flashtools
flashtools copied to clipboard
Published
20 hours ago •
osresearch
osresearch
Correct way to locate pciexbar
Having the user provide it seems non-ideal. libpci is overweight for this, maybe it is in /proc?
It appears that we can find the address from /sys. On qemu:
# hd /sys/bus/pci/devices/0000\:00\:00.0/config
00000000 86 80 c0 29 00 00 00 00 00 00 00 06 00 00 00 00 |...)............|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 f4 1a 00 11 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 ff 00 00 00 |................|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000060 01 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 02 38 00 |..............8.|
000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000100
Offset 0x60 (according to chipsec) is the PCIEXBAR, 0x80000000.
If you're not root you can only see the first 64 bytes of the config file. You can't mmap /dev/mem anyway, so that's probably ok.
On skylake (x1 gen4) the address is 0xf8000000, but there doesn't seem to be the RCBA pointer there.
sudo xxd -e -g4 /sys/bus/pci/devices/0000\:00\:00.0/config
00000000: 19048086 20900006 06000008 00000000 ....... ........
00000010: 00000000 00000000 00000000 00000000 ................
00000020: 00000000 00000000 00000000 223817aa ..............8"
00000030: 00000000 000000e0 00000000 00000000 ................
00000040: fed19001 00000000 fed10001 00000000 ................
00000050: 000001c1 00008031 dc700047 d90000a7 ....1...G.p.....
00000060: f8000005 00000000 fed18001 00000000 ................
00000070: fe000000 00000003 fe000c00 0000007f ................
00000080: 11111110 00111111 0000001a 00000000 ................
00000090: fe000001 00000003 21700001 00000004 ..........p!....
000000a0: 00000001 00000004 21800001 00000004 ...........!....
000000b0: da800001 da000001 d9000001 dc800001 ................
000000c0: 00000000 00000000 00000000 00000000 ................
000000d0: 00000000 00000000 00000000 00000000 ................
000000e0: 01100009 7a616685 161580dc 0006c000 .....faz........
000000f0: 00000000 00030fc8 00000000 00000000 ................
pci_exbar (0xf8000000) + lpc_offset (0xf8000) + rcba_offset (0xf0) contains 0:
sudo ./peek 0xf80f8000 256 | xxd -g4 -e
00000000: 9d488086 02000007 06010021 00800000 ..H.....!.......
00000010: 00000000 00000000 00000000 00000000 ................
00000020: 00000000 00000000 00000000 223817aa ..............8"
00000030: 00000000 00000000 00000000 00000000 ................
00000040: 00000000 00000000 00000000 00000000 ................
00000050: 00000000 00000000 00000000 00000000 ................
00000060: 00000000 00000090 00000000 00000000 ................
00000070: 00000000 00000000 00000000 00000000 ................
00000080: 3f0f0010 007c1601 000c15e1 000c0081 ...?..|.........
00000090: 000c0681 00000f00 00000000 00000000 ................
000000a0: 00000000 00000000 00000000 00000000 ................
000000b0: 00000000 00000000 00000000 00000000 ................
000000c0: 00000000 00000000 00000000 00000000 ................
000000d0: 00112233 00004567 0000ffcf 000000a2 3"..gE..........
000000e0: 000000c1 00000000 00000000 00000000 ................
000000f0: 00000000 00000000 08230fb3 00000000 ..........#.....