util/intelmetool: Add bootguard information dump support

With this implementation it's possible to detect the state
of bootguard in intel based systems. Currently it's WIP and
in a testphase. Handle it with care!

Changes done:
* Add support for reading msr
* Read ME firmware version
* Print bootguard state for ME > 9.1
* Make argument -s legacy
* Add argument -b for bootguard (and ME) dumping
* Add argument -m for ME dumping
* Opt out early if CPU is non Intel

Change-Id: Ifeec8e20fa8efc35d7db4c6a84be1f118dccfc4a
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/16328
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>

1 files changed, 78 insertions, 0 deletions

diff --git a/util/intelmetool/msr.c b/util/intelmetool/msr.c
new file mode 100644
index 0000000000..1010c0e324
--- /dev/null
+++ b/util/intelmetool/msr.c
@@ -0,0 +1,78 @@
+/* intelmetool
+ *
+ * Copyright (C) 2013-2016 Philipp Deppenwiese <zaolin@das-labor.org>,
+ * Copyright (C) 2013-2016 Alexander Couzens <lynxis@fe80.eu>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "msr.h"
+
+#ifndef __DARWIN__
+static int fd_msr = 0;
+
+static uint64_t rdmsr(int addr)
+{
+	uint32_t buf[2];
+	uint64_t msr = 0;
+
+	if (lseek(fd_msr, (off_t) addr, SEEK_SET) == -1) {
+		perror("Could not lseek() to MSR");
+		close(fd_msr);
+		return -1;
+	}
+
+	if (read(fd_msr, buf, 8) == 8) {
+		msr = buf[1];
+		msr <<= 32;
+		msr |= buf[0];
+		close(fd_msr);
+		return msr;
+	}
+
+	if (errno == EIO) {
+		perror("IO error couldn't read MSR.");
+		close(fd_msr);
+		return -2;
+	}
+
+	perror("Couldn't read() MSR");
+	close(fd_msr);
+	return -1;
+}
+#endif
+
+int msr_bootguard(uint64_t *msr, int debug)
+{
+
+#ifndef __DARWIN__
+	fd_msr = open("/dev/cpu/0/msr", O_RDONLY);
+	if (fd_msr < 0) {
+		perror("Error while opening /dev/cpu/0/msr");
+		printf("Did you run 'modprobe msr'?\n");
+		return -1;
+	}
+
+	*msr = rdmsr(MSR_BOOTGUARD);
+#endif
+
+	if (!debug)
+		*msr &= ~0xff;
+
+	return 0;
+}