[coreboot-gerrit] Change in coreboot[master]: sgxtool : Initial commit for SGX Tool

Pratikkumar V Prajapati (Code Review) gerrit at coreboot.org
Tue Jun 6 03:58:33 CEST 2017 

Pratikkumar V Prajapati has uploaded this change for review. ( https://review.coreboot.org/20041


Change subject: sgxtool : Initial commit for SGX Tool
......................................................................

sgxtool : Initial commit for SGX Tool

This tool dumps Intel SGX related information. Iterates
through all cores and reads MSRs to check if SGX is
enabled and locked.

Change-Id: Id57576584a949c5a97683d78450af6623dc63581
Signed-off-by: Pratik Prajapati <pratikkumar.v.prajapati at intel.com>
---
A util/sgxtool/Makefile
A util/sgxtool/msr.c
A util/sgxtool/msr.h
A util/sgxtool/sgxtool.c
4 files changed, 228 insertions(+), 0 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/41/20041/1

diff --git a/util/sgxtool/Makefile b/util/sgxtool/Makefile
new file mode 100644
index 0000000..58f0ee6
--- /dev/null
+++ b/util/sgxtool/Makefile
@@ -0,0 +1,47 @@
+#
+# sgxtool - dump Intel SGX related information
+#
+# Copyright (C) 2017 Intel Corp.
+# (Written by Pratik Prajapati <pratikkumar.v.prajapati at intel.com>
+# for Intel Corp.)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+
+PROGRAM = sgxtool
+
+CC      = gcc
+INSTALL = /usr/bin/install
+PREFIX  = /usr/local
+CFLAGS  = -O2 -g -Wall -W -Werror
+LDFLAGS =
+
+OBJS = sgxtool.o msr.o
+
+all: dep $(PROGRAM)
+
+$(PROGRAM): $(OBJS)
+	$(CC) -o $(PROGRAM) $(OBJS) $(LDFLAGS)
+
+clean:
+	rm -f $(PROGRAM) *.o *~
+distclean: clean
+
+dep:
+	@$(CC) $(CFLAGS) -MM *.c > .dependencies
+
+%.o: %.c
+	$(CC) $(CFLAGS) -c -o $@ $<
+
+install: $(PROGRAM)
+	mkdir -p $(DESTDIR)$(PREFIX)/bin
+	$(INSTALL) $(PROGRAM) $(DESTDIR)$(PREFIX)/bin
+
+.PHONY: all clean distclean dep
diff --git a/util/sgxtool/msr.c b/util/sgxtool/msr.c
new file mode 100644
index 0000000..45a7e45
--- /dev/null
+++ b/util/sgxtool/msr.c
@@ -0,0 +1,87 @@
+/*
+ Copyright 2008 Google Inc.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+*/
+
+/*
+ * Quick MSR access, requires linux msr driver
+ * Tim Hockin <thockin at google.com>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <string.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include "msr.h"
+
+static int
+open_and_seek(int cpu, unsigned long msr, int mode, int *fd)
+{
+	char dev[512];
+
+	snprintf(dev, sizeof(dev), "/dev/cpu/%d/msr", cpu);
+	*fd = open(dev, mode);
+	if (*fd < 0) {
+		fprintf(stderr, "open(\"%s\"): %s\n", dev, strerror(errno));
+		return -1;
+	}
+
+	if (lseek(*fd, msr, SEEK_SET) == (off_t)-1) {
+		fprintf(stderr, "lseek(%lu): %s\n", msr, strerror(errno));
+		close(*fd);
+		return -1;
+	}
+
+	return 0;
+}
+
+int rdmsr(int cpu, unsigned long msr, uint64_t *data)
+{
+	int fd;
+
+	if (open_and_seek(cpu, msr, O_RDONLY, &fd) < 0)
+		return -1;
+
+
+	if (read(fd, data, sizeof(*data)) != sizeof(*data)) {
+		fprintf(stderr, "read(): %s\n", strerror(errno));
+		close(fd);
+		return -1;
+	}
+
+	close(fd);
+
+	return 0;
+}
+
+int wrmsr(int cpu, unsigned long msr, uint64_t data)
+{
+	int fd;
+	int ret = 0;
+
+	if (open_and_seek(cpu, msr, O_WRONLY, &fd) < 0)
+		return -1;
+
+	if (write(fd, &data, sizeof(data)) != sizeof(data)) {
+		fprintf(stderr, "write(): %s\n", strerror(errno));
+		ret = -1;
+	}
+
+	close(fd);
+
+	return ret;
+}
diff --git a/util/sgxtool/msr.h b/util/sgxtool/msr.h
new file mode 100644
index 0000000..318b11a
--- /dev/null
+++ b/util/sgxtool/msr.h
@@ -0,0 +1,25 @@
+/*
+ * sgxtool - dump Intel SGX related information
+ *
+ * Copyright (C) 2017.  All aiights reserved.
+ * (Written by Pratik Prajapati <pratikkumar.v.prajapati at intel.com>
+ * for Intel Corp.)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef _INTEL_SGX_TOOL_MSR_H_
+#define _INTEL_SGX_TOOL_MSR_H_
+
+#include <stdint.h>
+int rdmsr(int cpu, unsigned long msr, uint64_t *data);
+int wrmsr(int cpu, unsigned long msr, uint64_t data);
+
+#endif
diff --git a/util/sgxtool/sgxtool.c b/util/sgxtool/sgxtool.c
new file mode 100644
index 0000000..be1b3bf
--- /dev/null
+++ b/util/sgxtool/sgxtool.c
@@ -0,0 +1,69 @@
+/*
+ * sgxtool - dump Intel SGX related information
+ *
+ * Copyright (C) 2017.  All aiights reserved.
+ * (Written by Pratik Prajapati <pratikkumar.v.prajapati at intel.com>
+ * for Intel Corp.)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <stdio.h>
+#include "msr.h"
+#include <inttypes.h>
+#include <unistd.h>
+
+#define IA32_FEATURE_CONTROL    0x3a
+
+/* returns 1 if, SGX is enabled in CPU# passed via arg.
+ * else returns 0.
+ * cpunum is based of 0.
+ */
+static int is_sgx_enabled(int cpunum)
+{
+	uint64_t data = 0;
+	rdmsr(cpunum, IA32_FEATURE_CONTROL, &data);
+	return (data & (1<<18));
+}
+
+/* returns 1 if, SGX is locked in CPU# passed via arg.
+ * else returns 0.
+ * cpunum is based of 0.
+ */
+static int is_sgx_locked(int cpunum)
+{
+	uint64_t data = 0;
+	rdmsr(cpunum, IA32_FEATURE_CONTROL, &data);
+	return (data & 1);
+}
+
+static int get_number_of_cpus(void)
+{
+	return sysconf(_SC_NPROCESSORS_ONLN);
+}
+
+int main(void)
+{
+	int ncpus = get_number_of_cpus();
+	int i = 0;
+
+	printf("\nNumber of CPUs = %d\n", ncpus);
+
+	for (i = 0; i < ncpus ; i++) {
+
+		printf("-------------------\n");
+		printf("CPU %d\n", i);
+		printf("-------------------\n");
+		printf("SGX enabled : %s\n", is_sgx_enabled(i) ? "YES" : "NO");
+		printf("SGX locked  : %s\n", is_sgx_locked(i) ? "YES" : "NO");
+	}
+	printf("-------------------\n");
+	return 0;
+}

-- 
To view, visit https://review.coreboot.org/20041
To unsubscribe, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id57576584a949c5a97683d78450af6623dc63581
Gerrit-Change-Number: 20041
Gerrit-PatchSet: 1
Gerrit-Owner: Pratikkumar V Prajapati <pratikkumar.v.prajapati at intel.com>

More information about the coreboot-gerrit mailing list