AMD x86_64 Firmware

• AMD Firmware Entry Table
• PSP Directories
  • Code Entries
  • Data Entries
• XHCI Firmware
• AGESA
• UEFI

But why?

“Mimoja Firmware Toolkit”

• Microservice architecture
• Auto-fetch Biosupdates
• Auto-unpack
• Analyse
• Write to elastic

Scope

• Several tenthousand images
• Rate Vendor qualities
• Provide updates for EOL systems

AMD Firmware Entry Table

• PSP looks at offset 0x20000 in the flash.
• Flashmapping for 16MB is 0xFF000000
• Mapping depends on Flashsize
• Finds the “Firmware Entry Table”

type AMDFirmwareEntryTable struct {
	Signature     uint32
	ImcRomBase    uint32
	GecRomBase    uint32
	XHCRomBase    uint32
	PSPDirBase    uint32
	NewPSPDirBase uint32
	BDHDirBase    uint32
	Unknown1      uint32
}

Signature

0x55AA55AA

ImcRomBase

• _AMD_IMC_C magic
• AMDs embedded controler implementation
• Found in most CPUs
• Almost never used

GecRomBase

• Gigabit ethernet
• very hardware specific
• ignored

XHCI

• Two versions
  • Old and new
• Running on V850E1

OLD XHCI

• quoting coreboot wiki:

0x0000 	2 	Signature 0x55aa 	
0x0002 	2 	Offset to the BCD (type0?) 	
0x0004 	2 	BCD size 	
0x0006 	2 	Offset to Main FW (type1?) 	
0x0008 	2 	Main FW size 	
0x000a 	2 	Offset to the ACD (type2?) 	
0x000c 	2 	Offset to the ACD

• Main FW

Offset 	Size in bytes 	What
0x0000 	2 	Firmware version - 0x3032 means 3.0.3.2 	
0x0002 	- 	Firmware data, most likely V850E1 controller 	

NEW XHCI

00000000  80 07 f8 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  e0 07 40 01 00 00 00 00  00 00 00 00 00 00 00 00  |..@.............|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000040  80 07 3a 03 e0 07 40 01  00 00 00 00 00 00 00 00  |..:...@.........|
00000050  e0 07 40 01 00 00 00 00  00 00 00 00 00 00 00 00  |..@.............|
00000060  80 07 34 01 e0 07 40 01  00 00 00 00 00 00 00 00  |..4...@.........|
00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080  80 07 4a 01 e0 07 40 01  00 00 00 00 00 00 00 00  |..J...@.........|
00000090  80 07 70 01 e0 07 40 01  00 00 00 00 00 00 00 00  |..p...@.........|
000000a0  80 07 96 01 e0 07 40 01  00 00 00 00 00 00 00 00  |......@.........|
000000b0  80 07 bc 01 e0 07 40 01  00 00 00 00 00 00 00 00  |......@.........|
000000c0  80 07 e2 01 e0 07 40 01  00 00 00 00 00 00 00 00  |......@.........|
000000d0  80 07 08 02 e0 07 40 01  00 00 00 00 00 00 00 00  |......@.........|
000000e0  80 07 2e 02 e0 07 40 01  00 00 00 00 00 00 00 00  |......@.........|
000000f0  80 07 54 02 e0 07 40 01  00 08 00 10 00 18 00 20  |..T...@........ |

NEW XHCI

.data:00000000 8007f800 jr 0x000000f8

• We found ourself the vector table
• reset vector first
• Ghidra next?

AGESA

• All binary blobs are shipped as “AGESA Bundle”
• Only with NDA
• Format is documented
• AMD Generic Encapsulated Software Architecture (AGESA™)Interface Specification for Arch2008

AGESA

What we have:

• Binary blobs needed to boot
• AGESA header

rule AGESA {
    strings:
        $AMDGESA = {41 4d 44 21 47 45 53 41 ?? ?? ?? ??}
        $AGESA = /AGESA![0-9a-zA-Z]{0,10}\x00{0,1}[0-9a-zA-Z .\-]*/
        $AAGESA = /!!AGESA[0-9a-zA-Z .\-]*/
        $AMD_PI = /\$AMD[A-Z][0-9a-zA-Z]*[PIVpiv][0-9a-zA-Z.\-]*/
    condition:
        any of them
}

!!AGESABristolPI       V1.0.0.1X   
!!AGESACarrizoFM2r2PI  V1.2.0.0X   
!!AGESACarrizoFM2r2PI  V1.2.0.2X   
!!AGESACarrizoFM2r2PI  V1.3.0.1X   
!!AGESACarrizoLitePI   V1.0.0.0    
!!AGESACarrizoLitePI   V1.0.0.1    
!!AGESACarrizoLitePI   V1.0.0.2    
!!AGESACarrizoLitePI   V1.0.0.4    
!!AGESACarrizoPI       V1.0.0.6    
!!AGESACarrizoPI       V1.0.8.0    
!!AGESACarrizoPI       V1.1.0.0    
!!AGESA DanNiPI V0.0.9.2    
!!AGESA DanNiPI V1.0.0.0    
!!AGESA DanNiPI V1.0.0.1    
!!AGESA DanNiPI V1.0.0.2    
!!AGESA DanNiPI V1.0.0.3    
!!AGESA DanNiPI V1.0.0.4    
!!AGESAGodavariPI      V0.0.9.1    
!!AGESAGodavariPI      V1.0.0.0    
!!AGESAGodavariPI      V1.0.0.1    
!!AGESAKabiniPI        V1.0.0.5    
!!AGESAKabiniPI        V1.0.0.6    
!!AGESAKabiniPI        V1.0.0.7    
!!AGESAKabiniPI        V1.0.0.8    
!!AGESAKabiniPI        V1.0.0.9    
!!AGESAKabiniPI        V1.0.0.A    
!!AGESAKabiniPI        V1.0.0.B    
!!AGESAKabiniPI        V1.1.0.0    
!!AGESAKabiniPI        V1.1.0.1    
!!AGESAKaveriPI        V0.0.6.2    
!!AGESAKaveriPI        V0.0.8.1    
!!AGESAKaveriPI        V1.0.0.0    
!!AGESAKaveriPI        V1.1.0.2    
!!AGESAKaveriPI        V1.1.0.5    
!!AGESA LlanoPI V1.0.0.6    
!!AGESA LlanoPI V1.1.0.0    
!!AGESA LlanoPI V1.1.0.2    
!!AGESA LlanoPI V1.1.0.3    
!!AGESA LlanoPI V1.1.0.4    
!!AGESA LlanoPI V1.1.0.5    
!!AGESA LlanoPI V1.1.0.6    
!!AGESA LlanoPI V1.1.0.7    
!!AGESA LlanoPI V1.1.0.8    
!!AGESA MarG34PIV1.1.0.4    
!!AGESA MarG34PIV1.1.0.7    
!!AGESAMullinsPI       V1.0.0.2    
!!AGESAMullinsPI       V1.0.0.3    
!!AGESAMullinsPI       V1.0.0.4    
!!AGESAMullinsPI       V1.0.0.A    
!!AGESA Ontar2PIV1.0.0.1    
!!AGESA Ontar2PIV1.0.0.2    
!!AGESA Ontar2PIV1.0.0.3    
!!AGESA OntaroPIV1.0.0.2    
!!AGESA OntaroPIV1.0.0.3    
!!AGESA OntaroPIV1.0.0.4    
!!AGESA OntaroPIV1.0.9.0    
!!AGESA OntaroPIV1.1.0.0    
!!AGESA OntaroPIV1.1.9.0    
!!AGESA OntaroPIV1.2.0.0    
!!AGESA OrochiPIV0.0.7.3X   
!!AGESA OrochiPIV0.0.7.4    
!!AGESA OrochiPIV0.0.7.5    
!!AGESA OrochiPIV0.0.9.0    
!!AGESA OrochiPIV0.0.9.1    
!!AGESA OrochiPIV0.0.9.2    
!!AGESA OrochiPIV1.1.0.0    
!!AGESA OrochiPIV1.1.0.1    
!!AGESA OrochiPIV1.1.0.2    
!!AGESA OrochiPIV1.2.0.0    
!!AGESA OrochiPIV1.2.0.1    
!!AGESA OrochiPIV1.2.0.3    
!!AGESA OrochiPIV1.2.0.4    
!!AGESA OrochiPIV1.2.7.1    
!!AGESA OrochiPIV1.2.9.0    
!!AGESA OrochiPIV1.4.9.0    
!!AGESA OrochiPIV1.5.0.0    
!!AGESA OrochiPIV1.5.0.1    
!!AGESA OrochiPIV1.5.0.2    
!!AGESA OrochiPIV1.5.0.5    
!!AGESA OrochiPIV1.5.0.7    
!!AGESA OrochiPIV1.5.0.8    
!!AGESARichlandPI      V1.1.0.1    
!!AGESARichlandPI      V1.1.0.2    
!!AGESAStoneyPI        V1.0.0.2    
!!AGESAStoneyPI        V1.3.0.2    
!!AGESAStoneyPI        V1.3.0.3    
!!AGESAStoneyPI        V1.3.0.6    
!!AGESAStoneyPI        V1.3.0.8    
!!AGESAStoneyPI        V1.3.0.9    
!!AGESAStoneyPI        V1.3.0.A    
!!AGESA TrinyPI V1.1.0.2    
!!AGESA TrinyPI V1.1.0.3    
!!AGESA TrinyPI V1.1.0.5    
!!AGESA TrinyPI V1.1.0.7    
!!AGESA TrinyPI V1.1.0.8    
!!AGESA V3.1.1.0
!!AGESA V3.1.3.0
!!AGESA V3.1.3.1
!!AGESA V3.1.4.0
!!AGESA V3.1.5.0
!!AGESA V3.1.6.0
!!AGESA V3.1.7.0
!!AGESA V3.1.8.0
!!AGESA V3.1.9.0
!!AGESA V3.1.9.1
!!AGESA V3.2.7.2
!!AGESA V3.3.0.0
!!AGESA V3.3.1.0
!!AGESA V3.3.2.0
!!AGESA V3.3.2.2
!!AGESA V3.3.2.3
!!AGESA V3.3.2.4
!!AGESA V3.3.2.5
!!AGESA V3.3.2.7
!!AGESA V3.5.0.0
!!AGESA V3.5.0.1
!!AGESA V3.5.0.2
!!AGESA V3.5.2.0
!!AGESA V3.5.2.1
!!AGESA V3.5.3.1
!!AGESA V3.5.4.0
!!AGESA V3.5.5.0
!!AGESA V3.6.9.0
!!AGESA V3.7.0.0
!!AGESA V3.7.0.1
!!AGESA V3.7.1.0
!!AGESA V3.7.1.1
!!AGESA V4.1.0.3
!!AGESA V4.3.0.0
!!AGESA V4.4.0.0
!!AGESA V4.6.0.1
!!AGESA V4.6.1.0
!!AGESA V6.0.9.0
!!AGESA V6.1.0.0
!!AGESA V6.1.1.0
!!AGESA V6.1.2.0
!!AGESA V6.1.2.2
!!AGESA V6.1.5.0
AGESA!V9\x00NaplesPI-SP3 1.0.0.9
AGESA!V9\x00NaplesPI-SP3 1.0.0.A
AGESA!V9\x00NaplesPI-SP3 1.0.0.B
AGESA!V9\x00PinnaclePI-AM4 1.0.0.0a
AGESA!V9\x00PinnaclePI-AM4 1.0.0.2
AGESA!V9\x00PinnaclePI-AM4 1.0.0.3
AGESA!V9\x00PinnaclePI-AM4 1.0.0.6
AGESA!V9\x00RavenPI-FP5-AM4 1.0.7.1
AGESA!V9\x00RavenPI-FP5-AM4 1.1.0.2
AGESA!V9\x00RavenPI-FP5-AM4 1.1.0.5
AGESA!V9\x00SummitPI-AM4 1.0.0.4a
AGESA!V9\x00SummitPI-AM4 1.0.0.6
AGESA!V9\x00SummitPI-SP3r2-1.1.0.1
AGESA!V9\x00SummitPI-SP3r2-1.1.0.2
AGESA!V9\x00ThreadRipperPI-SP3r2-0.0.6.0
AGESA!V9\x00UnkownPI 0.0.0.0
!!AGESA X3.5.2.0
!!AGESA X4.3.9.0
!!AGESA X4.4.0.0
!!AGESA X4.6.1.0

Rage

Lenovo did not update their AGESA on their Thinkpad A285.
Still on 1.0.0.4, while 1.1.0.5 is in the wild since at least September 4th 2018. (Acer Aspire TC-380)

Over a year before release(December 2017) ASUS shipped the 1.0.7.1 update.

Lenovo released with a 2 year old AGESA...

— Mimoja (◕ᴗ◕✿) (@WingsOfMimoja)

PSP

• AMDs security processor
• Boots before the main system
  • Most of the time
• Is required to boot
  • Most of the time
• Only runs signed code
  • Most of the time

Boot Process

Overview

Type         GUID/Name                            Size
BIOS                                              0x1000000
 BIOS Pad                                         0x40000
 FV          8C8CE578-8A3D-4F1C-9935-896185C32DD3 0x20000
 BIOS Pad                                         0x5b0000
 FV          8C8CE578-8A3D-4F1C-9935-896185C32DD3 0x40000
 FV          8C8CE578-8A3D-4F1C-9935-896185C32DD3 0x6b0000
 FV          8C8CE578-8A3D-4F1C-9935-896185C32DD3 0x300000

PSP Directories

• Found at PSPDirBase and/or NewPSPDirBase

PSPDirBase    uint32
NewPSPDirBase uint32
BDHDirBase    uint32

• BDH is build similiar with different magic values
  • ignored
• Starts with $PSPCOOCKIE

PSP Header

type AMDPSPDirectoryHeader struct {
	PspCookie    [4]byte
	Checksum     uint32
	TotalEntries uint32
	Reserved     uint32
}

• $PSP
• 2PSP
  • Only two entries
  • Two pointer to $PSP directories

PSP Entries

• $TotalEntries entries

type AMDPSPDirectoryBinaryEntry struct {
	Type     uint32
	Size     uint32
	Location uint32
	Reserved uint32
}

PSP Entry Type

• Type - duh
• Credit@TU Berlin

var AMDPSPDirectoryEntries = []AMDPSPDirectoryEntryType{
	{0x00, "AMD_PUBLIC_KEY", "AMD public key"},
	{0x01, "PSP_FW_BOOT_LOADER", "PSP boot loader in SPI space"},
	{0x02, "PSP_FW_TRUSTED_OS", "PSP Firmware region in SPI space"},
	{0x03, "PSP_FW_RECOVERY_BOOT_LOADER", "PSP recovery region"},
	{0x04, "PSP_NV_DATA", "PSP data region in SPI space"},
	{0x05, "BIOS_PUBLIC_KEY", "BIOS public key stored in SPI space"},
	{0x06, "BIOS_RTM_FIRMWARE", "BIOS RTM code (PEI volume) in SPI space"},
	{0x07, "BIOS_RTM_SIGNATURE", "Signed BIOS RTM hash stored  in SPI space"},
	{0x08, "SMU_OFFCHIP_FW", "SMU image"},
	{0x09, "AMD_SEC_DBG_PUBLIC_KEY", "Secure Unlock Public key"},
	{0x0A, "OEM_PSP_FW_PUBLIC_KEY", "Optional public part of the OEM PSP Firmware"},
	{0x0B, "AMD_SOFT_FUSE_CHAIN_01", "64bit PSP Soft Fuse Chain"},
	{0x0C, "PSP_BOOT_TIME_TRUSTLETS", "Boot-loaded trustlet binaries"},
	{0x0D, "PSP_BOOT_TIME_TRUSTLETS_KEY", "Key of the boot-loaded trustlet binaries"},
	{0x10, "PSP_AGESA_RESUME_FW", "PSP Agsa-Resume-Firmware"},
	{0x12, "SMU_OFF_CHIP_FW_2", "Secondary SMU image"},
	{0x14, "!PSP_MCLF_TRUSTLETS", "very similiar to ~PspTrustlets.bin~ in coreboot blobs"},
	{0x1A, "PSP_S3_NV_DATA", "S3 Data Blob"},
	{0x31, "{0x31~ABL_ARM_CODE~", "a _lot_ of strings and also some ARM code"},
	{0x38, "!PSP_ENCRYPTED_NV_DATA", ""},
	{0x39, "!SEV_APP", ""},
	{0x40, "!PL2_SECONDARY_DIRECTORY", ""},
	{0x5f, "FW_PSP_SMUSCS", "Software AppConfiguration Settings Data Block"},
	{0x60, "FW_IMC", ""},
	{0x61, "FW_GEC", ""},
	{0x62, "FW_XHCI", ""},
	{0x63, "FW_INVALID", ""},
	{0x70, "!BL2_SECONDARY_DIRECTORY", ""},
	{0x108, "PSP_SMU_FN_FIRMWARE", ""},
	{0x112, "!SMU_OFF_CHIP_FW_3", "seems to tbe a tertiary SMU image"},
	{0x118, "PSP_SMU_FN_FIRMWARE2", ""},
	{0x15f, "!FW_PSP_SMUSCS_2", "seems to be a secondary FW_PSP_SMUSCS"},
	{0x30062, "{0x30062~UEFI-IMAGE~", ""},
}

+-----------+---------+---------+-------+---------------------+
| Directory |   Addr  |   Type  | Magic | Secondary Directory |
+-----------+---------+---------+-------+---------------------+
|     2     | 0xd1000 | PSP_NEW |  $PSP |       0x261000      |
+-----------+---------+---------+-------+---------------------+
+---+-------+----------+---------+------------------------------------+-----------+-----------------------+------------+
|   | Entry |  Address |    Size | Type (Magic)                       |   Version |             Signed by |       Info |
+---+-------+----------+---------+------------------------------------+-----------+-----------------------+------------+
|   |     0 |  0xd1400 |   0x240 | AMD_PUBLIC_KEY                     |           |        AMD_PUBLIC_KEY |     pubkey |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |     1 | 0x261400 | 0x20000 | PSP_FW_BOOT_LOADER ($PS1)          |  0.9.3.34 |        AMD_PUBLIC_KEY |            |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |     2 |  0xd1700 |  0xbb40 | PSP_FW_RECOVERY_BOOT_LOADER ($PS1) | FF.9.3.34 |        AMD_PUBLIC_KEY |            |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |     3 |  0xdd300 | 0x1d300 | SMU_OFFCHIP_FW (SMUR)              | 0.19.4D.0 |        AMD_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |     4 |  0xfa600 |   0x340 | OEM_PSP_FW_PUBLIC_KEY              |           |        AMD_PUBLIC_KEY |     pubkey |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |     5 |  0xfaa00 |  0x2740 | SMU_OFF_CHIP_FW_2 (SMUR)           | 0.19.4D.0 |        AMD_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |     6 |  0xfd200 |    0x10 | 0x21                               |           |                       |            |
|   |     7 |  0xfd300 |   0x4d0 | 0x30 (0BAR)                        | 17.5.15.1 | OEM_PSP_FW_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |     8 |  0xfd800 |  0xbac0 | 0x31~ABL_ARM_CODE~ (AR1B)          | 17.5.15.1 | OEM_PSP_FW_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |     9 | 0x109300 |  0x96d0 | 0x32 (AR2B)                        | 17.5.15.1 | OEM_PSP_FW_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |    10 | 0x112a00 |  0xd610 | 0x33 (AR3B)                        | 17.5.15.1 | OEM_PSP_FW_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |    11 | 0x120100 |  0x9960 | 0x34 (AR4B)                        | 17.5.15.1 | OEM_PSP_FW_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |    12 | 0x129b00 |  0xe800 | 0x35 (AR5B)                        | 17.5.15.1 | OEM_PSP_FW_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |    13 | 0x138300 |  0xa7c0 | 0x36 (AR6B)                        | 17.5.15.1 | OEM_PSP_FW_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |    14 | 0x142b00 |   0xb90 | 0x24 ($PS1)                        |   0.7.0.1 |        AMD_PUBLIC_KEY | compressed |
|   |       |          |         |                                    |           |        [not verified] |            |
|   |    15 | 0x261000 |   0x400 | !PL2_SECONDARY_DIRECTORY           |           |                       |            |
+---+-------+----------+---------+------------------------------------+-----------+-----------------------+------------+

And now?

• Understand Chain of Trust
• Directory starts with public key
• Bootloader next
  • Was encrypted end of 2018
  • New 0x21 Type: “Encrypted Key”
  • AES

Data Entries

• Undocumented 0x100 Byte header
• Partly reverse engeneeried
• Signed

Header is verified

type AMDPSPEntryBinaryHeader struct {
	Unknown1       [16]byte
	ID             uint32
	SizeSigned     uint32
	Unknown2       [0x18]byte
	AlwaysOne      uint32 // Could be a type?
	Unknown3       [4]byte
	SigFingerprint [16]byte
	IsCompressed   uint32
	Unknown4       uint32
	FullSize       uint32
	Unknown5       [12]byte
	Version        [4]byte
	Unknown6       [4]byte
	Unknown7       [4]byte
	SizePacked     uint32
}

… Data was not!

-> Ryzenfall