1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 3 #ifndef SECURITY_INTEL_TXT_REGISTER_H_ 4 #define SECURITY_INTEL_TXT_REGISTER_H_ 5 6 #include <types.h> 7 8 /* 9 * Document: 315168-016 10 * Intel Trusted Execution Technology (Intel TXT) 11 * Software Development Guide 12 * Chapter B 13 */ 14 #define TXT_BASE 0xfed30000UL 15 16 #define TXT_STS (TXT_BASE + 0) 17 #define TXT_ESTS (TXT_BASE + 8) 18 #define TXT_ESTS_TXT_RESET_STS (1 << 0) 19 /* 20 * Chapter 6 21 * Intel Trusted Execution Technology Lab Handout 22 */ 23 #define TXT_ESTS_WAKE_ERROR_STS (1 << 6) 24 25 #define TXT_ERROR (TXT_BASE + 0x30) 26 #define ACMERROR_TXT_VALID (1ul << 31) 27 #define ACMERROR_TXT_EXTERNAL (1ul << 30) 28 29 #define ACMERROR_TXT_PROGRESS_SHIFT 16 30 #define ACMERROR_TXT_MINOR_SHIFT 15 31 #define ACMERROR_TXT_MAJOR_SHIFT 10 32 #define ACMERROR_TXT_CLASS_SHIFT 4 33 #define ACMERROR_TXT_TYPE_SHIFT 0 34 35 #define ACMERROR_TXT_PROGRESS_CODE (0xffull << ACMERROR_TXT_PROGRESS_SHIFT) 36 #define ACMERROR_TXT_MINOR_CODE (0x01ull << ACMERROR_TXT_MINOR_SHIFT) 37 #define ACMERROR_TXT_MAJOR_CODE (0x1full << ACMERROR_TXT_MAJOR_SHIFT) 38 #define ACMERROR_TXT_CLASS_CODE (0x3full << ACMERROR_TXT_CLASS_SHIFT) 39 #define ACMERROR_TXT_TYPE_CODE (0x0full << ACMERROR_TXT_TYPE_SHIFT) 40 41 #define ACMERROR_TXT_AC_MODULE_TYPE_BIOS 0 42 #define ACMERROR_TXT_AC_MODULE_TYPE_SINIT 1 43 44 #define TXT_ERROR_MASK (0x3ff << 0) 45 46 #define TXT_CMD_RESET (TXT_BASE + 0x38) 47 #define TXT_CMD_CLOSE_PRIVATE (TXT_BASE + 0x48) 48 49 /* Present in Document Number: 315168-016. */ 50 #define TXT_SPAD (TXT_BASE + 0xa0) 51 #define ACMSTS_IBB_MEASURED (1ull << 63) 52 #define ACMSTS_VERIFICATION_ERROR (1ull << 62) 53 #define ACMSTS_BG_STARTUP_ERROR (1ull << 61) /* CBnT platforms only */ 54 #define ACMSTS_TXT_DISABLED (1ull << 60) /* disabled by FIT type 0xA record */ 55 #define ACMSTS_BIOS_TRUSTED (1ull << 59) 56 #define ACMSTS_MEM_CLEAR_POWER_DOWN (1ull << 47) 57 #define ACMSTS_TXT_STARTUP_SUCCESS (1ull << 30) 58 59 #define TXT_VER_FSBIF (TXT_BASE + 0x100) 60 #define TXT_VER_PRODUCTION_FUSED (1ull << 31) 61 62 #define TXT_DIDVID (TXT_BASE + 0x110) 63 64 /* 65 * Chapter 6 66 * Intel Trusted Execution Technology Lab Handout 67 */ 68 #define TXT_CAPABILITIES (TXT_BASE + 0x200) 69 #define TXT_CAPABILITIES_DPR (1ull << 26) 70 #define TXT_CAPABILITIES_PMRC (1ull << 19) 71 72 #define TXT_VER_QPIIF (TXT_BASE + 0x200) 73 74 #define TXT_SINIT_BASE (TXT_BASE + 0x270) 75 #define TXT_SINIT_SIZE (TXT_BASE + 0x278) 76 #define TXT_MLE_JOIN (TXT_BASE + 0x290) 77 78 #define TXT_HEAP_BASE (TXT_BASE + 0x300) 79 #define TXT_HEAP_SIZE (TXT_BASE + 0x308) 80 /* 81 * Chapter 6 82 * Intel Trusted Execution Technology Lab Handout 83 */ 84 #define TXT_MSEG_BASE (TXT_BASE + 0x310) 85 #define TXT_MSEG_SIZE (TXT_BASE + 0x318) 86 87 /* 88 * Chapter 5.4.2.1 89 * Intel Trusted Execution Technology Lab Handout 90 */ 91 #define TXT_BIOSACM_ERRORCODE (TXT_BASE + 0x328) 92 93 #define TXT_DPR (TXT_BASE + 0x330) 94 95 #define TXT_ACM_KEY_HASH (TXT_BASE + 0x400) 96 #define TXT_ACM_KEY_HASH_LEN 0x4 97 98 #define TXT_STS_FTIF (TXT_BASE + 0x800) 99 #define TXT_LPC_TPM_PRESENT 0x10000 /* Location of TPM: 001b - LPC TPM */ 100 #define TXT_SPI_TPM_PRESENT 0x50000 /* Location of TPM: 101b - SPI TPM */ 101 #define TXT_PTT_PRESENT 0x70000 /* Location of TPM: 111b - PTT present and active */ 102 103 #define TXT_E2STS (TXT_BASE + 0x8f0) 104 #define TXT_E2STS_SECRET_STS (1ull << 1) 105 106 /* 107 * TCG PC Client Platform TPM Profile (PTP) Specification 108 * 109 * Note: Only locality 0 registers are publicly accessible. 110 */ 111 112 #define TPM_BASE_ADDR 0xfed40000UL 113 114 #define TPM_ACCESS_REG (TPM_BASE_ADDR + 0x00) 115 116 /* 117 * TXT Memory regions 118 * Chapter 5.3 119 * Intel Trusted Execution Technology Lab Handout 120 */ 121 #define TXT_PRIVATE_SPACE 0xfed20000UL 122 #define TXT_PUBLIC_SPACE 0xfed30000UL 123 #define TXT_TPM_DECODE_AREA 0xfed40000UL 124 #define TXT_RESERVED_SPACE 0xfed50000UL 125 126 #define TXT_RESERVED_SPACE_SIZE 0x3ffff 127 128 /* ESI flags for GETSEC[ENTERACCS] see Reference Number: 323372-017 */ 129 #define ACMINPUT_SCLEAN 0 130 #define ACMINPUT_RESET_TPM_AUXILIARY_INDICIES 2 131 #define ACMINPUT_NOP 3 132 #define ACMINPUT_SCHECK 4 133 #define ACMINPUT_CLEAR_SECRETS 5 134 #define ACMINPUT_LOCK_CONFIG 6 135 136 /* 137 * GetSec EAX value. 138 * SAFER MODE EXTENSIONS REFERENCE. 139 * Intel 64 and IA-32 Architectures Software Developer Manuals Vol 2 140 * Order Number: 325383-060US 141 */ 142 #define IA32_GETSEC_CAPABILITIES 0 143 #define IA32_GETSEC_ENTERACCS 2 144 #define IA32_GETSEC_SENTER 4 145 #define IA32_GETSEC_SEXIT 5 146 #define IA32_GETSEC_PARAMETERS 6 147 #define IA32_GETSEC_SMCTRL 7 148 #define IA32_GETSEC_WAKEUP 8 149 150 #define GETSEC_PARAMS_TXT_EXT_CRTM_SUPPORT (1ul << 5) 151 #define GETSEC_PARAMS_TXT_EXT_MACHINE_CHECK (1ul << 6) 152 153 /* ACM defines */ 154 #define INTEL_ACM_VENDOR 0x00008086 155 156 #define ACM_FORMAT_FLAGS_PW 0x00000000 157 #define ACM_FORMAT_FLAGS_NPW (1 << 14) 158 #define ACM_FORMAT_FLAGS_DEBUG (1 << 15) 159 160 /* Old ACMs are power of two aligned, newer ACMs are not */ 161 #define ACM_FORMAT_SIZE_64KB (64 * KiB / 4) 162 #define ACM_FORMAT_SIZE_128KB (128 * KiB / 4) 163 #define ACM_FORMAT_SIZE_256KB (256 * KiB / 4) 164 165 /* MSRs */ 166 #define IA32_MCG_STATUS 0x17a 167 168 /* DPR register layout, either in PCI config space or TXT MMIO space */ 169 union dpr_register { 170 struct { 171 uint32_t lock : 1; /* [ 0.. 0] */ 172 uint32_t prs : 1; /* [ 1.. 1] and only present on PCI config */ 173 uint32_t epm : 1; /* [ 2.. 2] and only present on PCI config */ 174 uint32_t : 1; 175 uint32_t size : 8; /* [11.. 4] */ 176 uint32_t : 8; 177 uint32_t top : 12; /* [31..20] */ 178 }; 179 uint32_t raw; 180 }; 181 182 typedef enum { 183 CHIPSET_ACM = 2, 184 } acm_module_type; 185 186 typedef enum { 187 BIOS = 0, 188 SINIT = 1, 189 } acm_module_sub_type; 190 191 /* 192 * ACM Header v0.0 without dynamic part 193 * Chapter A.1 194 * Intel TXT Software Development Guide (Document: 315168-015) 195 */ 196 struct __packed acm_header_v0 { 197 uint16_t module_type; 198 uint16_t module_sub_type; 199 uint32_t header_len; 200 uint16_t header_version[2]; 201 uint16_t chipset_id; 202 uint16_t flags; 203 uint32_t module_vendor; 204 uint32_t date; 205 uint32_t size; 206 uint16_t txt_svn; 207 uint16_t se_svn; 208 uint32_t code_control; 209 uint32_t error_entry_point; 210 uint32_t gdt_limit; 211 uint32_t gdt_ptr; 212 uint32_t seg_sel; 213 uint32_t entry_point; 214 uint8_t reserved2[64]; 215 uint32_t key_size; 216 uint32_t scratch_size; 217 uint8_t rsa2048_pubkey[256]; 218 uint32_t pub_exp; 219 uint8_t rsa2048_sig[256]; 220 uint32_t scratch[143]; 221 uint8_t user_area[]; 222 }; 223 224 struct __packed acm_info_table { 225 uint8_t uuid[16]; 226 uint8_t chipset_acm_type; 227 uint8_t version; 228 uint16_t length; 229 uint32_t chipset_id_list; 230 uint32_t os_sinit_data_ver; 231 uint32_t min_mle_hdr_ver; 232 uint32_t capabilities; 233 uint8_t acm_ver; 234 uint8_t reserved[3]; 235 }; 236 237 /* 238 * Extended Data Elements 239 * Chapter C.1 240 * Intel TXT Software Development Guide (Document: 315168-015) 241 */ 242 struct __packed txt_extended_data_element_header { 243 uint32_t type; 244 uint32_t size; 245 uint8_t data[0]; 246 }; 247 248 #define HEAP_EXTDATA_TYPE_END 0 249 #define HEAP_EXTDATA_TYPE_BIOS_SPEC_VER 1 250 #define HEAP_EXTDATA_TYPE_ACM 2 251 #define HEAP_EXTDATA_TYPE_CUSTOM 4 252 253 struct __packed txt_bios_spec_ver_element { 254 struct txt_extended_data_element_header header; 255 uint16_t ver_major; 256 uint16_t ver_minor; 257 uint16_t ver_revision; 258 }; 259 260 /* Used when only the BIOS ACM is included in CBFS */ 261 struct __packed txt_heap_acm_element1 { 262 struct txt_extended_data_element_header header; 263 uint32_t num_acms; // must greater 0, smaller than 3 264 uint64_t acm_addrs[1]; 265 }; 266 267 /* Used when both BIOS and SINIT ACMs are included in CBFS */ 268 struct __packed txt_heap_acm_element2 { 269 struct txt_extended_data_element_header header; 270 uint32_t num_acms; // must greater 0, smaller than 3 271 uint64_t acm_addrs[2]; 272 }; 273 274 /* 275 * BIOS Data Format 276 * Chapter C.2 277 * Intel TXT Software Development Guide (Document: 315168-015) 278 */ 279 struct __packed txt_biosdataregion { 280 uint32_t version; 281 uint32_t bios_sinit_size; 282 uint64_t lcp_pd_base; 283 uint64_t lcp_pd_size; 284 uint32_t no_logical_procs; 285 uint32_t sinit_flags; 286 union { 287 uint32_t mle_flags; 288 struct { 289 uint32_t support_acpi_ppi : 1; 290 uint32_t platform_type : 2; 291 }; 292 }; 293 u8 extended_data_elements[0]; 294 }; 295 296 void txt_dump_regions(void); 297 void txt_dump_chipset_info(void); 298 void txt_dump_acm_info(const struct acm_header_v0 *acm_header); 299 void txt_dump_getsec_parameters(void); 300 301 #endif /* SECURITY_INTEL_TXT_REGISTER_H_ */ 302