flashrom 

flashrom Svn Source Tree

Root/trunk/cbtable.c

1/*
2 * This file is part of the flashrom project.
3 *
4 * Copyright (C) 2002 Steven James <pyro@linuxlabs.com>
5 * Copyright (C) 2002 Linux Networx
6 * (Written by Eric Biederman <ebiederman@lnxi.com> for Linux Networx)
7 * Copyright (C) 2006-2009 coresystems GmbH
8 * (Written by Stefan Reinauer <stepan@coresystems.de> for coresystems GmbH)
9 * Copyright (C) 2010 Carl-Daniel Hailfinger
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; version 2 of the License.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23 */
24
25#include <unistd.h>
26#include <stdio.h>
27#include <ctype.h>
28#include <strings.h>
29#include <string.h>
30#include "flash.h"
31#include "programmer.h"
32#include "coreboot_tables.h"
33
34static char *cb_vendor = NULL, *cb_model = NULL;
35
36/* Tries to find coreboot IDs in the supplied image and compares them to the current IDs.
37 * Returns...
38 * -1if IDs in the image do not match the IDs embedded in the current firmware,
39 * 0if the IDs could not be found in the image or if they match correctly.
40 */
41int cb_check_image(uint8_t *image, int size)
42{
43unsigned int *walk;
44unsigned int mb_part_offset, mb_vendor_offset;
45char *mb_part, *mb_vendor;
46
47walk = (unsigned int *)(image + size - 0x10);
48walk--;
49
50if ((*walk) == 0 || ((*walk) & 0x3ff) != 0) {
51/* Some NVIDIA chipsets store chipset soft straps (IIRC Hypertransport init info etc.) in
52 * flash at exactly the location where coreboot image size, coreboot vendor name pointer and
53 * coreboot board name pointer are usually stored. In this case coreboot uses an alternate
54 * location for the coreboot image data. */
55walk = (unsigned int *)(image + size - 0x80);
56walk--;
57}
58
59/*
60 * Check if coreboot last image size is 0 or not a multiple of 1k or
61 * bigger than the chip or if the pointers to vendor ID or mainboard ID
62 * are outside the image of if the start of ID strings are nonsensical
63 * (nonprintable and not \0).
64 */
65mb_part_offset = *(walk - 1);
66mb_vendor_offset = *(walk - 2);
67if ((*walk) == 0 || ((*walk) & 0x3ff) != 0 || (*walk) > size ||
68 mb_part_offset > size || mb_vendor_offset > size) {
69msg_pdbg("Flash image seems to be a legacy BIOS. Disabling coreboot-related checks.\n");
70return 0;
71}
72
73mb_part = (char *)(image + size - mb_part_offset);
74mb_vendor = (char *)(image + size - mb_vendor_offset);
75if (!isprint((unsigned char)*mb_part) ||
76 !isprint((unsigned char)*mb_vendor)) {
77msg_pdbg("Flash image seems to have garbage in the ID location. "
78 "Disabling coreboot-related checks.\n");
79return 0;
80}
81
82msg_pdbg("coreboot last image size (not ROM size) is %d bytes.\n", *walk);
83
84msg_pdbg("Manufacturer: %s\n", mb_vendor);
85msg_pdbg("Mainboard ID: %s\n", mb_part);
86
87/* If these are not set, the coreboot table was not found. */
88if (!cb_vendor || !cb_model)
89return 0;
90
91/* These comparisons are case insensitive to make things a little less user^Werror prone. */
92if (!strcasecmp(mb_vendor, cb_vendor) && !strcasecmp(mb_part, cb_model)) {
93msg_pdbg2("This coreboot image matches this mainboard.\n");
94} else {
95msg_perr("This coreboot image (%s:%s) does not appear to\n"
96 "be correct for the detected mainboard (%s:%s).\n",
97 mb_vendor, mb_part, cb_vendor, cb_model);
98return -1;
99}
100
101return 0;
102}
103
104static unsigned long compute_checksum(void *addr, unsigned long length)
105{
106uint8_t *ptr;
107volatile union {
108uint8_t byte[2];
109uint16_t word;
110} chksum;
111unsigned long sum;
112unsigned long i;
113
114/* In the most straight forward way possible,
115 * compute an ip style checksum.
116 */
117sum = 0;
118ptr = addr;
119for (i = 0; i < length; i++) {
120unsigned long value;
121value = ptr[i];
122if (i & 1) {
123value <<= 8;
124}
125/* Add the new value */
126sum += value;
127/* Wrap around the carry */
128if (sum > 0xFFFF) {
129sum = (sum + (sum >> 16)) & 0xFFFF;
130}
131}
132chksum.byte[0] = sum & 0xff;
133chksum.byte[1] = (sum >> 8) & 0xff;
134
135return (~chksum.word) & 0xFFFF;
136}
137
138#define for_each_lbrec(head, rec) \
139for(rec = (struct lb_record *)(((char *)head) + sizeof(*head)); \
140(((char *)rec) < (((char *)head) + sizeof(*head) + head->table_bytes)) && \
141(rec->size >= 1) && \
142((((char *)rec) + rec->size) <= (((char *)head) + sizeof(*head) + head->table_bytes)); \
143rec = (struct lb_record *)(((char *)rec) + rec->size))
144
145static int count_lb_records(struct lb_header *head)
146{
147struct lb_record *rec;
148int count;
149
150count = 0;
151for_each_lbrec(head, rec) {
152count++;
153}
154
155return count;
156}
157
158static struct lb_header *find_lb_table(void *base, unsigned long start,
159 unsigned long end)
160{
161unsigned long addr;
162
163/* For now be stupid.... */
164for (addr = start; addr < end; addr += 16) {
165struct lb_header *head =
166 (struct lb_header *)(((char *)base) + addr);
167struct lb_record *recs =
168 (struct lb_record *)(((char *)base) + addr + sizeof(*head));
169if (memcmp(head->signature, "LBIO", 4) != 0)
170continue;
171msg_pdbg("Found candidate at: %08lx-%08lx\n",
172 addr, addr + head->table_bytes);
173if (head->header_bytes != sizeof(*head)) {
174msg_perr("Header bytes of %d are incorrect.\n",
175head->header_bytes);
176continue;
177}
178if (count_lb_records(head) != head->table_entries) {
179msg_perr("Bad record count: %d.\n",
180head->table_entries);
181continue;
182}
183if (compute_checksum((uint8_t *) head, sizeof(*head)) != 0) {
184msg_perr("Bad header checksum.\n");
185continue;
186}
187if (compute_checksum(recs, head->table_bytes)
188 != head->table_checksum) {
189msg_perr("Bad table checksum: %04x.\n",
190head->table_checksum);
191continue;
192}
193msg_pdbg("Found coreboot table at 0x%08lx.\n", addr);
194return head;
195
196};
197
198return NULL;
199}
200
201static void find_mainboard(struct lb_record *ptr, unsigned long addr)
202{
203struct lb_mainboard *rec;
204int max_size;
205char vendor[256], part[256];
206
207rec = (struct lb_mainboard *)ptr;
208max_size = rec->size - sizeof(*rec);
209msg_pdbg("Vendor ID: %.*s, part ID: %.*s\n",
210 max_size - rec->vendor_idx,
211 rec->strings + rec->vendor_idx,
212 max_size - rec->part_number_idx,
213 rec->strings + rec->part_number_idx);
214snprintf(vendor, 255, "%.*s", max_size - rec->vendor_idx, rec->strings + rec->vendor_idx);
215snprintf(part, 255, "%.*s", max_size - rec->part_number_idx, rec->strings + rec->part_number_idx);
216
217cb_vendor = strdup(vendor);
218cb_model = strdup(part);
219}
220
221static struct lb_record *next_record(struct lb_record *rec)
222{
223return (struct lb_record *)(((char *)rec) + rec->size);
224}
225
226static void search_lb_records(struct lb_record *rec, struct lb_record *last, unsigned long addr)
227{
228struct lb_record *next;
229int count;
230count = 0;
231
232for (next = next_record(rec); (rec < last) && (next <= last);
233 rec = next, addr += rec->size) {
234next = next_record(rec);
235count++;
236if (rec->tag == LB_TAG_MAINBOARD) {
237find_mainboard(rec, addr);
238break;
239}
240}
241}
242
243#define BYTES_TO_MAP (1024*1024)
244/* returns 0 if the table was parsed successfully and cb_vendor/cb_model have been set. */
245int cb_parse_table(const char **vendor, const char **model)
246{
247uint8_t *table_area;
248unsigned long addr, start;
249struct lb_header *lb_table;
250struct lb_record *rec, *last;
251
252#if defined(__MACH__) && defined(__APPLE__)
253/* This is a hack. DirectHW fails to map physical address 0x00000000.
254 * Why?
255 */
256start = 0x400;
257#else
258start = 0x0;
259#endif
260table_area = physmap_ro_unaligned("low megabyte", start, BYTES_TO_MAP - start);
261if (ERROR_PTR == table_area) {
262msg_perr("Failed getting access to coreboot low tables.\n");
263return -1;
264}
265
266lb_table = find_lb_table(table_area, 0x00000, 0x1000);
267if (!lb_table)
268lb_table = find_lb_table(table_area, 0xf0000 - start, BYTES_TO_MAP - start);
269if (lb_table) {
270struct lb_forward *forward = (struct lb_forward *)
271(((char *)lb_table) + lb_table->header_bytes);
272if (forward->tag == LB_TAG_FORWARD) {
273start = forward->forward;
274start &= ~(getpagesize() - 1);
275physunmap_unaligned(table_area, BYTES_TO_MAP);
276// FIXME: table_area is never unmapped below, nor is it unmapped above in the no-forward case
277table_area = physmap_ro_unaligned("high tables", start, BYTES_TO_MAP);
278if (ERROR_PTR == table_area) {
279msg_perr("Failed getting access to coreboot high tables.\n");
280return -1;
281}
282lb_table = find_lb_table(table_area, 0x00000, 0x1000);
283}
284}
285
286if (!lb_table) {
287msg_pdbg("No coreboot table found.\n");
288return -1;
289}
290
291addr = ((char *)lb_table) - ((char *)table_area) + start;
292msg_pinfo("coreboot table found at 0x%lx.\n",
293(unsigned long)lb_table - (unsigned long)table_area + start);
294rec = (struct lb_record *)(((char *)lb_table) + lb_table->header_bytes);
295last = (struct lb_record *)(((char *)rec) + lb_table->table_bytes);
296msg_pdbg("coreboot header(%d) checksum: %04x table(%d) checksum: %04x entries: %d\n",
297 lb_table->header_bytes, lb_table->header_checksum,
298 lb_table->table_bytes, lb_table->table_checksum,
299 lb_table->table_entries);
300search_lb_records(rec, last, addr + lb_table->header_bytes);
301*vendor = cb_vendor;
302*model = cb_model;
303return 0;
304}

Archive Download this file

Revision: HEAD