1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import logging
6import os
7import re
8
9from autotest_lib.client.bin import test, utils
10from autotest_lib.client.common_lib import error
11
12
13class firmware_LockedME(test.test):
14    """Validates that the Management Engine has been locked."""
15    # Needed by autotest
16    version = 1
17
18    # Temporary file to read BIOS image into. We run in a tempdir anyway, so it
19    # doesn't need a path.
20    BIOS_FILE = 'bios.bin'
21    RANDOM_FILE = 'newdata'
22    FLASHED_FILE = 'flasheddata'
23
24    def flashrom(self, ignore_status=False, args=()):
25        """Run flashrom, expect it to work. Fail if it doesn't"""
26        extra = ['-p', 'host'] + list(args)
27        return utils.run('flashrom', ignore_status=ignore_status, args=extra)
28
29    def determine_spi_rom_wp_status(self):
30        """Determine the AP SPI-ROM's write-protection status."""
31        flashrom_result = self.flashrom(args=('--wp-status',))
32        logging.info('The above flashrom command returns.... %s',
33                flashrom_result.stdout)
34        if (("disabled" in flashrom_result.stdout) and
35                ("start=0x00000000, len=0x0000000" in flashrom_result.stdout)):
36            return False
37        else:
38            return True
39
40    def md5sum(self, filename):
41        """Run md5sum on a file
42
43        @param filename: Filename to sum
44        @return: md5sum of the file as a 32-character hex string
45        """
46        r = utils.run('md5sum', ignore_status=False, args=[filename])
47        return r.stdout.split()[0]
48
49    def has_ME(self):
50        """See if we can detect an ME.
51        FREG* is printed only when HSFS_FDV is set, which means the descriptor
52        table is valid. If we're running a BIOS without a valid descriptor this
53        step will fail. Unfortunately, we don't know of a simple and reliable
54        way to identify systems that have ME hardware.
55        """
56        logging.info('See if we have an ME...')
57        r = self.flashrom(args=('-V',))
58        return r.stdout.find("FREG0") >= 0
59
60    def try_to_rewrite(self, sectname):
61        """If we can modify the ME section, restore it and raise an error."""
62        logging.info('Try to write section %s...', sectname)
63        size = os.stat(sectname).st_size
64        utils.run('dd', args=('if=/dev/urandom', 'of=%s' % (self.RANDOM_FILE),
65                              'count=1', 'bs=%d' % (size)))
66        self.flashrom(args=('-V', '-w', self.BIOS_FILE,
67                            '-i' , '%s:%s' % (sectname, self.RANDOM_FILE),
68                            '--fast-verify'),
69                      ignore_status=True)
70        self.flashrom(args=('-r',
71                            '-i', '%s:%s' % (sectname, self.FLASHED_FILE)))
72        md5sum_random = self.md5sum(filename=self.RANDOM_FILE)
73        md5sum_flashed = self.md5sum(filename=self.FLASHED_FILE)
74        if md5sum_random == md5sum_flashed:
75            logging.info('Oops, it worked! Put it back...')
76            self.flashrom(args=('-w', self.BIOS_FILE,
77                                '-i', '%s:%s' % (sectname, sectname),
78                                '--fast-verify'),
79                          ignore_status=True)
80            raise error.TestFail('%s is writable, ME is unlocked' % sectname)
81
82    def check_manufacturing_mode(self):
83        """Fail if manufacturing mode is not found or enbaled."""
84
85        # See if coreboot told us that the ME is still in Manufacturing Mode.
86        # It shouldn't be. We have to look only at the last thing it reports
87        # because it reports the values twice and the first one isn't always
88        # reliable.
89        logging.info('Check for Manufacturing Mode...')
90        last = None
91        with open('/sys/firmware/log') as infile:
92            for line in infile:
93                if re.search('ME: Manufacturing Mode', line):
94                    last = line
95        if last is not None and last.find("YES") >= 0:
96            raise error.TestFail("The ME is still in Manufacturing Mode")
97
98    def check_region_inaccessible(self, sectname):
99        """Test and ensure a region is not accessible by host CPU."""
100
101        self.try_to_rewrite(sectname)
102
103    def run_once(self, expect_me_present=True):
104        """Fail unless the ME is locked.
105
106        @param expect_me_present: False means the system has no ME.
107        """
108        cpu_arch = utils.get_cpu_arch()
109        if cpu_arch == "arm":
110            raise error.TestNAError('This test is not applicable, '
111                    'because an ARM device has been detected. '
112                    'ARM devices do not have an ME (Management Engine)')
113
114        cpu_family = utils.get_cpu_soc_family()
115        if cpu_family == "amd":
116            raise error.TestNAError('This test is not applicable, '
117                    'because an AMD device has been detected. '
118                    'AMD devices do not have an ME (Management Engine)')
119
120        # If the AP SPI-ROM is blocking writes to the ME regions, and the ME
121        # regions are unlocked, they won't be writable, so will appear locked
122        # (i.e. this will be a false PASS).
123        if self.determine_spi_rom_wp_status():
124            raise error.TestFail('Software wp is enabled on the AP\'s SPI-ROM, '
125                'or a protected range is set.  Please disable software wp and '
126                'clear the protected range prior to running this test.')
127
128        # See if the system even has an ME, and whether we expected that.
129        if self.has_ME():
130            if not expect_me_present:
131                raise error.TestFail('We expected no ME, but found one anyway')
132        else:
133            if expect_me_present:
134                raise error.TestNAError("No ME found. That's probably wrong.")
135            else:
136                logging.info('We expected no ME and we have no ME, so pass.')
137                return
138
139        # Make sure manufacturing mode is off.
140        self.check_manufacturing_mode()
141
142        # Read the image using flashrom.
143        self.flashrom(args=('-r', self.BIOS_FILE))
144
145        # Use 'IFWI' fmap region as a proxy for a device which doesn't
146        # have a dedicated ME region in the boot media.
147        r = utils.run('dump_fmap', args=('-p', self.BIOS_FILE))
148        is_IFWI_platform = r.stdout.find("IFWI") >= 0
149
150        # Get the bios image and extract the ME components
151        logging.info('Pull the ME components from the BIOS...')
152        dump_fmap_args = ['-x', self.BIOS_FILE, 'SI_DESC']
153        inaccessible_sections = []
154        if is_IFWI_platform:
155            inaccessible_sections.append('DEVICE_EXTENSION')
156        else:
157            inaccessible_sections.append('SI_ME')
158        dump_fmap_args.extend(inaccessible_sections)
159        utils.run('dump_fmap', args=tuple(dump_fmap_args))
160
161        # So far, so good, but we need to be certain. Rather than parse what
162        # flashrom tells us about the ME-related registers, we'll just try to
163        # change the ME components. We shouldn't be able to.
164        inaccessible_sections.append('SI_DESC')
165        for sectname in inaccessible_sections:
166            self.check_region_inaccessible(sectname)
167
168        # Okay, that's about all we can try. Looks like it's locked.
169