1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
/*
* gbe/gbe.h
* This file is part of the ich9deblob utility from the libreboot project
*
* Copyright (C) 2014 Steve Shenton <sgsit@libreboot.org>
* Francis Rowe <info@gluglug.org.uk>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* Purpose: provide struct representing gbe region.
* Map actual buffers of this regions, directly to instances of these
* structs. This makes working with gbe really easy.
*/
/*
* bit fields used, corresponding to datasheet. See links to datasheets
* and documentation in ich9deblob.c
*/
#ifndef GBESTRUCT_H
#define GBESTRUCT_H
#include <stdio.h>
#include <string.h>
/* Size of gbe region in bytes */
#define GBEREGIONSIZE_8K 0x2000
/*
* These will have a modified descriptor+gbe based on what's in the factory.rom
* These will be joined into a single 12KiB buffer (descriptor, then gbe) and saved to a file
* NOTE: The GBE region of 8K is actually 2x 4K regions in a single region; both 4K blocks can be identical (and by default, are)
* The 2nd one is a "backup", but we don't know when it's used. perhaps it's used when the checksum on the first one does not match?
*/
/*
* ---------------------------------------------------------------------
* Gbe struct representing the data:
* ---------------------------------------------------------------------
*/
struct GBEREGIONRECORD_4K {
unsigned char macAddress[6]; /* 0x03 words, or 0x06 bytes */
unsigned char otherStuff[120]; /* 0x3c words, or 0x7E bytes */
unsigned short checkSum; /* when added to the sum of all words above, this should be 0xBABA */
unsigned char padding1[3968];
};
/* main and backup region in gbe */
struct GBEREGIONRECORD_8K {
struct GBEREGIONRECORD_4K main;
struct GBEREGIONRECORD_4K backup;
/*
* Backup region:
* This is actually "main" on X200, since the real main has a bad checksum
* and other errors. You should do what you need on this one (if modifying
* lenovobios's gbe region) and then copy to main
*/
};
/*
* ---------------------------------------------------------------------
* Gbe functions:
* ---------------------------------------------------------------------
*/
/* Read a 16-bit unsigned int from a supplied region buffer */
unsigned short gbeGetRegionWordFrom8kBuffer(int index, char* regionData)
{
return *((unsigned short*)(regionData + (index * 2)));
}
/*
* checksum calculation for 8k gbe region (algorithm based on datasheet)
* also works for 4k buffers, so long as isBackup remains false
*/
unsigned short gbeGetChecksumFrom8kBuffer(char* regionData, unsigned short desiredValue, char isBackup)
{
int i;
unsigned short regionWord; /* store words here for adding to checksum */
unsigned short checksum = 0; /* this gbe's checksum */
unsigned short offset = 0; /* in bytes, from the start of the gbe region. */
/*
* if isBackup is true, use 2nd gbe region ("backup" region)
* this function uses *word* not *byte* indexes, hence the bit shift.
*/
if (isBackup) offset = 0x1000>>1;
for (i = 0; i < 0x3F; i++) {
regionWord = gbeGetRegionWordFrom8kBuffer(i+offset, regionData);
checksum += regionWord;
}
checksum = desiredValue - checksum;
return checksum;
}
/* checksum calculation for 4k gbe struct (algorithm based on datasheet) */
unsigned short gbeGetChecksumFrom4kStruct(struct GBEREGIONRECORD_4K gbeStruct4k, unsigned short desiredValue)
{
char gbeBuffer4k[GBEREGIONSIZE_8K>>1];
memcpy(&gbeBuffer4k, &gbeStruct4k, GBEREGIONSIZE_8K>>1);
return gbeGetChecksumFrom8kBuffer(gbeBuffer4k, desiredValue, 0);
}
/* modify the gbe region extracted from a factory.rom dump */
struct GBEREGIONRECORD_8K deblobbedGbeStructFromFactory(struct GBEREGIONRECORD_8K factoryGbeStruct8k)
{
/*
* Correct the main gbe region. By default, the X200 (as shipped from Lenovo) comes
* with a broken main gbe region, where the backup gbe region is used instead. Modify
* it so that the main region is usable.
*/
struct GBEREGIONRECORD_8K deblobbedGbeStruct8k;
memcpy(&deblobbedGbeStruct8k, &factoryGbeStruct8k, GBEREGIONSIZE_8K);
deblobbedGbeStruct8k.backup.checkSum = gbeGetChecksumFrom4kStruct(deblobbedGbeStruct8k.backup, 0xBABA);
memcpy(&deblobbedGbeStruct8k.main, &deblobbedGbeStruct8k.backup, GBEREGIONSIZE_8K>>1);
/*
* Debugging:
* calculate the 0x3F'th 16-bit uint to make the desired final checksum for GBe
* observed checksum matches (from X200 factory.rom dumps) on main: 0x3ABA 0x34BA 0x40BA. spec defined as 0xBABA.
* X200 ships with a broken main gbe region by default (invalid checksum, and more)
* The "backup" gbe regions on these machines are correct, though, and is what the machines default to
* For libreboot's purpose, we can do much better than that by fixing the main one... below is only debugging
*/
printf("\nfactory Gbe (main): calculated Gbe checksum: 0x%hx and actual GBe checksum: 0x%hx\n", gbeGetChecksumFrom4kStruct(factoryGbeStruct8k.main, 0xBABA), factoryGbeStruct8k.main.checkSum);
printf("factory Gbe (backup) calculated Gbe checksum: 0x%hx and actual GBe checksum: 0x%hx\n", gbeGetChecksumFrom4kStruct(factoryGbeStruct8k.backup, 0xBABA), factoryGbeStruct8k.backup.checkSum);
printf("\ndeblobbed Gbe (main): calculated Gbe checksum: 0x%hx and actual GBe checksum: 0x%hx\n", gbeGetChecksumFrom4kStruct(deblobbedGbeStruct8k.main, 0xBABA), deblobbedGbeStruct8k.main.checkSum);
printf("deblobbed Gbe (backup) calculated Gbe checksum: 0x%hx and actual GBe checksum: 0x%hx\n", gbeGetChecksumFrom4kStruct(deblobbedGbeStruct8k.backup, 0xBABA), deblobbedGbeStruct8k.backup.checkSum);
return deblobbedGbeStruct8k;
}
#endif
|