cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

mei-amt-version.c (13426B)


      1/******************************************************************************
      2 * Intel Management Engine Interface (Intel MEI) Linux driver
      3 * Intel MEI Interface Header
      4 *
      5 * This file is provided under a dual BSD/GPLv2 license.  When using or
      6 * redistributing this file, you may do so under either license.
      7 *
      8 * GPL LICENSE SUMMARY
      9 *
     10 * Copyright(c) 2012 Intel Corporation. All rights reserved.
     11 *
     12 * This program is free software; you can redistribute it and/or modify
     13 * it under the terms of version 2 of the GNU General Public License as
     14 * published by the Free Software Foundation.
     15 *
     16 * This program is distributed in the hope that it will be useful, but
     17 * WITHOUT ANY WARRANTY; without even the implied warranty of
     18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     19 * General Public License for more details.
     20 *
     21 * You should have received a copy of the GNU General Public License
     22 * along with this program; if not, write to the Free Software
     23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
     24 * USA
     25 *
     26 * The full GNU General Public License is included in this distribution
     27 * in the file called LICENSE.GPL.
     28 *
     29 * Contact Information:
     30 *	Intel Corporation.
     31 *	linux-mei@linux.intel.com
     32 *	http://www.intel.com
     33 *
     34 * BSD LICENSE
     35 *
     36 * Copyright(c) 2003 - 2012 Intel Corporation. All rights reserved.
     37 * All rights reserved.
     38 *
     39 * Redistribution and use in source and binary forms, with or without
     40 * modification, are permitted provided that the following conditions
     41 * are met:
     42 *
     43 *  * Redistributions of source code must retain the above copyright
     44 *    notice, this list of conditions and the following disclaimer.
     45 *  * Redistributions in binary form must reproduce the above copyright
     46 *    notice, this list of conditions and the following disclaimer in
     47 *    the documentation and/or other materials provided with the
     48 *    distribution.
     49 *  * Neither the name Intel Corporation nor the names of its
     50 *    contributors may be used to endorse or promote products derived
     51 *    from this software without specific prior written permission.
     52 *
     53 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     54 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     55 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     56 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     57 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     58 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     59 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     60 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     61 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     62 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     63 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     64 *
     65 *****************************************************************************/
     66
     67#include <stdio.h>
     68#include <stdlib.h>
     69#include <string.h>
     70#include <fcntl.h>
     71#include <sys/ioctl.h>
     72#include <unistd.h>
     73#include <errno.h>
     74#include <stdint.h>
     75#include <stdbool.h>
     76#include <bits/wordsize.h>
     77#include <linux/mei.h>
     78
     79/*****************************************************************************
     80 * Intel Management Engine Interface
     81 *****************************************************************************/
     82
     83#define mei_msg(_me, fmt, ARGS...) do {         \
     84	if (_me->verbose)                       \
     85		fprintf(stderr, fmt, ##ARGS);	\
     86} while (0)
     87
     88#define mei_err(_me, fmt, ARGS...) do {         \
     89	fprintf(stderr, "Error: " fmt, ##ARGS); \
     90} while (0)
     91
     92struct mei {
     93	uuid_le guid;
     94	bool initialized;
     95	bool verbose;
     96	unsigned int buf_size;
     97	unsigned char prot_ver;
     98	int fd;
     99};
    100
    101static void mei_deinit(struct mei *cl)
    102{
    103	if (cl->fd != -1)
    104		close(cl->fd);
    105	cl->fd = -1;
    106	cl->buf_size = 0;
    107	cl->prot_ver = 0;
    108	cl->initialized = false;
    109}
    110
    111static bool mei_init(struct mei *me, const uuid_le *guid,
    112		unsigned char req_protocol_version, bool verbose)
    113{
    114	int result;
    115	struct mei_client *cl;
    116	struct mei_connect_client_data data;
    117
    118	me->verbose = verbose;
    119
    120	me->fd = open("/dev/mei0", O_RDWR);
    121	if (me->fd == -1) {
    122		mei_err(me, "Cannot establish a handle to the Intel MEI driver\n");
    123		goto err;
    124	}
    125	memcpy(&me->guid, guid, sizeof(*guid));
    126	memset(&data, 0, sizeof(data));
    127	me->initialized = true;
    128
    129	memcpy(&data.in_client_uuid, &me->guid, sizeof(me->guid));
    130	result = ioctl(me->fd, IOCTL_MEI_CONNECT_CLIENT, &data);
    131	if (result) {
    132		mei_err(me, "IOCTL_MEI_CONNECT_CLIENT receive message. err=%d\n", result);
    133		goto err;
    134	}
    135	cl = &data.out_client_properties;
    136	mei_msg(me, "max_message_length %d\n", cl->max_msg_length);
    137	mei_msg(me, "protocol_version %d\n", cl->protocol_version);
    138
    139	if ((req_protocol_version > 0) &&
    140	     (cl->protocol_version != req_protocol_version)) {
    141		mei_err(me, "Intel MEI protocol version not supported\n");
    142		goto err;
    143	}
    144
    145	me->buf_size = cl->max_msg_length;
    146	me->prot_ver = cl->protocol_version;
    147
    148	return true;
    149err:
    150	mei_deinit(me);
    151	return false;
    152}
    153
    154static ssize_t mei_recv_msg(struct mei *me, unsigned char *buffer,
    155			ssize_t len, unsigned long timeout)
    156{
    157	struct timeval tv;
    158	fd_set set;
    159	ssize_t rc;
    160
    161	tv.tv_sec = timeout / 1000;
    162	tv.tv_usec = (timeout % 1000) * 1000000;
    163
    164	mei_msg(me, "call read length = %zd\n", len);
    165
    166	FD_ZERO(&set);
    167	FD_SET(me->fd, &set);
    168	rc = select(me->fd + 1, &set, NULL, NULL, &tv);
    169	if (rc > 0 && FD_ISSET(me->fd, &set)) {
    170		mei_msg(me, "have reply\n");
    171	} else if (rc == 0) {
    172		rc = -1;
    173		mei_err(me, "read failed on timeout\n");
    174		goto out;
    175	} else { /* rc < 0 */
    176		rc = errno;
    177		mei_err(me, "read failed on select with status %zd %s\n",
    178			rc, strerror(errno));
    179		goto out;
    180	}
    181
    182	rc = read(me->fd, buffer, len);
    183	if (rc < 0) {
    184		mei_err(me, "read failed with status %zd %s\n",
    185				rc, strerror(errno));
    186		goto out;
    187	}
    188
    189	mei_msg(me, "read succeeded with result %zd\n", rc);
    190
    191out:
    192	if (rc < 0)
    193		mei_deinit(me);
    194
    195	return rc;
    196}
    197
    198static ssize_t mei_send_msg(struct mei *me, const unsigned char *buffer,
    199			ssize_t len, unsigned long timeout)
    200{
    201	ssize_t written;
    202	ssize_t rc;
    203
    204	mei_msg(me, "call write length = %zd\n", len);
    205
    206	written = write(me->fd, buffer, len);
    207	if (written < 0) {
    208		rc = -errno;
    209		mei_err(me, "write failed with status %zd %s\n",
    210			written, strerror(errno));
    211		goto out;
    212	}
    213	mei_msg(me, "write success\n");
    214
    215	rc = written;
    216out:
    217	if (rc < 0)
    218		mei_deinit(me);
    219
    220	return rc;
    221}
    222
    223/***************************************************************************
    224 * Intel Advanced Management Technology ME Client
    225 ***************************************************************************/
    226
    227#define AMT_MAJOR_VERSION 1
    228#define AMT_MINOR_VERSION 1
    229
    230#define AMT_STATUS_SUCCESS                0x0
    231#define AMT_STATUS_INTERNAL_ERROR         0x1
    232#define AMT_STATUS_NOT_READY              0x2
    233#define AMT_STATUS_INVALID_AMT_MODE       0x3
    234#define AMT_STATUS_INVALID_MESSAGE_LENGTH 0x4
    235
    236#define AMT_STATUS_HOST_IF_EMPTY_RESPONSE  0x4000
    237#define AMT_STATUS_SDK_RESOURCES      0x1004
    238
    239
    240#define AMT_BIOS_VERSION_LEN   65
    241#define AMT_VERSIONS_NUMBER    50
    242#define AMT_UNICODE_STRING_LEN 20
    243
    244struct amt_unicode_string {
    245	uint16_t length;
    246	char string[AMT_UNICODE_STRING_LEN];
    247} __attribute__((packed));
    248
    249struct amt_version_type {
    250	struct amt_unicode_string description;
    251	struct amt_unicode_string version;
    252} __attribute__((packed));
    253
    254struct amt_version {
    255	uint8_t major;
    256	uint8_t minor;
    257} __attribute__((packed));
    258
    259struct amt_code_versions {
    260	uint8_t bios[AMT_BIOS_VERSION_LEN];
    261	uint32_t count;
    262	struct amt_version_type versions[AMT_VERSIONS_NUMBER];
    263} __attribute__((packed));
    264
    265/***************************************************************************
    266 * Intel Advanced Management Technology Host Interface
    267 ***************************************************************************/
    268
    269struct amt_host_if_msg_header {
    270	struct amt_version version;
    271	uint16_t _reserved;
    272	uint32_t command;
    273	uint32_t length;
    274} __attribute__((packed));
    275
    276struct amt_host_if_resp_header {
    277	struct amt_host_if_msg_header header;
    278	uint32_t status;
    279	unsigned char data[];
    280} __attribute__((packed));
    281
    282const uuid_le MEI_IAMTHIF = UUID_LE(0x12f80028, 0xb4b7, 0x4b2d,  \
    283				0xac, 0xa8, 0x46, 0xe0, 0xff, 0x65, 0x81, 0x4c);
    284
    285#define AMT_HOST_IF_CODE_VERSIONS_REQUEST  0x0400001A
    286#define AMT_HOST_IF_CODE_VERSIONS_RESPONSE 0x0480001A
    287
    288const struct amt_host_if_msg_header CODE_VERSION_REQ = {
    289	.version = {AMT_MAJOR_VERSION, AMT_MINOR_VERSION},
    290	._reserved = 0,
    291	.command = AMT_HOST_IF_CODE_VERSIONS_REQUEST,
    292	.length = 0
    293};
    294
    295
    296struct amt_host_if {
    297	struct mei mei_cl;
    298	unsigned long send_timeout;
    299	bool initialized;
    300};
    301
    302
    303static bool amt_host_if_init(struct amt_host_if *acmd,
    304		      unsigned long send_timeout, bool verbose)
    305{
    306	acmd->send_timeout = (send_timeout) ? send_timeout : 20000;
    307	acmd->initialized = mei_init(&acmd->mei_cl, &MEI_IAMTHIF, 0, verbose);
    308	return acmd->initialized;
    309}
    310
    311static void amt_host_if_deinit(struct amt_host_if *acmd)
    312{
    313	mei_deinit(&acmd->mei_cl);
    314	acmd->initialized = false;
    315}
    316
    317static uint32_t amt_verify_code_versions(const struct amt_host_if_resp_header *resp)
    318{
    319	uint32_t status = AMT_STATUS_SUCCESS;
    320	struct amt_code_versions *code_ver;
    321	size_t code_ver_len;
    322	uint32_t ver_type_cnt;
    323	uint32_t len;
    324	uint32_t i;
    325
    326	code_ver = (struct amt_code_versions *)resp->data;
    327	/* length - sizeof(status) */
    328	code_ver_len = resp->header.length - sizeof(uint32_t);
    329	ver_type_cnt = code_ver_len -
    330			sizeof(code_ver->bios) -
    331			sizeof(code_ver->count);
    332	if (code_ver->count != ver_type_cnt / sizeof(struct amt_version_type)) {
    333		status = AMT_STATUS_INTERNAL_ERROR;
    334		goto out;
    335	}
    336
    337	for (i = 0; i < code_ver->count; i++) {
    338		len = code_ver->versions[i].description.length;
    339
    340		if (len > AMT_UNICODE_STRING_LEN) {
    341			status = AMT_STATUS_INTERNAL_ERROR;
    342			goto out;
    343		}
    344
    345		len = code_ver->versions[i].version.length;
    346		if (code_ver->versions[i].version.string[len] != '\0' ||
    347		    len != strlen(code_ver->versions[i].version.string)) {
    348			status = AMT_STATUS_INTERNAL_ERROR;
    349			goto out;
    350		}
    351	}
    352out:
    353	return status;
    354}
    355
    356static uint32_t amt_verify_response_header(uint32_t command,
    357				const struct amt_host_if_msg_header *resp_hdr,
    358				uint32_t response_size)
    359{
    360	if (response_size < sizeof(struct amt_host_if_resp_header)) {
    361		return AMT_STATUS_INTERNAL_ERROR;
    362	} else if (response_size != (resp_hdr->length +
    363				sizeof(struct amt_host_if_msg_header))) {
    364		return AMT_STATUS_INTERNAL_ERROR;
    365	} else if (resp_hdr->command != command) {
    366		return AMT_STATUS_INTERNAL_ERROR;
    367	} else if (resp_hdr->_reserved != 0) {
    368		return AMT_STATUS_INTERNAL_ERROR;
    369	} else if (resp_hdr->version.major != AMT_MAJOR_VERSION ||
    370		   resp_hdr->version.minor < AMT_MINOR_VERSION) {
    371		return AMT_STATUS_INTERNAL_ERROR;
    372	}
    373	return AMT_STATUS_SUCCESS;
    374}
    375
    376static uint32_t amt_host_if_call(struct amt_host_if *acmd,
    377			const unsigned char *command, ssize_t command_sz,
    378			uint8_t **read_buf, uint32_t rcmd,
    379			unsigned int expected_sz)
    380{
    381	uint32_t in_buf_sz;
    382	ssize_t out_buf_sz;
    383	ssize_t written;
    384	uint32_t status;
    385	struct amt_host_if_resp_header *msg_hdr;
    386
    387	in_buf_sz = acmd->mei_cl.buf_size;
    388	*read_buf = (uint8_t *)malloc(sizeof(uint8_t) * in_buf_sz);
    389	if (*read_buf == NULL)
    390		return AMT_STATUS_SDK_RESOURCES;
    391	memset(*read_buf, 0, in_buf_sz);
    392	msg_hdr = (struct amt_host_if_resp_header *)*read_buf;
    393
    394	written = mei_send_msg(&acmd->mei_cl,
    395				command, command_sz, acmd->send_timeout);
    396	if (written != command_sz)
    397		return AMT_STATUS_INTERNAL_ERROR;
    398
    399	out_buf_sz = mei_recv_msg(&acmd->mei_cl, *read_buf, in_buf_sz, 2000);
    400	if (out_buf_sz <= 0)
    401		return AMT_STATUS_HOST_IF_EMPTY_RESPONSE;
    402
    403	status = msg_hdr->status;
    404	if (status != AMT_STATUS_SUCCESS)
    405		return status;
    406
    407	status = amt_verify_response_header(rcmd,
    408				&msg_hdr->header, out_buf_sz);
    409	if (status != AMT_STATUS_SUCCESS)
    410		return status;
    411
    412	if (expected_sz && expected_sz != out_buf_sz)
    413		return AMT_STATUS_INTERNAL_ERROR;
    414
    415	return AMT_STATUS_SUCCESS;
    416}
    417
    418
    419static uint32_t amt_get_code_versions(struct amt_host_if *cmd,
    420			       struct amt_code_versions *versions)
    421{
    422	struct amt_host_if_resp_header *response = NULL;
    423	uint32_t status;
    424
    425	status = amt_host_if_call(cmd,
    426			(const unsigned char *)&CODE_VERSION_REQ,
    427			sizeof(CODE_VERSION_REQ),
    428			(uint8_t **)&response,
    429			AMT_HOST_IF_CODE_VERSIONS_RESPONSE, 0);
    430
    431	if (status != AMT_STATUS_SUCCESS)
    432		goto out;
    433
    434	status = amt_verify_code_versions(response);
    435	if (status != AMT_STATUS_SUCCESS)
    436		goto out;
    437
    438	memcpy(versions, response->data, sizeof(struct amt_code_versions));
    439out:
    440	if (response != NULL)
    441		free(response);
    442
    443	return status;
    444}
    445
    446/************************** end of amt_host_if_command ***********************/
    447int main(int argc, char **argv)
    448{
    449	struct amt_code_versions ver;
    450	struct amt_host_if acmd;
    451	unsigned int i;
    452	uint32_t status;
    453	int ret;
    454	bool verbose;
    455
    456	verbose = (argc > 1 && strcmp(argv[1], "-v") == 0);
    457
    458	if (!amt_host_if_init(&acmd, 5000, verbose)) {
    459		ret = 1;
    460		goto out;
    461	}
    462
    463	status = amt_get_code_versions(&acmd, &ver);
    464
    465	amt_host_if_deinit(&acmd);
    466
    467	switch (status) {
    468	case AMT_STATUS_HOST_IF_EMPTY_RESPONSE:
    469		printf("Intel AMT: DISABLED\n");
    470		ret = 0;
    471		break;
    472	case AMT_STATUS_SUCCESS:
    473		printf("Intel AMT: ENABLED\n");
    474		for (i = 0; i < ver.count; i++) {
    475			printf("%s:\t%s\n", ver.versions[i].description.string,
    476				ver.versions[i].version.string);
    477		}
    478		ret = 0;
    479		break;
    480	default:
    481		printf("An error has occurred\n");
    482		ret = 1;
    483		break;
    484	}
    485
    486out:
    487	return ret;
    488}