1 /******************************************************************************
2  * Intel Management Engine Interface (Intel MEI) Linux driver
3  * Intel MEI Interface Header
4  *
5  * This file is provided under a dual BSD/GPLv2 license.  When using or
6  * redistributing this file, you may do so under either license.
7  *
8  * GPL LICENSE SUMMARY
9  *
10  * Copyright(c) 2012 Intel Corporation. All rights reserved.
11  *
12  * This program is free software; you can redistribute it and/or modify
13  * it under the terms of version 2 of the GNU General Public License as
14  * published by the Free Software Foundation.
15  *
16  * This program is distributed in the hope that it will be useful, but
17  * WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
19  * General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software
23  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
24  * USA
25  *
26  * The full GNU General Public License is included in this distribution
27  * in the file called LICENSE.GPL.
28  *
29  * Contact Information:
30  *	Intel Corporation.
31  *	linux-mei@linux.intel.com
32  *	http://www.intel.com
33  *
34  * BSD LICENSE
35  *
36  * Copyright(c) 2003 - 2012 Intel Corporation. All rights reserved.
37  * All rights reserved.
38  *
39  * Redistribution and use in source and binary forms, with or without
40  * modification, are permitted provided that the following conditions
41  * are met:
42  *
43  *  * Redistributions of source code must retain the above copyright
44  *    notice, this list of conditions and the following disclaimer.
45  *  * Redistributions in binary form must reproduce the above copyright
46  *    notice, this list of conditions and the following disclaimer in
47  *    the documentation and/or other materials provided with the
48  *    distribution.
49  *  * Neither the name Intel Corporation nor the names of its
50  *    contributors may be used to endorse or promote products derived
51  *    from this software without specific prior written permission.
52  *
53  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
54  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
55  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
56  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
57  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
58  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
59  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
60  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
61  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
62  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
63  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
64  *
65  *****************************************************************************/
66 
67 #include <stdio.h>
68 #include <stdlib.h>
69 #include <string.h>
70 #include <fcntl.h>
71 #include <sys/ioctl.h>
72 #include <unistd.h>
73 #include <errno.h>
74 #include <stdint.h>
75 #include <stdbool.h>
76 #include <bits/wordsize.h>
77 #include <linux/mei.h>
78 
79 /*****************************************************************************
80  * Intel Management Engine Interface
81  *****************************************************************************/
82 
83 #define mei_msg(_me, fmt, ARGS...) do {         \
84 	if (_me->verbose)                       \
85 		fprintf(stderr, fmt, ##ARGS);	\
86 } while (0)
87 
88 #define mei_err(_me, fmt, ARGS...) do {         \
89 	fprintf(stderr, "Error: " fmt, ##ARGS); \
90 } while (0)
91 
92 struct mei {
93 	uuid_le guid;
94 	bool initialized;
95 	bool verbose;
96 	unsigned int buf_size;
97 	unsigned char prot_ver;
98 	int fd;
99 };
100 
mei_deinit(struct mei * cl)101 static void mei_deinit(struct mei *cl)
102 {
103 	if (cl->fd != -1)
104 		close(cl->fd);
105 	cl->fd = -1;
106 	cl->buf_size = 0;
107 	cl->prot_ver = 0;
108 	cl->initialized = false;
109 }
110 
mei_init(struct mei * me,const uuid_le * guid,unsigned char req_protocol_version,bool verbose)111 static bool mei_init(struct mei *me, const uuid_le *guid,
112 		unsigned char req_protocol_version, bool verbose)
113 {
114 	int result;
115 	struct mei_client *cl;
116 	struct mei_connect_client_data data;
117 
118 	me->verbose = verbose;
119 
120 	me->fd = open("/dev/mei0", O_RDWR);
121 	if (me->fd == -1) {
122 		mei_err(me, "Cannot establish a handle to the Intel MEI driver\n");
123 		goto err;
124 	}
125 	memcpy(&me->guid, guid, sizeof(*guid));
126 	memset(&data, 0, sizeof(data));
127 	me->initialized = true;
128 
129 	memcpy(&data.in_client_uuid, &me->guid, sizeof(me->guid));
130 	result = ioctl(me->fd, IOCTL_MEI_CONNECT_CLIENT, &data);
131 	if (result) {
132 		mei_err(me, "IOCTL_MEI_CONNECT_CLIENT receive message. err=%d\n", result);
133 		goto err;
134 	}
135 	cl = &data.out_client_properties;
136 	mei_msg(me, "max_message_length %d\n", cl->max_msg_length);
137 	mei_msg(me, "protocol_version %d\n", cl->protocol_version);
138 
139 	if ((req_protocol_version > 0) &&
140 	     (cl->protocol_version != req_protocol_version)) {
141 		mei_err(me, "Intel MEI protocol version not supported\n");
142 		goto err;
143 	}
144 
145 	me->buf_size = cl->max_msg_length;
146 	me->prot_ver = cl->protocol_version;
147 
148 	return true;
149 err:
150 	mei_deinit(me);
151 	return false;
152 }
153 
mei_recv_msg(struct mei * me,unsigned char * buffer,ssize_t len,unsigned long timeout)154 static ssize_t mei_recv_msg(struct mei *me, unsigned char *buffer,
155 			ssize_t len, unsigned long timeout)
156 {
157 	struct timeval tv;
158 	fd_set set;
159 	ssize_t rc;
160 
161 	tv.tv_sec = timeout / 1000;
162 	tv.tv_usec = (timeout % 1000) * 1000000;
163 
164 	mei_msg(me, "call read length = %zd\n", len);
165 
166 	FD_ZERO(&set);
167 	FD_SET(me->fd, &set);
168 	rc = select(me->fd + 1, &set, NULL, NULL, &tv);
169 	if (rc > 0 && FD_ISSET(me->fd, &set)) {
170 		mei_msg(me, "have reply\n");
171 	} else if (rc == 0) {
172 		rc = -1;
173 		mei_err(me, "read failed on timeout\n");
174 		goto out;
175 	} else { /* rc < 0 */
176 		rc = errno;
177 		mei_err(me, "read failed on select with status %zd %s\n",
178 			rc, strerror(errno));
179 		goto out;
180 	}
181 
182 	rc = read(me->fd, buffer, len);
183 	if (rc < 0) {
184 		mei_err(me, "read failed with status %zd %s\n",
185 				rc, strerror(errno));
186 		goto out;
187 	}
188 
189 	mei_msg(me, "read succeeded with result %zd\n", rc);
190 
191 out:
192 	if (rc < 0)
193 		mei_deinit(me);
194 
195 	return rc;
196 }
197 
mei_send_msg(struct mei * me,const unsigned char * buffer,ssize_t len,unsigned long timeout)198 static ssize_t mei_send_msg(struct mei *me, const unsigned char *buffer,
199 			ssize_t len, unsigned long timeout)
200 {
201 	ssize_t written;
202 	ssize_t rc;
203 
204 	mei_msg(me, "call write length = %zd\n", len);
205 
206 	written = write(me->fd, buffer, len);
207 	if (written < 0) {
208 		rc = -errno;
209 		mei_err(me, "write failed with status %zd %s\n",
210 			written, strerror(errno));
211 		goto out;
212 	}
213 	mei_msg(me, "write success\n");
214 
215 	rc = written;
216 out:
217 	if (rc < 0)
218 		mei_deinit(me);
219 
220 	return rc;
221 }
222 
223 /***************************************************************************
224  * Intel Advanced Management Technology ME Client
225  ***************************************************************************/
226 
227 #define AMT_MAJOR_VERSION 1
228 #define AMT_MINOR_VERSION 1
229 
230 #define AMT_STATUS_SUCCESS                0x0
231 #define AMT_STATUS_INTERNAL_ERROR         0x1
232 #define AMT_STATUS_NOT_READY              0x2
233 #define AMT_STATUS_INVALID_AMT_MODE       0x3
234 #define AMT_STATUS_INVALID_MESSAGE_LENGTH 0x4
235 
236 #define AMT_STATUS_HOST_IF_EMPTY_RESPONSE  0x4000
237 #define AMT_STATUS_SDK_RESOURCES      0x1004
238 
239 
240 #define AMT_BIOS_VERSION_LEN   65
241 #define AMT_VERSIONS_NUMBER    50
242 #define AMT_UNICODE_STRING_LEN 20
243 
244 struct amt_unicode_string {
245 	uint16_t length;
246 	char string[AMT_UNICODE_STRING_LEN];
247 } __attribute__((packed));
248 
249 struct amt_version_type {
250 	struct amt_unicode_string description;
251 	struct amt_unicode_string version;
252 } __attribute__((packed));
253 
254 struct amt_version {
255 	uint8_t major;
256 	uint8_t minor;
257 } __attribute__((packed));
258 
259 struct amt_code_versions {
260 	uint8_t bios[AMT_BIOS_VERSION_LEN];
261 	uint32_t count;
262 	struct amt_version_type versions[AMT_VERSIONS_NUMBER];
263 } __attribute__((packed));
264 
265 /***************************************************************************
266  * Intel Advanced Management Technology Host Interface
267  ***************************************************************************/
268 
269 struct amt_host_if_msg_header {
270 	struct amt_version version;
271 	uint16_t _reserved;
272 	uint32_t command;
273 	uint32_t length;
274 } __attribute__((packed));
275 
276 struct amt_host_if_resp_header {
277 	struct amt_host_if_msg_header header;
278 	uint32_t status;
279 	unsigned char data[];
280 } __attribute__((packed));
281 
282 const uuid_le MEI_IAMTHIF = UUID_LE(0x12f80028, 0xb4b7, 0x4b2d,  \
283 				0xac, 0xa8, 0x46, 0xe0, 0xff, 0x65, 0x81, 0x4c);
284 
285 #define AMT_HOST_IF_CODE_VERSIONS_REQUEST  0x0400001A
286 #define AMT_HOST_IF_CODE_VERSIONS_RESPONSE 0x0480001A
287 
288 const struct amt_host_if_msg_header CODE_VERSION_REQ = {
289 	.version = {AMT_MAJOR_VERSION, AMT_MINOR_VERSION},
290 	._reserved = 0,
291 	.command = AMT_HOST_IF_CODE_VERSIONS_REQUEST,
292 	.length = 0
293 };
294 
295 
296 struct amt_host_if {
297 	struct mei mei_cl;
298 	unsigned long send_timeout;
299 	bool initialized;
300 };
301 
302 
amt_host_if_init(struct amt_host_if * acmd,unsigned long send_timeout,bool verbose)303 static bool amt_host_if_init(struct amt_host_if *acmd,
304 		      unsigned long send_timeout, bool verbose)
305 {
306 	acmd->send_timeout = (send_timeout) ? send_timeout : 20000;
307 	acmd->initialized = mei_init(&acmd->mei_cl, &MEI_IAMTHIF, 0, verbose);
308 	return acmd->initialized;
309 }
310 
amt_host_if_deinit(struct amt_host_if * acmd)311 static void amt_host_if_deinit(struct amt_host_if *acmd)
312 {
313 	mei_deinit(&acmd->mei_cl);
314 	acmd->initialized = false;
315 }
316 
amt_verify_code_versions(const struct amt_host_if_resp_header * resp)317 static uint32_t amt_verify_code_versions(const struct amt_host_if_resp_header *resp)
318 {
319 	uint32_t status = AMT_STATUS_SUCCESS;
320 	struct amt_code_versions *code_ver;
321 	size_t code_ver_len;
322 	uint32_t ver_type_cnt;
323 	uint32_t len;
324 	uint32_t i;
325 
326 	code_ver = (struct amt_code_versions *)resp->data;
327 	/* length - sizeof(status) */
328 	code_ver_len = resp->header.length - sizeof(uint32_t);
329 	ver_type_cnt = code_ver_len -
330 			sizeof(code_ver->bios) -
331 			sizeof(code_ver->count);
332 	if (code_ver->count != ver_type_cnt / sizeof(struct amt_version_type)) {
333 		status = AMT_STATUS_INTERNAL_ERROR;
334 		goto out;
335 	}
336 
337 	for (i = 0; i < code_ver->count; i++) {
338 		len = code_ver->versions[i].description.length;
339 
340 		if (len > AMT_UNICODE_STRING_LEN) {
341 			status = AMT_STATUS_INTERNAL_ERROR;
342 			goto out;
343 		}
344 
345 		len = code_ver->versions[i].version.length;
346 		if (code_ver->versions[i].version.string[len] != '\0' ||
347 		    len != strlen(code_ver->versions[i].version.string)) {
348 			status = AMT_STATUS_INTERNAL_ERROR;
349 			goto out;
350 		}
351 	}
352 out:
353 	return status;
354 }
355 
amt_verify_response_header(uint32_t command,const struct amt_host_if_msg_header * resp_hdr,uint32_t response_size)356 static uint32_t amt_verify_response_header(uint32_t command,
357 				const struct amt_host_if_msg_header *resp_hdr,
358 				uint32_t response_size)
359 {
360 	if (response_size < sizeof(struct amt_host_if_resp_header)) {
361 		return AMT_STATUS_INTERNAL_ERROR;
362 	} else if (response_size != (resp_hdr->length +
363 				sizeof(struct amt_host_if_msg_header))) {
364 		return AMT_STATUS_INTERNAL_ERROR;
365 	} else if (resp_hdr->command != command) {
366 		return AMT_STATUS_INTERNAL_ERROR;
367 	} else if (resp_hdr->_reserved != 0) {
368 		return AMT_STATUS_INTERNAL_ERROR;
369 	} else if (resp_hdr->version.major != AMT_MAJOR_VERSION ||
370 		   resp_hdr->version.minor < AMT_MINOR_VERSION) {
371 		return AMT_STATUS_INTERNAL_ERROR;
372 	}
373 	return AMT_STATUS_SUCCESS;
374 }
375 
amt_host_if_call(struct amt_host_if * acmd,const unsigned char * command,ssize_t command_sz,uint8_t ** read_buf,uint32_t rcmd,unsigned int expected_sz)376 static uint32_t amt_host_if_call(struct amt_host_if *acmd,
377 			const unsigned char *command, ssize_t command_sz,
378 			uint8_t **read_buf, uint32_t rcmd,
379 			unsigned int expected_sz)
380 {
381 	uint32_t in_buf_sz;
382 	ssize_t out_buf_sz;
383 	ssize_t written;
384 	uint32_t status;
385 	struct amt_host_if_resp_header *msg_hdr;
386 
387 	in_buf_sz = acmd->mei_cl.buf_size;
388 	*read_buf = (uint8_t *)malloc(sizeof(uint8_t) * in_buf_sz);
389 	if (*read_buf == NULL)
390 		return AMT_STATUS_SDK_RESOURCES;
391 	memset(*read_buf, 0, in_buf_sz);
392 	msg_hdr = (struct amt_host_if_resp_header *)*read_buf;
393 
394 	written = mei_send_msg(&acmd->mei_cl,
395 				command, command_sz, acmd->send_timeout);
396 	if (written != command_sz)
397 		return AMT_STATUS_INTERNAL_ERROR;
398 
399 	out_buf_sz = mei_recv_msg(&acmd->mei_cl, *read_buf, in_buf_sz, 2000);
400 	if (out_buf_sz <= 0)
401 		return AMT_STATUS_HOST_IF_EMPTY_RESPONSE;
402 
403 	status = msg_hdr->status;
404 	if (status != AMT_STATUS_SUCCESS)
405 		return status;
406 
407 	status = amt_verify_response_header(rcmd,
408 				&msg_hdr->header, out_buf_sz);
409 	if (status != AMT_STATUS_SUCCESS)
410 		return status;
411 
412 	if (expected_sz && expected_sz != out_buf_sz)
413 		return AMT_STATUS_INTERNAL_ERROR;
414 
415 	return AMT_STATUS_SUCCESS;
416 }
417 
418 
amt_get_code_versions(struct amt_host_if * cmd,struct amt_code_versions * versions)419 static uint32_t amt_get_code_versions(struct amt_host_if *cmd,
420 			       struct amt_code_versions *versions)
421 {
422 	struct amt_host_if_resp_header *response = NULL;
423 	uint32_t status;
424 
425 	status = amt_host_if_call(cmd,
426 			(const unsigned char *)&CODE_VERSION_REQ,
427 			sizeof(CODE_VERSION_REQ),
428 			(uint8_t **)&response,
429 			AMT_HOST_IF_CODE_VERSIONS_RESPONSE, 0);
430 
431 	if (status != AMT_STATUS_SUCCESS)
432 		goto out;
433 
434 	status = amt_verify_code_versions(response);
435 	if (status != AMT_STATUS_SUCCESS)
436 		goto out;
437 
438 	memcpy(versions, response->data, sizeof(struct amt_code_versions));
439 out:
440 	if (response != NULL)
441 		free(response);
442 
443 	return status;
444 }
445 
446 /************************** end of amt_host_if_command ***********************/
main(int argc,char ** argv)447 int main(int argc, char **argv)
448 {
449 	struct amt_code_versions ver;
450 	struct amt_host_if acmd;
451 	unsigned int i;
452 	uint32_t status;
453 	int ret;
454 	bool verbose;
455 
456 	verbose = (argc > 1 && strcmp(argv[1], "-v") == 0);
457 
458 	if (!amt_host_if_init(&acmd, 5000, verbose)) {
459 		ret = 1;
460 		goto out;
461 	}
462 
463 	status = amt_get_code_versions(&acmd, &ver);
464 
465 	amt_host_if_deinit(&acmd);
466 
467 	switch (status) {
468 	case AMT_STATUS_HOST_IF_EMPTY_RESPONSE:
469 		printf("Intel AMT: DISABLED\n");
470 		ret = 0;
471 		break;
472 	case AMT_STATUS_SUCCESS:
473 		printf("Intel AMT: ENABLED\n");
474 		for (i = 0; i < ver.count; i++) {
475 			printf("%s:\t%s\n", ver.versions[i].description.string,
476 				ver.versions[i].version.string);
477 		}
478 		ret = 0;
479 		break;
480 	default:
481 		printf("An error has occurred\n");
482 		ret = 1;
483 		break;
484 	}
485 
486 out:
487 	return ret;
488 }
489