<p>Bill XIE has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/21437">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">ifdtool: port the feature to set AltMeDisable/HAP bit here<br><br>Port the newest feature of me_cleaner to ifdtool<br>(https://github.com/corna/me_cleaner/ , Discussed in<br>https://github.com/corna/me_cleaner/issues/53 ) to<br>set AltMeDisable (or HAP for skylake/ME11) bit to the<br>IFD to disable ME.<br><br>In this commit I use (ifd_version >= IFD_VERSION_2) to<br>judge whether HAP instead AltMeDisable should be set,<br>since this condition is only fulfilled on skylake<br>or newer platforms.<br><br>Change-Id: I9a2ecc60cfbb9ee9d96f15be3d53226cb428729a<br>Signed-off-by: Bill XIE <persmule@gmail.com><br>---<br>M util/ifdtool/ifdtool.c<br>1 file changed, 54 insertions(+), 5 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/37/21437/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c<br>index 66848c0..8ff41a4 100644<br>--- a/util/ifdtool/ifdtool.c<br>+++ b/util/ifdtool/ifdtool.c<br>@@ -95,6 +95,14 @@<br>       return (frba_t *) (image + (((fdb->flmap0 >> 16) & 0xff) << 4));<br> }<br> <br>+static fpsba_t *find_fpsba(char *image, int size)<br>+{<br>+   fdbar_t *fdb = find_fd(image, size);<br>+ if (!fdb)<br>+            return NULL;<br>+ return (fpsba_t *) (image + (((fdb->flmap1 >> 16) & 0xff) << 4));<br>+}<br>+<br> /*<br>  * There is no version field in the descriptor so to determine<br>  * if this is a new descriptor format we check the hardcoded SPI<br>@@ -595,8 +603,7 @@<br>     dump_oem((const uint8_t *)image + 0xf00);<br>     dump_frba(find_frba(image, size));<br>    dump_fcba(find_fcba(image, size));<br>-   dump_fpsba((const fpsba_t *)<br>-                 (image + (((fdb->flmap1 >> 16) & 0xff) << 4)));<br>+   dump_fpsba(find_fpsba(image, size));<br>  dump_fmba(find_fmba(image, size));<br>    dump_fmsba((const fmsba_t *) (image + (((fdb->flmap2) & 0xff) << 4)));<br> }<br>@@ -845,6 +852,29 @@<br>                         fmba->flmstr3 = 0x08080000 |<br>                               (fmba->flmstr3 & 0xffff);<br>              }<br>+    }<br>+}<br>+<br>+/* Toggle the AltMeDisable (or HAP for >= IFD_VERSION_2) */<br>+void fpsba_toggle_altmedisable(fpsba_t *fpsba,<br>+                          enum toggle_mode altmedisable)<br>+{<br>+    if (ifd_version >= IFD_VERSION_2) {<br>+               printf("%sting the HAP bit to %s Intel ME...\n",<br>+                 altmedisable?"Set":"Unset",<br>+                      altmedisable?"disable":"enable");<br>+          if (altmedisable == TM_set)<br>+                  fpsba->pchstrp[0] |= (1 << 16);<br>+             else<br>+                 fpsba->pchstrp[0] &= ~(1 << 16);<br>+        } else {<br>+             printf("%sting the AltMeDisable to %s Intel ME...\n",<br>+                     altmedisable?"Set":"Unset",<br>+                      altmedisable?"disable":"enable");<br>+         if (altmedisable == TM_set)<br>+                  fpsba->pchstrp[10] |= (1 << 7);<br>+             else<br>+                 fpsba->pchstrp[10] &= ~(1 << 7);<br>         }<br> }<br> <br>@@ -1166,6 +1196,8 @@<br>              "   -j | --jail                        Unlock firmware descriptor and ME region,\n"<br>         "                                      and remove the ME/TXE's Read/Write permissions\n"<br>                "                                      to the other regions\n"<br>+             "   -A | --altmedisable <0|1>          Toggle the AltMeDisable (or HAP for skylake or\n"<br>+             "                                      newer platform) bit to disable ME\n"<br>         "   -p | --platform                    Add platform-specific quirks\n"<br>              "                                      aplk - Apollo Lake\n"<br>                "   -v | --version:                    print the version\n"<br>@@ -1180,6 +1212,7 @@<br>   int mode_dump = 0, mode_extract = 0, mode_inject = 0, mode_spifreq = 0;<br>       int mode_em100 = 0, mode_locked = 0, mode_unlocked = 0, mode_jail = 0;<br>        int mode_layout = 0, mode_newlayout = 0, mode_density = 0;<br>+   int mode_altmedisable = 0, altmedisable = 0;<br>  char *region_type_string = NULL, *region_fname = NULL;<br>        const char *layout_fname = NULL;<br>      int region_type = -1, inputfreq = 0;<br>@@ -1195,6 +1228,7 @@<br>           {"spifreq", 1, NULL, 's'},<br>          {"density", 1, NULL, 'D'},<br>          {"chip", 1, NULL, 'C'},<br>+            {"altmedisable", 1, NULL, 'A'},<br>             {"em100", 0, NULL, 'e'},<br>            {"lock", 0, NULL, 'l'},<br>             {"unlock", 0, NULL, 'u'},<br>@@ -1205,7 +1239,7 @@<br>            {0, 0, 0, 0}<br>  };<br> <br>-        while ((opt = getopt_long(argc, argv, "df:D:C:xi:n:s:p:elujvh?",<br>+   while ((opt = getopt_long(argc, argv, "df:D:C:A:xi:n:s:p:elujvh?",<br>                            long_options, &option_index)) != EOF) {<br>                 switch (opt) {<br>                case 'd':<br>@@ -1309,6 +1343,15 @@<br>                             exit(EXIT_FAILURE);<br>                   }<br>                     break;<br>+               case 'A':<br>+                    mode_altmedisable = 1;<br>+                       altmedisable = strtol(optarg, NULL, 0);<br>+                      if (selected_chip > 1) {<br>+                          fprintf(stderr, "error: Illegal value\n");<br>+                         print_usage(argv[0]);<br>+                                exit(EXIT_FAILURE);<br>+                  }<br>+                    break;<br>                case 's':<br>                     // Parse the requested SPI frequency<br>                  inputfreq = strtol(optarg, NULL, 0);<br>@@ -1387,7 +1430,7 @@<br> <br>        if ((mode_dump + mode_layout + mode_extract + mode_inject +<br>           mode_newlayout + (mode_spifreq | mode_em100 | mode_unlocked |<br>-                 mode_locked)) > 1) {<br>+              mode_locked) + mode_altmedisable) > 1) {<br>          fprintf(stderr, "You may not specify more than one mode.\n\n");<br>             print_usage(argv[0]);<br>                 exit(EXIT_FAILURE);<br>@@ -1395,7 +1438,7 @@<br> <br>         if ((mode_dump + mode_layout + mode_extract + mode_inject +<br>        mode_newlayout + mode_spifreq + mode_em100 + mode_locked +<br>-           mode_unlocked + mode_density) == 0) {<br>+        mode_unlocked + mode_density + mode_altmedisable) == 0) {<br>                fprintf(stderr, "You need to specify a mode.\n\n");<br>                 print_usage(argv[0]);<br>                 exit(EXIT_FAILURE);<br>@@ -1468,6 +1511,12 @@<br>           write_image(filename, image, size);<br>   }<br> <br>+ if (mode_altmedisable) {<br>+             fpsba_t* fpsba = find_fpsba(image, size);<br>+            fpsba_toggle_altmedisable(fpsba, altmedisable);<br>+              write_image(filename, image, size);<br>+  }<br>+<br>  free(image);<br> <br>       return 0;<br></pre><p>To view, visit <a href="https://review.coreboot.org/21437">change 21437</a>. To unsubscribe, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/21437"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I9a2ecc60cfbb9ee9d96f15be3d53226cb428729a </div>
<div style="display:none"> Gerrit-Change-Number: 21437 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Bill XIE <persmule@gmail.com> </div>