diff --git a/common/ffsparser.cpp b/common/ffsparser.cpp index 9236211..0645299 100644 --- a/common/ffsparser.cpp +++ b/common/ffsparser.cpp @@ -1340,17 +1340,6 @@ USTATUS FfsParser::parseVolumeHeader(const UByteArray & volume, const UINT32 loc bool FfsParser::microcodeHeaderValid(const INTEL_MICROCODE_HEADER* ucodeHeader) { bool reservedBytesValid = true; - - // Check CpuFlags reserved bytes to be zero - for (UINT32 i = 0; i < sizeof(ucodeHeader->ProcessorFlagsReserved); i++) { - if (ucodeHeader->ProcessorFlagsReserved[i] != 0x00) { - reservedBytesValid = false; - break; - } - } - if (!reservedBytesValid) { - return false; - } // Check data size to be multiple of 4 and less than 0x1000000 if (ucodeHeader->DataSize % 4 != 0 || @@ -1389,8 +1378,8 @@ bool FfsParser::microcodeHeaderValid(const INTEL_MICROCODE_HEADER* ucodeHeader) ucodeHeader->DateYear > 0x2049) { return FALSE; } - // Check HeaderVersion to be 1. - if (ucodeHeader->HeaderVersion != 1) { + // Check HeaderType to be 1. + if (ucodeHeader->HeaderType != 1) { return FALSE; } // Check LoaderRevision to be 1. @@ -4268,13 +4257,13 @@ USTATUS FfsParser::parseIntelMicrocodeHeader(const UByteArray & microcode, const // Recalculate checksum after patching tempUcodeHeader->Checksum = 0; - tempUcodeHeader->ProcessorFlags = entry->ProcessorFlags; + tempUcodeHeader->PlatformIds = entry->PlatformIds; tempUcodeHeader->ProcessorSignature = entry->ProcessorSignature; UINT32 entryCalculated = calculateChecksum32((const UINT32*)tempMicrocode.constData(), sizeof(INTEL_MICROCODE_HEADER) + dataSize); - extendedHeaderInfo += usprintf("\nCPU signature #%u: %08Xh\nCPU flags #%u: %02Xh\nChecksum #%u: %08Xh, ", + extendedHeaderInfo += usprintf("\nCPU signature #%u: %08Xh\nCPU platform Id #%u: %08Xh\nChecksum #%u: %08Xh, ", i + 1, entry->ProcessorSignature, - i + 1, entry->ProcessorFlags, + i + 1, entry->PlatformIds, i + 1, entry->Checksum) + (entry->Checksum == entryCalculated ? UString("valid") : usprintf("invalid, should be %08Xh", entryCalculated)); } @@ -4293,7 +4282,7 @@ USTATUS FfsParser::parseIntelMicrocodeHeader(const UByteArray & microcode, const // Add info UString name("Intel microcode"); UString info = usprintf("Full size: %Xh (%u)\nHeader size: 0h (0u)\nBody size: %Xh (%u)\nTail size: 0h (0u)\n" - "Date: %02X.%02X.%04x\nCPU signature: %08Xh\nRevision: %08Xh\nCPU flags: %02Xh\nChecksum: %08Xh, ", + "Date: %02X.%02X.%04x\nCPU signature: %08Xh\nRevision: %08Xh\nMinimal update revision: %08Xh\nCPU platform Id: %08Xh\nChecksum: %08Xh, ", (UINT32)microcodeBinary.size(), (UINT32)microcodeBinary.size(), (UINT32)microcodeBinary.size(), (UINT32)microcodeBinary.size(), ucodeHeader->DateDay, @@ -4301,7 +4290,8 @@ USTATUS FfsParser::parseIntelMicrocodeHeader(const UByteArray & microcode, const ucodeHeader->DateYear, ucodeHeader->ProcessorSignature, ucodeHeader->UpdateRevision, - ucodeHeader->ProcessorFlags, + ucodeHeader->UpdateRevisionMin, + ucodeHeader->PlatformIds, ucodeHeader->Checksum) + (ucodeHeader->Checksum == calculated ? UString("valid") : usprintf("invalid, should be %08Xh", calculated)) + extendedHeaderInfo; diff --git a/common/intel_microcode.h b/common/intel_microcode.h index c6a3d89..04354ce 100644 --- a/common/intel_microcode.h +++ b/common/intel_microcode.h @@ -21,7 +21,7 @@ WITHWARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // This structure is described in Section 9.11.1 of the Intel Software Developer manual Volume 3A Part 1 typedef struct INTEL_MICROCODE_HEADER_ { - UINT32 HeaderVersion; // 0x00000001 + UINT32 HeaderType; // 0x00000001 for Microcode (we do not need to support IFS yet) UINT32 UpdateRevision; UINT16 DateYear; // BCD UINT8 DateDay; // BCD @@ -31,8 +31,7 @@ typedef struct INTEL_MICROCODE_HEADER_ { // Checksum is correct when the summation of all the DWORDs (including the extended Processor Signature Table) // that comprise the microcode update result in 00000000H. UINT32 LoaderRevision; // 0x00000001 - UINT8 ProcessorFlags; - UINT8 ProcessorFlagsReserved[3]; // Zeroes + UINT32 PlatformIds; // Platform Ids UINT32 DataSize; // Specifies the size of the encrypted data in bytes, and must be a multiple of DWORDs. // If this value is 00000000H, then the microcode update encrypted data is 2000 bytes (or 500 DWORDs). // Sane values are less than 0x1000000 @@ -40,7 +39,9 @@ typedef struct INTEL_MICROCODE_HEADER_ { // It is the summation of the header size, the encrypted data size and the size of the optional extended signature table. // This value is always a multiple of 1024 according to the spec, but Intel already breached it several times. // Sane values are less than 0x1000000 - UINT8 Reserved[12]; // Zeroes + UINT32 MetadataSize; // Reserved in Microcode headers + UINT32 UpdateRevisionMin; // Minimum required version for OS Kernel Late Loading + UINT32 Reserved; // Zeroes } INTEL_MICROCODE_HEADER; #define INTEL_MICROCODE_REAL_DATA_SIZE_ON_ZERO 2000 @@ -57,8 +58,8 @@ typedef struct INTEL_MICROCODE_EXTENDED_HEADER_ { typedef struct INTEL_MICROCODE_EXTENDED_HEADER_ENTRY_ { UINT32 ProcessorSignature; - UINT32 ProcessorFlags; - UINT32 Checksum; // To calculate the Checksum, substitute the Primary Processor Signature entry and the Processor Flags entry with the corresponding Extended Patch entry. + UINT32 PlatformIds; + UINT32 Checksum; // To calculate the Checksum, substitute the Primary Processor Signature entry and the Platform Ids entry with the corresponding Extended Patch entry. // Delete the Extended Processor Signature Table entries. // Checksum is correct when the summation of all DWORDs that comprise the created Extended Processor Patch results in 00000000H. } INTEL_MICROCODE_EXTENDED_HEADER_ENTRY;