xref: /illumos-gate/usr/src/common/ucode/ucode_utils_intel.c (revision 8119dad84d6416f13557b0ba8e2aaf9064cbcfd3) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  *
26  * Copyright 2021 OmniOS Community Edition (OmniOSce) Association.
27  * Copyright 2023 Oxide Computer Company
28  */
29 
30 #include <sys/types.h>
31 #include <sys/ucode.h>
32 #include <sys/ucode_intel.h>
33 #ifdef	_KERNEL
34 #include <sys/systm.h>
35 #else
36 #include <strings.h>
37 #endif
38 
39 /*
40  * Refer to
41  *	Intel 64 and IA-32 Architectures Software Developers's Manual
42  *		Chapter 9.11 Microcode Update Facilities	[1]
43  * for details.
44  */
45 
46 /*
47  * Validates the microcode header.
48  * Returns EM_OK on success, EM_HEADER on failure.
49  */
50 ucode_errno_t
51 ucode_header_validate_intel(ucode_header_intel_t *uhp)
52 {
53 	uint32_t header_size, body_size, total_size;
54 
55 	if (uhp == NULL)
56 		return (EM_HEADER);
57 
58 	/*
59 	 * The only header version number supported is 1.
60 	 */
61 	if (uhp->uh_header_ver != 0x1)
62 		return (EM_HEADER);
63 
64 	header_size = UCODE_HEADER_SIZE_INTEL;
65 	total_size = UCODE_TOTAL_SIZE_INTEL(uhp->uh_total_size);
66 	body_size = UCODE_BODY_SIZE_INTEL(uhp->uh_body_size);
67 
68 	/*
69 	 * The body size field of the microcode code header specifies the size
70 	 * of the encrypted data section, its value must be a multiple of the
71 	 * size of DWORD.  The total size field must be in multiples of 1K
72 	 * bytes.
73 	 */
74 	if ((body_size % sizeof (int)) ||
75 	    (total_size < (header_size + body_size)) ||
76 	    (total_size % UCODE_KB(1)))
77 
78 		return (EM_HEADER);
79 
80 	/*
81 	 * Sanity check to avoid reading bogus files
82 	 */
83 	if (total_size < UCODE_MIN_SIZE || total_size > UCODE_MAX_SIZE)
84 		return (EM_HEADER);
85 
86 	/*
87 	 * If there is extended signature table, total_size is the sum of
88 	 *	header_size
89 	 *	body_size
90 	 *	sizeof (struct ucode_ext_table)
91 	 *	n * sizeof (struct ucode_ext_sig)
92 	 * where n is indicated by uet_count in struct ucode_ext_table.
93 	 */
94 	if (total_size > (header_size + body_size)) {
95 		if ((total_size - body_size - header_size -
96 		    UCODE_EXT_TABLE_SIZE_INTEL) % UCODE_EXT_SIG_SIZE_INTEL) {
97 
98 			return (EM_HEADER);
99 		}
100 	}
101 
102 	return (EM_OK);
103 }
104 
105 /*
106  * Returns checksum.
107  */
108 uint32_t
109 ucode_checksum_intel(uint32_t sum, uint32_t size, uint8_t *code)
110 {
111 	int i;
112 	uint32_t *lcode = (uint32_t *)(intptr_t)code;
113 
114 	i = size >> 2;
115 	while (i--)
116 		sum += lcode[i];
117 
118 	return (sum);
119 }
120 
121 uint32_t
122 ucode_checksum_intel_extsig(ucode_header_intel_t *uhp,
123     ucode_ext_sig_intel_t *uesp)
124 {
125 	/*
126 	 * From [1], table 9-7, the checksum field contained in the extended
127 	 * patch signature is the checksum across the entire update which would
128 	 * result if the primary processor signature and processor flags were
129 	 * replaced with the values from this entry.
130 	 *
131 	 * We can therefore just calculate the difference in the checksum
132 	 * between the old and new values and return that to the caller. If the
133 	 * difference is zero then the checksum for the patch is valid.
134 	 */
135 	uint32_t diff;
136 
137 	diff = uesp->ues_signature +
138 	    uesp->ues_proc_flags + uesp->ues_checksum;
139 	diff -= uhp->uh_signature + uhp->uh_proc_flags +
140 	    uhp->uh_checksum;
141 
142 	return (diff);
143 }
144 
145 ucode_errno_t
146 ucode_validate_intel(uint8_t *ucodep, int size)
147 {
148 	uint32_t header_size = UCODE_HEADER_SIZE_INTEL;
149 	int remaining;
150 
151 	if (ucodep == NULL || size <= 0)
152 		return (EM_INVALIDARG);
153 
154 	for (remaining = size; remaining > 0; ) {
155 		uint32_t total_size, body_size, ext_size;
156 		ucode_header_intel_t *uhp;
157 		uint8_t *curbuf = &ucodep[size - remaining];
158 		ucode_errno_t rc;
159 
160 		uhp = (ucode_header_intel_t *)curbuf;
161 
162 		if ((rc = ucode_header_validate_intel(uhp)) != EM_OK)
163 			return (rc);
164 
165 		total_size = UCODE_TOTAL_SIZE_INTEL(uhp->uh_total_size);
166 
167 		if (ucode_checksum_intel(0, total_size, curbuf) != 0)
168 			return (EM_CHECKSUM);
169 
170 		body_size = UCODE_BODY_SIZE_INTEL(uhp->uh_body_size);
171 		ext_size = total_size - (header_size + body_size);
172 
173 		if (ext_size > 0) {
174 			ucode_ext_table_intel_t *ext;
175 			uint32_t i;
176 
177 			ext = (ucode_ext_table_intel_t *)
178 			    &curbuf[header_size + body_size];
179 
180 			if (ucode_checksum_intel(0, ext_size, (uint8_t *)ext))
181 				return (EM_EXTCHECKSUM);
182 
183 			for (i = 0; i < ext->uet_count; i++) {
184 				ucode_ext_sig_intel_t *sig =
185 				    &ext->uet_ext_sig[i];
186 
187 				if (ucode_checksum_intel_extsig(uhp, sig) != 0)
188 					return (EM_SIGCHECKSUM);
189 			}
190 		}
191 
192 		remaining -= total_size;
193 	}
194 	return (EM_OK);
195 }
196