[coreboot-gerrit] New patch to review for coreboot: util/ifdtool: Add ability to disable Intel Management Engine in FD.
Damien Zammit (damien@zamaudio.com)
gerrit at coreboot.org
Fri Nov 11 10:57:57 CET 2016
Damien Zammit (damien at zamaudio.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17377
-gerrit
commit eb88f12b6ded2b40181a24ca62f24ca6f42419ac
Author: Damien Zammit <damien at zamaudio.com>
Date: Fri Nov 11 20:52:44 2016 +1100
util/ifdtool: Add ability to disable Intel Management Engine in FD.
NB: This is known to work on GM45/ICH9M chipsets.
Behaviour is unknown on other chipsets.
This patch adds to ifdtool the following 2 options:
--medisable, -M (disable ME)
--meenable, -m (undo disable ME, aka enable ME)
Change-Id: Ie2e4baa63d95f7b44d5194f246315ee31737ac8d
Signed-off-by: Damien Zammit <damien at zamaudio.com>
---
util/ifdtool/ifdtool.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++--
util/ifdtool/ifdtool.h | 9 ++++--
2 files changed, 83 insertions(+), 5 deletions(-)
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c
index 9708ce1..5fc650f 100644
--- a/util/ifdtool/ifdtool.c
+++ b/util/ifdtool/ifdtool.c
@@ -886,6 +886,54 @@ static void unlock_descriptor(char *filename, char *image, int size)
write_image(filename, image, size);
}
+static void me_disable(char *filename, char *image, int size)
+{
+ fdbar_t *fdb = find_fd(image, size);
+ fmba_t *fmba = (fmba_t *) (image + (((fdb->flmap1) & 0xff) << 4));
+ fpsba_t *fpsba = (fpsba_t *) (image + (((fdb->flmap1 >> 16) & 0xff) << 4));
+ fmsba_t *fmsba = (fmsba_t *) (image + (((fdb->flmap2) & 0xff) << 4));
+
+ if (ifd_version >= IFD_VERSION_2) {
+ fmba->flmstr1 = 0xffffff00 | (fmba->flmstr1 & 0xff);
+ fmba->flmstr2 = 0x00000000 | (fmba->flmstr2 & 0xff);
+ fmba->flmstr3 = 0x00800800 | (fmba->flmstr3 & 0xff);
+ } else {
+ fmba->flmstr1 = 0x1f1f0000; // CPU r/w anything
+ fmba->flmstr2 = 0x00000000; // ME r/w nothing
+ fmba->flmstr3 = 0x08080118; // GbE r/w GbE only
+ }
+
+ fpsba->sbstrap[0] |= SB0_ME_DISABLE; // Disable ME in SB
+ fmsba->nbstrap[0] |= NB0_ME_DISABLE; // Disable ME in NB
+ fmsba->nbstrap[0] |= NB0_TPM_DISABLE; // Disable iTPM in NB
+
+ write_image(filename, image, size);
+}
+
+static void me_enable(char *filename, char *image, int size)
+{
+ fdbar_t *fdb = find_fd(image, size);
+ fmba_t *fmba = (fmba_t *) (image + (((fdb->flmap1) & 0xff) << 4));
+ fpsba_t *fpsba = (fpsba_t *) (image + (((fdb->flmap1 >> 16) & 0xff) << 4));
+ fmsba_t *fmsba = (fmsba_t *) (image + (((fdb->flmap2) & 0xff) << 4));
+
+ if (ifd_version >= IFD_VERSION_2) {
+ fmba->flmstr1 = 0xffffff00 | (fmba->flmstr1 & 0xff);
+ fmba->flmstr2 = 0x00c00d00 | (fmba->flmstr2 & 0xff);
+ fmba->flmstr3 = 0x00800800 | (fmba->flmstr3 & 0xff);
+ } else {
+ fmba->flmstr1 = 0x1f1f0000; // CPU r/w anything
+ fmba->flmstr2 = 0x0c0d0000; // ME r(FD ME GbE) w(ME GbE)
+ fmba->flmstr3 = 0x08080118; // GbE r/w GbE only
+ }
+
+ fpsba->sbstrap[0] &= ~SB0_ME_DISABLE; // Enable ME in SB
+ fmsba->nbstrap[0] &= ~NB0_ME_DISABLE; // Enable ME in NB
+ fmsba->nbstrap[0] &= ~NB0_TPM_DISABLE; // Enable iTPM in NB
+
+ write_image(filename, image, size);
+}
+
void inject_region(char *filename, char *image, int size, int region_type,
char *region_fname)
{
@@ -1150,6 +1198,8 @@ static void print_usage(const char *name)
" -x | --extract: extract intel fd modules\n"
" -i | --inject <region>:<module> inject file <module> into region <region>\n"
" -n | --newlayout <filename> update regions using a flashrom layout file\n"
+ " -M | --medisable disable Intel ME (works on ICH9M)\n"
+ " -m | --meenable enable Intel ME (undo -M)\n"
" -s | --spifreq <17|20|30|33|48|50> set the SPI frequency\n"
" -D | --density <512|1|2|4|8|16> set chip density (512 in KByte, others in MByte)\n"
" -C | --chip <0|1|2> select spi chip on which to operate\n"
@@ -1171,6 +1221,7 @@ int main(int argc, char *argv[])
int mode_dump = 0, mode_extract = 0, mode_inject = 0, mode_spifreq = 0;
int mode_em100 = 0, mode_locked = 0, mode_unlocked = 0;
int mode_layout = 0, mode_newlayout = 0, mode_density = 0;
+ int mode_me_disable = 0, mode_me_enable = 0;
char *region_type_string = NULL, *region_fname = NULL, *layout_fname = NULL;
int region_type = -1, inputfreq = 0;
unsigned int new_density = 0;
@@ -1188,12 +1239,14 @@ int main(int argc, char *argv[])
{"em100", 0, NULL, 'e'},
{"lock", 0, NULL, 'l'},
{"unlock", 0, NULL, 'u'},
+ {"medisable", 0, NULL, 'M'},
+ {"meenable", 0, NULL, 'm'},
{"version", 0, NULL, 'v'},
{"help", 0, NULL, 'h'},
{0, 0, 0, 0}
};
- while ((opt = getopt_long(argc, argv, "df:D:C:xi:n:s:eluvh?",
+ while ((opt = getopt_long(argc, argv, "df:D:C:xi:Mmn:s:eluvh?",
long_options, &option_index)) != EOF) {
switch (opt) {
case 'd':
@@ -1243,6 +1296,20 @@ int main(int argc, char *argv[])
}
mode_inject = 1;
break;
+ case 'M':
+ mode_me_disable = 1;
+ if (mode_me_enable == 1 || mode_locked == 1 || mode_unlocked == 1) {
+ fprintf(stderr, "Toggling ME and locking/unlocking FD are mutually exclusive\n");
+ exit(EXIT_FAILURE);
+ }
+ break;
+ case 'm':
+ mode_me_enable = 1;
+ if (mode_me_disable == 1 || mode_locked == 1 || mode_unlocked == 1) {
+ fprintf(stderr, "Toggling ME and locking/unlocking FD are mutually exclusive\n");
+ exit(EXIT_FAILURE);
+ }
+ break;
case 'n':
mode_newlayout = 1;
layout_fname = strdup(optarg);
@@ -1332,14 +1399,14 @@ int main(int argc, char *argv[])
break;
case 'l':
mode_locked = 1;
- if (mode_unlocked == 1) {
+ if (mode_unlocked == 1 || mode_me_disable == 1 || mode_me_enable == 1) {
fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n");
exit(EXIT_FAILURE);
}
break;
case 'u':
mode_unlocked = 1;
- if (mode_locked == 1) {
+ if (mode_locked == 1 || mode_me_disable == 1 || mode_me_enable == 1) {
fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n");
exit(EXIT_FAILURE);
}
@@ -1440,6 +1507,12 @@ int main(int argc, char *argv[])
if (mode_unlocked)
unlock_descriptor(filename, image, size);
+ if (mode_me_disable)
+ me_disable(filename, image, size);
+
+ if (mode_me_enable)
+ me_enable(filename, image, size);
+
free(image);
return 0;
diff --git a/util/ifdtool/ifdtool.h b/util/ifdtool/ifdtool.h
index f791b22..852afa3 100644
--- a/util/ifdtool/ifdtool.h
+++ b/util/ifdtool/ifdtool.h
@@ -75,7 +75,9 @@ typedef struct {
uint32_t flpb;
} __attribute__((packed)) fcba_t;
-// pch/ich (southbridge) strap
+// pch/ich (southbridge) straps
+#define SB0_ME_DISABLE (1 << 0)
+
typedef struct {
uint32_t sbstrap[18];
} __attribute__((packed)) fpsba_t;
@@ -98,7 +100,10 @@ typedef struct {
uint32_t flmstr5;
} __attribute__((packed)) fmba_t;
-// processor/mch (northbridge) strap
+// processor/mch (northbridge) straps
+#define NB0_ME_DISABLE (1 << 0)
+#define NB0_TPM_DISABLE (1 << 2)
+
typedef struct {
uint32_t nbstrap[8];
} __attribute__((packed)) fmsba_t;
More information about the coreboot-gerrit
mailing list