, mode_unlocked = 0; char *region_type_string = NULL, *region_fname = NULL; int region_type = -1, inputfreq = 0; enum spi_frequency spifreq = SPI_FREQUENCY_20MHZ; @@ -463,12 +521,14 @@ int main(int argc, char *argv[]) {"inject", 1, NULL, 'i'}, {"spifreq", 1, NULL, 's'}, {"em100", 0, NULL, 'e'}, + {"lock", 0, NULL, 'l'}, + {"unlock", 0, NULL, 'u'}, {"version", 0, NULL, 'v'}, {"help", 0, NULL, 'h'}, {0, 0, 0, 0} }; - while ((opt = getopt_long(argc, argv, "dxi:s:evh?", + while ((opt = getopt_long(argc, argv, "dxi:s:eluvh?", long_options, &option_index)) != EOF) { switch (opt) { case 'd': @@ -531,6 +591,20 @@ int main(int argc, char *argv[]) case 'e': mode_em100 = 1; break; + case 'l': + mode_locked = 1; + if (mode_unlocked == 1) { + fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n"); + exit(EXIT_FAILURE); + } + break; + case 'u': + mode_unlocked = 1; + if (mode_locked == 1) { + fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n"); + exit(EXIT_FAILURE); + } + break; case 'v': print_version(); exit(EXIT_SUCCESS); @@ -544,14 +618,16 @@ int main(int argc, char *argv[]) } } - if ((mode_dump + mode_extract + mode_inject + mode_spifreq) > 1) { - fprintf(stderr, "Only one mode allowed.\n\n"); + if ((mode_dump + mode_extract + mode_inject + + (mode_spifreq | mode_em100 | mode_unlocked | + mode_locked)) > 1) { + fprintf(stderr, "You may not specify more than one mode.\n\n"); print_usage(argv[0]); exit(EXIT_FAILURE); } if ((mode_dump + mode_extract + mode_inject + mode_spifreq + - mode_em100) == 0) { + mode_em100 + mode_locked + mode_unlocked) == 0) { fprintf(stderr, "You need to specify a mode.\n\n"); print_usage(argv[0]); exit(EXIT_FAILURE); @@ -607,6 +683,12 @@ int main(int argc, char *argv[]) if (mode_em100) set_em100_mode(filename, image, size); + if(mode_locked) + lock_descriptor(filename, image, size); + + if (mode_unlocked) + unlock_descriptor(filename, image, size); + free(image); return 0; diff --git a/util/ifdtool/ifdtool.h b/util/ifdtool/ifdtool.h index 31361df9bf..db237a3bf2 100644 --- a/util/ifdtool/ifdtool.h +++ b/util/ifdtool/ifdtool.h @@ -18,7 +18,7 @@ */ #include <stdint.h> -#define IFDTOOL_VERSION "1.0" +#define IFDTOOL_VERSION "1.1" enum spi_frequency { SPI_FREQUENCY_20MHZ = 0, |