12449e17fSsherrym /*
22449e17fSsherrym  * CDDL HEADER START
32449e17fSsherrym  *
42449e17fSsherrym  * The contents of this file are subject to the terms of the
52449e17fSsherrym  * Common Development and Distribution License (the "License").
62449e17fSsherrym  * You may not use this file except in compliance with the License.
72449e17fSsherrym  *
82449e17fSsherrym  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
92449e17fSsherrym  * or http://www.opensolaris.org/os/licensing.
102449e17fSsherrym  * See the License for the specific language governing permissions
112449e17fSsherrym  * and limitations under the License.
122449e17fSsherrym  *
132449e17fSsherrym  * When distributing Covered Code, include this CDDL HEADER in each
142449e17fSsherrym  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
152449e17fSsherrym  * If applicable, add the following below this CDDL HEADER, with the
162449e17fSsherrym  * fields enclosed by brackets "[]" replaced with your own identifying
172449e17fSsherrym  * information: Portions Copyright [yyyy] [name of copyright owner]
182449e17fSsherrym  *
192449e17fSsherrym  * CDDL HEADER END
202449e17fSsherrym  */
212449e17fSsherrym 
222449e17fSsherrym /*
23adc586deSMark Johnson  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
242449e17fSsherrym  * Use is subject to license terms.
25ada023d2SAndy Fiddaman  *
26ada023d2SAndy Fiddaman  * Copyright 2021 OmniOS Community Edition (OmniOSce) Association.
27*d32f26eeSAndy Fiddaman  * Copyright 2023 Oxide Computer Company
282449e17fSsherrym  */
292449e17fSsherrym 
302449e17fSsherrym #include <sys/types.h>
312449e17fSsherrym #include <sys/ucode.h>
32*d32f26eeSAndy Fiddaman #include <sys/ucode_intel.h>
332449e17fSsherrym #ifdef	_KERNEL
342449e17fSsherrym #include <sys/systm.h>
352449e17fSsherrym #else
362449e17fSsherrym #include <strings.h>
372449e17fSsherrym #endif
382449e17fSsherrym 
392449e17fSsherrym /*
402449e17fSsherrym  * Refer to
412449e17fSsherrym  *	Intel 64 and IA-32 Architectures Software Developers's Manual
42afcdc73aSAndy Fiddaman  *		Chapter 9.11 Microcode Update Facilities	[1]
432449e17fSsherrym  * for details.
442449e17fSsherrym  */
452449e17fSsherrym 
462449e17fSsherrym /*
472449e17fSsherrym  * Validates the microcode header.
482449e17fSsherrym  * Returns EM_OK on success, EM_HEADER on failure.
492449e17fSsherrym  */
502449e17fSsherrym ucode_errno_t
ucode_header_validate_intel(ucode_header_intel_t * uhp)51adc586deSMark Johnson ucode_header_validate_intel(ucode_header_intel_t *uhp)
522449e17fSsherrym {
532449e17fSsherrym 	uint32_t header_size, body_size, total_size;
542449e17fSsherrym 
552449e17fSsherrym 	if (uhp == NULL)
562449e17fSsherrym 		return (EM_HEADER);
572449e17fSsherrym 
582449e17fSsherrym 	/*
592449e17fSsherrym 	 * The only header version number supported is 1.
602449e17fSsherrym 	 */
612449e17fSsherrym 	if (uhp->uh_header_ver != 0x1)
622449e17fSsherrym 		return (EM_HEADER);
632449e17fSsherrym 
64adc586deSMark Johnson 	header_size = UCODE_HEADER_SIZE_INTEL;
65adc586deSMark Johnson 	total_size = UCODE_TOTAL_SIZE_INTEL(uhp->uh_total_size);
66adc586deSMark Johnson 	body_size = UCODE_BODY_SIZE_INTEL(uhp->uh_body_size);
672449e17fSsherrym 
682449e17fSsherrym 	/*
692449e17fSsherrym 	 * The body size field of the microcode code header specifies the size
702449e17fSsherrym 	 * of the encrypted data section, its value must be a multiple of the
712449e17fSsherrym 	 * size of DWORD.  The total size field must be in multiples of 1K
722449e17fSsherrym 	 * bytes.
732449e17fSsherrym 	 */
742449e17fSsherrym 	if ((body_size % sizeof (int)) ||
752449e17fSsherrym 	    (total_size < (header_size + body_size)) ||
762449e17fSsherrym 	    (total_size % UCODE_KB(1)))
772449e17fSsherrym 
782449e17fSsherrym 		return (EM_HEADER);
792449e17fSsherrym 
802449e17fSsherrym 	/*
812449e17fSsherrym 	 * Sanity check to avoid reading bogus files
822449e17fSsherrym 	 */
832449e17fSsherrym 	if (total_size < UCODE_MIN_SIZE || total_size > UCODE_MAX_SIZE)
842449e17fSsherrym 		return (EM_HEADER);
852449e17fSsherrym 
862449e17fSsherrym 	/*
872449e17fSsherrym 	 * If there is extended signature table, total_size is the sum of
882449e17fSsherrym 	 *	header_size
892449e17fSsherrym 	 *	body_size
902449e17fSsherrym 	 *	sizeof (struct ucode_ext_table)
912449e17fSsherrym 	 *	n * sizeof (struct ucode_ext_sig)
922449e17fSsherrym 	 * where n is indicated by uet_count in struct ucode_ext_table.
932449e17fSsherrym 	 */
942449e17fSsherrym 	if (total_size > (header_size + body_size)) {
952449e17fSsherrym 		if ((total_size - body_size - header_size -
96adc586deSMark Johnson 		    UCODE_EXT_TABLE_SIZE_INTEL) % UCODE_EXT_SIG_SIZE_INTEL) {
972449e17fSsherrym 
982449e17fSsherrym 			return (EM_HEADER);
992449e17fSsherrym 		}
1002449e17fSsherrym 	}
1012449e17fSsherrym 
1022449e17fSsherrym 	return (EM_OK);
1032449e17fSsherrym }
1042449e17fSsherrym 
1052449e17fSsherrym /*
1062449e17fSsherrym  * Returns checksum.
1072449e17fSsherrym  */
1082449e17fSsherrym uint32_t
ucode_checksum_intel(uint32_t sum,uint32_t size,uint8_t * code)109adc586deSMark Johnson ucode_checksum_intel(uint32_t sum, uint32_t size, uint8_t *code)
1102449e17fSsherrym {
1112449e17fSsherrym 	int i;
1122449e17fSsherrym 	uint32_t *lcode = (uint32_t *)(intptr_t)code;
1132449e17fSsherrym 
1142449e17fSsherrym 	i = size >> 2;
1152449e17fSsherrym 	while (i--)
1162449e17fSsherrym 		sum += lcode[i];
1172449e17fSsherrym 
1182449e17fSsherrym 	return (sum);
1192449e17fSsherrym }
1202449e17fSsherrym 
121afcdc73aSAndy Fiddaman uint32_t
ucode_checksum_intel_extsig(ucode_header_intel_t * uhp,ucode_ext_sig_intel_t * uesp)122afcdc73aSAndy Fiddaman ucode_checksum_intel_extsig(ucode_header_intel_t *uhp,
123afcdc73aSAndy Fiddaman     ucode_ext_sig_intel_t *uesp)
124afcdc73aSAndy Fiddaman {
125afcdc73aSAndy Fiddaman 	/*
126afcdc73aSAndy Fiddaman 	 * From [1], table 9-7, the checksum field contained in the extended
127afcdc73aSAndy Fiddaman 	 * patch signature is the checksum across the entire update which would
128afcdc73aSAndy Fiddaman 	 * result if the primary processor signature and processor flags were
129afcdc73aSAndy Fiddaman 	 * replaced with the values from this entry.
130afcdc73aSAndy Fiddaman 	 *
131afcdc73aSAndy Fiddaman 	 * We can therefore just calculate the difference in the checksum
132afcdc73aSAndy Fiddaman 	 * between the old and new values and return that to the caller. If the
133afcdc73aSAndy Fiddaman 	 * difference is zero then the checksum for the patch is valid.
134afcdc73aSAndy Fiddaman 	 */
135afcdc73aSAndy Fiddaman 	uint32_t diff;
136afcdc73aSAndy Fiddaman 
137afcdc73aSAndy Fiddaman 	diff = uesp->ues_signature +
138afcdc73aSAndy Fiddaman 	    uesp->ues_proc_flags + uesp->ues_checksum;
139afcdc73aSAndy Fiddaman 	diff -= uhp->uh_signature + uhp->uh_proc_flags +
140afcdc73aSAndy Fiddaman 	    uhp->uh_checksum;
141afcdc73aSAndy Fiddaman 
142afcdc73aSAndy Fiddaman 	return (diff);
143afcdc73aSAndy Fiddaman }
144afcdc73aSAndy Fiddaman 
145adc586deSMark Johnson ucode_errno_t
ucode_validate_intel(uint8_t * ucodep,int size)146adc586deSMark Johnson ucode_validate_intel(uint8_t *ucodep, int size)
1472449e17fSsherrym {
148adc586deSMark Johnson 	uint32_t header_size = UCODE_HEADER_SIZE_INTEL;
1492449e17fSsherrym 	int remaining;
1502449e17fSsherrym 
1512449e17fSsherrym 	if (ucodep == NULL || size <= 0)
1522449e17fSsherrym 		return (EM_INVALIDARG);
1532449e17fSsherrym 
1542449e17fSsherrym 	for (remaining = size; remaining > 0; ) {
1552449e17fSsherrym 		uint32_t total_size, body_size, ext_size;
156adc586deSMark Johnson 		ucode_header_intel_t *uhp;
1572449e17fSsherrym 		uint8_t *curbuf = &ucodep[size - remaining];
1582449e17fSsherrym 		ucode_errno_t rc;
1592449e17fSsherrym 
160afcdc73aSAndy Fiddaman 		uhp = (ucode_header_intel_t *)curbuf;
1612449e17fSsherrym 
162adc586deSMark Johnson 		if ((rc = ucode_header_validate_intel(uhp)) != EM_OK)
1632449e17fSsherrym 			return (rc);
1642449e17fSsherrym 
165adc586deSMark Johnson 		total_size = UCODE_TOTAL_SIZE_INTEL(uhp->uh_total_size);
1662449e17fSsherrym 
167afcdc73aSAndy Fiddaman 		if (ucode_checksum_intel(0, total_size, curbuf) != 0)
1682449e17fSsherrym 			return (EM_CHECKSUM);
1692449e17fSsherrym 
170adc586deSMark Johnson 		body_size = UCODE_BODY_SIZE_INTEL(uhp->uh_body_size);
1712449e17fSsherrym 		ext_size = total_size - (header_size + body_size);
1722449e17fSsherrym 
1732449e17fSsherrym 		if (ext_size > 0) {
174afcdc73aSAndy Fiddaman 			ucode_ext_table_intel_t *ext;
1752449e17fSsherrym 			uint32_t i;
1762449e17fSsherrym 
177afcdc73aSAndy Fiddaman 			ext = (ucode_ext_table_intel_t *)
178afcdc73aSAndy Fiddaman 			    &curbuf[header_size + body_size];
179afcdc73aSAndy Fiddaman 
180afcdc73aSAndy Fiddaman 			if (ucode_checksum_intel(0, ext_size, (uint8_t *)ext))
181afcdc73aSAndy Fiddaman 				return (EM_EXTCHECKSUM);
1822449e17fSsherrym 
183afcdc73aSAndy Fiddaman 			for (i = 0; i < ext->uet_count; i++) {
184afcdc73aSAndy Fiddaman 				ucode_ext_sig_intel_t *sig =
185afcdc73aSAndy Fiddaman 				    &ext->uet_ext_sig[i];
1862449e17fSsherrym 
187afcdc73aSAndy Fiddaman 				if (ucode_checksum_intel_extsig(uhp, sig) != 0)
188afcdc73aSAndy Fiddaman 					return (EM_SIGCHECKSUM);
1892449e17fSsherrym 			}
1902449e17fSsherrym 		}
1912449e17fSsherrym 
1922449e17fSsherrym 		remaining -= total_size;
1932449e17fSsherrym 	}
1942449e17fSsherrym 	return (EM_OK);
1952449e17fSsherrym }
196