Re: WOL support for bge driver
On Sun, May 17, 2015 at 07:51:03PM +0200, Alessandro DE LAURENZIS wrote:
Folks,
I discussed this topic with stsp@ some months ago, without doing a real
follow-up.
The bge driver lacks WOL support in the official tree, but a first
version of the needed modifications were ready since OBSD 5.4 (see [1]).
I reviewed the patches and made them compatible with the 5.7 branch
(hoping that they are still applicable to -current), adding also a note
into the man page.
I tested them with my DELL Latitude D810 and can confirm that WOL is
perfectly working, without introducing any regressions.
Hope Stefan or someone else is interested in committing this code (after
the necessary review, of course).
All the best
[1] http://marc.info/?l=openbsd-miscm=139848956915604w=2
AFAIK, the idea was to always leave WOL disabled if ASF is enabled
because ASF is not considered trustworthy. ASF is essentially an
embedded OS running on the bge card's processor able to access memory
of the host system. It's the precursor of Intel AMT. There are concerns
the OS running the WOL logic inside bge cards can be exploited by attackers
to take over a machine. So it's deemed safer to leave WOL disabled.
It seems the patch does not detect ASF on your bge card since WoL works
for you. However, it's unclear to me whether the patch is even able to
reliably detect the presence of ASF in general.
OTOH, many laptops nowadays ship with Intel AMT and suffer the same issue
or worse. Yet we still run on them. Current AMT versions have an attack
surface that dwarfs ASF's. Perhaps this is a lost cause and we'll simply
have to accept that a lot of hardware is insecure by design.
This picture illustrates the specific horrors of ASF/AMT:
https://software.intel.com/sites/default/files/71/eb/mngstages.jpg
The functionality we want is in the column labeled WfM. Yet we run a risk
of exposing all sorts of other crap if we enable WoL on modern hardware.
A minimal attack surface was clearly not one of the design goals.
Rather, hardware manufacturers leave users exposed to bugs that in most
cases cannot be patched.
You probably don't care about any of this and just want the feature to
work. That's understandable. But I don't think the project as a whole
has made a decision about this problem yet. So far we've erred on the
side of caution where possible and refrained from adding knobs that are
known to enable this sort of thing (one exception being the
console-over-Ethernet feature of AMT which is supported).
--- ./brgphyreg.h.origSun Jan 13 06:40:05 2013
+++ ./brgphyreg.h Sun May 17 17:22:32 2015
@@ -206,6 +206,7 @@
#define BRGPHY_AUXCTL_TX_TST 0x0400 /* TX test, always 1 */
#define BRGPHY_AUXCTL_DIS_PRF0x0080 /* dis part resp filter */
#define BRGPHY_AUXCTL_DIAG_MODE 0x0004 /* Diagnostic mode */
+#define BRGPHY_AUXCTL_WOL_ENBL 0x000A /* Enable WOL */
#define BRGPHY_MII_AUXSTS0x19/* AUX status */
#define BRGPHY_AUXSTS_ACOMP 0x8000 /* autoneg complete */
--- ./if_bge.c.orig Mon Feb 9 10:51:16 2015
+++ ./if_bge.cSun May 17 17:23:20 2015
@@ -199,6 +199,10 @@
void bge_stop_fw(struct bge_softc *, int);
void bge_reset(struct bge_softc *);
void bge_link_upd(struct bge_softc *);
+#ifndef SMALL_KERNEL
+int bge_wol(struct ifnet *, int);
+void bge_wol_power(struct bge_softc *);
+#endif
void bge_ape_lock_init(struct bge_softc *);
void bge_ape_read_fw_ver(struct bge_softc *);
@@ -3079,6 +3083,35 @@
CSR_WRITE_4(sc, BGE_MSI_MODE, CSR_READ_4(sc, BGE_MSI_MODE)
~BGE_MSIMODE_ONE_SHOT_DISABLE);
+ #ifndef SMALL_KERNEL
+ if (hwcfg BGE_HWCFG_NO_GPIO2)
+ sc-bge_flags |= BGE_NO_GPIO2;
+
+ if (BGE_ASICREV(sc-bge_chipid) != BGE_ASICREV_BCM5700) {
+ /* Check if ASF is enabled. */
+ if (!(sc-bge_flags BGE_NO_EEPROM)) {
+ if (bge_read_eeprom(sc, (caddr_t)hwcfg,
+ BGE_EE_FEATURE_CFG_OFFSET, sizeof(hwcfg)) == 0) {
+ hwcfg = ntohl(hwcfg);
+ if (hwcfg BGE_HWCFG_ASF)
+ sc-bge_flags |= BGE_ASF_MODE;
+ }
+ } else if (hwcfg BGE_HWCFG_ASF) {
+ sc-bge_flags |= BGE_ASF_MODE;
+ }
+ }
+
+ /* Allow WoL if ASF is unsupported or disabled. */
+ if (!(sc-bge_flags BGE_ASF_MODE)) {
+ ifp-if_capabilities |= IFCAP_WOL;
+ ifp-if_wol = bge_wol;
+
+ /* This heuristic matches the Linux driver. */
+ if (!(hwcfg BGE_HWCFG_EEPROM_WRITE_PROTECT))
+ sc-bge_flags |= BGE_WOL_NEEDS_VAUX;
+ }
+ #endif
+
/* Hookup IRQ last. */
DPRINTFN(5, (pci_intr_establish\n));
sc-bge_intrhand = pci_intr_establish(pc, ih, IPL_NET, bge_intr, sc,
@@ -3174,11 +3207,22 @@
rv
Re: WOL support for bge driver
Date: Mon, 18 May 2015 10:47:01 +0200 From: Stefan Sperling s...@openbsd.org OTOH, many laptops nowadays ship with Intel AMT and suffer the same issue or worse. Yet we still run on them. Current AMT versions have an attack surface that dwarfs ASF's. Perhaps this is a lost cause and we'll simply have to accept that a lot of hardware is insecure by design. This is getting a bit off-topic, but so far the laptops I've seen had Intel AMT disabled by default. Not sure of that means that the firmware isn't running or that it just doesn't respond to network packets.
Re: WOL support for bge driver
On 2015/05/18 11:54, Mark Kettenis wrote: Date: Mon, 18 May 2015 10:47:01 +0200 From: Stefan Sperling s...@openbsd.org OTOH, many laptops nowadays ship with Intel AMT and suffer the same issue or worse. Yet we still run on them. Current AMT versions have an attack surface that dwarfs ASF's. Perhaps this is a lost cause and we'll simply have to accept that a lot of hardware is insecure by design. This is getting a bit off-topic, but so far the laptops I've seen had Intel AMT disabled by default. Not sure of that means that the firmware isn't running or that it just doesn't respond to network packets. Somewhat relevant: on a machine with a management-capable nic, you can do this: # nc -l -u -vvv 623 then on another machine: $ nc -u ip_addr 623 and start typing. If it doesn't show up on the first machine, the firmware is stealing packets.
Re: WOL support for bge driver
Actually, ASF is so horribly bad. So years ago we did make a decision to avoid it. WOL is not enough cause for enabling ASF.
WOL support for bge driver
Folks,
I discussed this topic with stsp@ some months ago, without doing a real
follow-up.
The bge driver lacks WOL support in the official tree, but a first
version of the needed modifications were ready since OBSD 5.4 (see [1]).
I reviewed the patches and made them compatible with the 5.7 branch
(hoping that they are still applicable to -current), adding also a note
into the man page.
I tested them with my DELL Latitude D810 and can confirm that WOL is
perfectly working, without introducing any regressions.
Hope Stefan or someone else is interested in committing this code (after
the necessary review, of course).
All the best
[1] http://marc.info/?l=openbsd-miscm=139848956915604w=2
--- ./brgphyreg.h.orig Sun Jan 13 06:40:05 2013
+++ ./brgphyreg.h Sun May 17 17:22:32 2015
@@ -206,6 +206,7 @@
#define BRGPHY_AUXCTL_TX_TST 0x0400 /* TX test, always 1 */
#define BRGPHY_AUXCTL_DIS_PRF 0x0080 /* dis part resp filter */
#define BRGPHY_AUXCTL_DIAG_MODE0x0004 /* Diagnostic mode */
+#define BRGPHY_AUXCTL_WOL_ENBL 0x000A /* Enable WOL */
#define BRGPHY_MII_AUXSTS 0x19/* AUX status */
#define BRGPHY_AUXSTS_ACOMP0x8000 /* autoneg complete */
--- ./if_bge.c.orig Mon Feb 9 10:51:16 2015
+++ ./if_bge.c Sun May 17 17:23:20 2015
@@ -199,6 +199,10 @@
void bge_stop_fw(struct bge_softc *, int);
void bge_reset(struct bge_softc *);
void bge_link_upd(struct bge_softc *);
+#ifndef SMALL_KERNEL
+int bge_wol(struct ifnet *, int);
+void bge_wol_power(struct bge_softc *);
+#endif
void bge_ape_lock_init(struct bge_softc *);
void bge_ape_read_fw_ver(struct bge_softc *);
@@ -3079,6 +3083,35 @@
CSR_WRITE_4(sc, BGE_MSI_MODE, CSR_READ_4(sc, BGE_MSI_MODE)
~BGE_MSIMODE_ONE_SHOT_DISABLE);
+ #ifndef SMALL_KERNEL
+ if (hwcfg BGE_HWCFG_NO_GPIO2)
+ sc-bge_flags |= BGE_NO_GPIO2;
+
+ if (BGE_ASICREV(sc-bge_chipid) != BGE_ASICREV_BCM5700) {
+ /* Check if ASF is enabled. */
+ if (!(sc-bge_flags BGE_NO_EEPROM)) {
+ if (bge_read_eeprom(sc, (caddr_t)hwcfg,
+ BGE_EE_FEATURE_CFG_OFFSET, sizeof(hwcfg)) == 0) {
+ hwcfg = ntohl(hwcfg);
+ if (hwcfg BGE_HWCFG_ASF)
+ sc-bge_flags |= BGE_ASF_MODE;
+ }
+ } else if (hwcfg BGE_HWCFG_ASF) {
+ sc-bge_flags |= BGE_ASF_MODE;
+ }
+ }
+
+ /* Allow WoL if ASF is unsupported or disabled. */
+ if (!(sc-bge_flags BGE_ASF_MODE)) {
+ ifp-if_capabilities |= IFCAP_WOL;
+ ifp-if_wol = bge_wol;
+
+ /* This heuristic matches the Linux driver. */
+ if (!(hwcfg BGE_HWCFG_EEPROM_WRITE_PROTECT))
+ sc-bge_flags |= BGE_WOL_NEEDS_VAUX;
+ }
+ #endif
+
/* Hookup IRQ last. */
DPRINTFN(5, (pci_intr_establish\n));
sc-bge_intrhand = pci_intr_establish(pc, ih, IPL_NET, bge_intr, sc,
@@ -3174,11 +3207,22 @@
rv = config_activate_children(self, act);
if (ifp-if_flags IFF_RUNNING)
bge_stop(sc);
+ #ifndef SMALL_KERNEL
+ bge_wol_power(sc);
+ #endif
break;
case DVACT_RESUME:
if (ifp-if_flags IFF_UP)
bge_init(sc);
break;
+ case DVACT_POWERDOWN:
+ rv = config_activate_children(self, act);
+ if (ifp-if_flags IFF_RUNNING)
+ bge_stop(sc);
+ #ifndef SMALL_KERNEL
+ bge_wol_power(sc);
+ #endif
+ break;
default:
rv = config_activate_children(self, act);
break;
@@ -4783,3 +4827,177 @@
BGE_MACSTAT_CFG_CHANGED|BGE_MACSTAT_MI_COMPLETE|
BGE_MACSTAT_LINK_CHANGED);
}
+
+#ifndef SMALL_KERNEL
+int
+bge_wol(struct ifnet *ifp, int enable)
+{
+ struct bge_softc *sc = ifp-if_softc;
+
+ if (enable)
+ sc-bge_flags |= BGE_WOL;
+ else
+ sc-bge_flags = ~BGE_WOL;
+
+ return (0);
+}
+
+void
+bge_wol_power(struct bge_softc *sc)
+{
+ struct ifnet *ifp = sc-arpcom.ac_if;
+ struct pci_attach_args *pa = sc-bge_pa;
+ pcireg_t pcireg;
+ int s, offset, if_flags;
+ u_int32_t reg;
+
+ if (!(sc-bge_flags BGE_WOL))
+ return;
+
+ s = splnet();
+
+ /*
+* In case the interface was never up we need to init the
+* chip for WOL to work.
+* XXX Need a smaller hammer than bge_init()/bge_stop().
+*/
+ bge_init(sc);
+
+ /* Tell the firmware we're taking control of WOL. */
+ bge_writemem_ind(sc, BGE_SOFTWARE_GENCOMM_WOL, BGE_MAGIC_WOL_NUMBER);
+ DELAY(100
wol support for bge
The reason we don't enable WOL with bge cards is that they contain
ASF firmware support which should not be exposed to untrusted traffic,
so it's safer to power down bge devices altogether on power down.
Since all bges except the rare 5700 version support ASF, this currently
means no WOL support for bge cards at all.
(If you want to know what's so bad about ASF, search the net for
security problems with intel AMT -- ASF is a precursor to this.)
Apparently there is an eeprom configuration bit that tells us
if ASF is enabled or not. Can we trust this bit?
If we decide that the bit is trustworthy enough, we could allow
users to enable wol for bge cards as long as ASF is disabled
(yet I'd still want a warning in the man page).
The diff below tries to do this. I don't have any hardware to test
with so I'd be delighted if some bge owners could give this a spin.
If this doesn't make wol work and the problem can't be fixed, then
we can skip the entire ASF discussion anyway.
To test this:
- recompile your kernel with the below diff
- reboot
- run 'ifconfig bge0 wol'
- run 'shutdown -hp now'
- try to send a magic packet from another machine with 'arp -W MAC_ADDR'
and hope for the bge box to power back up
If it doesn't work, please check your BIOS for WOL and ASF-related
configuration settings and check if tweaking them helps.
Thanks.
Index: mii/brgphyreg.h
===
RCS file: /cvs/src/sys/dev/mii/brgphyreg.h,v
retrieving revision 1.16
diff -u -p -r1.16 brgphyreg.h
--- mii/brgphyreg.h 13 Jan 2013 05:40:05 - 1.16
+++ mii/brgphyreg.h 23 Apr 2014 14:11:06 -
@@ -206,6 +206,7 @@
#define BRGPHY_AUXCTL_TX_TST 0x0400 /* TX test, always 1 */
#define BRGPHY_AUXCTL_DIS_PRF 0x0080 /* dis part resp filter */
#define BRGPHY_AUXCTL_DIAG_MODE0x0004 /* Diagnostic mode */
+#define BRGPHY_AUXCTL_WOL_ENBL 0x000A /* Enable WOL */
#define BRGPHY_MII_AUXSTS 0x19/* AUX status */
#define BRGPHY_AUXSTS_ACOMP0x8000 /* autoneg complete */
Index: pci/if_bge.c
===
RCS file: /cvs/src/sys/dev/pci/if_bge.c,v
retrieving revision 1.353
diff -u -p -r1.353 if_bge.c
--- pci/if_bge.c24 Feb 2014 20:00:48 - 1.353
+++ pci/if_bge.c23 Apr 2014 15:33:54 -
@@ -202,6 +202,10 @@ void bge_sig_pre_reset(struct bge_softc
void bge_stop_fw(struct bge_softc *, int);
void bge_reset(struct bge_softc *);
void bge_link_upd(struct bge_softc *);
+#ifndef SMALL_KERNEL
+int bge_wol(struct ifnet *, int);
+void bge_wol_power(struct bge_softc *);
+#endif
void bge_ape_lock_init(struct bge_softc *);
void bge_ape_read_fw_ver(struct bge_softc *);
@@ -3064,6 +3068,35 @@ bge_attach(struct device *parent, struct
if (BGE_IS_5755_PLUS(sc) sc-bge_flags BGE_MSI)
CSR_WRITE_4(sc, BGE_MSI_MODE, CSR_READ_4(sc, BGE_MSI_MODE)
~BGE_MSIMODE_ONE_SHOT_DISABLE);
+
+#ifndef SMALL_KERNEL
+ if (hwcfg BGE_HWCFG_NO_GPIO2)
+ sc-bge_flags |= BGE_NO_GPIO2;
+
+ if (BGE_ASICREV(sc-bge_chipid) != BGE_ASICREV_BCM5700) {
+ /* Check if ASF is enabled. */
+ if (!(sc-bge_flags BGE_NO_EEPROM)) {
+ if (bge_read_eeprom(sc, (caddr_t)hwcfg,
+ BGE_EE_FEATURE_CFG_OFFSET, sizeof(hwcfg)) == 0) {
+ hwcfg = ntohl(hwcfg);
+ if (hwcfg BGE_HWCFG_ASF)
+ sc-bge_flags |= BGE_ASF_MODE;
+ }
+ } else if (hwcfg BGE_HWCFG_ASF) {
+ sc-bge_flags |= BGE_ASF_MODE;
+ }
+ }
+
+ /* Allow WoL if ASF is unsupported or disabled. */
+ if (!(sc-bge_flags BGE_ASF_MODE)) {
+ ifp-if_capabilities |= IFCAP_WOL;
+ ifp-if_wol = bge_wol;
+
+ /* This heuristic matches the Linux driver. */
+ if (!(hwcfg BGE_HWCFG_EEPROM_WRITE_PROTECT))
+ sc-bge_flags |= BGE_WOL_NEEDS_VAUX;
+ }
+#endif
/* Hookup IRQ last. */
DPRINTFN(5, (pci_intr_establish\n));
@@ -3160,6 +3193,9 @@ bge_activate(struct device *self, int ac
rv = config_activate_children(self, act);
if (ifp-if_flags IFF_RUNNING)
bge_stop(sc);
+#ifndef SMALL_KERNEL
+ bge_wol_power(sc);
+#endif
break;
case DVACT_RESUME:
if (ifp-if_flags IFF_UP)
@@ -4728,3 +4764,177 @@ bge_link_upd(struct bge_softc *sc)
BGE_MACSTAT_CFG_CHANGED|BGE_MACSTAT_MI_COMPLETE|
BGE_MACSTAT_LINK_CHANGED);
}
+
+#ifndef SMALL_KERNEL
+int
+bge_wol(struct ifnet *ifp, int enable)
+{
+ struct bge_softc *sc = ifp-if_softc;
+
+ if (enable)
+ sc-bge_flags |= BGE_WOL;
+ else
+ sc-bge_flags = ~BGE_WOL
Re: wol support for bge
This should work on sparc64?
if so I can test in my sunfire v210... - this box isn't set up to
build a kernel so it will be some work to make it build -
On Wed, Apr 23, 2014 at 11:15 AM, Stefan Sperling s...@openbsd.org wrote:
The reason we don't enable WOL with bge cards is that they contain
ASF firmware support which should not be exposed to untrusted traffic,
so it's safer to power down bge devices altogether on power down.
Since all bges except the rare 5700 version support ASF, this currently
means no WOL support for bge cards at all.
(If you want to know what's so bad about ASF, search the net for
security problems with intel AMT -- ASF is a precursor to this.)
Apparently there is an eeprom configuration bit that tells us
if ASF is enabled or not. Can we trust this bit?
If we decide that the bit is trustworthy enough, we could allow
users to enable wol for bge cards as long as ASF is disabled
(yet I'd still want a warning in the man page).
The diff below tries to do this. I don't have any hardware to test
with so I'd be delighted if some bge owners could give this a spin.
If this doesn't make wol work and the problem can't be fixed, then
we can skip the entire ASF discussion anyway.
To test this:
- recompile your kernel with the below diff
- reboot
- run 'ifconfig bge0 wol'
- run 'shutdown -hp now'
- try to send a magic packet from another machine with 'arp -W MAC_ADDR'
and hope for the bge box to power back up
If it doesn't work, please check your BIOS for WOL and ASF-related
configuration settings and check if tweaking them helps.
Thanks.
Index: mii/brgphyreg.h
===
RCS file: /cvs/src/sys/dev/mii/brgphyreg.h,v
retrieving revision 1.16
diff -u -p -r1.16 brgphyreg.h
--- mii/brgphyreg.h 13 Jan 2013 05:40:05 - 1.16
+++ mii/brgphyreg.h 23 Apr 2014 14:11:06 -
@@ -206,6 +206,7 @@
#define BRGPHY_AUXCTL_TX_TST 0x0400 /* TX test, always 1 */
#define BRGPHY_AUXCTL_DIS_PRF 0x0080 /* dis part resp filter */
#define BRGPHY_AUXCTL_DIAG_MODE0x0004 /* Diagnostic mode */
+#define BRGPHY_AUXCTL_WOL_ENBL 0x000A /* Enable WOL */
#define BRGPHY_MII_AUXSTS 0x19/* AUX status */
#define BRGPHY_AUXSTS_ACOMP0x8000 /* autoneg complete */
Index: pci/if_bge.c
===
RCS file: /cvs/src/sys/dev/pci/if_bge.c,v
retrieving revision 1.353
diff -u -p -r1.353 if_bge.c
--- pci/if_bge.c24 Feb 2014 20:00:48 - 1.353
+++ pci/if_bge.c23 Apr 2014 15:33:54 -
@@ -202,6 +202,10 @@ void bge_sig_pre_reset(struct bge_softc
void bge_stop_fw(struct bge_softc *, int);
void bge_reset(struct bge_softc *);
void bge_link_upd(struct bge_softc *);
+#ifndef SMALL_KERNEL
+int bge_wol(struct ifnet *, int);
+void bge_wol_power(struct bge_softc *);
+#endif
void bge_ape_lock_init(struct bge_softc *);
void bge_ape_read_fw_ver(struct bge_softc *);
@@ -3064,6 +3068,35 @@ bge_attach(struct device *parent, struct
if (BGE_IS_5755_PLUS(sc) sc-bge_flags BGE_MSI)
CSR_WRITE_4(sc, BGE_MSI_MODE, CSR_READ_4(sc, BGE_MSI_MODE)
~BGE_MSIMODE_ONE_SHOT_DISABLE);
+
+#ifndef SMALL_KERNEL
+ if (hwcfg BGE_HWCFG_NO_GPIO2)
+ sc-bge_flags |= BGE_NO_GPIO2;
+
+ if (BGE_ASICREV(sc-bge_chipid) != BGE_ASICREV_BCM5700) {
+ /* Check if ASF is enabled. */
+ if (!(sc-bge_flags BGE_NO_EEPROM)) {
+ if (bge_read_eeprom(sc, (caddr_t)hwcfg,
+ BGE_EE_FEATURE_CFG_OFFSET, sizeof(hwcfg)) == 0) {
+ hwcfg = ntohl(hwcfg);
+ if (hwcfg BGE_HWCFG_ASF)
+ sc-bge_flags |= BGE_ASF_MODE;
+ }
+ } else if (hwcfg BGE_HWCFG_ASF) {
+ sc-bge_flags |= BGE_ASF_MODE;
+ }
+ }
+
+ /* Allow WoL if ASF is unsupported or disabled. */
+ if (!(sc-bge_flags BGE_ASF_MODE)) {
+ ifp-if_capabilities |= IFCAP_WOL;
+ ifp-if_wol = bge_wol;
+
+ /* This heuristic matches the Linux driver. */
+ if (!(hwcfg BGE_HWCFG_EEPROM_WRITE_PROTECT))
+ sc-bge_flags |= BGE_WOL_NEEDS_VAUX;
+ }
+#endif
/* Hookup IRQ last. */
DPRINTFN(5, (pci_intr_establish\n));
@@ -3160,6 +3193,9 @@ bge_activate(struct device *self, int ac
rv = config_activate_children(self, act);
if (ifp-if_flags IFF_RUNNING)
bge_stop(sc);
+#ifndef SMALL_KERNEL
+ bge_wol_power(sc);
+#endif
break;
case DVACT_RESUME:
if (ifp-if_flags IFF_UP)
@@ -4728,3 +4764,177 @@ bge_link_upd(struct bge_softc *sc
Re: wol support for bge
On Wed, Apr 23, 2014 at 11:43:06AM -0500, Abel Abraham Camarillo Ojeda wrote: This should work on sparc64? I have no idea, honestly. But I don't see the point since sparc64 can often be powered up remotely via ALOM.
Re: wol support for bge
I know that, I just think I could do something fun with that box today... On Wed, Apr 23, 2014 at 11:54 AM, Stefan Sperling s...@openbsd.org wrote: On Wed, Apr 23, 2014 at 11:43:06AM -0500, Abel Abraham Camarillo Ojeda wrote: This should work on sparc64? I have no idea, honestly. But I don't see the point since sparc64 can often be powered up remotely via ALOM.
Re: wol support for bge
Date: Wed, 23 Apr 2014 11:43:06 -0500 From: Abel Abraham Camarillo Ojeda acam...@verlet.org This should work on sparc64? Unlikely.
