diff options
author | Iru Cai | 2018-12-01 21:38:32 +0800 |
---|---|---|
committer | Iru Cai | 2018-12-01 21:38:32 +0800 |
commit | 4acfbe8d0933305829f34eb592937f146f080df7 (patch) | |
tree | cb59162799c5c8dade48c8d82859e2638ebf4660 | |
parent | b30ba26a9fb307f8ecdcd61807d09e5d8be71c9c (diff) | |
download | aur-4acfbe8d0933305829f34eb592937f146f080df7.tar.gz |
patch the autoport thing..., remove metool-bg.patch
-rw-r--r-- | PKGBUILD | 2 | ||||
-rw-r--r-- | metool-bg.patch | 442 |
2 files changed, 2 insertions, 442 deletions
@@ -37,6 +37,8 @@ prepare() { git config -f .gitmodules 'submodule.vboot.url' "$srcdir/vboot" git submodule sync -- 3rdparty/vboot git submodule update -- 3rdparty/vboot + + patch -p1 -i "$srcdir/autoport-tool-paths.patch" } build() { diff --git a/metool-bg.patch b/metool-bg.patch deleted file mode 100644 index ef6acfa7bdba..000000000000 --- a/metool-bg.patch +++ /dev/null @@ -1,442 +0,0 @@ -commit 125f14a2622e2086de2a1b96660605dd50f1ce85 -Author: Philipp Deppenwiese <zaolin@das-labor.org> -Date: Fri Aug 26 02:10:51 2016 +0200 - - util/intelmetool: Add bootguard information dump support - - With this implementation it's possible to detect the state - of bootguard in intel based systems. Currently it's WIP and - in a testphase. Handle it with care! - - Change-Id: Ifeec8e20fa8efc35d7db4c6a84be1f118dccfc4a - Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> - -diff --git a/util/intelmetool/Makefile b/util/intelmetool/Makefile -index 8857d954cd..8ae774d86d 100644 ---- a/util/intelmetool/Makefile -+++ b/util/intelmetool/Makefile -@@ -20,7 +20,7 @@ PREFIX ?= /usr/local - CFLAGS ?= -O0 -g -Wall -W -Wno-unused-parameter -Wno-sign-compare -Wno-unused-function - LDFLAGS += -lpci -lz - --OBJS = intelmetool.o me.o me_status.o mmap.o -+OBJS = intelmetool.o me.o me_status.o mmap.o msr.o - - OS_ARCH = $(shell uname) - ifeq ($(OS_ARCH), Darwin) -diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c -index 2acfec223e..3d3f8e9981 100644 ---- a/util/intelmetool/intelmetool.c -+++ b/util/intelmetool/intelmetool.c -@@ -16,6 +16,8 @@ - #include <stdlib.h> - #include <getopt.h> - #include <unistd.h> -+#include <string.h> -+#include <cpuid.h> - - #ifdef __NetBSD__ - #include <machine/sysarch.h> -@@ -23,6 +25,7 @@ - - #include "me.h" - #include "mmap.h" -+#include "msr.h" - #include "intelmetool.h" - - #define FD2 0x3428 -@@ -34,6 +37,7 @@ int debug = 0; - static uint32_t fd2 = 0; - static const int size = 0x4000; - static volatile uint8_t *rcba; -+static char cpu_id[CPU_ID_SIZE] = { 0 }; - - static void dumpmem(uint8_t *phys, uint32_t size) - { -@@ -73,6 +77,17 @@ static void rehide_me(void) - } - } - -+static void get_cpu_id(char *id) -+{ -+ regs_t regs; -+ unsigned int level = 0; -+ unsigned int eax = 0; -+ -+ __get_cpuid(level, &eax, ®s.ebx, ®s.ecx, ®s.edx); -+ -+ memcpy(id, (char *)®s, CPU_ID_SIZE); -+} -+ - /* You need >4GB total ram, in kernel cmdline, use 'mem=1000m' - * then this code will clone to absolute memory address 0xe0000000 - * which can be read using a mmap tool at that offset. -@@ -296,10 +311,62 @@ static void dump_me_info(void) - munmap((void*)rcba, size); - } - -+static void dump_bootguard_info(void) -+{ -+ struct pci_dev *dev; -+ uint32_t stat = 0; -+ char namebuf[1024]; -+ const char *name; -+ uint64_t bootguard = 0; -+ -+ if (msr_bootguard(&bootguard, debug) < 0) -+ return; -+ -+ pci_platform_scan(); -+ dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf)); -+ activate_me(); -+ -+ if (dev) -+ stat = pci_read_long(dev, 0x40); -+ -+ if (debug) { -+ printf("BootGuard MSR Output: 0x%" PRIx64 "\n", bootguard); -+ bootguard &= ~0xff; -+ } -+ -+ if (BOOTGUARD_CAPABILITY(bootguard)) { -+ print_cap("BootGuard ", 1); -+ if (dev && (stat & 0x10)) { -+ printf(CYEL "Your southbridge configuration is insecure!! BootGuard keys can be overwritten or wiped or you are in developer mode.\n" RESET); -+ } -+ switch (bootguard) { -+ case BOOTGUARD_DISABLED: -+ printf("ME Capability: BootGuard Mode : " CGRN "Disabled\n" RESET); -+ printf(CGRN "\nYour system is bootguard ready but your vendor disabled it. You can flash other firmware!\n" RESET); -+ break; -+ case BOOTGUARD_ENABLED_COMBI_MODE: -+ printf("ME Capability: BootGuard Mode : " CRED "Verified & Measured Boot\n" RESET); -+ printf(CRED "\nYou can't flash other firmware. Verified boot is enabled!\n" RESET); -+ break; -+ case BOOTGUARD_ENABLED_MEASUREMENT_MODE: -+ printf("ME Capability: BootGuard Mode : " CGRN "Measured Boot\n" RESET); -+ printf(CGRN "\nYour system is bootguard ready but only running the measured boot mode. You can flash other firmware!\n" RESET); -+ break; -+ case BOOTGUARD_ENABLED_VERIFIED_MODE: -+ printf("ME Capability: BootGuard Mode : " CRED "Verified Boot\n" RESET); -+ printf(CRED "\nYou can't flash other firmware. Verified boot is enabled!\n" RESET); -+ break; -+ } -+ } else { -+ print_cap("BootGuard ", 0); -+ printf(CGRN "\nYour system isn't bootguard ready. You can flash other firmware!\n" RESET); -+ } -+} -+ - static void print_version(void) - { - printf("intelmetool v%s -- ", INTELMETOOL_VERSION); -- printf("Copyright (C) 2015 Damien Zammit\n\n"); -+ printf("Copyright (C) 2016 Damien Zammit, Philipp Deppenwiese\n\n"); - printf( - "This program is free software: you can redistribute it and/or modify\n" - "it under the terms of the GNU General Public License as published by\n" -@@ -312,13 +379,14 @@ static void print_version(void) - - static void print_usage(const char *name) - { -- printf("usage: %s [-vh?sd]\n", name); -+ printf("usage: %s [-vh?mdb]\n", name); - printf("\n" -- " -v | --version: print the version\n" -- " -h | --help: print this help\n\n" -- " -s | --show: dump all me information on console\n" -- " -d | --debug: enable debug output\n" -- "\n"); -+ " -v | --version print the version\n" -+ " -h | --help print this help\n\n" -+ " -m | --me dump all me related information on console\n" -+ " -b | --bootguard dump bootguard state of the platform\n" -+ " -d | --debug enable debug output\n" -+ "\n"); - exit(1); - } - -@@ -330,21 +398,25 @@ int main(int argc, char *argv[]) - static struct option long_options[] = { - {"version", 0, 0, 'v'}, - {"help", 0, 0, 'h'}, -- {"show", 0, 0, 's'}, -+ {"me", 0, 0, 'm'}, -+ {"bootguard", 0, 0, 'b'}, - {"debug", 0, 0, 'd'}, - {0, 0, 0, 0} - }; - -- while ((opt = getopt_long(argc, argv, "vh?sd", -- long_options, &option_index)) != EOF) { -+ while ((opt = getopt_long(argc, argv, "vh?mdb", -+ long_options, &option_index)) != EOF) { - switch (opt) { - case 'v': - print_version(); - exit(0); - break; -- case 's': -+ case 'm': - cmd_exec = 1; - break; -+ case 'b': -+ cmd_exec = 2; -+ break; - case 'd': - debug = 1; - break; -@@ -358,37 +430,48 @@ int main(int argc, char *argv[]) - } - - #if defined(__FreeBSD__) -- if (open("/dev/io", O_RDWR) < 0) { -- perror("/dev/io"); -+ if (open("/dev/io", O_RDWR) < 0) { -+ perror("/dev/io"); - #elif defined(__NetBSD__) - # ifdef __i386__ -- if (i386_iopl(3)) { -- perror("iopl"); -+ if (i386_iopl(3)) { -+ perror("iopl"); - # else -- if (x86_64_iopl(3)) { -- perror("iopl"); -+ if (x86_64_iopl(3)) { -+ perror("iopl"); - # endif - #else -- if (iopl(3)) { -- perror("iopl"); -+ if (iopl(3)) { -+ perror("iopl"); - #endif -- printf("You need to be root.\n"); -- exit(1); -- } -+ printf("You need to be root.\n"); -+ exit(1); -+ } - - #ifndef __DARWIN__ -- if ((fd_mem = open("/dev/mem", O_RDWR)) < 0) { -- perror("Can not open /dev/mem"); -- exit(1); -- } -+ fd_mem = open("/dev/mem", O_RDWR); -+ if (fd_mem < 0) { -+ perror("Can not open /dev/mem"); -+ exit(1); -+ } -+ -+ get_cpu_id(cpu_id); -+ if (strncmp(cpu_id, "GenuineIntel", CPU_ID_SIZE-1)) { -+ perror("Error CPU is not from Intel."); -+ exit(1); -+ } - #endif - - switch(cmd_exec) { - case 1: - dump_me_info(); - break; -+ case 2: -+ dump_bootguard_info(); -+ break; - default: -- print_usage(argv[0]); -+ dump_me_info(); -+ dump_bootguard_info(); - break; - } - -diff --git a/util/intelmetool/intelmetool.h b/util/intelmetool/intelmetool.h -index b5fe35ae1a..384c0b4fd3 100644 ---- a/util/intelmetool/intelmetool.h -+++ b/util/intelmetool/intelmetool.h -@@ -22,7 +22,7 @@ - #define ME_PRESENT_CAN_DISABLE 4 - #define ME_PRESENT_CANNOT_DISABLE 5 - --#define INTELMETOOL_VERSION "1.0" -+#define INTELMETOOL_VERSION "1.1" - - #if defined(__GLIBC__) - #include <sys/io.h> -@@ -48,7 +48,13 @@ - #define CWHT "\x1B[37m" - #define RESET "\033[0m" - -+#define CPU_ID_SIZE 13 -+#define FD2 0x3428 -+#define ME_COMMAND_DELAY 10000 -+#define ME_MESSAGE_LEN 256 -+ - extern int debug; -+extern void print_cap(const char *name, int state); - - #define PCI_VENDOR_ID_INTEL 0x8086 - -diff --git a/util/intelmetool/me.c b/util/intelmetool/me.c -index ff73aee2d6..1ee5b4121d 100644 ---- a/util/intelmetool/me.c -+++ b/util/intelmetool/me.c -@@ -423,7 +423,7 @@ int mkhi_get_fw_version(void) - return 0; - } - --static inline void print_cap(const char *name, int state) -+void print_cap(const char *name, int state) - { - printf("ME Capability: %-30s : %s\n", - name, state ? CRED "ON" RESET : CGRN "OFF" RESET); -diff --git a/util/intelmetool/me.h b/util/intelmetool/me.h -index 76ee245753..d0f425264c 100644 ---- a/util/intelmetool/me.h -+++ b/util/intelmetool/me.h -@@ -20,6 +20,8 @@ - #include <inttypes.h> - #include <pci/pci.h> - -+#include "intelmetool.h" -+ - #define ME_RETRY 100000 /* 1 second */ - #define ME_DELAY 10 /* 10 us */ - -diff --git a/util/intelmetool/msr.c b/util/intelmetool/msr.c -new file mode 100644 -index 0000000000..82181da4ea ---- /dev/null -+++ b/util/intelmetool/msr.c -@@ -0,0 +1,80 @@ -+/* intelmetool -+ * -+ * Copyright (C) 2013-2016 Philipp Deppenwiese <zaolin@das-labor.org>, -+ * Copyright (C) 2013-2016 Alexander Couzens <lynxis@fe80.eu> -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation; either version 2 of -+ * the License, or any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ */ -+ -+#include <fcntl.h> -+#include <unistd.h> -+#include <stdio.h> -+#include <stdlib.h> -+#include <string.h> -+#include <errno.h> -+ -+#include "msr.h" -+ -+#ifndef __DARWIN__ -+static int fd_msr = 0; -+ -+static uint64_t rdmsr(int addr) -+{ -+ uint32_t buf[2]; -+ uint64_t msr = 0; -+ -+ if (lseek(fd_msr, (off_t)addr, SEEK_SET) == -1) { -+ perror("Could not lseek() to MSR"); -+ close(fd_msr); -+ return -1; -+ } -+ -+ if (read(fd_msr, buf, 8) == 8) { -+ msr = buf[1]; -+ msr <<= 32; -+ msr |= buf[0]; -+ close(fd_msr); -+ return msr; -+ } -+ -+ if (errno == EIO) { -+ perror("IO error couldn't read MSR."); -+ close(fd_msr); -+ return -2; -+ } else { -+ perror("Couldn't read() MSR"); -+ close(fd_msr); -+ return -1; -+ } -+ -+ return msr; -+} -+#endif -+ -+int msr_bootguard(uint64_t *msr, int debug) -+{ -+ -+#ifndef __DARWIN__ -+ fd_msr = open("/dev/cpu/0/msr", O_RDONLY); -+ if (fd_msr < 0) { -+ perror("Error while opening /dev/cpu/0/msr"); -+ printf("Did you run 'modprobe msr'?\n"); -+ return -1; -+ } -+ -+ *msr = rdmsr(MSR_BOOTGUARD); -+#endif -+ -+ if (!debug) -+ *msr &= ~0xff; -+ -+ return 0; -+} -diff --git a/util/intelmetool/msr.h b/util/intelmetool/msr.h -new file mode 100644 -index 0000000000..2958ff6b40 ---- /dev/null -+++ b/util/intelmetool/msr.h -@@ -0,0 +1,44 @@ -+/* intelmetool -+ * -+ * Copyright (C) 2013-2016 Philipp Deppenwiese <zaolin@das-labor.org> -+ * Copyright (C) 2013-2016 Alexander Couzens <lynxis@fe80.eu> -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation; either version 2 of -+ * the License, or any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ */ -+ -+#include <inttypes.h> -+#include <stdlib.h> -+#include <fcntl.h> -+#include <sys/mman.h> -+#include <stdio.h> -+ -+#define MSR_BOOTGUARD 0x13A -+ -+#define BOOTGUARD_DISABLED 0x400000000 -+#define BOOTGUARD_ENABLED_VERIFIED_MODE 0x100000000 -+#define BOOTGUARD_ENABLED_MEASUREMENT_MODE 0x200000000 -+#define BOOTGUARD_ENABLED_COMBI_MODE 0x300000000 -+#define BOOTGUARD_CAPABILITY(x) \ -+ (((x) == BOOTGUARD_DISABLED) || \ -+ ((x) == BOOTGUARD_ENABLED_VERIFIED_MODE) || \ -+ ((x) == BOOTGUARD_ENABLED_MEASUREMENT_MODE) || \ -+ ((x) == BOOTGUARD_ENABLED_COMBI_MODE)) -+ -+#ifndef __DARWIN__ -+ -+typedef struct { -+ unsigned int ebx; -+ unsigned int edx; -+ unsigned int ecx; -+} regs_t; -+ -+extern int msr_bootguard(uint64_t *msr, int debug); -+#endif |