| Message ID | 1498194220-24377-1-git-send-email-alex.hung@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
On 23/06/17 06:03, Alex Hung wrote: > Signed-off-by: Alex Hung <alex.hung@canonical.com> > --- > src/Makefile.am | 1 + > src/acpi/wsmt/wsmt.c | 94 +++++++++++++++++++++++++++++++++++++++++++++ > src/lib/include/fwts_acpi.h | 9 +++++ > 3 files changed, 104 insertions(+) > create mode 100644 src/acpi/wsmt/wsmt.c > > diff --git a/src/Makefile.am b/src/Makefile.am > index e5537b4..ca0a449 100644 > --- a/src/Makefile.am > +++ b/src/Makefile.am > @@ -117,6 +117,7 @@ fwts_SOURCES = main.c \ > acpi/wdat/wdat.c \ > acpi/wmi/wmi.c \ > acpi/wpbt/wpbt.c \ > + acpi/wsmt/wsmt.c \ > acpi/xsdt/xsdt.c \ > acpi/xenv/xenv.c \ > apic/apicedge/apicedge.c \ > diff --git a/src/acpi/wsmt/wsmt.c b/src/acpi/wsmt/wsmt.c > new file mode 100644 > index 0000000..ad23fba > --- /dev/null > +++ b/src/acpi/wsmt/wsmt.c > @@ -0,0 +1,94 @@ > +/* > + * Copyright (C) 2017 Canonical > + * > + * This program is free software; you can redistribute it and/or > + * modify it under the terms of the GNU General Public License > + * as published by the Free Software Foundation; either version 2 > + * of the License, or (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program; if not, write to the Free Software > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. > + * > + */ > +#include "fwts.h" > + > +#if defined(FWTS_HAS_ACPI) > + > +#include <stdlib.h> > +#include <stdio.h> > +#include <unistd.h> > +#include <inttypes.h> > +#include <string.h> > +#include <ctype.h> > + > +static fwts_acpi_table_info *table; > + > +static int wsmt_init(fwts_framework *fw) > +{ > + if (fwts_acpi_find_table(fw, "WSMT", 0, &table) != FWTS_OK) { > + fwts_log_error(fw, "Cannot read ACPI tables."); > + return FWTS_ERROR; > + } > + if (table == NULL || (table && table->length == 0)) { > + fwts_log_error(fw, "ACPI WSMT table does not exist, skipping test"); > + return FWTS_SKIP; > + } > + return FWTS_OK; > +} > + > +/* > + * WSMT Windows Platform Binary Table > + */ > +static int wsmt_test1(fwts_framework *fw) > +{ > + fwts_acpi_table_wsmt *wsmt = (fwts_acpi_table_wsmt*) table->data; > + bool passed = true; > + > + fwts_log_info_verbatim(fw, "WSMT Windows SMM Security Mitigations Table:"); > + fwts_log_info_verbatim(fw, " Protection Flags: 0x%8.8" PRIx32, wsmt->protection_flags); > + > + if (wsmt->protection_flags & ~0x7) { > + passed = false; > + fwts_failed(fw, LOG_LEVEL_MEDIUM, > + "WSMTFlagsReserved", > + "WSMT Protection Flags reserved bits " > + "[3:31] must be zero, instead got 0x%" PRIx32, > + wsmt->protection_flags); > + } > + > + if ((wsmt->protection_flags & 0x2) && !(wsmt->protection_flags & 0x1)) { > + passed = false; > + fwts_failed(fw, LOG_LEVEL_MEDIUM, > + "WSMTBadFlagsValue", > + "WSMT Protection Flags bit[1] must be " > + "set when bit[2] is set"); > + } > + > + fwts_log_nl(fw); > + > + if (passed) > + fwts_passed(fw, "No issues found in WSMT table."); > + > + return FWTS_OK; > +} > + > +static fwts_framework_minor_test wsmt_tests[] = { > + { wsmt_test1, "WSMT Windows SMM Security Mitigations Table test." }, > + { NULL, NULL } > +}; > + > +static fwts_framework_ops wsmt_ops = { > + .description = "WSMT Windows SMM Security Mitigations Table test.", > + .init = wsmt_init, > + .minor_tests = wsmt_tests > +}; > + > +FWTS_REGISTER("wsmt", &wsmt_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_BATCH | FWTS_FLAG_TEST_ACPI) > + > +#endif > diff --git a/src/lib/include/fwts_acpi.h b/src/lib/include/fwts_acpi.h > index f04d37a..bf318c2 100644 > --- a/src/lib/include/fwts_acpi.h > +++ b/src/lib/include/fwts_acpi.h > @@ -1847,6 +1847,15 @@ typedef struct { > } __attribute__ ((packed)) fwts_acpi_table_wpbt; > > /* > + * ACPI WSMT (Windows SMM Security Mitigations Table) > + * https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables#wsmt > + */ > +typedef struct { > + fwts_acpi_table_header header; > + uint32_t protection_flags; > +} __attribute__ ((packed)) fwts_acpi_table_wsmt; > + > +/* > * ACPI ASPT > * determined by reverse engineering > */ > Thanks Alex! Acked-by: Colin Ian King <colin.king@canonical.com>
On 06/23/2017 01:03 PM, Alex Hung wrote: > Signed-off-by: Alex Hung <alex.hung@canonical.com> > --- > src/Makefile.am | 1 + > src/acpi/wsmt/wsmt.c | 94 +++++++++++++++++++++++++++++++++++++++++++++ > src/lib/include/fwts_acpi.h | 9 +++++ > 3 files changed, 104 insertions(+) > create mode 100644 src/acpi/wsmt/wsmt.c > > diff --git a/src/Makefile.am b/src/Makefile.am > index e5537b4..ca0a449 100644 > --- a/src/Makefile.am > +++ b/src/Makefile.am > @@ -117,6 +117,7 @@ fwts_SOURCES = main.c \ > acpi/wdat/wdat.c \ > acpi/wmi/wmi.c \ > acpi/wpbt/wpbt.c \ > + acpi/wsmt/wsmt.c \ > acpi/xsdt/xsdt.c \ > acpi/xenv/xenv.c \ > apic/apicedge/apicedge.c \ > diff --git a/src/acpi/wsmt/wsmt.c b/src/acpi/wsmt/wsmt.c > new file mode 100644 > index 0000000..ad23fba > --- /dev/null > +++ b/src/acpi/wsmt/wsmt.c > @@ -0,0 +1,94 @@ > +/* > + * Copyright (C) 2017 Canonical > + * > + * This program is free software; you can redistribute it and/or > + * modify it under the terms of the GNU General Public License > + * as published by the Free Software Foundation; either version 2 > + * of the License, or (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program; if not, write to the Free Software > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. > + * > + */ > +#include "fwts.h" > + > +#if defined(FWTS_HAS_ACPI) > + > +#include <stdlib.h> > +#include <stdio.h> > +#include <unistd.h> > +#include <inttypes.h> > +#include <string.h> > +#include <ctype.h> > + > +static fwts_acpi_table_info *table; > + > +static int wsmt_init(fwts_framework *fw) > +{ > + if (fwts_acpi_find_table(fw, "WSMT", 0, &table) != FWTS_OK) { > + fwts_log_error(fw, "Cannot read ACPI tables."); > + return FWTS_ERROR; > + } > + if (table == NULL || (table && table->length == 0)) { > + fwts_log_error(fw, "ACPI WSMT table does not exist, skipping test"); > + return FWTS_SKIP; > + } > + return FWTS_OK; > +} > + > +/* > + * WSMT Windows Platform Binary Table > + */ > +static int wsmt_test1(fwts_framework *fw) > +{ > + fwts_acpi_table_wsmt *wsmt = (fwts_acpi_table_wsmt*) table->data; > + bool passed = true; > + > + fwts_log_info_verbatim(fw, "WSMT Windows SMM Security Mitigations Table:"); > + fwts_log_info_verbatim(fw, " Protection Flags: 0x%8.8" PRIx32, wsmt->protection_flags); > + > + if (wsmt->protection_flags & ~0x7) { > + passed = false; > + fwts_failed(fw, LOG_LEVEL_MEDIUM, > + "WSMTFlagsReserved", > + "WSMT Protection Flags reserved bits " > + "[3:31] must be zero, instead got 0x%" PRIx32, > + wsmt->protection_flags); > + } > + > + if ((wsmt->protection_flags & 0x2) && !(wsmt->protection_flags & 0x1)) { > + passed = false; > + fwts_failed(fw, LOG_LEVEL_MEDIUM, > + "WSMTBadFlagsValue", > + "WSMT Protection Flags bit[1] must be " > + "set when bit[2] is set"); > + } > + > + fwts_log_nl(fw); > + > + if (passed) > + fwts_passed(fw, "No issues found in WSMT table."); > + > + return FWTS_OK; > +} > + > +static fwts_framework_minor_test wsmt_tests[] = { > + { wsmt_test1, "WSMT Windows SMM Security Mitigations Table test." }, > + { NULL, NULL } > +}; > + > +static fwts_framework_ops wsmt_ops = { > + .description = "WSMT Windows SMM Security Mitigations Table test.", > + .init = wsmt_init, > + .minor_tests = wsmt_tests > +}; > + > +FWTS_REGISTER("wsmt", &wsmt_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_BATCH | FWTS_FLAG_TEST_ACPI) > + > +#endif > diff --git a/src/lib/include/fwts_acpi.h b/src/lib/include/fwts_acpi.h > index f04d37a..bf318c2 100644 > --- a/src/lib/include/fwts_acpi.h > +++ b/src/lib/include/fwts_acpi.h > @@ -1847,6 +1847,15 @@ typedef struct { > } __attribute__ ((packed)) fwts_acpi_table_wpbt; > > /* > + * ACPI WSMT (Windows SMM Security Mitigations Table) > + * https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables#wsmt > + */ > +typedef struct { > + fwts_acpi_table_header header; > + uint32_t protection_flags; > +} __attribute__ ((packed)) fwts_acpi_table_wsmt; > + > +/* > * ACPI ASPT > * determined by reverse engineering > */ > Acked-by: Ivan Hu <ivan.hu@canonical.com>
diff --git a/src/Makefile.am b/src/Makefile.am index e5537b4..ca0a449 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -117,6 +117,7 @@ fwts_SOURCES = main.c \ acpi/wdat/wdat.c \ acpi/wmi/wmi.c \ acpi/wpbt/wpbt.c \ + acpi/wsmt/wsmt.c \ acpi/xsdt/xsdt.c \ acpi/xenv/xenv.c \ apic/apicedge/apicedge.c \ diff --git a/src/acpi/wsmt/wsmt.c b/src/acpi/wsmt/wsmt.c new file mode 100644 index 0000000..ad23fba --- /dev/null +++ b/src/acpi/wsmt/wsmt.c @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2017 Canonical + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ +#include "fwts.h" + +#if defined(FWTS_HAS_ACPI) + +#include <stdlib.h> +#include <stdio.h> +#include <unistd.h> +#include <inttypes.h> +#include <string.h> +#include <ctype.h> + +static fwts_acpi_table_info *table; + +static int wsmt_init(fwts_framework *fw) +{ + if (fwts_acpi_find_table(fw, "WSMT", 0, &table) != FWTS_OK) { + fwts_log_error(fw, "Cannot read ACPI tables."); + return FWTS_ERROR; + } + if (table == NULL || (table && table->length == 0)) { + fwts_log_error(fw, "ACPI WSMT table does not exist, skipping test"); + return FWTS_SKIP; + } + return FWTS_OK; +} + +/* + * WSMT Windows Platform Binary Table + */ +static int wsmt_test1(fwts_framework *fw) +{ + fwts_acpi_table_wsmt *wsmt = (fwts_acpi_table_wsmt*) table->data; + bool passed = true; + + fwts_log_info_verbatim(fw, "WSMT Windows SMM Security Mitigations Table:"); + fwts_log_info_verbatim(fw, " Protection Flags: 0x%8.8" PRIx32, wsmt->protection_flags); + + if (wsmt->protection_flags & ~0x7) { + passed = false; + fwts_failed(fw, LOG_LEVEL_MEDIUM, + "WSMTFlagsReserved", + "WSMT Protection Flags reserved bits " + "[3:31] must be zero, instead got 0x%" PRIx32, + wsmt->protection_flags); + } + + if ((wsmt->protection_flags & 0x2) && !(wsmt->protection_flags & 0x1)) { + passed = false; + fwts_failed(fw, LOG_LEVEL_MEDIUM, + "WSMTBadFlagsValue", + "WSMT Protection Flags bit[1] must be " + "set when bit[2] is set"); + } + + fwts_log_nl(fw); + + if (passed) + fwts_passed(fw, "No issues found in WSMT table."); + + return FWTS_OK; +} + +static fwts_framework_minor_test wsmt_tests[] = { + { wsmt_test1, "WSMT Windows SMM Security Mitigations Table test." }, + { NULL, NULL } +}; + +static fwts_framework_ops wsmt_ops = { + .description = "WSMT Windows SMM Security Mitigations Table test.", + .init = wsmt_init, + .minor_tests = wsmt_tests +}; + +FWTS_REGISTER("wsmt", &wsmt_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_BATCH | FWTS_FLAG_TEST_ACPI) + +#endif diff --git a/src/lib/include/fwts_acpi.h b/src/lib/include/fwts_acpi.h index f04d37a..bf318c2 100644 --- a/src/lib/include/fwts_acpi.h +++ b/src/lib/include/fwts_acpi.h @@ -1847,6 +1847,15 @@ typedef struct { } __attribute__ ((packed)) fwts_acpi_table_wpbt; /* + * ACPI WSMT (Windows SMM Security Mitigations Table) + * https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables#wsmt + */ +typedef struct { + fwts_acpi_table_header header; + uint32_t protection_flags; +} __attribute__ ((packed)) fwts_acpi_table_wsmt; + +/* * ACPI ASPT * determined by reverse engineering */
Signed-off-by: Alex Hung <alex.hung@canonical.com> --- src/Makefile.am | 1 + src/acpi/wsmt/wsmt.c | 94 +++++++++++++++++++++++++++++++++++++++++++++ src/lib/include/fwts_acpi.h | 9 +++++ 3 files changed, 104 insertions(+) create mode 100644 src/acpi/wsmt/wsmt.c