diff options
| author | Philipp Deppenwiese <zaolin@das-labor.org> | 2016-08-26 02:10:51 +0200 |
|---|---|---|
| committer | Patrick Rudolph <siro@das-labor.org> | 2017-11-25 12:59:54 +0000 |
| commit | 73add175cd866a5acd2bddb662080d6b03179d8b (patch) | |
| tree | 55dbfd0fb2986ea4874d13c7459a4ff04e5aad3c /util/intelmetool/intelmetool.h | |
| parent | 5e9dc37818a017fd5cccba65b9268d715e414380 (diff) | |
util/intelmetool: Add bootguard information dump support
With this implementation it's possible to detect the state
of bootguard in intel based systems. Currently it's WIP and
in a testphase. Handle it with care!
Changes done:
* Add support for reading msr
* Read ME firmware version
* Print bootguard state for ME > 9.1
* Make argument -s legacy
* Add argument -b for bootguard (and ME) dumping
* Add argument -m for ME dumping
* Opt out early if CPU is non Intel
Change-Id: Ifeec8e20fa8efc35d7db4c6a84be1f118dccfc4a
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/16328
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Diffstat (limited to 'util/intelmetool/intelmetool.h')
| -rw-r--r-- | util/intelmetool/intelmetool.h | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/util/intelmetool/intelmetool.h b/util/intelmetool/intelmetool.h index 874df16a0f..49f053717d 100644 --- a/util/intelmetool/intelmetool.h +++ b/util/intelmetool/intelmetool.h @@ -22,7 +22,7 @@ #define ME_PRESENT_CAN_DISABLE 4 #define ME_PRESENT_CANNOT_DISABLE 5 -#define INTELMETOOL_VERSION "1.0" +#define INTELMETOOL_VERSION "1.1" #define GPLV2COPYRIGHT \ "This program is free software: you can redistribute it and/or modify\n" \ @@ -57,7 +57,17 @@ #define CWHT "\x1B[37m" #define RESET "\033[0m" +#define CPU_ID_SIZE 13 +#define FD2 0x3428 +#define ME_COMMAND_DELAY 10000 +#define ME_MESSAGE_LEN 256 + extern int debug; +static inline void print_cap(const char *name, int state) +{ + printf("ME Capability: %-30s : %s\n", + name, state ? CRED "ON" RESET : CGRN "OFF" RESET); +} #define PCI_VENDOR_ID_INTEL 0x8086 @@ -295,3 +305,13 @@ extern int debug; ((x) == PCI_DEVICE_ID_INTEL_SUNRISE_H1) || \ ((x) == PCI_DEVICE_ID_INTEL_SUNRISE_H2) || \ ((x) == PCI_DEVICE_ID_INTEL_SUNRISE_LP)) + +#define BOOTGUARD_DISABLED 0x400000000 +#define BOOTGUARD_ENABLED_VERIFIED_MODE 0x100000000 +#define BOOTGUARD_ENABLED_MEASUREMENT_MODE 0x200000000 +#define BOOTGUARD_ENABLED_COMBI_MODE 0x300000000 +#define BOOTGUARD_CAPABILITY(x) ( \ + ((x) == BOOTGUARD_DISABLED) || \ + ((x) == BOOTGUARD_ENABLED_VERIFIED_MODE) || \ + ((x) == BOOTGUARD_ENABLED_MEASUREMENT_MODE) || \ + ((x) == BOOTGUARD_ENABLED_COMBI_MODE)) |