diff options
Diffstat (limited to 'resources/utilities/ich9deblob')
-rw-r--r-- | resources/utilities/ich9deblob/ich9deblob.c | 187 | ||||
-rw-r--r-- | resources/utilities/ich9deblob/ich9desc.c | 200 |
2 files changed, 387 insertions, 0 deletions
diff --git a/resources/utilities/ich9deblob/ich9deblob.c b/resources/utilities/ich9deblob/ich9deblob.c new file mode 100644 index 0000000..612c75d --- /dev/null +++ b/resources/utilities/ich9deblob/ich9deblob.c @@ -0,0 +1,187 @@ +/* + * ich9deblob.c + * + * gcc -o ich9deblob ich9deblob.c ich9desc.c -I. + * + * Copyright (C) 2014 Steve Shenton <sgsit@libreboot.org> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include <stdio.h> +#include <string.h> +#include "ich9desc.c" + +#define DESCRIPTORREGIONSIZE 0x1000 +#define GBEREGIONSIZE 0x2000 + +unsigned short GetChecksum(char* buffer, unsigned short desiredValue); +unsigned short GetRegionWord(int i, char* buffer); + +int main(int argc, char *argv[]) +{ + // check compiler bit-packs in a compatible way + struct DESCRIPTORREGIONRECORD descriptorRegion; + unsigned int descriptorRegionStructSize = sizeof(descriptorRegion); + + if (DESCRIPTORREGIONSIZE != descriptorRegionStructSize){ + printf("\nerror: compiler incompatibility: descriptor struct length is %i bytes (should be %i)\n", descriptorRegionStructSize, DESCRIPTORREGIONSIZE); + return 1; + } + + char* factoryRomFilename = "factory.rom"; + char* deblobbedDescriptorFilename = "deblobbed_descriptor.bin"; + + FILE* fp = NULL; + fp = fopen(factoryRomFilename, "rb"); + + if (NULL == fp) + { + printf("\nerror: could not open factory.rom\n"); + return 1; + } + + printf("\nfactory.rom opened successfully\n"); + + char descriptorBuffer[DESCRIPTORREGIONSIZE]; + + unsigned int readLen; + readLen = fread(descriptorBuffer, sizeof(char), DESCRIPTORREGIONSIZE, fp); + if (DESCRIPTORREGIONSIZE != readLen) + { + printf("\nerror: could not read descriptor from factory.rom (%i) bytes read\n", readLen); + return 1; + } + + printf("\ndescriptor region read successfully\n"); + + // copy descriptor buffer into descriptor struct memory + memcpy(&descriptorRegion, &descriptorBuffer, DESCRIPTORREGIONSIZE); + + // get original GBe region location + unsigned int flRegionBitShift = 12; + unsigned int gbeRegionLocation = descriptorRegion.regionSection.flReg3.BASE << flRegionBitShift; + + fseek(fp, gbeRegionLocation, SEEK_SET); + + char gbeBuffer[GBEREGIONSIZE]; + + readLen = fread(gbeBuffer, sizeof(char), GBEREGIONSIZE, fp); + if (GBEREGIONSIZE != readLen) + { + printf("\nerror: could not read GBe region from factory.rom (%i) bytes read\n", readLen); + return 1; + } + + // get rom size + fseek(fp, 0L, SEEK_END); + int romSize = ftell(fp); + + printf("\nfactory.rom size: [%i] bytes\n", romSize); + + fclose(fp); + + printf("\nOriginal Descriptor start block: %08x ; Descriptor end block: %08x\n", descriptorRegion.regionSection.flReg0.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg0.LIMIT << flRegionBitShift); + printf("Original BIOS start block: %08x ; BIOS end block: %08x\n", descriptorRegion.regionSection.flReg1.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg1.LIMIT << flRegionBitShift); + printf("Original ME start block: %08x ; ME end block: %08x\n", descriptorRegion.regionSection.flReg2.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg2.LIMIT << flRegionBitShift); + printf("Original GBe start block: %08x ; GBe end block: %08x\n", gbeRegionLocation, descriptorRegion.regionSection.flReg3.LIMIT << flRegionBitShift); + + // set number of regions from 4 -> 2 (0 based) + descriptorRegion.flMaps.flMap0.NR = 2; + + // make descriptor writable from OS. + descriptorRegion.masterAccessSection.flMstr1.fdRegionWriteAccess = 1; + + // relocate BIOS region and increase size to fill image + descriptorRegion.regionSection.flReg1.BASE = 3; + descriptorRegion.regionSection.flReg1.LIMIT = ((romSize / 0x1000) - 1); + + // set ME region size to 0 + descriptorRegion.regionSection.flReg2.BASE = 0xFFF; + descriptorRegion.regionSection.flReg2.LIMIT = 0; + + // relocate Gbe region + descriptorRegion.regionSection.flReg3.BASE = 1; + descriptorRegion.regionSection.flReg3.LIMIT = 2; + + // set Platform region size to 0 + descriptorRegion.regionSection.flReg4.BASE = 0xFFF; + descriptorRegion.regionSection.flReg4.LIMIT = 0; + + // disable ME in ICHSTRAP0 + descriptorRegion.ichStraps.ichStrap0.meDisable = 1; + + // disable ME and TPM in MCHSTRAP0 + descriptorRegion.mchStraps.mchStrap0.meDisable = 1; + descriptorRegion.mchStraps.mchStrap0.tpmDisable = 1; + + // disable ME, apart from chipset bugfixes (ME region still required) + //descriptorRegion.mchStraps.mchStrap0.meAlternateDisable = 1; + + + printf("\nRelocated Descriptor start block: %08x ; Descriptor end block: %08x\n", descriptorRegion.regionSection.flReg0.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg0.LIMIT << flRegionBitShift); + printf("Relocated BIOS start block: %08x ; BIOS end block: %08x\n", descriptorRegion.regionSection.flReg1.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg1.LIMIT << flRegionBitShift); + printf("Relocated ME start block: %08x ; ME end block: %08x\n", descriptorRegion.regionSection.flReg2.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg2.LIMIT << flRegionBitShift); + printf("Relocated GBe start block: %08x ; GBe end block: %08x\n", descriptorRegion.regionSection.flReg3.BASE << flRegionBitShift, descriptorRegion.regionSection.flReg3.LIMIT << flRegionBitShift); + + + char deblobbedDescriptorBuffer[DESCRIPTORREGIONSIZE]; + memcpy(&deblobbedDescriptorBuffer, &descriptorRegion, DESCRIPTORREGIONSIZE); + + remove(deblobbedDescriptorFilename); + fp = fopen(deblobbedDescriptorFilename, "ab"); + + if (DESCRIPTORREGIONSIZE != fwrite(deblobbedDescriptorBuffer, sizeof(char), DESCRIPTORREGIONSIZE, fp)) + { + printf("\nerror: writing descriptor region failed\n"); + return 1; + } + + if (GBEREGIONSIZE != fwrite(gbeBuffer, sizeof(char), GBEREGIONSIZE, fp)) + { + printf("\nerror: writing GBe region failed\n"); + return 1; + } + + fclose(fp); + + printf("\ndeblobbed descriptor successfully created: deblobbed_descriptor.bin \n"); + + unsigned short gbeCalculatedChecksum = GetChecksum(gbeBuffer, 0xBABA); // observed values 0xBABA 0x3ABA 0x34BA. spec defined as 0xBABA. + unsigned short gbeChecksum = GetRegionWord(0x3F, gbeBuffer); + + printf("\ncalculated Gbe checksum: 0x%hx actual GBe checksum: 0x%hx\n", gbeCalculatedChecksum, gbeChecksum); + + return 0; +} + +unsigned short GetChecksum(char* regionData, unsigned short desiredValue) +{ + unsigned short regionWord; + unsigned short checksum = 0; + + int i; + for (i = 0; i < 0x3F; i++) { + regionWord = GetRegionWord(i, regionData); + checksum += regionWord; + } + checksum = desiredValue - checksum; + return checksum; +} + +unsigned short GetRegionWord(int index, char* regionData) +{ + return *((unsigned short*)(regionData + (index * 2))); +} diff --git a/resources/utilities/ich9deblob/ich9desc.c b/resources/utilities/ich9deblob/ich9desc.c new file mode 100644 index 0000000..f467be7 --- /dev/null +++ b/resources/utilities/ich9deblob/ich9desc.c @@ -0,0 +1,200 @@ +/* + * ich9desc.c + * + * Copyright (C) 2014 Steve Shenton <sgsit@libreboot.org> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +struct FLVALSIG{ + unsigned int signature; +}; + +struct FLMAP0 { + unsigned char FCBA : 8; + unsigned char NC : 2; + unsigned char : 6; + unsigned char FRBA : 8; + unsigned char NR : 3; + unsigned char : 5; +}; + +struct FLMAP1 { + unsigned char FMBA : 8; + unsigned char NM : 3; + unsigned char : 5; + unsigned char FISBA : 8; + unsigned char ISL : 8; +}; + +struct FLMAP2 { + unsigned char FMSBA : 8; + unsigned char MSL : 8; + unsigned short : 16; +}; + +struct FLMAPS { + struct FLMAP0 flMap0; + struct FLMAP1 flMap1; + struct FLMAP2 flMap2; +}; + +struct FLCOMP { + unsigned char component1Density : 3; + unsigned char component2Density : 3; + unsigned char : 2; + unsigned char : 8; + unsigned char : 1; + unsigned char readClockFrequency : 3; + unsigned char fastReadSupport : 1; + unsigned char fastreadClockFrequency : 3; + unsigned char writeEraseClockFrequency : 3; + unsigned char readStatusClockFrequency : 3; + unsigned char : 2; +}; + +struct COMPONENTSECTIONRECORD { + struct FLCOMP flcomp; + unsigned int flill; + unsigned int flpb; + unsigned char padding[36]; +}; + +struct FLREG { + unsigned short BASE : 13; + unsigned short : 3; + unsigned short LIMIT : 13; + unsigned short : 3; +}; + +struct REGIONSECTIONRECORD { + struct FLREG flReg0; // Descriptor + struct FLREG flReg1; // BIOS + struct FLREG flReg2; // ME + struct FLREG flReg3; // Gbe + struct FLREG flReg4; // Platform + unsigned char padding[12]; +}; + +struct FLMSTR { + unsigned short requesterId : 16; + unsigned char fdRegionReadAccess : 1; + unsigned char biosRegionReadAccess : 1; + unsigned char meRegionReadAccess : 1; + unsigned char gbeRegionReadAccess : 1; + unsigned char pdRegionReadAccess : 1; + unsigned char reserved1 : 3; + unsigned char fdRegionWriteAccess : 1; + unsigned char biosRegionWriteAccess : 1; + unsigned char meRegionWriteAccess : 1; + unsigned char gbeRegionWriteAccess : 1; + unsigned char pdRegionWriteAccess : 1; + unsigned char reserved2 : 3; +}; + + +struct MASTERACCESSSECTIONRECORD { + struct FLMSTR flMstr1; + struct FLMSTR flMstr2; + struct FLMSTR flMstr3; + unsigned char padding[148]; +}; + +struct ICHSTRAP0 { + // todo: add MeSmBus2Sel (boring setting) + unsigned char meDisable : 1; // If true, ME is disabled. + unsigned char : 6; + unsigned char tcoMode : 1; // TCO Mode: (Legacy,TCO Mode) The TCO Mode, along with the BMCMODE strap, determines the behavior of the IAMT SmBus controller. + unsigned char smBusAddress : 7; // The ME SmBus 7-bit address. + unsigned char bmcMode : 1; // BMC mode: If true, device is in BMC mode. If Intel(R) AMT or ASF using Intel integrated LAN then this should be false. + unsigned char tripPointSelect : 1; // Trip Point Select: false the NJCLK input buffer is matched to 3.3v signal from the external PHY device, true is matched to 1.8v. + unsigned char : 2; + unsigned char integratedGbe : 1; // Integrated GbE or PCI Express select: (PCI Express,,Integrated GbE) Defines what PCIe Port 6 is used for. + unsigned char lanPhy : 1; // LANPHYPC_GP12_SEL: Set to 0 for GP12 to be used as GPIO (General Purpose Input/Output), or 1 for GP12 to be used for native mode as LAN_PHYPC for 82566 LCD device + unsigned char : 3; + unsigned char dmiRequesterId : 1; // DMI requestor ID security check disable: The primary purpose of this strap is to support server environments with multiple CPUs that each have a different RequesterID that can access the Flash. + unsigned char smBus2Address : 7; // The ME SmBus 2 7-bit address. +}; + +struct ICHSTRAP1 { + unsigned char northMlink : 1; // North MLink Dynamic Clock Gate Disable : Sets the default value for the South MLink Dynamic Clock Gate Enable registers. + unsigned char southMlink : 1; // South MLink Dynamic Clock Gate Enable : Sets the default value for the South MLink Dynamic Clock Gate Enable registers. + unsigned char meSmbus : 1; // ME SmBus Dynamic Clock Gate Enable : Sets the default value for the ME SMBus Dynamic Clock Gate Enable for both the ME SmBus controllers. + unsigned char sstDynamic : 1; // SST Dynamic Clock Gate Enable : Sets the default value for the SST Clock Gate Enable registers. + unsigned char : 4; + unsigned char northMlink2 : 1; // North MLink 2 Non-Posted Enable : 'true':North MLink supports two downstream non-posted requests. 'false':North MLink supports one downstream non-posted requests. + unsigned char : 7; + unsigned short : 16; +}; + + +struct ICHSTRAPSRECORD { + struct ICHSTRAP0 ichStrap0; + struct ICHSTRAP1 ichStrap1; + unsigned char padding[248]; +}; + +struct MCHSTRAP0 { + unsigned char meDisable : 1; // If true, ME is disabled. + unsigned char meBootFromFlash : 1; // ME boot from Flash - guessed location + unsigned char tpmDisable : 1; // iTPM Disable : When set true, iTPM Host Interface is disabled. When set false (default), iTPM is enabled. + unsigned char : 3; + unsigned char spiFingerprint : 1; // SPI Fingerprint Sensor Present: Indicates if an SPI Fingerprint sensor is present at CS#1. + unsigned char meAlternateDisable : 1; // ME Alternate Disable: Setting this bit allows ME to perform critical chipset functions but prevents loading of any ME FW applications. + unsigned char : 8; + unsigned short : 16; +}; + +struct MCHSTRAPSRECORD { + struct MCHSTRAP0 mchStrap0; + unsigned char padding[3292]; +}; + +struct MEVSCCTABLERECORD { + unsigned int jid0; + unsigned int vscc0; + unsigned int jid1; + unsigned int vscc1; + unsigned int jid2; + unsigned int vscc2; + unsigned char padding[4]; +}; + +struct DESCRIPTORMAP2RECORD { + unsigned char meVsccTableBaseAddress : 8; + unsigned char meVsccTableLength : 8; + unsigned short : 16; +}; + +struct OEMSECTIONRECORD { + unsigned char magicString[8]; + unsigned char padding[248]; +}; + +struct GBEREGIONRECORD { + unsigned char gbeRegion[8192]; //todo: implement and document this +}; + +struct DESCRIPTORREGIONRECORD { + struct FLVALSIG flValSig; + struct FLMAPS flMaps; + struct COMPONENTSECTIONRECORD componentSection; + struct REGIONSECTIONRECORD regionSection; + struct MASTERACCESSSECTIONRECORD masterAccessSection; + struct ICHSTRAPSRECORD ichStraps; + struct MCHSTRAPSRECORD mchStraps; + struct MEVSCCTABLERECORD meVsccTable; + struct DESCRIPTORMAP2RECORD descriptor2Map; + struct OEMSECTIONRECORD oemSection; +}; |