Support for AMD Raphael CPUs #2063

jvoisin · 2024-02-12T10:41:04Z

In the same vein then #825. Raphael looks similar enough to Renoir that passing -p renoir gives correct results.

# head -n 28 /proc/cpuinfo                                                                                                                                                                     
processor	: 0
vendor_id	: AuthenticAMD
cpu family	: 23
model		: 113
model name	: AMD Ryzen 7 3700X 8-Core Processor
stepping	: 0
microcode	: 0x8701030
cpu MHz		: 3799.218
cache size	: 512 KB
physical id	: 0
siblings	: 16
core id		: 0
cpu cores	: 8
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 16
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr rdpru wbnoinvd arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif v_spec_ctrl umip rdpid overflow_recov succor smca sev sev_es
bugs		: sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass retbleed smt_rsb srso
bogomips	: 7599.91
TLB size	: 3072 4K pages
clflush size	: 64
cache_alignment	: 64
address sizes	: 43 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

# ./chipsec_main.py -vv -m common.bios_smi                                                                                                                                                      

################################################################
##                                                            ##
##  CHIPSEC: Platform Hardware Security Assessment Framework  ##
##                                                            ##
################################################################
[CHIPSEC] Version  : 1.12.8
[CHIPSEC] Arguments: -vv -m common.bios_smi

[*] [DEBUG] [helper] Linux Helper created
[*] [DEBUG] Module /dev/chipsec loaded successfully
[*] [DEBUG] [helper] Linux Helper started/loaded
[*] [HAL] [cpuid] in: EAX=0x00000001, ECX=0x00000000
[*] [HAL] [cpuid] out: EAX=0x00870F10, EBX=0x02100800, ECX=0x7EF8320B, EDX=0x178BFBFF
[*] [DEBUG] [*] Loading device buses..
ERROR: Unknown Platform: VID = 0xFFFF, DID = 0xFFFF, RID = 0xFF, CPUID = 0x870F10
ERROR: Platform is not supported (Unknown Platform: VID = 0xFFFF, DID = 0xFFFF, RID = 0xFF, CPUID = 0x870F10).
WARNING: Platform dependent functionality is likely to be incorrect

[CHIPSEC] OS      : Linux 6.6.13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.13-1 (2024-01-20) x86_64
[CHIPSEC] Python  : 3.11.8 (64-bit)
[CHIPSEC] Helper  : LinuxHelper (/home/jvoisin/Applications/chipsec/chipsec/helper/linux/chipsec.ko)
[CHIPSEC] Platform: Unrecognized Platform
[CHIPSEC]    CPUID: 870F10
[CHIPSEC]      VID: FFFF
[CHIPSEC]      DID: FFFF
[CHIPSEC]      RID: FF
 
[*] Running from /home/jvoisin/Applications/chipsec
[+] loaded chipsec.modules.common.bios_smi
[*] running loaded modules ..

[*] Running module: chipsec.modules.common.bios_smi
[+] imported: chipsec.modules.common.bios_smi
[*] Module path: /home/jvoisin/Applications/chipsec/chipsec/modules/common/bios_smi.py
[!] Required controls not defined for platform.  Skipping module.
Skipping module chipsec.modules.common.bios_smi since it is not applicable in this environment and/or platform

[CHIPSEC] ***************************  SUMMARY  ***************************
[CHIPSEC] Time elapsed            0.001
[CHIPSEC] Modules total           1
[CHIPSEC] Modules failed to run   0:
[CHIPSEC] Modules passed          0:
[CHIPSEC] Modules information     0:
[CHIPSEC] Modules failed          0:
[CHIPSEC] Modules with warnings   0:
[CHIPSEC] Modules not applicable  1:
NOT APPLICABLE: chipsec.modules.common.bios_smi
[CHIPSEC] *****************************************************************
[*] [DEBUG] Module for /dev/chipsec unloaded successfully
[*] [DEBUG] [helper] Linux Helper stopped/unloaded
[*] [DEBUG] [helper] Linux Helper deleted

# ./chipsec_main.py  -m common.bios_smi -p renoir                                                                                                                                            

################################################################
##                                                            ##
##  CHIPSEC: Platform Hardware Security Assessment Framework  ##
##                                                            ##
################################################################
[CHIPSEC] Version  : 1.12.8
[CHIPSEC] Arguments: -m common.bios_smi -p renoir

[!]       Unknown PCH: VID = 0xFFFF, DID = 0xFFFF, RID = 0xFF; Using Default.
BDF     | VID:DID   | Vendor                       | Device
-------------------------------------------------------------------------
00:00.0 | 1022:1480 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse Root Complex
00:00.2 | 1022:1481 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse IOMMU
00:01.0 | 1022:1482 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse PCIe Dummy Host Bridge
00:01.2 | 1022:1483 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse GPP Bridge
00:02.0 | 1022:1482 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse PCIe Dummy Host Bridge
00:03.0 | 1022:1482 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse PCIe Dummy Host Bridge
00:03.1 | 1022:1483 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse GPP Bridge
00:04.0 | 1022:1482 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse PCIe Dummy Host Bridge
00:05.0 | 1022:1482 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse PCIe Dummy Host Bridge
00:07.0 | 1022:1482 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse PCIe Dummy Host Bridge
00:07.1 | 1022:1484 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse Internal PCIe GPP Bridge 0 to bus[E:B]
00:08.0 | 1022:1482 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse PCIe Dummy Host Bridge
00:08.1 | 1022:1484 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse Internal PCIe GPP Bridge 0 to bus[E:B]
00:14.0 | 1022:790B | Advanced Micro Devices, Inc. [AMD] | FCH SMBus Controller
00:14.3 | 1022:790E | Advanced Micro Devices, Inc. [AMD] | FCH LPC Bridge
00:18.0 | 1022:1440 | Advanced Micro Devices, Inc. [AMD] | Matisse/Vermeer Data Fabric: Device 18h; Function 0
00:18.1 | 1022:1441 | Advanced Micro Devices, Inc. [AMD] | Matisse/Vermeer Data Fabric: Device 18h; Function 1
00:18.2 | 1022:1442 | Advanced Micro Devices, Inc. [AMD] | Matisse/Vermeer Data Fabric: Device 18h; Function 2
00:18.3 | 1022:1443 | Advanced Micro Devices, Inc. [AMD] | Matisse/Vermeer Data Fabric: Device 18h; Function 3
00:18.4 | 1022:1444 | Advanced Micro Devices, Inc. [AMD] | Matisse/Vermeer Data Fabric: Device 18h; Function 4
00:18.5 | 1022:1445 | Advanced Micro Devices, Inc. [AMD] | Matisse/Vermeer Data Fabric: Device 18h; Function 5
00:18.6 | 1022:1446 | Advanced Micro Devices, Inc. [AMD] | Matisse/Vermeer Data Fabric: Device 18h; Function 6
00:18.7 | 1022:1447 | Advanced Micro Devices, Inc. [AMD] | Matisse/Vermeer Data Fabric: Device 18h; Function 7
01:00.0 | 1022:57AD | Advanced Micro Devices, Inc. [AMD] | Matisse Switch Upstream
02:01.0 | 1022:57A3 | Advanced Micro Devices, Inc. [AMD] | Matisse PCIe GPP Bridge
02:05.0 | 1022:57A3 | Advanced Micro Devices, Inc. [AMD] | Matisse PCIe GPP Bridge
02:08.0 | 1022:57A4 | Advanced Micro Devices, Inc. [AMD] | Matisse PCIe GPP Bridge
02:09.0 | 1022:57A4 | Advanced Micro Devices, Inc. [AMD] | Matisse PCIe GPP Bridge
02:0A.0 | 1022:57A4 | Advanced Micro Devices, Inc. [AMD] | Matisse PCIe GPP Bridge
03:00.0 | 8086:F1A8 | Intel Corporation            | SSD 660P Series
04:00.0 | 8086:1539 | Intel Corporation            | I211 Gigabit Network Connection
05:00.0 | 1022:1485 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse Reserved SPP
05:00.1 | 1022:149C | Advanced Micro Devices, Inc. [AMD] | Matisse USB 3.0 Host Controller
05:00.3 | 1022:149C | Advanced Micro Devices, Inc. [AMD] | Matisse USB 3.0 Host Controller
06:00.0 | 1022:7901 | Advanced Micro Devices, Inc. [AMD] | FCH SATA Controller [AHCI mode]
07:00.0 | 1022:7901 | Advanced Micro Devices, Inc. [AMD] | FCH SATA Controller [AHCI mode]
08:00.0 | 10DE:2786 | NVIDIA Corporation           | AD104 [GeForce RTX 4070]
08:00.1 | 10DE:22BC | NVIDIA Corporation           | 
09:00.0 | 1022:148A | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse PCIe Dummy Function
0A:00.0 | 1022:1485 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse Reserved SPP
0A:00.1 | 1022:1486 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse Cryptographic Coprocessor PSPCPP
0A:00.3 | 1022:149C | Advanced Micro Devices, Inc. [AMD] | Matisse USB 3.0 Host Controller
0A:00.4 | 1022:1487 | Advanced Micro Devices, Inc. [AMD] | Starship/Matisse HD Audio Controller
[!]            Results from this system may be incorrect.

[CHIPSEC] OS      : Linux 6.6.13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.13-1 (2024-01-20) x86_64
[CHIPSEC] Python  : 3.11.8 (64-bit)
[CHIPSEC] Helper  : LinuxHelper (/home/jvoisin/Applications/chipsec/chipsec/helper/linux/chipsec.ko)
[CHIPSEC] Platform: Renoir Root Complex
[CHIPSEC]    CPUID: 870F10
[CHIPSEC]      VID: 1022
[CHIPSEC]      DID: FFFF
[CHIPSEC]      RID: FF
[CHIPSEC] PCH     : Unrecognized PCH
[CHIPSEC]      VID: FFFF
[CHIPSEC]      DID: FFFF
[CHIPSEC]      RID: FF

 
[+] loaded chipsec.modules.common.bios_smi
[*] running loaded modules ..

[*] Running module: chipsec.modules.common.bios_smi
[!] Required controls not defined for platform.  Skipping module.
Skipping module chipsec.modules.common.bios_smi since it is not applicable in this environment and/or platform

[CHIPSEC] ***************************  SUMMARY  ***************************
[CHIPSEC] Time elapsed            0.001
[CHIPSEC] Modules total           1
[CHIPSEC] Modules failed to run   0:
[CHIPSEC] Modules passed          0:
[CHIPSEC] Modules information     0:
[CHIPSEC] Modules failed          0:
[CHIPSEC] Modules with warnings   0:
[CHIPSEC] Modules not applicable  1:
NOT APPLICABLE: chipsec.modules.common.bios_smi
[CHIPSEC] *****************************************************************

#

The text was updated successfully, but these errors were encountered:

kerneis-anssi · 2024-04-18T11:05:09Z

@JKingGermany Sorry but I deleted your comment, it was really far too long and somewhat off-topic (mentioning projects unrelated to chipsec). What you want to do seems a bit unclear, I suggest you have a look at the "Rootkits and Bootkits" book to build a better understanding of how bootkits work. https://nostarch.com/rootkits. In any case, chipsec is not a tool to detect bootkits: it is a tool to detect whether the firmware is misconfiguring the platform, making it easier for an attacker to build a successful attack.

Let's keep this issue focused on AMD support for more CPU families please. I have a patch supporting more architectures, but I'm also waiting for more information from AMD before opening a PR. Sorry I cannot provide more details for now.

npmitche added the help wanted label Feb 12, 2024

npmitche assigned kerneis-anssi Feb 14, 2024

chipsec deleted a comment from JKingGermany Apr 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for AMD Raphael CPUs #2063

Support for AMD Raphael CPUs #2063

jvoisin commented Feb 12, 2024

kerneis-anssi commented Apr 18, 2024 •

edited

Support for AMD Raphael CPUs #2063

Support for AMD Raphael CPUs #2063

Comments

jvoisin commented Feb 12, 2024

kerneis-anssi commented Apr 18, 2024 • edited

kerneis-anssi commented Apr 18, 2024 •

edited