[coreboot] How does intelmetool's support for Skylake?
Shawn
citypw at gmail.com
Fri Dec 30 11:25:22 CET 2016
This is a work around patch( I think?):
https://github.com/hardenedlinux/intelmetool/commit/ad778fc347b2bb0494abe2186632a072b8ad1a11
./intelmetool -s
RCBA at 0x00000000
MEI not hidden on PCI, checking if visible
MEI found: [8086:9d3a] Sunrise Point-LP CSME HECI
ME Status : 0xa0000245
ME Status 2 : 0x86110306
ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : YES
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode : Normal
ME: Error Code : No Error
ME: Progress Phase : Clean Moff->Mx wake
ME: Power Management Event : Pseudo-global reset
ME: Progress Phase State : Unknown 0x11
PCI READ [bc] : 0x000000bc
ME: Extend Register not valid
ME seems okay on this board
WRITE [00] : CB: 0x80040007
WRITE [00] : CB: 0x000002ff
READ [08] : CB: 0x801c0007
READ [08] : CB: 0x000082ff
READ [08] : CB: 0x000b0000
READ [08] : CB: 0x0000049c
READ [08] : CB: 0x000b0000
READ [08] : CB: 0x0000049c
READ [08] : CB: 0x000b0000
READ [08] : CB: 0x0000049c
ME: Firmware Version 11.0.1180.0 (code) 11.0.1180.0 (recovery)
11.0.1180.0 (fitc)
WRITE [00] : CB: 0x80080007
WRITE [00] : CB: 0x00000203
WRITE [00] : CB: 0x00000000
READ [08] : CB: 0x800d0007
READ [08] : CB: 0x00008203
READ [08] : CB: 0x00000000
READ [08] : CB: 0x111a4004
READ [08] : CB: 0x00000031
ME Capability: Full Network manageability : OFF
ME Capability: Regular Network manageability : OFF
ME Capability: Manageability : OFF
ME Capability: Small business technology : OFF
ME Capability: Level III manageability : OFF
ME Capability: IntelR Anti-Theft (AT) : OFF
ME Capability: IntelR Capability Licensing Service (CLS) : ON
ME Capability: IntelR Power Sharing Technology (MPC) : OFF
ME Capability: ICC Over Clocking : ON
ME Capability: Protected Audio Video Path (PAVP) : ON
ME Capability: IPV6 : OFF
ME Capability: KVM Remote Control (KVM) : OFF
ME Capability: Outbreak Containment Heuristic (OCH) : OFF
ME Capability: Virtual LAN (VLAN) : ON
ME Capability: TLS : OFF
ME Capability: Wireless LAN (WLAN) : OFF
exiting
On Fri, Dec 30, 2016 at 11:04 AM, Shawn <citypw at gmail.com> wrote:
> Hi Zoran,
>
> Thanks for the info. I added my Device ID into the intelmetool.h:
>
> diff --git a/intelmetool.h b/intelmetool.h
> index d79d6b0..16ca43a 100644
> --- a/intelmetool.h
> +++ b/intelmetool.h
> @@ -225,6 +225,7 @@
> #define PCI_DEVICE_ID_INTEL_ICH9DO 0x2914
> #define PCI_DEVICE_ID_INTEL_ICH9R 0x2916
> #define PCI_DEVICE_ID_INTEL_ICH9 0x2918
> +#define PCI_DEVICE_ID_INTEL_SUNRISE 0x9d3a
>
> #define PCI_DEV_CAN_DISABLE_ME_IF_PRESENT(x) ( \
> ( (x) == PCI_DEVICE_ID_INTEL_ICH8 ) || \
> @@ -232,6 +233,7 @@
> ( (x) == PCI_DEVICE_ID_INTEL_ICH9DH ) || \
> ( (x) == PCI_DEVICE_ID_INTEL_ICH9DO ) || \
> ( (x) == PCI_DEVICE_ID_INTEL_ICH9R ) || \
> + ( (x) == PCI_DEVICE_ID_INTEL_SUNRISE ) || \
> ( (x) == PCI_DEVICE_ID_INTEL_ICH9 ))
>
> // Not sure at all
>
> This one should be the ME?
> +-16.0 Intel Corporation Sunrise Point-LP CSME HECI [8086:9d3a]
>
> #./intelmetool -s
> Not sure if ME hardware is present because you have a `Sunrise
> Point-LP CSME HECI`, but it is possible to disable it if you do,
> continuing...
> RCBA at 0x00000000
> MEI not hidden on PCI, checking if visible
> MEI device not found, huh?
> exiting
>
>
>
> On Thu, Dec 29, 2016 at 12:50 AM, Zoran Stojsavljevic
> <zoran.stojsavljevic at gmail.com> wrote:
>>>> I'm not sure if intelmetool support Skylake as well.
>>
>> Investigated more. The coreboot intelmetool is the latest one, as I
>> understood (comparing one from github and coreboot).
>>
>> And Sunrise Point is NOT supported (look into latest coreboot's
>> coreboot/util/intelmetool/intelmetool.h). You can try to add it (as Device
>> ID), manually, peek around the C code, and see if this can help you.
>>
>> Zoran
>>
>> On Wed, Dec 28, 2016 at 5:26 PM, Zoran Stojsavljevic
>> <zoran.stojsavljevic at gmail.com> wrote:
>>>
>>> Hello Shawn,
>>>
>>> Please, follow my CLI transcript from my Future Fedora 26 VM over WIN10
>>> (now rawhide) with Fedora 4.8.15 kernel implanted (kernel 4.10.0-rc0 gives
>>> me lot of griefs, I do not trust it, so I eliminated it for now):
>>>
>>> [zoran at localhost ~]$ cd projects/
>>> [zoran at localhost projects]$ mkdir intelmetool
>>> [zoran at localhost projects]$ cd intelmetool/
>>> [zoran at localhost intelmetool]$ pwd
>>> /home/zoran/projects/intelmetool
>>> [zoran at localhost intelmetool]$ uname -r
>>> 4.8.15-300.fc25.x86_64
>>> [zoran at localhost intelmetool]$ git clone
>>> https://github.com/zamaudio/intelmetool.git
>>> Cloning into 'intelmetool'...
>>> remote: Counting objects: 214, done.
>>> remote: Total 214 (delta 0), reused 0 (delta 0), pack-reused 214
>>> Receiving objects: 100% (214/214), 72.42 KiB | 0 bytes/s, done.
>>> Resolving deltas: 100% (125/125), done.
>>> [zoran at localhost intelmetool]$ ls -al
>>> total 12
>>> drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 .
>>> drwxrwxr-x. 10 zoran zoran 4096 Dec 28 17:05 ..
>>> drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 intelmetool
>>> [zoran at localhost intelmetool]$ cd intelmetool/
>>> [zoran at localhost intelmetool]$ ls -al
>>> total 100
>>> drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 .
>>> drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 ..
>>> drwxrwxr-x. 8 zoran zoran 4096 Dec 28 17:06 .git
>>> -rw-rw-r--. 1 zoran zoran 16 Dec 28 17:06 .gitignore
>>> -rw-rw-r--. 1 zoran zoran 8956 Dec 28 17:06 intelmetool.c
>>> -rw-rw-r--. 1 zoran zoran 9783 Dec 28 17:06 intelmetool.h
>>> -rw-rw-r--. 1 zoran zoran 532 Dec 28 17:06 LICENSE
>>> -rw-rw-r--. 1 zoran zoran 351 Dec 28 17:06 Makefile
>>> -rw-rw-r--. 1 zoran zoran 16810 Dec 28 17:06 me.c
>>> -rw-rw-r--. 1 zoran zoran 10622 Dec 28 17:06 me.h
>>> -rw-rw-r--. 1 zoran zoran 7246 Dec 28 17:06 me_status.c
>>> -rw-rw-r--. 1 zoran zoran 1109 Dec 28 17:06 mmap.c
>>> -rw-rw-r--. 1 zoran zoran 224 Dec 28 17:06 mmap.h
>>> -rw-rw-r--. 1 zoran zoran 90 Dec 28 17:06 README.md
>>> [zoran at localhost intelmetool]$ su -m
>>> Password:
>>> [root at localhost intelmetool]# make
>>> gcc -Wall -O0 -g -I. -c me_status.c -o me_status.o
>>> gcc -Wall -O0 -g -I. -c me.c -o me.o
>>> me.c: In function ‘mei_dump’:
>>> me.c:63:18: warning: variable ‘csr’ set but not used
>>> [-Wunused-but-set-variable]
>>> struct mei_csr *csr;
>>> ^~~
>>> gcc -Wall -O0 -g -I. -c mmap.c -o mmap.o
>>> mmap.c: In function ‘map_physical_exact’:
>>> mmap.c:11:26: warning: passing argument 1 of ‘mmap’ makes pointer from
>>> integer without a cast [-Wint-conversion]
>>> virt_addr = mmap(mapto, len, PROT_WRITE | PROT_READ,
>>> MAP_SHARED|MAP_FIXED,
>>> ^~~~~
>>> In file included from mmap.h:4:0,
>>> from mmap.c:1:
>>> /usr/include/sys/mman.h:57:14: note: expected ‘void *’ but argument is of
>>> type ‘uint64_t {aka long unsigned int}’
>>> extern void *mmap (void *__addr, size_t __len, int __prot,
>>> ^~~~
>>> gcc -Wall -O0 -g -I. -o intelmetool intelmetool.o me_status.o me.o mmap.o
>>> -lpci
>>> [root at localhost intelmetool]# date
>>> Wed Dec 28 17:07:26 CET 2016
>>> [root at localhost intelmetool]# ls -al
>>> total 228
>>> drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:07 .
>>> drwxrwxr-x. 3 zoran zoran 4096 Dec 28 17:06 ..
>>> drwxrwxr-x. 8 zoran zoran 4096 Dec 28 17:06 .git
>>> -rw-rw-r--. 1 zoran zoran 16 Dec 28 17:06 .gitignore
>>> -rwxr-xr-x. 1 root root 47008 Dec 28 17:07 intelmetool
>>> -rw-rw-r--. 1 zoran zoran 8956 Dec 28 17:06 intelmetool.c
>>> -rw-rw-r--. 1 zoran zoran 9783 Dec 28 17:06 intelmetool.h
>>> -rw-rw-r--. 1 zoran zoran 22144 Dec 28 17:06 intelmetool.o
>>> -rw-rw-r--. 1 zoran zoran 532 Dec 28 17:06 LICENSE
>>> -rw-rw-r--. 1 zoran zoran 351 Dec 28 17:06 Makefile
>>> -rw-rw-r--. 1 zoran zoran 16810 Dec 28 17:06 me.c
>>> -rw-rw-r--. 1 zoran zoran 10622 Dec 28 17:06 me.h
>>> -rw-r--r--. 1 root root 28984 Dec 28 17:07 me.o
>>> -rw-rw-r--. 1 zoran zoran 7246 Dec 28 17:06 me_status.c
>>> -rw-r--r--. 1 root root 15704 Dec 28 17:07 me_status.o
>>> -rw-rw-r--. 1 zoran zoran 1109 Dec 28 17:06 mmap.c
>>> -rw-rw-r--. 1 zoran zoran 224 Dec 28 17:06 mmap.h
>>> -rw-r--r--. 1 root root 7648 Dec 28 17:07 mmap.o
>>> -rw-rw-r--. 1 zoran zoran 90 Dec 28 17:06 README.md
>>> [root at localhost intelmetool]# ./intelmetool
>>> ME is not present on your board because we found a `82371AB/EB/MB PIIX4
>>> ISA`, you are safe, exiting
>>> [root at localhost intelmetool]#
>>> _______
>>>
>>> Do NOT forget: I run Fedora rawhide on VMWorkstation 12.5.2 Type 2 HYP on
>>> the top of WIN10 64 Pro!
>>>
>>> Please, do the same on Mint18 distro on raw HW, and see if this will give
>>> you some different results then what you have presently?
>>>
>>> Please, let us know!
>>>
>>> Zoran
>>>
>>> On Wed, Dec 28, 2016 at 11:06 AM, Shawn <citypw at gmail.com> wrote:
>>>>
>>>> Hi Zoran,
>>>>
>>>> I created hwdb.bin via:
>>>>
>>>> # udevadm hwdb --update
>>>>
>>>> The result is still "segfault". dmesg:
>>>>
>>>> [ 972.044664] intelmetool[5055]: segfault at 16 ip 000000000040169e
>>>> sp 000072ed96a44680 error 4 in intelmetool[400000+6000]
>>>> [ 972.044674] grsec: Segmentation fault occurred at 0000000000000016
>>>> in /usr/local/bin/intelmetool[intelmetool:5055] uid/euid:0/0
>>>> gid/egid:0/0, parent /bin/bash[bash:4332] uid/euid:0/0 gid/egid:0/0
>>>> [ 972.044685] grsec: denied resource overstep by requesting 4096 for
>>>> RLIMIT_CORE against limit 0 for
>>>> /usr/local/bin/intelmetool[intelmetool:5055] uid/euid:0/0
>>>> gid/egid:0/0, parent /bin/bash[bash:4332] uid/euid:0/0 gid/egid:0/0
>>>>
>>>>
>>>> On Mon, Dec 26, 2016 at 9:49 PM, Zoran Stojsavljevic
>>>> <zoran.stojsavljevic at gmail.com> wrote:
>>>> > Not sure if your strace log has anything to do with intelmetool.
>>>> >
>>>> > I did on your strace log the following (and in RED is possible cause of
>>>> > your
>>>> > problems):
>>>> >
>>>> > [zoran at localhost projects]$ cat crash.log | grep ENOENT
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > open("/usr/share/misc/pci.ids.gz", O_RDONLY) = -1 ENOENT (No such file
>>>> > or
>>>> > directory)
>>>> > connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110)
>>>> > = -1
>>>> > ENOENT (No such file or directory)
>>>> > connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110)
>>>> > = -1
>>>> > ENOENT (No such file or directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > open("/root/.pciids-cache", O_RDONLY) = -1 ENOENT (No such file or
>>>> > directory)
>>>> > open("/etc/systemd/hwdb/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No
>>>> > such
>>>> > file or directory)
>>>> > open("/etc/udev/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such
>>>> > file or
>>>> > directory)
>>>> > open("/usr/lib/systemd/hwdb/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT
>>>> > (No
>>>> > such file or directory)
>>>> > open("/lib/systemd/hwdb/hwdb.bin", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No
>>>> > such
>>>> > file or directory)
>>>> > [zoran at localhost projects]$
>>>> >
>>>> > I guess, you have one very important missing file in your Linux
>>>> > configuration, this one: /etc/systemd/hwdb/hwdb.bin...
>>>> > /etc/udev/hwdb.bin ?!
>>>> >
>>>> > Here is good read:
>>>> > https://www.freedesktop.org/software/systemd/man/hwdb.html
>>>> >
>>>> > http://www.dsm.fordham.edu/cgi-bin/man-cgi.pl?topic=systemd-hwdb&sect=8
>>>> >
>>>> > Have no idea who is creating this file, but you can check your Linux
>>>> > distro
>>>> > / tree with the following paths to find hwdb.bin:
>>>> >
>>>> > /etc/systemd/hwdb/hwdb.bin
>>>> > /etc/udev/hwdb.bin <<======= In my Fedora rawhide VM
>>>> > (future Fedora 26) I have here hwdb.bin =======
>>>> > /usr/lib/systemd/hwdb/hwdb.bin
>>>> > /lib/systemd/hwdb/hwdb.bin
>>>> >
>>>> > If you don't have in any, please, create one with the following link:
>>>> >
>>>> > http://www.dsm.fordham.edu/cgi-bin/man-cgi.pl?topic=systemd-hwdb&sect=8
>>>> >
>>>> > Please, let us know!
>>>> >
>>>> > Zoran
>>>> >
>>>> > On Mon, Dec 26, 2016 at 3:42 PM, Shawn <citypw at gmail.com> wrote:
>>>> >>
>>>> >> Hi,
>>>> >>
>>>> >> intelmetool occurs "segfault" on my laptop running Mint 18 with
>>>> >> PaX/Grsecurity 4.7.10. The PCI info:
>>>> >>
>>>> >> -[0000:00]-+-00.0 Intel Corporation Sky Lake Host Bridge/DRAM
>>>> >> Registers [8086:1904]
>>>> >> +-02.0 Intel Corporation Sky Lake Integrated Graphics
>>>> >> [8086:1916]
>>>> >> +-04.0 Intel Corporation Skylake Processor Thermal
>>>> >> Subsystem [8086:1903]
>>>> >> +-14.0 Intel Corporation Sunrise Point-LP USB 3.0 xHCI
>>>> >> Controller [8086:9d2f]
>>>> >> +-14.2 Intel Corporation Sunrise Point-LP Thermal
>>>> >> subsystem [8086:9d31]
>>>> >> +-15.0 Intel Corporation Sunrise Point-LP Serial IO I2C
>>>> >> Controller [8086:9d60]
>>>> >> +-15.1 Intel Corporation Sunrise Point-LP Serial IO I2C
>>>> >> Controller [8086:9d61]
>>>> >> +-16.0 Intel Corporation Sunrise Point-LP CSME HECI
>>>> >> [8086:9d3a]
>>>> >> +-1c.0-[01]----00.0 NVIDIA Corporation GM107M [GeForce GTX
>>>> >> 960M] [10de:139b]
>>>> >> +-1c.4-[02]----00.0 Samsung Electronics Co Ltd NVMe SSD
>>>> >> Controller [144d:a802]
>>>> >> +-1c.6-[03]----00.0 Qualcomm Atheros Killer E2400 Gigabit
>>>> >> Ethernet Controller [1969:e0a1]
>>>> >> +-1c.7-[04]----00.0 Qualcomm Atheros QCA6174 802.11ac
>>>> >> Wireless Network Adapter [168c:003e]
>>>> >> +-1d.0-[05]----00.0 Samsung Electronics Co Ltd NVMe SSD
>>>> >> Controller [144d:a802]
>>>> >> +-1d.2-[06-3e]--
>>>> >> +-1f.0 Intel Corporation Sunrise Point-LP LPC Controller
>>>> >> [8086:9d48]
>>>> >> +-1f.2 Intel Corporation Sunrise Point-LP PMC [8086:9d21]
>>>> >> +-1f.3 Intel Corporation Sunrise Point-LP HD Audio
>>>> >> [8086:9d70]
>>>> >> \-1f.4 Intel Corporation Sunrise Point-LP SMBus
>>>> >> [8086:9d23]
>>>> >>
>>>> >> The crash log was attached! I'm not sure if intelmetool support
>>>> >> Skylake as well. One tiny feature of PaX/Grsecurity prevent the ioperm
>>>> >> for killing the potential threats in case which
>>>> >> the adversary re-flash the SPI ROM once they get the root priv. It
>>>> >> does affect flashrom but intelmetool. I also ran intelmetool on the
>>>> >> distro( Mint 18) kernel and got the same result.
>>>> >>
>>>> >>
>>>> >> --
>>>> >> GNU powered it...
>>>> >> GPL protect it...
>>>> >> God blessing it...
>>>> >>
>>>> >> regards
>>>> >> Shawn
>>>> >>
>>>> >> --
>>>> >> coreboot mailing list: coreboot at coreboot.org
>>>> >> https://www.coreboot.org/mailman/listinfo/coreboot
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> GNU powered it...
>>>> GPL protect it...
>>>> God blessing it...
>>>>
>>>> regards
>>>> Shawn
>>>
>>>
>>
>
>
>
> --
> GNU powered it...
> GPL protect it...
> God blessing it...
>
> regards
> Shawn
--
GNU powered it...
GPL protect it...
God blessing it...
regards
Shawn
More information about the coreboot
mailing list