summaryrefslogtreecommitdiffstats
path: root/resources/utilities/ich9deblob
diff options
context:
space:
mode:
Diffstat (limited to 'resources/utilities/ich9deblob')
-rw-r--r--resources/utilities/ich9deblob/ich9deblob.c187
-rw-r--r--resources/utilities/ich9deblob/ich9desc.c200
2 files changed, 387 insertions, 0 deletions
diff --git a/resources/utilities/ich9deblob/ich9deblob.c b/resources/utilities/ich9deblob/ich9deblob.c
new file mode 100644
index 0000000..612c75d
--- /dev/null
+++ b/resources/utilities/ich9deblob/ich9deblob.c
@@ -0,0 +1,187 @@
+/*
+ * ich9deblob.c
+ *
+ * gcc -o ich9deblob ich9deblob.c ich9desc.c -I.
+ *
+ * Copyright (C) 2014 Steve Shenton <sgsit@libreboot.org>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include "ich9desc.c"
+
+#define DESCRIPTORREGIONSIZE 0x1000
+#define GBEREGIONSIZE 0x2000
+
+unsigned short GetChecksum(char* buffer, unsigned short desiredValue);
+unsigned short GetRegionWord(int i, char* buffer);
+
+int main(int argc, char *argv[])
+{
+ // check compiler bit-packs in a compatible way
+ struct DESCRIPTORREGIONRECORD descriptorRegion;
+ unsigned int descriptorRegionStructSize = sizeof(descriptorRegion);
+
+ if (DESCRIPTORREGIONSIZE != descriptorRegionStructSize){
+ printf("\nerror: compiler incompatibility: descriptor struct length is %i bytes (should be %i)\n", descriptorRegionStructSize, DESCRIPTORREGIONSIZE);
+ return 1;
+ }
+
+ char* factoryRomFilename = "factory.rom";
+ char* deblobbedDescriptorFilename = "deblobbed_descriptor.bin";
+
+ FILE* fp = NULL;
+ fp = fopen(factoryRomFilename, "rb");
+
+ if (NULL == fp)
+ {
+ printf("\nerror: could not open factory.rom\n");
+ return 1;
+ }
+
+ printf("\nfactory.rom opened successfully\n");
+
+ char descriptorBuffer[DESCRIPTORREGIONSIZE];
+
+ unsigned int readLen;
+ readLen = fread(descriptorBuffer, sizeof(char), DESCRIPTORREGIONSIZE, fp);
+ if (DESCRIPTORREGIONSIZE != readLen)
+ {
+ printf("\nerror: could not read descriptor from factory.rom (%i) bytes read\n", readLen);
+ return 1;
+ }
+
+ printf("\ndescriptor region read successfully\n");
+
+ // copy descriptor buffer into descriptor struct memory
+ memcpy(&descriptorRegion, &descriptorBuffer, DESCRIPTORREGIONSIZE);
+
+ // get original GBe region location
+ unsigned int flRegionBitShift = 12;
+ unsigned int gbeRegionLocation = descriptorRegion.regionSection.flReg3.BASE << flRegionBitShift;
+
+ fseek(fp, gbeRegionLocation, SEEK_SET);
+
+ char gbeBuffer[GBEREGIONSIZE];
+
+ readLen = fread(gbeBuffer, sizeof(char), GBEREGIONSIZE, fp);
+ if (GBEREGIONSIZE != readLen)
+ {
+ printf("\nerror: could not read GBe region from factory.rom (%i) bytes read\n", readLen);
+ return 1;
+ }
+
+ // get rom size
+ fseek(fp, 0L, SEEK_END);
+ int romSize = ftell(fp);
+
+ printf("\nfactory.rom size: [%i] bytes\n", romSize);
+
+ fclose(fp);
+
+ printf("\nOriginal Descriptor start block: %08x ; Descriptor end block: %08x\n", descriptorRegion.regionSection.flReg0.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg0.LIMIT << flRegionBitShift);
+ printf("Original BIOS start block: %08x ; BIOS end block: %08x\n", descriptorRegion.regionSection.flReg1.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg1.LIMIT << flRegionBitShift);
+ printf("Original ME start block: %08x ; ME end block: %08x\n", descriptorRegion.regionSection.flReg2.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg2.LIMIT << flRegionBitShift);
+ printf("Original GBe start block: %08x ; GBe end block: %08x\n", gbeRegionLocation, descriptorRegion.regionSection.flReg3.LIMIT << flRegionBitShift);
+
+ // set number of regions from 4 -> 2 (0 based)
+ descriptorRegion.flMaps.flMap0.NR = 2;
+
+ // make descriptor writable from OS.
+ descriptorRegion.masterAccessSection.flMstr1.fdRegionWriteAccess = 1;
+
+ // relocate BIOS region and increase size to fill image
+ descriptorRegion.regionSection.flReg1.BASE = 3;
+ descriptorRegion.regionSection.flReg1.LIMIT = ((romSize / 0x1000) - 1);
+
+ // set ME region size to 0
+ descriptorRegion.regionSection.flReg2.BASE = 0xFFF;
+ descriptorRegion.regionSection.flReg2.LIMIT = 0;
+
+ // relocate Gbe region
+ descriptorRegion.regionSection.flReg3.BASE = 1;
+ descriptorRegion.regionSection.flReg3.LIMIT = 2;
+
+ // set Platform region size to 0
+ descriptorRegion.regionSection.flReg4.BASE = 0xFFF;
+ descriptorRegion.regionSection.flReg4.LIMIT = 0;
+
+ // disable ME in ICHSTRAP0
+ descriptorRegion.ichStraps.ichStrap0.meDisable = 1;
+
+ // disable ME and TPM in MCHSTRAP0
+ descriptorRegion.mchStraps.mchStrap0.meDisable = 1;
+ descriptorRegion.mchStraps.mchStrap0.tpmDisable = 1;
+
+ // disable ME, apart from chipset bugfixes (ME region still required)
+ //descriptorRegion.mchStraps.mchStrap0.meAlternateDisable = 1;
+
+
+ printf("\nRelocated Descriptor start block: %08x ; Descriptor end block: %08x\n", descriptorRegion.regionSection.flReg0.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg0.LIMIT << flRegionBitShift);
+ printf("Relocated BIOS start block: %08x ; BIOS end block: %08x\n", descriptorRegion.regionSection.flReg1.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg1.LIMIT << flRegionBitShift);
+ printf("Relocated ME start block: %08x ; ME end block: %08x\n", descriptorRegion.regionSection.flReg2.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg2.LIMIT << flRegionBitShift);
+ printf("Relocated GBe start block: %08x ; GBe end block: %08x\n", descriptorRegion.regionSection.flReg3.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg3.LIMIT << flRegionBitShift);
+
+
+ char deblobbedDescriptorBuffer[DESCRIPTORREGIONSIZE];
+ memcpy(&deblobbedDescriptorBuffer, &descriptorRegion, DESCRIPTORREGIONSIZE);
+
+ remove(deblobbedDescriptorFilename);
+ fp = fopen(deblobbedDescriptorFilename, "ab");
+
+ if (DESCRIPTORREGIONSIZE != fwrite(deblobbedDescriptorBuffer, sizeof(char), DESCRIPTORREGIONSIZE, fp))
+ {
+ printf("\nerror: writing descriptor region failed\n");
+ return 1;
+ }
+
+ if (GBEREGIONSIZE != fwrite(gbeBuffer, sizeof(char), GBEREGIONSIZE, fp))
+ {
+ printf("\nerror: writing GBe region failed\n");
+ return 1;
+ }
+
+ fclose(fp);
+
+ printf("\ndeblobbed descriptor successfully created: deblobbed_descriptor.bin \n");
+
+ unsigned short gbeCalculatedChecksum = GetChecksum(gbeBuffer, 0xBABA); // observed values 0xBABA 0x3ABA 0x34BA. spec defined as 0xBABA.
+ unsigned short gbeChecksum = GetRegionWord(0x3F, gbeBuffer);
+
+ printf("\ncalculated Gbe checksum: 0x%hx actual GBe checksum: 0x%hx\n", gbeCalculatedChecksum, gbeChecksum);
+
+ return 0;
+}
+
+unsigned short GetChecksum(char* regionData, unsigned short desiredValue)
+{
+ unsigned short regionWord;
+ unsigned short checksum = 0;
+
+ int i;
+ for (i = 0; i < 0x3F; i++) {
+ regionWord = GetRegionWord(i, regionData);
+ checksum += regionWord;
+ }
+ checksum = desiredValue - checksum;
+ return checksum;
+}
+
+unsigned short GetRegionWord(int index, char* regionData)
+{
+ return *((unsigned short*)(regionData + (index * 2)));
+}
diff --git a/resources/utilities/ich9deblob/ich9desc.c b/resources/utilities/ich9deblob/ich9desc.c
new file mode 100644
index 0000000..f467be7
--- /dev/null
+++ b/resources/utilities/ich9deblob/ich9desc.c
@@ -0,0 +1,200 @@
+/*
+ * ich9desc.c
+ *
+ * Copyright (C) 2014 Steve Shenton <sgsit@libreboot.org>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+struct FLVALSIG{
+ unsigned int signature;
+};
+
+struct FLMAP0 {
+ unsigned char FCBA : 8;
+ unsigned char NC : 2;
+ unsigned char : 6;
+ unsigned char FRBA : 8;
+ unsigned char NR : 3;
+ unsigned char : 5;
+};
+
+struct FLMAP1 {
+ unsigned char FMBA : 8;
+ unsigned char NM : 3;
+ unsigned char : 5;
+ unsigned char FISBA : 8;
+ unsigned char ISL : 8;
+};
+
+struct FLMAP2 {
+ unsigned char FMSBA : 8;
+ unsigned char MSL : 8;
+ unsigned short : 16;
+};
+
+struct FLMAPS {
+ struct FLMAP0 flMap0;
+ struct FLMAP1 flMap1;
+ struct FLMAP2 flMap2;
+};
+
+struct FLCOMP {
+ unsigned char component1Density : 3;
+ unsigned char component2Density : 3;
+ unsigned char : 2;
+ unsigned char : 8;
+ unsigned char : 1;
+ unsigned char readClockFrequency : 3;
+ unsigned char fastReadSupport : 1;
+ unsigned char fastreadClockFrequency : 3;
+ unsigned char writeEraseClockFrequency : 3;
+ unsigned char readStatusClockFrequency : 3;
+ unsigned char : 2;
+};
+
+struct COMPONENTSECTIONRECORD {
+ struct FLCOMP flcomp;
+ unsigned int flill;
+ unsigned int flpb;
+ unsigned char padding[36];
+};
+
+struct FLREG {
+ unsigned short BASE : 13;
+ unsigned short : 3;
+ unsigned short LIMIT : 13;
+ unsigned short : 3;
+};
+
+struct REGIONSECTIONRECORD {
+ struct FLREG flReg0; // Descriptor
+ struct FLREG flReg1; // BIOS
+ struct FLREG flReg2; // ME
+ struct FLREG flReg3; // Gbe
+ struct FLREG flReg4; // Platform
+ unsigned char padding[12];
+};
+
+struct FLMSTR {
+ unsigned short requesterId : 16;
+ unsigned char fdRegionReadAccess : 1;
+ unsigned char biosRegionReadAccess : 1;
+ unsigned char meRegionReadAccess : 1;
+ unsigned char gbeRegionReadAccess : 1;
+ unsigned char pdRegionReadAccess : 1;
+ unsigned char reserved1 : 3;
+ unsigned char fdRegionWriteAccess : 1;
+ unsigned char biosRegionWriteAccess : 1;
+ unsigned char meRegionWriteAccess : 1;
+ unsigned char gbeRegionWriteAccess : 1;
+ unsigned char pdRegionWriteAccess : 1;
+ unsigned char reserved2 : 3;
+};
+
+
+struct MASTERACCESSSECTIONRECORD {
+ struct FLMSTR flMstr1;
+ struct FLMSTR flMstr2;
+ struct FLMSTR flMstr3;
+ unsigned char padding[148];
+};
+
+struct ICHSTRAP0 {
+ // todo: add MeSmBus2Sel (boring setting)
+ unsigned char meDisable : 1; // If true, ME is disabled.
+ unsigned char : 6;
+ unsigned char tcoMode : 1; // TCO Mode: (Legacy,TCO Mode) The TCO Mode, along with the BMCMODE strap, determines the behavior of the IAMT SmBus controller.
+ unsigned char smBusAddress : 7; // The ME SmBus 7-bit address.
+ unsigned char bmcMode : 1; // BMC mode: If true, device is in BMC mode. If Intel(R) AMT or ASF using Intel integrated LAN then this should be false.
+ unsigned char tripPointSelect : 1; // Trip Point Select: false the NJCLK input buffer is matched to 3.3v signal from the external PHY device, true is matched to 1.8v.
+ unsigned char : 2;
+ unsigned char integratedGbe : 1; // Integrated GbE or PCI Express select: (PCI Express,,Integrated GbE) Defines what PCIe Port 6 is used for.
+ unsigned char lanPhy : 1; // LANPHYPC_GP12_SEL: Set to 0 for GP12 to be used as GPIO (General Purpose Input/Output), or 1 for GP12 to be used for native mode as LAN_PHYPC for 82566 LCD device
+ unsigned char : 3;
+ unsigned char dmiRequesterId : 1; // DMI requestor ID security check disable: The primary purpose of this strap is to support server environments with multiple CPUs that each have a different RequesterID that can access the Flash.
+ unsigned char smBus2Address : 7; // The ME SmBus 2 7-bit address.
+};
+
+struct ICHSTRAP1 {
+ unsigned char northMlink : 1; // North MLink Dynamic Clock Gate Disable : Sets the default value for the South MLink Dynamic Clock Gate Enable registers.
+ unsigned char southMlink : 1; // South MLink Dynamic Clock Gate Enable : Sets the default value for the South MLink Dynamic Clock Gate Enable registers.
+ unsigned char meSmbus : 1; // ME SmBus Dynamic Clock Gate Enable : Sets the default value for the ME SMBus Dynamic Clock Gate Enable for both the ME SmBus controllers.
+ unsigned char sstDynamic : 1; // SST Dynamic Clock Gate Enable : Sets the default value for the SST Clock Gate Enable registers.
+ unsigned char : 4;
+ unsigned char northMlink2 : 1; // North MLink 2 Non-Posted Enable : 'true':North MLink supports two downstream non-posted requests. 'false':North MLink supports one downstream non-posted requests.
+ unsigned char : 7;
+ unsigned short : 16;
+};
+
+
+struct ICHSTRAPSRECORD {
+ struct ICHSTRAP0 ichStrap0;
+ struct ICHSTRAP1 ichStrap1;
+ unsigned char padding[248];
+};
+
+struct MCHSTRAP0 {
+ unsigned char meDisable : 1; // If true, ME is disabled.
+ unsigned char meBootFromFlash : 1; // ME boot from Flash - guessed location
+ unsigned char tpmDisable : 1; // iTPM Disable : When set true, iTPM Host Interface is disabled. When set false (default), iTPM is enabled.
+ unsigned char : 3;
+ unsigned char spiFingerprint : 1; // SPI Fingerprint Sensor Present: Indicates if an SPI Fingerprint sensor is present at CS#1.
+ unsigned char meAlternateDisable : 1; // ME Alternate Disable: Setting this bit allows ME to perform critical chipset functions but prevents loading of any ME FW applications.
+ unsigned char : 8;
+ unsigned short : 16;
+};
+
+struct MCHSTRAPSRECORD {
+ struct MCHSTRAP0 mchStrap0;
+ unsigned char padding[3292];
+};
+
+struct MEVSCCTABLERECORD {
+ unsigned int jid0;
+ unsigned int vscc0;
+ unsigned int jid1;
+ unsigned int vscc1;
+ unsigned int jid2;
+ unsigned int vscc2;
+ unsigned char padding[4];
+};
+
+struct DESCRIPTORMAP2RECORD {
+ unsigned char meVsccTableBaseAddress : 8;
+ unsigned char meVsccTableLength : 8;
+ unsigned short : 16;
+};
+
+struct OEMSECTIONRECORD {
+ unsigned char magicString[8];
+ unsigned char padding[248];
+};
+
+struct GBEREGIONRECORD {
+ unsigned char gbeRegion[8192]; //todo: implement and document this
+};
+
+struct DESCRIPTORREGIONRECORD {
+ struct FLVALSIG flValSig;
+ struct FLMAPS flMaps;
+ struct COMPONENTSECTIONRECORD componentSection;
+ struct REGIONSECTIONRECORD regionSection;
+ struct MASTERACCESSSECTIONRECORD masterAccessSection;
+ struct ICHSTRAPSRECORD ichStraps;
+ struct MCHSTRAPSRECORD mchStraps;
+ struct MEVSCCTABLERECORD meVsccTable;
+ struct DESCRIPTORMAP2RECORD descriptor2Map;
+ struct OEMSECTIONRECORD oemSection;
+};