Stefan Reinauer ([email protected]) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/1755
-gerrit commit 7ae634a3bfa687f028271203cb6fad97826f472c Author: Stefan Reinauer <[email protected]> Date: Wed Sep 26 17:33:39 2012 -0700 ifdtool: Add locking/unlocking and dumping of access permissions ifdtool will now dump access permissions of system comonents to certain IFD sections: Found Master Section FLMSTR1: 0xffff0000 (Host CPU/BIOS) Platform Data Region Write Access: enabled GbE Region Write Access: enabled Intel ME Region Write Access: enabled Host CPU/BIOS Region Write Access: enabled Flash Descriptor Write Access: enabled Platform Data Region Read Access: enabled GbE Region Read Access: enabled Intel ME Region Read Access: enabled Host CPU/BIOS Region Read Access: enabled Flash Descriptor Read Access: enabled Requester ID: 0x0000 FLMSTR2: 0x0c0d0000 (Intel ME) Platform Data Region Write Access: disabled GbE Region Write Access: enabled Intel ME Region Write Access: enabled Host CPU/BIOS Region Write Access: disabled Flash Descriptor Write Access: disabled Platform Data Region Read Access: disabled GbE Region Read Access: enabled Intel ME Region Read Access: enabled Host CPU/BIOS Region Read Access: disabled Flash Descriptor Read Access: enabled Requester ID: 0x0000 FLMSTR3: 0x08080118 (GbE) Platform Data Region Write Access: disabled GbE Region Write Access: enabled Intel ME Region Write Access: disabled Host CPU/BIOS Region Write Access: disabled Flash Descriptor Write Access: disabled Platform Data Region Read Access: disabled GbE Region Read Access: enabled Intel ME Region Read Access: disabled Host CPU/BIOS Region Read Access: disabled Flash Descriptor Read Access: disabled Requester ID: 0x0118 Also, ifdtool -u /path/to/image will unlock the host's access to the firmware descriptor and ME region. ifdtool -l /path/to/image will lock down the host's access to the firmware descriptor and ME region. Change-Id: I3e081b80a9bcb398772416f143b794bf307b1c36 Signed-off-by: Stefan Reinauer <[email protected]> --- util/ifdtool/ifdtool.c | 108 +++++++++++++++++++++++++++++++++++++++++++------ util/ifdtool/ifdtool.h | 2 +- 2 files changed, 96 insertions(+), 14 deletions(-) diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c index 1a8bf85..7655fd4 100644 --- a/util/ifdtool/ifdtool.c +++ b/util/ifdtool/ifdtool.c @@ -200,12 +200,12 @@ static void dump_fcba(fcba_t * fcba) decode_component_density(fcba->flcomp & 7); printf("\n"); printf("FLILL 0x%08x\n", fcba->flill); - printf("FLPB 0x%08x\n", fcba->flpb); + printf("FLPB 0x%08x\n\n", fcba->flpb); } static void dump_fpsba(fpsba_t * fpsba) { - printf("\nFound PCH Strap Section\n"); + printf("Found PCH Strap Section\n"); printf("PCHSTRP0: 0x%08x\n", fpsba->pchstrp0); printf("PCHSTRP1: 0x%08x\n", fpsba->pchstrp1); printf("PCHSTRP2: 0x%08x\n", fpsba->pchstrp2); @@ -221,20 +221,51 @@ static void dump_fpsba(fpsba_t * fpsba) printf("PCHSTRP12: 0x%08x\n", fpsba->pchstrp12); printf("PCHSTRP13: 0x%08x\n", fpsba->pchstrp13); printf("PCHSTRP14: 0x%08x\n", fpsba->pchstrp14); - printf("PCHSTRP15: 0x%08x\n", fpsba->pchstrp15); + printf("PCHSTRP15: 0x%08x\n\n", fpsba->pchstrp15); +} + +static void decode_flmstr(uint32_t flmstr) +{ + printf(" Platform Data Region Write Access: %s\n", + (flmstr & (1 << 28)) ? "enabled" : "disabled"); + printf(" GbE Region Write Access: %s\n", + (flmstr & (1 << 27)) ? "enabled" : "disabled"); + printf(" Intel ME Region Write Access: %s\n", + (flmstr & (1 << 26)) ? "enabled" : "disabled"); + printf(" Host CPU/BIOS Region Write Access: %s\n", + (flmstr & (1 << 25)) ? "enabled" : "disabled"); + printf(" Flash Descriptor Write Access: %s\n", + (flmstr & (1 << 24)) ? "enabled" : "disabled"); + + printf(" Platform Data Region Read Access: %s\n", + (flmstr & (1 << 20)) ? "enabled" : "disabled"); + printf(" GbE Region Read Access: %s\n", + (flmstr & (1 << 19)) ? "enabled" : "disabled"); + printf(" Intel ME Region Read Access: %s\n", + (flmstr & (1 << 18)) ? "enabled" : "disabled"); + printf(" Host CPU/BIOS Region Read Access: %s\n", + (flmstr & (1 << 17)) ? "enabled" : "disabled"); + printf(" Flash Descriptor Read Access: %s\n", + (flmstr & (1 << 16)) ? "enabled" : "disabled"); + + printf(" Requester ID: 0x%04x\n\n", + flmstr & 0xffff); } static void dump_fmba(fmba_t * fmba) { - printf("\nFound Master Section\n"); - printf("FLMSTR1: 0x%08x\n", fmba->flmstr1); - printf("FLMSTR2: 0x%08x\n", fmba->flmstr2); - printf("FLMSTR3: 0x%08x\n", fmba->flmstr3); + printf("Found Master Section\n"); + printf("FLMSTR1: 0x%08x (Host CPU/BIOS)\n", fmba->flmstr1); + decode_flmstr(fmba->flmstr1); + printf("FLMSTR2: 0x%08x (Intel ME)\n", fmba->flmstr2); + decode_flmstr(fmba->flmstr2); + printf("FLMSTR3: 0x%08x (GbE)\n", fmba->flmstr3); + decode_flmstr(fmba->flmstr3); } static void dump_fmsba(fmsba_t * fmsba) { - printf("\nFound Processor Strap Section\n"); + printf("Found Processor Strap Section\n"); printf("????: 0x%08x\n", fmsba->data[0]); printf("????: 0x%08x\n", fmsba->data[1]); printf("????: 0x%08x\n", fmsba->data[2]); @@ -348,6 +379,31 @@ static void set_em100_mode(char *filename, char *image, int size) set_spi_frequency(filename, image, size, SPI_FREQUENCY_20MHZ); } +static void lock_descriptor(char *filename, char *image, int size) +{ + fdbar_t *fdb = find_fd(image, size); + fmba_t *fmba = (fmba_t *) (image + (((fdb->flmap1) & 0xff) << 4)); + /* TODO: Dynamically take Platform Data Region and GbE Region + * into regard. + */ + fmba->flmstr1 = 0x0a0b0000; + fmba->flmstr2 = 0x0c0d0000; + fmba->flmstr3 = 0x08080118; + + write_image(filename, image, size); +} + +static void unlock_descriptor(char *filename, char *image, int size) +{ + fdbar_t *fdb = find_fd(image, size); + fmba_t *fmba = (fmba_t *) (image + (((fdb->flmap1) & 0xff) << 4)); + fmba->flmstr1 = 0xffff0000; + fmba->flmstr2 = 0xffff0000; + fmba->flmstr3 = 0x08080118; + + write_image(filename, image, size); +} + void inject_region(char *filename, char *image, int size, int region_type, char *region_fname) { @@ -442,6 +498,8 @@ static void print_usage(const char *name) " -s | --spifreq <20|33|50> set the SPI frequency\n" " -e | --em100 set SPI frequency to 20MHz and disable\n" " Dual Output Fast Read Support\n" + " -l | --lock Lock firmware descriptor and ME region\n" + " -u | --unlock Unlock firmware descriptor and ME region\n" " -v | --version: print the version\n" " -h | --help: print this help\n\n" "<region> is one of Descriptor, BIOS, ME, GbE, Platform\n" @@ -452,7 +510,7 @@ int main(int argc, char *argv[]) { int opt, option_index = 0; int mode_dump = 0, mode_extract = 0, mode_inject = 0, mode_spifreq = 0; - int mode_em100 = 0; + int mode_em100 = 0, mode_locked = 0, mode_unlocked = 0; char *region_type_string = NULL, *region_fname = NULL; int region_type = -1, inputfreq = 0; enum spi_frequency spifreq = SPI_FREQUENCY_20MHZ; @@ -463,12 +521,14 @@ int main(int argc, char *argv[]) {"inject", 1, NULL, 'i'}, {"spifreq", 1, NULL, 's'}, {"em100", 0, NULL, 'e'}, + {"lock", 0, NULL, 'l'}, + {"unlock", 0, NULL, 'u'}, {"version", 0, NULL, 'v'}, {"help", 0, NULL, 'h'}, {0, 0, 0, 0} }; - while ((opt = getopt_long(argc, argv, "dxi:s:evh?", + while ((opt = getopt_long(argc, argv, "dxi:s:eluvh?", long_options, &option_index)) != EOF) { switch (opt) { case 'd': @@ -531,6 +591,20 @@ int main(int argc, char *argv[]) case 'e': mode_em100 = 1; break; + case 'l': + mode_locked = 1; + if (mode_unlocked == 1) { + fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n"); + exit(EXIT_FAILURE); + } + break; + case 'u': + mode_unlocked = 1; + if (mode_locked == 1) { + fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n"); + exit(EXIT_FAILURE); + } + break; case 'v': print_version(); exit(EXIT_SUCCESS); @@ -544,14 +618,16 @@ int main(int argc, char *argv[]) } } - if ((mode_dump + mode_extract + mode_inject + mode_spifreq) > 1) { - fprintf(stderr, "Only one mode allowed.\n\n"); + if ((mode_dump + mode_extract + mode_inject + + (mode_spifreq | mode_em100 | mode_unlocked | + mode_locked)) > 1) { + fprintf(stderr, "You may not specify more than one mode.\n\n"); print_usage(argv[0]); exit(EXIT_FAILURE); } if ((mode_dump + mode_extract + mode_inject + mode_spifreq + - mode_em100) == 0) { + mode_em100 + mode_locked + mode_unlocked) == 0) { fprintf(stderr, "You need to specify a mode.\n\n"); print_usage(argv[0]); exit(EXIT_FAILURE); @@ -607,6 +683,12 @@ int main(int argc, char *argv[]) if (mode_em100) set_em100_mode(filename, image, size); + if(mode_locked) + lock_descriptor(filename, image, size); + + if (mode_unlocked) + unlock_descriptor(filename, image, size); + free(image); return 0; diff --git a/util/ifdtool/ifdtool.h b/util/ifdtool/ifdtool.h index 31361df..db237a3 100644 --- a/util/ifdtool/ifdtool.h +++ b/util/ifdtool/ifdtool.h @@ -18,7 +18,7 @@ */ #include <stdint.h> -#define IFDTOOL_VERSION "1.0" +#define IFDTOOL_VERSION "1.1" enum spi_frequency { SPI_FREQUENCY_20MHZ = 0, -- coreboot mailing list: [email protected] http://www.coreboot.org/mailman/listinfo/coreboot
