search

oxidecomputer / amd-apcb

AMD Generic Encapsulated Software Architecture Platform Security Processor Configuration Block manipulation library
Mozilla Public License 2.0
13 stars 1 forks source link

Token version check doesn't take into account processor generation #129

Open daym opened 4 months ago

daym commented 4 months ago

Currently, we check tokens for compatibility with the ABL version used. However, we do not take into account the processor generation--and ABL starts back at 0x1000xxxx each generation.

daym commented 4 months ago

For example, ABL version used in Milan 1.0.0.a is 0x100a_5010. For example, ABL version used in Genoa 1.0.0.0 is 0x1000_8014. For example, ABL version used in Genoa 1.0.0.b is 0x100b_8012.

We have checks like this:

./ondisk.rs:        GnbAdditionalFeatureDsmDetector2(minimal_version 0x1004_5012, frontier_version UNLIMITED_VERSION,
./ondisk.rs:        GnbAdditionalFeatureDsmDetector(minimal_version 0, frontier_version 0x1004_5012, default 0, id 0xf5768cee)
[...]
               return ($minimal_version..$frontier_version).contains(&abl0_version);

Our version check is generation independent, but should be generation dependent somehow.

Maybe make the user provide a general closure |generation, abl_version| that does the check.

But the generation is from amd-efs and would have to be passed as a context somehow but validation is done every time the token setter is used so apcb in general would have to know it and the type would have to be known; so amd-apcb would have to define it (or something like it, anyway)!