diff options
Diffstat (limited to 'resources')
-rw-r--r-- | resources/utilities/ich9deblob/descriptor/struct.h | 88 | ||||
-rw-r--r-- | resources/utilities/ich9deblob/ich9deblob.c | 83 |
2 files changed, 88 insertions, 83 deletions
diff --git a/resources/utilities/ich9deblob/descriptor/struct.h b/resources/utilities/ich9deblob/descriptor/struct.h index 3f2656e..710c09b 100644 --- a/resources/utilities/ich9deblob/descriptor/struct.h +++ b/resources/utilities/ich9deblob/descriptor/struct.h @@ -29,6 +29,9 @@ #ifndef DESCRIPTORSTRUCT_H #define DESCRIPTORSTRUCT_H +#include <stdio.h> +#include <string.h> + #define DESCRIPTORREGIONSIZE 0x1000 // 4 KiB // Related to the flash descriptor @@ -60,6 +63,10 @@ struct FLMAP0 { // little endian assumed }; +// --------------------------------------------------------------------- +// Descriptor struct representing the data +// --------------------------------------------------------------------- + struct FLMAP1 { unsigned char FMBA : 8; unsigned char NM : 3; @@ -225,4 +232,85 @@ struct DESCRIPTORREGIONRECORD { struct OEMSECTIONRECORD oemSection; }; +// --------------------------------------------------------------------- +// Descriptor functions +// --------------------------------------------------------------------- + +// Modify the flash descriptor, to remove the ME/AMT, and disable all other regions +// Only Flash Descriptor, Gbe and BIOS regions (BIOS region fills factoryRomSize-12k) are left. +// Tested on ThinkPad X200 and X200S. X200T and other GM45 targets may also work. +struct DESCRIPTORREGIONRECORD deblobbedDescriptorStructFromFactory(struct DESCRIPTORREGIONRECORD factoryDescriptorStruct, unsigned int factoryRomSize) +{ + struct DESCRIPTORREGIONRECORD deblobbedDescriptorStruct; + memcpy(&deblobbedDescriptorStruct, &factoryDescriptorStruct, DESCRIPTORREGIONSIZE); + + // Now we need to modify the descriptor so that the ME can be excluded + // from the final ROM image (libreboot one) after adding the modified + // descriptor+gbe. Refer to libreboot docs for details: docs/hcl/x200_remove_me.html + + // set number of regions from 4 -> 2 (0 based, so 4 means 5 and 2 + // means 3. We want 3 regions: descriptor, gbe and bios, in that order) + deblobbedDescriptorStruct.flMaps.flMap0.NR = 2; + + // make descriptor writable from OS. This is that the user can run: + // sudo ./flashrom -p internal:laptop=force_I_want_a_brick + // from the OS, without relying an an external SPI flasher, while + // being able to write to the descriptor region (locked by default, + // until making the change below): + deblobbedDescriptorStruct.masterAccessSection.flMstr1.fdRegionWriteAccess = 1; + + // relocate BIOS region and increase size to fill image + deblobbedDescriptorStruct.regionSection.flReg1.BASE = 3; // 3<<FLREGIONBITSHIFT is 12KiB, which is where BIOS region is to begin (after descriptor and gbe) + deblobbedDescriptorStruct.regionSection.flReg1.LIMIT = ((factoryRomSize >> FLREGIONBITSHIFT) - 1); + // ^ for example, 8MB ROM, that's 8388608 bytes. + // ^ 8388608>>FLREGIONBITSHIFT (or 8388608/4096) = 2048 bytes + // 2048 - 1 = 2047 bytes. + // This defines where the final 0x1000 (4KiB) page starts in the flash chip, because the hardware does: + // 2047<<FLREGIONBITSHIFT (or 2047*4096) = 8384512 bytes, or 7FF000 bytes + // (it can't be 0x7FFFFF because of limited number of bits) + + // set ME region size to 0 - the ME is a blob, we don't want it in libreboot + deblobbedDescriptorStruct.regionSection.flReg2.BASE = 0x1FFF; // setting 1FFF means setting size to 0. 1FFF<<FLREGIONBITSHIFT is outside of the ROM image (8MB) size? + // ^ datasheet says to set this to 1FFF, but FFF was previously used and also worked. + deblobbedDescriptorStruct.regionSection.flReg2.LIMIT = 0; + // ^ 0<<FLREGIONBITSHIFT=0, so basically, the size is 0, and the base (1FFF>>FLREGIONBITSHIFT) is well outside the higher 8MB range. + + // relocate Gbe region to begin at 4KiB (immediately after the flash descriptor) + deblobbedDescriptorStruct.regionSection.flReg3.BASE = 1; // 1<<FLREGIONBITSHIFT is 4096, which is where the Gbe region is to begin (after the descriptor) + deblobbedDescriptorStruct.regionSection.flReg3.LIMIT = 2; + // ^ 2<<FLREGIONBITSHIFT=8192 bytes. So we are set it to size 8KiB after the first 4KiB in the flash chip. + + // set Platform region size to 0 - another blob that we don't want + deblobbedDescriptorStruct.regionSection.flReg4.BASE = 0x1FFF; // setting 1FFF means setting size to 0. 1FFF<<FLREGIONBITSHIFT is outside of the ROM image (8MB) size? + // ^ datasheet says to set this to 1FFF, but FFF was previously used and also worked. + deblobbedDescriptorStruct.regionSection.flReg4.LIMIT = 0; + // ^ 0<<FLREGIONBITSHIFT=0, so basically, the size is 0, and the base (1FFF>>FLREGIONBITSHIFT) is well outside the higher 8MB range. + + // disable ME in ICHSTRAP0 - the ME is a blob, we don't want it in libreboot + deblobbedDescriptorStruct.ichStraps.ichStrap0.meDisable = 1; + + // disable ME and TPM in MCHSTRAP0 + deblobbedDescriptorStruct.mchStraps.mchStrap0.meDisable = 1; // ME is a blob. not wanted in libreboot. + deblobbedDescriptorStruct.mchStraps.mchStrap0.tpmDisable = 1; // not wanted in libreboot + + // disable ME, apart from chipset bugfixes (ME region should first be re-enabled above) + // This is sort of like the CPU microcode updates, but for the chipset + // (commented out below here, since blobs go against libreboot's purpose, + // but may be interesting for others) + // deblobbedDescriptorStruct.mchStraps.mchStrap0.meAlternateDisable = 1; + + // debugging + printf("\nOriginal (factory.rom) Descriptor start block: %08x ; Descriptor end block: %08x\n", factoryDescriptorStruct.regionSection.flReg0.BASE << FLREGIONBITSHIFT, factoryDescriptorStruct.regionSection.flReg0.LIMIT << FLREGIONBITSHIFT); + printf("Original (factory.rom) BIOS start block: %08x ; BIOS end block: %08x\n", factoryDescriptorStruct.regionSection.flReg1.BASE << FLREGIONBITSHIFT, factoryDescriptorStruct.regionSection.flReg1.LIMIT << FLREGIONBITSHIFT); + printf("Original (factory.rom) ME start block: %08x ; ME end block: %08x\n", factoryDescriptorStruct.regionSection.flReg2.BASE << FLREGIONBITSHIFT, factoryDescriptorStruct.regionSection.flReg2.LIMIT << FLREGIONBITSHIFT); + printf("Original (factory.rom) GBe start block: %08x ; GBe end block: %08x\n", factoryDescriptorStruct.regionSection.flReg3.BASE << FLREGIONBITSHIFT, factoryDescriptorStruct.regionSection.flReg3.LIMIT << FLREGIONBITSHIFT); + + printf("\nRelocated (libreboot.rom) Descriptor start block: %08x ; Descriptor end block: %08x\n", deblobbedDescriptorStruct.regionSection.flReg0.BASE << FLREGIONBITSHIFT, deblobbedDescriptorStruct.regionSection.flReg0.LIMIT << FLREGIONBITSHIFT); + printf("Relocated (libreboot.rom) BIOS start block: %08x ; BIOS end block: %08x\n", deblobbedDescriptorStruct.regionSection.flReg1.BASE << FLREGIONBITSHIFT, deblobbedDescriptorStruct.regionSection.flReg1.LIMIT << FLREGIONBITSHIFT); + printf("Relocated (libreboot.rom) ME start block: %08x ; ME end block: %08x\n", deblobbedDescriptorStruct.regionSection.flReg2.BASE << FLREGIONBITSHIFT, deblobbedDescriptorStruct.regionSection.flReg2.LIMIT << FLREGIONBITSHIFT); + printf("Relocated (libreboot.rom) GBe start block: %08x ; GBe end block: %08x\n", deblobbedDescriptorStruct.regionSection.flReg3.BASE << FLREGIONBITSHIFT, deblobbedDescriptorStruct.regionSection.flReg3.LIMIT << FLREGIONBITSHIFT); + + return deblobbedDescriptorStruct; +} + #endif diff --git a/resources/utilities/ich9deblob/ich9deblob.c b/resources/utilities/ich9deblob/ich9deblob.c index 17d0a3e..4073453 100644 --- a/resources/utilities/ich9deblob/ich9deblob.c +++ b/resources/utilities/ich9deblob/ich9deblob.c @@ -46,8 +46,6 @@ #include "gbe/gbe.h" // structs describing what's in the gbe region, plus functions that use them #include "x86compatibility.c" // compatibility checks. this utility is not portable yet. -struct DESCRIPTORREGIONRECORD deblobbedDescriptorStructFromFactory(struct DESCRIPTORREGIONRECORD factoryDescriptorStruct, unsigned int factoryRomSize); - int main(int argc, char *argv[]) { // descriptor region. Will have an actual descriptor struct mapped to it (from the factory.rom dump) @@ -207,84 +205,3 @@ int main(int argc, char *argv[]) return 0; } - -// --------------------------------------------------------------------- -// Descriptor functions -// --------------------------------------------------------------------- - -// Modify the flash descriptor, to remove the ME/AMT, and disable all other regions -// Only Flash Descriptor, Gbe and BIOS regions (BIOS region fills factoryRomSize-12k) are left. -// Tested on ThinkPad X200 and X200S. X200T and other GM45 targets may also work. -struct DESCRIPTORREGIONRECORD deblobbedDescriptorStructFromFactory(struct DESCRIPTORREGIONRECORD factoryDescriptorStruct, unsigned int factoryRomSize) -{ - struct DESCRIPTORREGIONRECORD deblobbedDescriptorStruct; - memcpy(&deblobbedDescriptorStruct, &factoryDescriptorStruct, DESCRIPTORREGIONSIZE); - - // Now we need to modify the descriptor so that the ME can be excluded - // from the final ROM image (libreboot one) after adding the modified - // descriptor+gbe. Refer to libreboot docs for details: docs/hcl/x200_remove_me.html - - // set number of regions from 4 -> 2 (0 based, so 4 means 5 and 2 - // means 3. We want 3 regions: descriptor, gbe and bios, in that order) - deblobbedDescriptorStruct.flMaps.flMap0.NR = 2; - - // make descriptor writable from OS. This is that the user can run: - // sudo ./flashrom -p internal:laptop=force_I_want_a_brick - // from the OS, without relying an an external SPI flasher, while - // being able to write to the descriptor region (locked by default, - // until making the change below): - deblobbedDescriptorStruct.masterAccessSection.flMstr1.fdRegionWriteAccess = 1; - - // relocate BIOS region and increase size to fill image - deblobbedDescriptorStruct.regionSection.flReg1.BASE = 3; // 3<<FLREGIONBITSHIFT is 12KiB, which is where BIOS region is to begin (after descriptor and gbe) - deblobbedDescriptorStruct.regionSection.flReg1.LIMIT = ((factoryRomSize >> FLREGIONBITSHIFT) - 1); - // ^ for example, 8MB ROM, that's 8388608 bytes. - // ^ 8388608>>FLREGIONBITSHIFT (or 8388608/4096) = 2048 bytes - // 2048 - 1 = 2047 bytes. - // This defines where the final 0x1000 (4KiB) page starts in the flash chip, because the hardware does: - // 2047<<FLREGIONBITSHIFT (or 2047*4096) = 8384512 bytes, or 7FF000 bytes - // (it can't be 0x7FFFFF because of limited number of bits) - - // set ME region size to 0 - the ME is a blob, we don't want it in libreboot - deblobbedDescriptorStruct.regionSection.flReg2.BASE = 0x1FFF; // setting 1FFF means setting size to 0. 1FFF<<FLREGIONBITSHIFT is outside of the ROM image (8MB) size? - // ^ datasheet says to set this to 1FFF, but FFF was previously used and also worked. - deblobbedDescriptorStruct.regionSection.flReg2.LIMIT = 0; - // ^ 0<<FLREGIONBITSHIFT=0, so basically, the size is 0, and the base (1FFF>>FLREGIONBITSHIFT) is well outside the higher 8MB range. - - // relocate Gbe region to begin at 4KiB (immediately after the flash descriptor) - deblobbedDescriptorStruct.regionSection.flReg3.BASE = 1; // 1<<FLREGIONBITSHIFT is 4096, which is where the Gbe region is to begin (after the descriptor) - deblobbedDescriptorStruct.regionSection.flReg3.LIMIT = 2; - // ^ 2<<FLREGIONBITSHIFT=8192 bytes. So we are set it to size 8KiB after the first 4KiB in the flash chip. - - // set Platform region size to 0 - another blob that we don't want - deblobbedDescriptorStruct.regionSection.flReg4.BASE = 0x1FFF; // setting 1FFF means setting size to 0. 1FFF<<FLREGIONBITSHIFT is outside of the ROM image (8MB) size? - // ^ datasheet says to set this to 1FFF, but FFF was previously used and also worked. - deblobbedDescriptorStruct.regionSection.flReg4.LIMIT = 0; - // ^ 0<<FLREGIONBITSHIFT=0, so basically, the size is 0, and the base (1FFF>>FLREGIONBITSHIFT) is well outside the higher 8MB range. - - // disable ME in ICHSTRAP0 - the ME is a blob, we don't want it in libreboot - deblobbedDescriptorStruct.ichStraps.ichStrap0.meDisable = 1; - - // disable ME and TPM in MCHSTRAP0 - deblobbedDescriptorStruct.mchStraps.mchStrap0.meDisable = 1; // ME is a blob. not wanted in libreboot. - deblobbedDescriptorStruct.mchStraps.mchStrap0.tpmDisable = 1; // not wanted in libreboot - - // disable ME, apart from chipset bugfixes (ME region should first be re-enabled above) - // This is sort of like the CPU microcode updates, but for the chipset - // (commented out below here, since blobs go against libreboot's purpose, - // but may be interesting for others) - // deblobbedDescriptorStruct.mchStraps.mchStrap0.meAlternateDisable = 1; - - // debugging - printf("\nOriginal (factory.rom) Descriptor start block: %08x ; Descriptor end block: %08x\n", factoryDescriptorStruct.regionSection.flReg0.BASE << FLREGIONBITSHIFT, factoryDescriptorStruct.regionSection.flReg0.LIMIT << FLREGIONBITSHIFT); - printf("Original (factory.rom) BIOS start block: %08x ; BIOS end block: %08x\n", factoryDescriptorStruct.regionSection.flReg1.BASE << FLREGIONBITSHIFT, factoryDescriptorStruct.regionSection.flReg1.LIMIT << FLREGIONBITSHIFT); - printf("Original (factory.rom) ME start block: %08x ; ME end block: %08x\n", factoryDescriptorStruct.regionSection.flReg2.BASE << FLREGIONBITSHIFT, factoryDescriptorStruct.regionSection.flReg2.LIMIT << FLREGIONBITSHIFT); - printf("Original (factory.rom) GBe start block: %08x ; GBe end block: %08x\n", factoryDescriptorStruct.regionSection.flReg3.BASE << FLREGIONBITSHIFT, factoryDescriptorStruct.regionSection.flReg3.LIMIT << FLREGIONBITSHIFT); - - printf("\nRelocated (libreboot.rom) Descriptor start block: %08x ; Descriptor end block: %08x\n", deblobbedDescriptorStruct.regionSection.flReg0.BASE << FLREGIONBITSHIFT, deblobbedDescriptorStruct.regionSection.flReg0.LIMIT << FLREGIONBITSHIFT); - printf("Relocated (libreboot.rom) BIOS start block: %08x ; BIOS end block: %08x\n", deblobbedDescriptorStruct.regionSection.flReg1.BASE << FLREGIONBITSHIFT, deblobbedDescriptorStruct.regionSection.flReg1.LIMIT << FLREGIONBITSHIFT); - printf("Relocated (libreboot.rom) ME start block: %08x ; ME end block: %08x\n", deblobbedDescriptorStruct.regionSection.flReg2.BASE << FLREGIONBITSHIFT, deblobbedDescriptorStruct.regionSection.flReg2.LIMIT << FLREGIONBITSHIFT); - printf("Relocated (libreboot.rom) GBe start block: %08x ; GBe end block: %08x\n", deblobbedDescriptorStruct.regionSection.flReg3.BASE << FLREGIONBITSHIFT, deblobbedDescriptorStruct.regionSection.flReg3.LIMIT << FLREGIONBITSHIFT); - - return deblobbedDescriptorStruct; -} |