This is a work around patch( I think?): https://github.com/hardenedlinux/intelmetool/commit/ad778fc347b2bb0494abe218...
./intelmetool -s RCBA at 0x00000000 MEI not hidden on PCI, checking if visible MEI found: [8086:9d3a] Sunrise Point-LP CSME HECI
ME Status : 0xa0000245 ME Status 2 : 0x86110306
ME: FW Partition Table : OK ME: Bringup Loader Failure : NO ME: Firmware Init Complete : YES ME: Manufacturing Mode : NO ME: Boot Options Present : NO ME: Update In Progress : NO ME: Current Working State : Normal ME: Current Operation State : M0 with UMA ME: Current Operation Mode : Normal ME: Error Code : No Error ME: Progress Phase : Clean Moff->Mx wake ME: Power Management Event : Pseudo-global reset ME: Progress Phase State : Unknown 0x11
PCI READ [bc] : 0x000000bc ME: Extend Register not valid
ME seems okay on this board WRITE [00] : CB: 0x80040007 WRITE [00] : CB: 0x000002ff READ [08] : CB: 0x801c0007 READ [08] : CB: 0x000082ff READ [08] : CB: 0x000b0000 READ [08] : CB: 0x0000049c READ [08] : CB: 0x000b0000 READ [08] : CB: 0x0000049c READ [08] : CB: 0x000b0000 READ [08] : CB: 0x0000049c ME: Firmware Version 11.0.1180.0 (code) 11.0.1180.0 (recovery) 11.0.1180.0 (fitc) WRITE [00] : CB: 0x80080007 WRITE [00] : CB: 0x00000203 WRITE [00] : CB: 0x00000000 READ [08] : CB: 0x800d0007 READ [08] : CB: 0x00008203 READ [08] : CB: 0x00000000 READ [08] : CB: 0x111a4004 READ [08] : CB: 0x00000031 ME Capability: Full Network manageability : OFF ME Capability: Regular Network manageability : OFF ME Capability: Manageability : OFF ME Capability: Small business technology : OFF ME Capability: Level III manageability : OFF ME Capability: IntelR Anti-Theft (AT) : OFF ME Capability: IntelR Capability Licensing Service (CLS) : ON ME Capability: IntelR Power Sharing Technology (MPC) : OFF ME Capability: ICC Over Clocking : ON ME Capability: Protected Audio Video Path (PAVP) : ON ME Capability: IPV6 : OFF ME Capability: KVM Remote Control (KVM) : OFF ME Capability: Outbreak Containment Heuristic (OCH) : OFF ME Capability: Virtual LAN (VLAN) : ON ME Capability: TLS : OFF ME Capability: Wireless LAN (WLAN) : OFF exiting
On Fri, Dec 30, 2016 at 11:04 AM, Shawn citypw@gmail.com wrote:
Hi Zoran,
Thanks for the info. I added my Device ID into the intelmetool.h:
diff --git a/intelmetool.h b/intelmetool.h index d79d6b0..16ca43a 100644 --- a/intelmetool.h +++ b/intelmetool.h @@ -225,6 +225,7 @@ #define PCI_DEVICE_ID_INTEL_ICH9DO 0x2914 #define PCI_DEVICE_ID_INTEL_ICH9R 0x2916 #define PCI_DEVICE_ID_INTEL_ICH9 0x2918 +#define PCI_DEVICE_ID_INTEL_SUNRISE 0x9d3a
#define PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(x) ( \ ( (x) == PCI_DEVICE_ID_INTEL_ICH8 ) || \ @@ -232,6 +233,7 @@ ( (x) == PCI_DEVICE_ID_INTEL_ICH9DH ) || \ ( (x) == PCI_DEVICE_ID_INTEL_ICH9DO ) || \ ( (x) == PCI_DEVICE_ID_INTEL_ICH9R ) || \
( (x) == PCI_DEVICE_ID_INTEL_SUNRISE ) || \ ( (x) == PCI_DEVICE_ID_INTEL_ICH9 ))
// Not sure at all
This one should be the ME? +-16.0 Intel Corporation Sunrise Point-LP CSME HECI [8086:9d3a]
#./intelmetool -s Not sure if ME hardware is present because you have a `Sunrise Point-LP CSME HECI`, but it is possible to disable it if you do, continuing... RCBA at 0x00000000 MEI not hidden on PCI, checking if visible MEI device not found, huh? exiting
On Thu, Dec 29, 2016 at 12:50 AM, Zoran Stojsavljevic zoran.stojsavljevic@gmail.com wrote:
I'm not sure if intelmetool support Skylake as well.
Investigated more. The coreboot intelmetool is the latest one, as I understood (comparing one from github and coreboot).
And Sunrise Point is NOT supported (look into latest coreboot's coreboot/util/intelmetool/intelmetool.h). You can try to add it (as Device ID), manually, peek around the C code, and see if this can help you.
Zoran
On Wed, Dec 28, 2016 at 5:26 PM, Zoran Stojsavljevic zoran.stojsavljevic@gmail.com wrote:
Hello Shawn,
Please, follow my CLI transcript from my Future Fedora 26 VM over WIN10 (now rawhide) with Fedora 4.8.15 kernel implanted (kernel 4.10.0-rc0 gives me lot of griefs, I do not trust it, so I eliminated it for now):
[zoran@localhost ~]$ cd projects/ [zoran@localhost projects]$ mkdir intelmetool [zoran@localhost projects]$ cd intelmetool/ [zoran@localhost intelmetool]$ pwd /home/zoran/projects/intelmetool [zoran@localhost intelmetool]$ uname -r 4.8.15-300.fc25.x86_64 [zoran@localhost intelmetool]$ git clone https://github.com/zamaudio/intelmetool.git Cloning into 'intelmetool'... remote: Counting objects: 214, done. remote: Total 214 (delta 0), reused 0 (delta 0), pack-reused 214 Receiving objects: 100% (214/214), 72.42 KiB | 0 bytes/s, done. Resolving deltas: 100% (125/125), done. [zoran@localhost intelmetool]$ ls -al total 12 drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 . drwxrwxr-x. 10 zoran zoran 4096 Dec 28 17:05 .. drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 intelmetool [zoran@localhost intelmetool]$ cd intelmetool/ [zoran@localhost intelmetool]$ ls -al total 100 drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 . drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 .. drwxrwxr-x. 8 zoran zoran 4096 Dec 28 17:06 .git -rw-rw-r--. 1 zoran zoran 16 Dec 28 17:06 .gitignore -rw-rw-r--. 1 zoran zoran 8956 Dec 28 17:06 intelmetool.c -rw-rw-r--. 1 zoran zoran 9783 Dec 28 17:06 intelmetool.h -rw-rw-r--. 1 zoran zoran 532 Dec 28 17:06 LICENSE -rw-rw-r--. 1 zoran zoran 351 Dec 28 17:06 Makefile -rw-rw-r--. 1 zoran zoran 16810 Dec 28 17:06 me.c -rw-rw-r--. 1 zoran zoran 10622 Dec 28 17:06 me.h -rw-rw-r--. 1 zoran zoran 7246 Dec 28 17:06 me_status.c -rw-rw-r--. 1 zoran zoran 1109 Dec 28 17:06 mmap.c -rw-rw-r--. 1 zoran zoran 224 Dec 28 17:06 mmap.h -rw-rw-r--. 1 zoran zoran 90 Dec 28 17:06 README.md [zoran@localhost intelmetool]$ su -m Password: [root@localhost intelmetool]# make gcc -Wall -O0 -g -I. -c me_status.c -o me_status.o gcc -Wall -O0 -g -I. -c me.c -o me.o me.c: In function ‘mei_dump’: me.c:63:18: warning: variable ‘csr’ set but not used [-Wunused-but-set-variable] struct mei_csr *csr; ^~~ gcc -Wall -O0 -g -I. -c mmap.c -o mmap.o mmap.c: In function ‘map_physical_exact’: mmap.c:11:26: warning: passing argument 1 of ‘mmap’ makes pointer from integer without a cast [-Wint-conversion] virt_addr = mmap(mapto, len, PROT_WRITE | PROT_READ, MAP_SHARED|MAP_FIXED, ^~~~~ In file included from mmap.h:4:0, from mmap.c:1: /usr/include/sys/mman.h:57:14: note: expected ‘void *’ but argument is of type ‘uint64_t {aka long unsigned int}’ extern void *mmap (void *__addr, size_t __len, int __prot, ^~~~ gcc -Wall -O0 -g -I. -o intelmetool intelmetool.o me_status.o me.o mmap.o -lpci [root@localhost intelmetool]# date Wed Dec 28 17:07:26 CET 2016 [root@localhost intelmetool]# ls -al total 228 drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:07 . drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 .. drwxrwxr-x. 8 zoran zoran 4096 Dec 28 17:06 .git -rw-rw-r--. 1 zoran zoran 16 Dec 28 17:06 .gitignore -rwxr-xr-x. 1 root root 47008 Dec 28 17:07 intelmetool -rw-rw-r--. 1 zoran zoran 8956 Dec 28 17:06 intelmetool.c -rw-rw-r--. 1 zoran zoran 9783 Dec 28 17:06 intelmetool.h -rw-rw-r--. 1 zoran zoran 22144 Dec 28 17:06 intelmetool.o -rw-rw-r--. 1 zoran zoran 532 Dec 28 17:06 LICENSE -rw-rw-r--. 1 zoran zoran 351 Dec 28 17:06 Makefile -rw-rw-r--. 1 zoran zoran 16810 Dec 28 17:06 me.c -rw-rw-r--. 1 zoran zoran 10622 Dec 28 17:06 me.h -rw-r--r--. 1 root root 28984 Dec 28 17:07 me.o -rw-rw-r--. 1 zoran zoran 7246 Dec 28 17:06 me_status.c -rw-r--r--. 1 root root 15704 Dec 28 17:07 me_status.o -rw-rw-r--. 1 zoran zoran 1109 Dec 28 17:06 mmap.c -rw-rw-r--. 1 zoran zoran 224 Dec 28 17:06 mmap.h -rw-r--r--. 1 root root 7648 Dec 28 17:07 mmap.o -rw-rw-r--. 1 zoran zoran 90 Dec 28 17:06 README.md [root@localhost intelmetool]# ./intelmetool ME is not present on your board because we found a `82371AB/EB/MB PIIX4 ISA`, you are safe, exiting [root@localhost intelmetool]# _______
Do NOT forget: I run Fedora rawhide on VMWorkstation 12.5.2 Type 2 HYP on the top of WIN10 64 Pro!
Please, do the same on Mint18 distro on raw HW, and see if this will give you some different results then what you have presently?
Please, let us know!
Zoran
On Wed, Dec 28, 2016 at 11:06 AM, Shawn citypw@gmail.com wrote:
Hi Zoran,
I created hwdb.bin via:
# udevadm hwdb --update
The result is still "segfault". dmesg:
[ 972.044664] intelmetool[5055]: segfault at 16 ip 000000000040169e sp 000072ed96a44680 error 4 in intelmetool[400000+6000] [ 972.044674] grsec: Segmentation fault occurred at 0000000000000016 in /usr/local/bin/intelmetool[intelmetool:5055] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:4332] uid/euid:0/0 gid/egid:0/0 [ 972.044685] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/local/bin/intelmetool[intelmetool:5055] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:4332] uid/euid:0/0 gid/egid:0/0
On Mon, Dec 26, 2016 at 9:49 PM, Zoran Stojsavljevic zoran.stojsavljevic@gmail.com wrote:
Not sure if your strace log has anything to do with intelmetool.
I did on your strace log the following (and in RED is possible cause of your problems):
[zoran@localhost projects]$ cat crash.log | grep ENOENT access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/share/misc/pci.ids.gz", O_RDONLY) = -1 ENOENT (No such file or directory) connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/root/.pciids-cache", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/systemd/hwdb/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/etc/udev/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/usr/lib/systemd/hwdb/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/lib/systemd/hwdb/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [zoran@localhost projects]$
I guess, you have one very important missing file in your Linux configuration, this one: /etc/systemd/hwdb/hwdb.bin... /etc/udev/hwdb.bin ?!
Here is good read: https://www.freedesktop.org/software/systemd/man/hwdb.html
http://www.dsm.fordham.edu/cgi-bin/man-cgi.pl?topic=systemd-hwdb§=8
Have no idea who is creating this file, but you can check your Linux distro / tree with the following paths to find hwdb.bin:
/etc/systemd/hwdb/hwdb.bin /etc/udev/hwdb.bin <<======= In my Fedora rawhide VM (future Fedora 26) I have here hwdb.bin ======= /usr/lib/systemd/hwdb/hwdb.bin /lib/systemd/hwdb/hwdb.bin
If you don't have in any, please, create one with the following link:
http://www.dsm.fordham.edu/cgi-bin/man-cgi.pl?topic=systemd-hwdb§=8
Please, let us know!
Zoran
On Mon, Dec 26, 2016 at 3:42 PM, Shawn citypw@gmail.com wrote:
Hi,
intelmetool occurs "segfault" on my laptop running Mint 18 with PaX/Grsecurity 4.7.10. The PCI info:
-[0000:00]-+-00.0 Intel Corporation Sky Lake Host Bridge/DRAM Registers [8086:1904] +-02.0 Intel Corporation Sky Lake Integrated Graphics [8086:1916] +-04.0 Intel Corporation Skylake Processor Thermal Subsystem [8086:1903] +-14.0 Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller [8086:9d2f] +-14.2 Intel Corporation Sunrise Point-LP Thermal subsystem [8086:9d31] +-15.0 Intel Corporation Sunrise Point-LP Serial IO I2C Controller [8086:9d60] +-15.1 Intel Corporation Sunrise Point-LP Serial IO I2C Controller [8086:9d61] +-16.0 Intel Corporation Sunrise Point-LP CSME HECI [8086:9d3a] +-1c.0-[01]----00.0 NVIDIA Corporation GM107M [GeForce GTX 960M] [10de:139b] +-1c.4-[02]----00.0 Samsung Electronics Co Ltd NVMe SSD Controller [144d:a802] +-1c.6-[03]----00.0 Qualcomm Atheros Killer E2400 Gigabit Ethernet Controller [1969:e0a1] +-1c.7-[04]----00.0 Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter [168c:003e] +-1d.0-[05]----00.0 Samsung Electronics Co Ltd NVMe SSD Controller [144d:a802] +-1d.2-[06-3e]-- +-1f.0 Intel Corporation Sunrise Point-LP LPC Controller [8086:9d48] +-1f.2 Intel Corporation Sunrise Point-LP PMC [8086:9d21] +-1f.3 Intel Corporation Sunrise Point-LP HD Audio [8086:9d70] -1f.4 Intel Corporation Sunrise Point-LP SMBus [8086:9d23]
The crash log was attached! I'm not sure if intelmetool support Skylake as well. One tiny feature of PaX/Grsecurity prevent the ioperm for killing the potential threats in case which the adversary re-flash the SPI ROM once they get the root priv. It does affect flashrom but intelmetool. I also ran intelmetool on the distro( Mint 18) kernel and got the same result.
-- GNU powered it... GPL protect it... God blessing it...
regards Shawn
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
-- GNU powered it... GPL protect it... God blessing it...
regards Shawn
-- GNU powered it... GPL protect it... God blessing it...
regards Shawn