xref: /linux/tools/arch/x86/intel_sdsi/intel_sdsi.c (revision 3ba84ac69b53e6ee07c31d54554e00793d7b144f)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * sdsi: Intel On Demand (formerly Software Defined Silicon) tool for
4  * provisioning certificates and activation payloads on supported cpus.
5  *
6  * See https://github.com/intel/intel-sdsi/blob/master/os-interface.rst
7  * for register descriptions.
8  *
9  * Copyright (C) 2022 Intel Corporation. All rights reserved.
10  */
11 
12 #include <dirent.h>
13 #include <errno.h>
14 #include <fcntl.h>
15 #include <getopt.h>
16 #include <stdbool.h>
17 #include <stdio.h>
18 #include <stdint.h>
19 #include <stdlib.h>
20 #include <string.h>
21 #include <unistd.h>
22 
23 #include <sys/types.h>
24 
25 #ifndef __packed
26 #define __packed __attribute__((packed))
27 #endif
28 
29 #define min(x, y) ({                            \
30 	typeof(x) _min1 = (x);                  \
31 	typeof(y) _min2 = (y);                  \
32 	(void) (&_min1 == &_min2);              \
33 	_min1 < _min2 ? _min1 : _min2; })
34 
35 #define SDSI_DEV		"intel_vsec.sdsi"
36 #define AUX_DEV_PATH		"/sys/bus/auxiliary/devices/"
37 #define SDSI_PATH		(AUX_DEV_DIR SDSI_DEV)
38 #define GUID_V1			0x6dd191
39 #define REGS_SIZE_GUID_V1	72
40 #define GUID_V2			0xF210D9EF
41 #define REGS_SIZE_GUID_V2	80
42 #define STATE_CERT_MAX_SIZE	4096
43 #define METER_CERT_MAX_SIZE	4096
44 #define STATE_MAX_NUM_LICENSES	16
45 #define STATE_MAX_NUM_IN_BUNDLE	(uint32_t)8
46 #define FEAT_LEN		5	/* 4 plus NUL terminator */
47 
48 #define __round_mask(x, y) ((__typeof__(x))((y) - 1))
49 #define round_up(x, y) ((((x) - 1) | __round_mask(x, y)) + 1)
50 
51 struct nvram_content_auth_err_sts {
52 	uint64_t reserved:3;
53 	uint64_t sdsi_content_auth_err:1;
54 	uint64_t reserved1:1;
55 	uint64_t sdsi_metering_auth_err:1;
56 	uint64_t reserved2:58;
57 };
58 
59 struct enabled_features {
60 	uint64_t reserved:3;
61 	uint64_t sdsi:1;
62 	uint64_t reserved1:8;
63 	uint64_t attestation:1;
64 	uint64_t reserved2:13;
65 	uint64_t metering:1;
66 	uint64_t reserved3:37;
67 };
68 
69 struct key_provision_status {
70 	uint64_t reserved:1;
71 	uint64_t license_key_provisioned:1;
72 	uint64_t reserved2:62;
73 };
74 
75 struct auth_fail_count {
76 	uint64_t key_failure_count:3;
77 	uint64_t key_failure_threshold:3;
78 	uint64_t auth_failure_count:3;
79 	uint64_t auth_failure_threshold:3;
80 	uint64_t reserved:52;
81 };
82 
83 struct availability {
84 	uint64_t reserved:48;
85 	uint64_t available:3;
86 	uint64_t threshold:3;
87 	uint64_t reserved2:10;
88 };
89 
90 struct nvram_update_limit {
91 	uint64_t reserved:12;
92 	uint64_t sdsi_50_pct:1;
93 	uint64_t sdsi_75_pct:1;
94 	uint64_t sdsi_90_pct:1;
95 	uint64_t reserved2:49;
96 };
97 
98 struct sdsi_regs {
99 	uint64_t ppin;
100 	struct nvram_content_auth_err_sts auth_err_sts;
101 	struct enabled_features en_features;
102 	struct key_provision_status key_prov_sts;
103 	struct auth_fail_count auth_fail_count;
104 	struct availability prov_avail;
105 	struct nvram_update_limit limits;
106 	uint64_t pcu_cr3_capid_cfg;
107 	union {
108 		struct {
109 			uint64_t socket_id;
110 		} v1;
111 		struct {
112 			uint64_t reserved;
113 			uint64_t socket_id;
114 			uint64_t reserved2;
115 		} v2;
116 	} extra;
117 };
118 #define CONTENT_TYPE_LK_ENC		0xD
119 #define CONTENT_TYPE_LK_BLOB_ENC	0xE
120 
121 struct state_certificate {
122 	uint32_t content_type;
123 	uint32_t region_rev_id;
124 	uint32_t header_size;
125 	uint32_t total_size;
126 	uint32_t key_size;
127 	uint32_t num_licenses;
128 };
129 
130 struct license_key_info {
131 	uint32_t key_rev_id;
132 	uint64_t key_image_content[6];
133 } __packed;
134 
135 #define LICENSE_BLOB_SIZE(l)	(((l) & 0x7fffffff) * 4)
136 #define LICENSE_VALID(l)	(!!((l) & 0x80000000))
137 
138 // License Group Types
139 #define LBT_ONE_TIME_UPGRADE	1
140 #define LBT_METERED_UPGRADE	2
141 
142 struct license_blob_content {
143 	uint32_t type;
144 	uint64_t id;
145 	uint64_t ppin;
146 	uint64_t previous_ppin;
147 	uint32_t rev_id;
148 	uint32_t num_bundles;
149 } __packed;
150 
151 struct bundle_encoding {
152 	uint32_t encoding;
153 	uint32_t encoding_rsvd[7];
154 };
155 
156 struct meter_certificate {
157 	uint32_t signature;
158 	uint32_t version;
159 	uint64_t ppin;
160 	uint32_t counter_unit;
161 	uint32_t bundle_length;
162 	uint64_t reserved;
163 	uint32_t mmrc_encoding;
164 	uint32_t mmrc_counter;
165 };
166 
167 struct bundle_encoding_counter {
168 	uint32_t encoding;
169 	uint32_t counter;
170 };
171 #define METER_BUNDLE_SIZE sizeof(struct bundle_encoding_counter)
172 #define BUNDLE_COUNT(length) ((length) / METER_BUNDLE_SIZE)
173 #define METER_MAX_NUM_BUNDLES							\
174 		((METER_CERT_MAX_SIZE - sizeof(struct meter_certificate)) /	\
175 		 sizeof(struct bundle_encoding_counter))
176 
177 struct sdsi_dev {
178 	struct sdsi_regs regs;
179 	struct state_certificate sc;
180 	char *dev_name;
181 	char *dev_path;
182 	uint32_t guid;
183 };
184 
185 enum command {
186 	CMD_SOCKET_INFO,
187 	CMD_METER_CERT,
188 	CMD_METER_CURRENT_CERT,
189 	CMD_STATE_CERT,
190 	CMD_PROV_AKC,
191 	CMD_PROV_CAP,
192 };
193 
194 static void sdsi_list_devices(void)
195 {
196 	struct dirent *entry;
197 	DIR *aux_dir;
198 	bool found = false;
199 
200 	aux_dir = opendir(AUX_DEV_PATH);
201 	if (!aux_dir) {
202 		fprintf(stderr, "Cannot open directory %s\n", AUX_DEV_PATH);
203 		return;
204 	}
205 
206 	while ((entry = readdir(aux_dir))) {
207 		if (!strncmp(SDSI_DEV, entry->d_name, strlen(SDSI_DEV))) {
208 			found = true;
209 			printf("%s\n", entry->d_name);
210 		}
211 	}
212 
213 	if (!found)
214 		fprintf(stderr, "No On Demand devices found.\n");
215 }
216 
217 static int sdsi_update_registers(struct sdsi_dev *s)
218 {
219 	FILE *regs_ptr;
220 	int ret;
221 
222 	memset(&s->regs, 0, sizeof(s->regs));
223 
224 	/* Open the registers file */
225 	ret = chdir(s->dev_path);
226 	if (ret == -1) {
227 		perror("chdir");
228 		return ret;
229 	}
230 
231 	regs_ptr = fopen("registers", "r");
232 	if (!regs_ptr) {
233 		perror("Could not open 'registers' file");
234 		return -1;
235 	}
236 
237 	if (s->guid != GUID_V1 && s->guid != GUID_V2) {
238 		fprintf(stderr, "Unrecognized guid, 0x%x\n", s->guid);
239 		fclose(regs_ptr);
240 		return -1;
241 	}
242 
243 	/* Update register info for this guid */
244 	ret = fread(&s->regs, sizeof(uint8_t), sizeof(s->regs), regs_ptr);
245 	if ((s->guid == GUID_V1 && ret != REGS_SIZE_GUID_V1) ||
246 	    (s->guid == GUID_V2 && ret != REGS_SIZE_GUID_V2)) {
247 		fprintf(stderr, "Could not read 'registers' file\n");
248 		fclose(regs_ptr);
249 		return -1;
250 	}
251 
252 	fclose(regs_ptr);
253 
254 	return 0;
255 }
256 
257 static int sdsi_read_reg(struct sdsi_dev *s)
258 {
259 	int ret;
260 
261 	ret = sdsi_update_registers(s);
262 	if (ret)
263 		return ret;
264 
265 	/* Print register info for this guid */
266 	printf("\n");
267 	printf("Socket information for device %s\n", s->dev_name);
268 	printf("\n");
269 	printf("PPIN:                           0x%lx\n", s->regs.ppin);
270 	printf("NVRAM Content Authorization Error Status\n");
271 	printf("    SDSi Auth Err Sts:          %s\n", !!s->regs.auth_err_sts.sdsi_content_auth_err ? "Error" : "Okay");
272 
273 	if (!!s->regs.en_features.metering)
274 		printf("    Metering Auth Err Sts:      %s\n", !!s->regs.auth_err_sts.sdsi_metering_auth_err ? "Error" : "Okay");
275 
276 	printf("Enabled Features\n");
277 	printf("    On Demand:                  %s\n", !!s->regs.en_features.sdsi ? "Enabled" : "Disabled");
278 	printf("    Attestation:                %s\n", !!s->regs.en_features.attestation ? "Enabled" : "Disabled");
279 	printf("    On Demand:                  %s\n", !!s->regs.en_features.sdsi ? "Enabled" : "Disabled");
280 	printf("    Metering:                   %s\n", !!s->regs.en_features.metering ? "Enabled" : "Disabled");
281 	printf("License Key (AKC) Provisioned:  %s\n", !!s->regs.key_prov_sts.license_key_provisioned ? "Yes" : "No");
282 	printf("Authorization Failure Count\n");
283 	printf("    AKC Failure Count:          %d\n", s->regs.auth_fail_count.key_failure_count);
284 	printf("    AKC Failure Threshold:      %d\n", s->regs.auth_fail_count.key_failure_threshold);
285 	printf("    CAP Failure Count:          %d\n", s->regs.auth_fail_count.auth_failure_count);
286 	printf("    CAP Failure Threshold:      %d\n", s->regs.auth_fail_count.auth_failure_threshold);
287 	printf("Provisioning Availability\n");
288 	printf("    Updates Available:          %d\n", s->regs.prov_avail.available);
289 	printf("    Updates Threshold:          %d\n", s->regs.prov_avail.threshold);
290 	printf("NVRAM Udate Limit\n");
291 	printf("    50%% Limit Reached:          %s\n", !!s->regs.limits.sdsi_50_pct ? "Yes" : "No");
292 	printf("    75%% Limit Reached:          %s\n", !!s->regs.limits.sdsi_75_pct ? "Yes" : "No");
293 	printf("    90%% Limit Reached:          %s\n", !!s->regs.limits.sdsi_90_pct ? "Yes" : "No");
294 	if (s->guid == GUID_V1)
295 		printf("Socket ID:                      %ld\n", s->regs.extra.v1.socket_id & 0xF);
296 	else
297 		printf("Socket ID:                      %ld\n", s->regs.extra.v2.socket_id & 0xF);
298 
299 	return 0;
300 }
301 
302 static char *license_blob_type(uint32_t type)
303 {
304 	switch (type) {
305 	case LBT_ONE_TIME_UPGRADE:
306 		return "One time upgrade";
307 	case LBT_METERED_UPGRADE:
308 		return "Metered upgrade";
309 	default:
310 		return "Unknown license blob type";
311 	}
312 }
313 
314 static char *content_type(uint32_t type)
315 {
316 	switch (type) {
317 	case  CONTENT_TYPE_LK_ENC:
318 		return "Licencse key encoding";
319 	case CONTENT_TYPE_LK_BLOB_ENC:
320 		return "License key + Blob encoding";
321 	default:
322 		return "Unknown content type";
323 	}
324 }
325 
326 static void get_feature(uint32_t encoding, char feature[5])
327 {
328 	char *name = (char *)&encoding;
329 
330 	feature[4] = '\0';
331 	feature[3] = name[0];
332 	feature[2] = name[1];
333 	feature[1] = name[2];
334 	feature[0] = name[3];
335 }
336 
337 static int sdsi_meter_cert_show(struct sdsi_dev *s, bool show_current)
338 {
339 	char buf[METER_CERT_MAX_SIZE] = {0};
340 	struct bundle_encoding_counter *bec;
341 	struct meter_certificate *mc;
342 	uint32_t count = 0;
343 	FILE *cert_ptr;
344 	char *cert_fname;
345 	int ret, size;
346 	char name[FEAT_LEN];
347 
348 	ret = sdsi_update_registers(s);
349 	if (ret)
350 		return ret;
351 
352 	if (!s->regs.en_features.sdsi) {
353 		fprintf(stderr, "SDSi feature is present but not enabled.\n");
354 		return -1;
355 	}
356 
357 	if (!s->regs.en_features.metering) {
358 		fprintf(stderr, "Metering not supporting on this socket.\n");
359 		return -1;
360 	}
361 
362 	ret = chdir(s->dev_path);
363 	if (ret == -1) {
364 		perror("chdir");
365 		return ret;
366 	}
367 
368 	cert_fname = show_current ? "meter_current" : "meter_certificate";
369 	cert_ptr = fopen(cert_fname, "r");
370 
371 	if (!cert_ptr) {
372 		fprintf(stderr, "Could not open '%s' file: %s", cert_fname, strerror(errno));
373 		return -1;
374 	}
375 
376 	size = fread(buf, 1, sizeof(buf), cert_ptr);
377 	if (!size) {
378 		fprintf(stderr, "Could not read '%s' file\n", cert_fname);
379 		fclose(cert_ptr);
380 		return -1;
381 	}
382 	fclose(cert_ptr);
383 
384 	mc = (struct meter_certificate *)buf;
385 
386 	printf("\n");
387 	printf("Meter certificate for device %s\n", s->dev_name);
388 	printf("\n");
389 
390 	get_feature(mc->signature, name);
391 	printf("Signature:                    %s\n", name);
392 
393 	printf("Version:                      %d\n", mc->version);
394 	printf("Count Unit:                   %dms\n", mc->counter_unit);
395 	printf("PPIN:                         0x%lx\n", mc->ppin);
396 	printf("Feature Bundle Length:        %d\n", mc->bundle_length);
397 
398 	get_feature(mc->mmrc_encoding, name);
399 	printf("MMRC encoding:                %s\n", name);
400 
401 	printf("MMRC counter:                 %d\n", mc->mmrc_counter);
402 	if (mc->bundle_length % METER_BUNDLE_SIZE) {
403 		fprintf(stderr, "Invalid bundle length\n");
404 		return -1;
405 	}
406 
407 	if (mc->bundle_length > METER_MAX_NUM_BUNDLES * METER_BUNDLE_SIZE)  {
408 		fprintf(stderr, "More than %ld bundles: actual %ld\n",
409 			METER_MAX_NUM_BUNDLES, BUNDLE_COUNT(mc->bundle_length));
410 		return -1;
411 	}
412 
413 	bec = (struct bundle_encoding_counter *)(mc + 1);
414 
415 	printf("Number of Feature Counters:   %ld\n", BUNDLE_COUNT(mc->bundle_length));
416 	while (count < BUNDLE_COUNT(mc->bundle_length)) {
417 		char feature[FEAT_LEN];
418 
419 		get_feature(bec[count].encoding, feature);
420 		printf("    %s:          %d\n", feature, bec[count].counter);
421 		++count;
422 	}
423 
424 	return 0;
425 }
426 
427 static int sdsi_state_cert_show(struct sdsi_dev *s)
428 {
429 	char buf[STATE_CERT_MAX_SIZE] = {0};
430 	struct state_certificate *sc;
431 	struct license_key_info *lki;
432 	uint32_t offset = 0;
433 	uint32_t count = 0;
434 	FILE *cert_ptr;
435 	int ret, size;
436 
437 	ret = sdsi_update_registers(s);
438 	if (ret)
439 		return ret;
440 
441 	if (!s->regs.en_features.sdsi) {
442 		fprintf(stderr, "On Demand feature is present but not enabled.");
443 		fprintf(stderr, " Unable to read state certificate");
444 		return -1;
445 	}
446 
447 	ret = chdir(s->dev_path);
448 	if (ret == -1) {
449 		perror("chdir");
450 		return ret;
451 	}
452 
453 	cert_ptr = fopen("state_certificate", "r");
454 	if (!cert_ptr) {
455 		perror("Could not open 'state_certificate' file");
456 		return -1;
457 	}
458 
459 	size = fread(buf, 1, sizeof(buf), cert_ptr);
460 	if (!size) {
461 		fprintf(stderr, "Could not read 'state_certificate' file\n");
462 		fclose(cert_ptr);
463 		return -1;
464 	}
465 	fclose(cert_ptr);
466 
467 	sc = (struct state_certificate *)buf;
468 
469 	/* Print register info for this guid */
470 	printf("\n");
471 	printf("State certificate for device %s\n", s->dev_name);
472 	printf("\n");
473 	printf("Content Type:          %s\n", content_type(sc->content_type));
474 	printf("Region Revision ID:    %d\n", sc->region_rev_id);
475 	printf("Header Size:           %d\n", sc->header_size * 4);
476 	printf("Total Size:            %d\n", sc->total_size);
477 	printf("OEM Key Size:          %d\n", sc->key_size * 4);
478 	printf("Number of Licenses:    %d\n", sc->num_licenses);
479 
480 	/* Skip over the license sizes 4 bytes per license) to get the license key info */
481 	lki = (void *)sc + sizeof(*sc) + (4 * sc->num_licenses);
482 
483 	printf("License blob Info:\n");
484 	printf("    License Key Revision ID:    0x%x\n", lki->key_rev_id);
485 	printf("    License Key Image Content:  0x%lx%lx%lx%lx%lx%lx\n",
486 	       lki->key_image_content[5], lki->key_image_content[4],
487 	       lki->key_image_content[3], lki->key_image_content[2],
488 	       lki->key_image_content[1], lki->key_image_content[0]);
489 
490 	while (count++ < sc->num_licenses) {
491 		uint32_t blob_size_field = *(uint32_t *)(buf + 0x14 + count * 4);
492 		uint32_t blob_size = LICENSE_BLOB_SIZE(blob_size_field);
493 		bool license_valid = LICENSE_VALID(blob_size_field);
494 		struct license_blob_content *lbc =
495 			(void *)(sc) +			// start of the state certificate
496 			sizeof(*sc) +			// size of the state certificate
497 			(4 * sc->num_licenses) +	// total size of the blob size blocks
498 			sizeof(*lki) +			// size of the license key info
499 			offset;				// offset to this blob content
500 		struct bundle_encoding *bundle = (void *)(lbc) + sizeof(*lbc);
501 		char feature[FEAT_LEN];
502 		uint32_t i;
503 
504 		printf("     Blob %d:\n", count - 1);
505 		printf("        License blob size:          %u\n", blob_size);
506 		printf("        License is valid:           %s\n", license_valid ? "Yes" : "No");
507 		printf("        License blob type:          %s\n", license_blob_type(lbc->type));
508 		printf("        License blob ID:            0x%lx\n", lbc->id);
509 		printf("        PPIN:                       0x%lx\n", lbc->ppin);
510 		printf("        Previous PPIN:              0x%lx\n", lbc->previous_ppin);
511 		printf("        Blob revision ID:           %u\n", lbc->rev_id);
512 		printf("        Number of Features:         %u\n", lbc->num_bundles);
513 
514 		for (i = 0; i < min(lbc->num_bundles, STATE_MAX_NUM_IN_BUNDLE); i++) {
515 			get_feature(bundle[i].encoding, feature);
516 			printf("                 Feature %d:         %s\n", i, feature);
517 		}
518 
519 		if (lbc->num_bundles > STATE_MAX_NUM_IN_BUNDLE)
520 			fprintf(stderr, "        Warning: %d > %d licenses in bundle reported.\n",
521 				lbc->num_bundles, STATE_MAX_NUM_IN_BUNDLE);
522 
523 		offset += blob_size;
524 	};
525 
526 	return 0;
527 }
528 
529 static int sdsi_provision(struct sdsi_dev *s, char *bin_file, enum command command)
530 {
531 	int bin_fd, prov_fd, size, ret;
532 	char buf[STATE_CERT_MAX_SIZE] = { 0 };
533 	char cap[] = "provision_cap";
534 	char akc[] = "provision_akc";
535 	char *prov_file;
536 
537 	if (!bin_file) {
538 		fprintf(stderr, "No binary file provided\n");
539 		return -1;
540 	}
541 
542 	/* Open the binary */
543 	bin_fd = open(bin_file, O_RDONLY);
544 	if (bin_fd == -1) {
545 		fprintf(stderr, "Could not open file %s: %s\n", bin_file, strerror(errno));
546 		return bin_fd;
547 	}
548 
549 	prov_file = (command == CMD_PROV_AKC) ? akc : cap;
550 
551 	ret = chdir(s->dev_path);
552 	if (ret == -1) {
553 		perror("chdir");
554 		close(bin_fd);
555 		return ret;
556 	}
557 
558 	/* Open the provision file */
559 	prov_fd = open(prov_file, O_WRONLY);
560 	if (prov_fd == -1) {
561 		fprintf(stderr, "Could not open file %s: %s\n", prov_file, strerror(errno));
562 		close(bin_fd);
563 		return prov_fd;
564 	}
565 
566 	/* Read the binary file into the buffer */
567 	size = read(bin_fd, buf, STATE_CERT_MAX_SIZE);
568 	if (size == -1) {
569 		close(bin_fd);
570 		close(prov_fd);
571 		return -1;
572 	}
573 
574 	ret = write(prov_fd, buf, size);
575 	if (ret == -1) {
576 		close(bin_fd);
577 		close(prov_fd);
578 		perror("Provisioning failed");
579 		return ret;
580 	}
581 
582 	printf("Provisioned %s file %s successfully\n", prov_file, bin_file);
583 
584 	close(bin_fd);
585 	close(prov_fd);
586 
587 	return 0;
588 }
589 
590 static int sdsi_provision_akc(struct sdsi_dev *s, char *bin_file)
591 {
592 	int ret;
593 
594 	ret = sdsi_update_registers(s);
595 	if (ret)
596 		return ret;
597 
598 	if (!s->regs.en_features.sdsi) {
599 		fprintf(stderr, "On Demand feature is present but not enabled. Unable to provision");
600 		return -1;
601 	}
602 
603 	if (!s->regs.prov_avail.available) {
604 		fprintf(stderr, "Maximum number of updates (%d) has been reached.\n",
605 			s->regs.prov_avail.threshold);
606 		return -1;
607 	}
608 
609 	if (s->regs.auth_fail_count.key_failure_count ==
610 	    s->regs.auth_fail_count.key_failure_threshold) {
611 		fprintf(stderr, "Maximum number of AKC provision failures (%d) has been reached.\n",
612 			s->regs.auth_fail_count.key_failure_threshold);
613 		fprintf(stderr, "Power cycle the system to reset the counter\n");
614 		return -1;
615 	}
616 
617 	return sdsi_provision(s, bin_file, CMD_PROV_AKC);
618 }
619 
620 static int sdsi_provision_cap(struct sdsi_dev *s, char *bin_file)
621 {
622 	int ret;
623 
624 	ret = sdsi_update_registers(s);
625 	if (ret)
626 		return ret;
627 
628 	if (!s->regs.en_features.sdsi) {
629 		fprintf(stderr, "On Demand feature is present but not enabled. Unable to provision");
630 		return -1;
631 	}
632 
633 	if (!s->regs.prov_avail.available) {
634 		fprintf(stderr, "Maximum number of updates (%d) has been reached.\n",
635 			s->regs.prov_avail.threshold);
636 		return -1;
637 	}
638 
639 	if (s->regs.auth_fail_count.auth_failure_count ==
640 	    s->regs.auth_fail_count.auth_failure_threshold) {
641 		fprintf(stderr, "Maximum number of CAP provision failures (%d) has been reached.\n",
642 			s->regs.auth_fail_count.auth_failure_threshold);
643 		fprintf(stderr, "Power cycle the system to reset the counter\n");
644 		return -1;
645 	}
646 
647 	return sdsi_provision(s, bin_file, CMD_PROV_CAP);
648 }
649 
650 static int read_sysfs_data(const char *file, int *value)
651 {
652 	char buff[16];
653 	FILE *fp;
654 
655 	fp = fopen(file, "r");
656 	if (!fp) {
657 		perror(file);
658 		return -1;
659 	}
660 
661 	if (!fgets(buff, 16, fp)) {
662 		fprintf(stderr, "Failed to read file '%s'", file);
663 		fclose(fp);
664 		return -1;
665 	}
666 
667 	fclose(fp);
668 	*value = strtol(buff, NULL, 0);
669 
670 	return 0;
671 }
672 
673 static struct sdsi_dev *sdsi_create_dev(char *dev_no)
674 {
675 	int dev_name_len = sizeof(SDSI_DEV) + strlen(dev_no) + 1;
676 	struct sdsi_dev *s;
677 	int guid;
678 	DIR *dir;
679 
680 	s = (struct sdsi_dev *)malloc(sizeof(*s));
681 	if (!s) {
682 		perror("malloc");
683 		return NULL;
684 	}
685 
686 	s->dev_name = (char *)malloc(sizeof(SDSI_DEV) + strlen(dev_no) + 1);
687 	if (!s->dev_name) {
688 		perror("malloc");
689 		free(s);
690 		return NULL;
691 	}
692 
693 	snprintf(s->dev_name, dev_name_len, "%s.%s", SDSI_DEV, dev_no);
694 
695 	s->dev_path = (char *)malloc(sizeof(AUX_DEV_PATH) + dev_name_len);
696 	if (!s->dev_path) {
697 		perror("malloc");
698 		free(s->dev_name);
699 		free(s);
700 		return NULL;
701 	}
702 
703 	snprintf(s->dev_path, sizeof(AUX_DEV_PATH) + dev_name_len, "%s%s", AUX_DEV_PATH,
704 		 s->dev_name);
705 	dir = opendir(s->dev_path);
706 	if (!dir) {
707 		fprintf(stderr, "Could not open directory '%s': %s\n", s->dev_path,
708 			strerror(errno));
709 		free(s->dev_path);
710 		free(s->dev_name);
711 		free(s);
712 		return NULL;
713 	}
714 
715 	if (chdir(s->dev_path) == -1) {
716 		perror("chdir");
717 		free(s->dev_path);
718 		free(s->dev_name);
719 		free(s);
720 		return NULL;
721 	}
722 
723 	if (read_sysfs_data("guid", &guid)) {
724 		free(s->dev_path);
725 		free(s->dev_name);
726 		free(s);
727 		return NULL;
728 	}
729 
730 	s->guid = guid;
731 
732 	return s;
733 }
734 
735 static void sdsi_free_dev(struct sdsi_dev *s)
736 {
737 	free(s->dev_path);
738 	free(s->dev_name);
739 	free(s);
740 }
741 
742 static void usage(char *prog)
743 {
744 	printf("Usage: %s [-l] [-d DEVNO [-i] [-s] [-m | -C] [-a FILE] [-c FILE]\n", prog);
745 }
746 
747 static void show_help(void)
748 {
749 	printf("Commands:\n");
750 	printf("  %-18s\t%s\n", "-l, --list",           "list available On Demand devices");
751 	printf("  %-18s\t%s\n", "-d, --devno DEVNO",    "On Demand device number");
752 	printf("  %-18s\t%s\n", "-i, --info",           "show socket information");
753 	printf("  %-18s\t%s\n", "-s, --state",          "show state certificate data");
754 	printf("  %-18s\t%s\n", "-m, --meter",          "show meter certificate data");
755 	printf("  %-18s\t%s\n", "-C, --meter_current",  "show live unattested meter data");
756 	printf("  %-18s\t%s\n", "-a, --akc FILE",       "provision socket with AKC FILE");
757 	printf("  %-18s\t%s\n", "-c, --cap FILE>",      "provision socket with CAP FILE");
758 }
759 
760 int main(int argc, char *argv[])
761 {
762 	char bin_file[PATH_MAX], *dev_no = NULL;
763 	bool device_selected = false;
764 	char *progname;
765 	enum command command = -1;
766 	struct sdsi_dev *s;
767 	int ret = 0, opt;
768 	int option_index = 0;
769 
770 	static struct option long_options[] = {
771 		{"akc",			required_argument,	0, 'a'},
772 		{"cap",			required_argument,	0, 'c'},
773 		{"devno",		required_argument,	0, 'd'},
774 		{"help",		no_argument,		0, 'h'},
775 		{"info",		no_argument,		0, 'i'},
776 		{"list",		no_argument,		0, 'l'},
777 		{"meter",		no_argument,		0, 'm'},
778 		{"meter_current",	no_argument,		0, 'C'},
779 		{"state",		no_argument,		0, 's'},
780 		{0,			0,			0, 0 }
781 	};
782 
783 
784 	progname = argv[0];
785 
786 	while ((opt = getopt_long_only(argc, argv, "+a:c:d:hilmCs", long_options,
787 			&option_index)) != -1) {
788 		switch (opt) {
789 		case 'd':
790 			dev_no = optarg;
791 			device_selected = true;
792 			break;
793 		case 'l':
794 			sdsi_list_devices();
795 			return 0;
796 		case 'i':
797 			command = CMD_SOCKET_INFO;
798 			break;
799 		case 'm':
800 			command = CMD_METER_CERT;
801 			break;
802 		case 'C':
803 			command = CMD_METER_CURRENT_CERT;
804 			break;
805 		case 's':
806 			command = CMD_STATE_CERT;
807 			break;
808 		case 'a':
809 		case 'c':
810 			if (!access(optarg, F_OK) == 0) {
811 				fprintf(stderr, "Could not open file '%s': %s\n", optarg,
812 					strerror(errno));
813 				return -1;
814 			}
815 
816 			if (!realpath(optarg, bin_file)) {
817 				perror("realpath");
818 				return -1;
819 			}
820 
821 			command = (opt == 'a') ? CMD_PROV_AKC : CMD_PROV_CAP;
822 			break;
823 		case 'h':
824 			usage(progname);
825 			show_help();
826 			return 0;
827 		default:
828 			usage(progname);
829 			return -1;
830 		}
831 	}
832 
833 	if (device_selected) {
834 		s = sdsi_create_dev(dev_no);
835 		if (!s)
836 			return -1;
837 
838 		switch (command) {
839 		case CMD_SOCKET_INFO:
840 			ret = sdsi_read_reg(s);
841 			break;
842 		case CMD_METER_CERT:
843 			ret = sdsi_meter_cert_show(s, false);
844 			break;
845 		case CMD_METER_CURRENT_CERT:
846 			ret = sdsi_meter_cert_show(s, true);
847 			break;
848 		case CMD_STATE_CERT:
849 			ret = sdsi_state_cert_show(s);
850 			break;
851 		case CMD_PROV_AKC:
852 			ret = sdsi_provision_akc(s, bin_file);
853 			break;
854 		case CMD_PROV_CAP:
855 			ret = sdsi_provision_cap(s, bin_file);
856 			break;
857 		default:
858 			fprintf(stderr, "No command specified\n");
859 			return -1;
860 		}
861 
862 		sdsi_free_dev(s);
863 
864 	} else {
865 		fprintf(stderr, "No device specified\n");
866 		return -1;
867 	}
868 
869 	return ret;
870 }
871