1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 *
26 * Copyright 2021 OmniOS Community Edition (OmniOSce) Association.
27 * Copyright 2025 Oxide Computer Company
28 */
29
30 #include <sys/types.h>
31 #include <sys/ucode.h>
32 #include <sys/ucode_intel.h>
33 #ifdef _KERNEL
34 #include <sys/systm.h>
35 #else
36 #include <strings.h>
37 #endif
38
39 /*
40 * Refer to
41 * Intel 64 and IA-32 Architectures Software Developers's Manual
42 * Chapter 9.11 Microcode Update Facilities [1]
43 * for details.
44 */
45
46 /*
47 * Validates the microcode header.
48 * Returns EM_OK on success, EM_HEADER on failure.
49 */
50 ucode_errno_t
ucode_header_validate_intel(ucode_header_intel_t * uhp)51 ucode_header_validate_intel(ucode_header_intel_t *uhp)
52 {
53 uint32_t header_size, body_size, total_size;
54
55 if (uhp == NULL)
56 return (EM_HEADER);
57
58 /*
59 * The only header version number supported is 1.
60 */
61 if (uhp->uh_header_ver != 0x1)
62 return (EM_HEADER);
63
64 header_size = UCODE_HEADER_SIZE_INTEL;
65 total_size = UCODE_TOTAL_SIZE_INTEL(uhp->uh_total_size);
66 body_size = UCODE_BODY_SIZE_INTEL(uhp->uh_body_size);
67
68 /*
69 * The body size field of the microcode code header specifies the size
70 * of the encrypted data section, its value must be a multiple of the
71 * size of DWORD. The total size field must be in multiples of 1K
72 * bytes.
73 */
74 if ((body_size % sizeof (int)) != 0 ||
75 (total_size < header_size + body_size) ||
76 (total_size % UCODE_KB(1)) != 0) {
77 return (EM_HEADER);
78 }
79
80 /*
81 * Sanity check to avoid reading bogus files
82 */
83 if (total_size < UCODE_MIN_SIZE || total_size > UCODE_MAX_SIZE)
84 return (EM_HEADER);
85
86 /*
87 * If there is extended signature table, total_size is the sum of
88 * header_size
89 * body_size
90 * sizeof (struct ucode_ext_table)
91 * n * sizeof (struct ucode_ext_sig)
92 * where n is indicated by uet_count in struct ucode_ext_table.
93 */
94 if (total_size > (header_size + body_size)) {
95 if ((total_size - body_size - header_size -
96 UCODE_EXT_TABLE_SIZE_INTEL) % UCODE_EXT_SIG_SIZE_INTEL) {
97 return (EM_HEADER);
98 }
99 }
100
101 return (EM_OK);
102 }
103
104 /*
105 * Returns checksum.
106 */
107 uint32_t
ucode_checksum_intel(uint32_t sum,uint32_t size,uint8_t * code)108 ucode_checksum_intel(uint32_t sum, uint32_t size, uint8_t *code)
109 {
110 int i;
111 uint32_t *lcode = (uint32_t *)(intptr_t)code;
112
113 i = size >> 2;
114 while (i--)
115 sum += lcode[i];
116
117 return (sum);
118 }
119
120 uint32_t
ucode_checksum_intel_extsig(ucode_header_intel_t * uhp,ucode_ext_sig_intel_t * uesp)121 ucode_checksum_intel_extsig(ucode_header_intel_t *uhp,
122 ucode_ext_sig_intel_t *uesp)
123 {
124 /*
125 * From [1], table 9-7, the checksum field contained in the extended
126 * patch signature is the checksum across the entire update which would
127 * result if the primary processor signature and processor flags were
128 * replaced with the values from this entry.
129 *
130 * We can therefore just calculate the difference in the checksum
131 * between the old and new values and return that to the caller. If the
132 * difference is zero then the checksum for the patch is valid.
133 */
134 uint32_t diff;
135
136 diff = uesp->ues_signature + uesp->ues_proc_flags + uesp->ues_checksum;
137 diff -= uhp->uh_signature + uhp->uh_proc_flags + uhp->uh_checksum;
138
139 return (diff);
140 }
141
142 ucode_errno_t
ucode_validate_intel(uint8_t * ucodep,size_t size)143 ucode_validate_intel(uint8_t *ucodep, size_t size)
144 {
145 uint32_t header_size = UCODE_HEADER_SIZE_INTEL;
146 size_t remaining;
147
148 if (ucodep == NULL || size <= 0)
149 return (EM_INVALIDARG);
150
151 for (remaining = size; remaining > 0; ) {
152 uint32_t total_size, body_size, ext_size;
153 uint8_t *curbuf = &ucodep[size - remaining];
154 ucode_header_intel_t *uhp = (ucode_header_intel_t *)curbuf;
155 ucode_errno_t rc;
156
157 if ((rc = ucode_header_validate_intel(uhp)) != EM_OK)
158 return (rc);
159
160 total_size = UCODE_TOTAL_SIZE_INTEL(uhp->uh_total_size);
161
162 if (ucode_checksum_intel(0, total_size, curbuf) != 0)
163 return (EM_CHECKSUM);
164
165 body_size = UCODE_BODY_SIZE_INTEL(uhp->uh_body_size);
166 ext_size = total_size - (header_size + body_size);
167
168 if (ext_size > 0) {
169 ucode_ext_table_intel_t *ext;
170 uint32_t i;
171
172 ext = (ucode_ext_table_intel_t *)
173 &curbuf[header_size + body_size];
174
175 if (ucode_checksum_intel(0, ext_size, (uint8_t *)ext))
176 return (EM_EXTCHECKSUM);
177
178 for (i = 0; i < ext->uet_count; i++) {
179 ucode_ext_sig_intel_t *sig =
180 &ext->uet_ext_sig[i];
181
182 if (ucode_checksum_intel_extsig(uhp, sig) != 0)
183 return (EM_SIGCHECKSUM);
184 }
185 }
186
187 remaining -= total_size;
188 }
189 return (EM_OK);
190 }
191