How can I look up an x86 port IO port from windows COM?

NTDEV
1

Hello all, I was told you were the people to ask this sort of thing.

I want to programmatically write to an Intel AMT virtual/fake serial port from within Intel TXT. So I can’t use an AMT library.

The port shows up as COM3 in Windows (the only COM port). Is there a way to look up what the port IO port should be? I know that historically, by convention serial port 3 was at port 0x3E8, but writing to that (or any of the other conventional serial port addresses) doesn’t seem to produce any output on the listening side.

Thanks in advance,

Gerri F.

2

xxxxx@gmail.com wrote:

I want to programmatically write to an Intel AMT virtual/fake serial port from within Intel TXT. So I can’t use an AMT library.

The port shows up as COM3 in Windows (the only COM port). Is there a way to look up what the port IO port should be? I know that historically, by convention serial port 3 was at port 0x3E8, but writing to that (or any of the other conventional serial port addresses) doesn’t seem to produce any output on the listening side.

I’m not convinced there are any hardware I/O ports behind that at all.
I thought the only access to AMT was through TCP. They have a “serial
over LAN” driver that converts serial requests into TCP requests, but
the low-level access is all TCP.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

3

> Hello all, I was told you were the people to ask this sort of thing.

I want to programmatically write to an Intel AMT virtual/fake serial
port
from within Intel TXT. So I can’t use an AMT library.

The port shows up as COM3 in Windows (the only COM port). Is there a way
to look up what the port IO port should be? I know that historically, by
convention serial port 3 was at port 0x3E8, but writing to that (or any
of
the other conventional serial port addresses) doesn’t seem to produce
any
output on the listening side.

Thanks in advance,

Gerri F.

There is no reason to expect that COMn will be at any fixed port location.
While historically, serial ports had predefined physical addresses, for
more than a decade, serial ports are merely an abstraction that obey
certain protocols. A system with no physical COM port might call a
serial-to-USB device COM1.

You would have to know what an AMT port does before you can write to it.
The fact that you refer to it as a “fake” port should tell you instantly
that writing to a hardware address is a meanigless operation.

If you don’t “own” the device, you should not be writing to its hardware.
What if an app opened the logical COM3 and started using it? You should
let its driver mediate the interface.

It appears from my reading about AMT is that it is fundamentally a network
mechanism. If you are talking about the ability to read or write the
NVRAM, that should involve calling the AMT driver directly. I have no
idea what you are referring to as a “AMT library” since it appears that
this is a convenient interface library for apps. But don’t try to go
after the raw hardware. That way lies disaster.

I have no idea what “TXT” is. You might want to make your question
clearer for those of us who don’t run around trying to memorize every TLA
in our spare time.

And you have made the usual mistake of asking how to implement some
preconcieved idea without stating what problem you are trying to solve.
joe

NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

4

On 11-Sep-2013 03:27, xxxxx@gmail.com wrote:

Hello all, I was told you were the people to ask this sort of thing.

I want to programmatically write to an Intel AMT virtual/fake serial port from within Intel TXT. So I can’t use an AMT library.

The port shows up as COM3 in Windows (the only COM port). Is there a way to look up what the port IO port should be? I know that historically, by convention serial port 3 was at port 0x3E8, but writing to that (or any of the other conventional serial port addresses) doesn’t seem to produce any output on the listening side.

Thanks in advance,

Gerri F.

We may be the people to ask such question - but the people who could
answer it probably are here:
http://software.intel.com/en-us/forum

Good luck,
– pa

5

>>I have no idea what “TXT” is

Computing the hash of server BIOS and VMM and attesting it against known good. (Trusted Exec. Tech.)

6

Unfortunately my last post seems to have disappeared because my login at osronline must have timed out. But here’s the quick summary:

  1. yes, TXT is Trusted Execution Technology (which need not necessarily measure the BIOS or a VMM, it just measures whatever “Measured Launch Environment” you set up.)

  2. I found the serial port (dear google “the AMT serial port’s x86 port IO port is 0x5050” (now to see if that shows up next time I search for it ;-). But what I don’t know is how to *find* the port, incase it’s different on other systems. I’ll apparently need to look at how linux enumerates serial ports.

  3. The TCP stuff is on the side of the person connecting to AMT Serial over LAN, not on the system itself. Of course on the system itself AMT needs to make it look like any other serial port, up to and including being able to use port IO.

  4. The thing I thought might have the information (which I couldn’t remember the name of which I thought people might tell me) was the BIOS Data Area at physical address 0x400. That has a list of the port IO addresses for the current serial ports. Unfortunately the BIOS does not appear to put the AMT serial port info there.

So in the end it looks like I’ll have to look to linux folks to figure out how to find serial ports :-/

Thanks anyway,
Gerri F.

7

xxxxx@gmail.com wrote:

  1. I found the serial port (dear google “the AMT serial port’s x86 port IO port is 0x5050” (now to see if that shows up next time I search for it ;-). But what I don’t know is how to *find* the port, incase it’s different on other systems. I’ll apparently need to look at how linux enumerates serial ports.

Where did you find that? I get no Google matches for “AMT serial port
0x5050”.

Based on this link:
http://software.intel.com/en-us/blogs/2010/09/29/amt-sol-device-ids
You should be able to scan the PCI bus for a device with class code
0700, then scan its BARs to find the I/O port range.

Note that I said that as if it were easy to do.

  1. The thing I thought might have the information (which I couldn’t remember the name of which I thought people might tell me) was the BIOS Data Area at physical address 0x400. That has a list of the port IO addresses for the current serial ports. Unfortunately the BIOS does not appear to put the AMT serial port info there.

Nope, PCI serial ports never go in that area.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

8

> Computing the hash of server BIOS and VMM and attesting it against known good. (Trusted Exec.

Does this include the glorious encrypted Intel’s BMC BIOS hardcoded to south bridge chip?

It contains some interesting things, like, for instance, the VM root hypervisor (so the server boots virtualized immediately, regardless of what is installed on the hard disks).

This topic slowly drifts to discussing Mr. Showden’s findings :slight_smile:


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

9

Where did I get port 0x5050? I finally thought to check the CMU “Flicker” people’s code :slight_smile: (Flicker being an academic project to try and make TXT useful for small “piece of application logic” (PAL) chunks of code)
http://sourceforge.net/p/flickertcb/code/ci/master/tree/flicker/pal/Makefile
But you’ll note it doesn’t say that in a single file, I had to backtrace their serial port writing code which had references to AMT SOL.

And Tim, thanks for your description of what that Intel page was trying to say. While my system did have a thing that looked like “PCI\VEN_8086&DEV_3B67&CC_0700”, I wouldn’t have known that the CC_0700 meant to go look at a class code 0x700 in PCI devices (though it makes sense in retrospect). I did then walk the PCI devices, not with code, but with my new favorite tool - Read Write Everything! However nothing showed up with that CC. But in he COM3 port properties it also had an entry for CC 0x070002, and indeed the thing that RWE identifies as “Intel Corporation Serial Device” has at CC of 0x070002. And when I look at the BAR1 entry, it says 0x5051. The fact that it’s 0x5051 instead of 0x5050 is something I’m sure is something I don’t know about serial ports, but the end result is that we worked together to find how to find the port IO port :smiley:

Thanks!

Gerri F.

p.s. Maxim, every Intel chip since Core 2s that were marketed as “vPro” has come with TXT (which as I already described doesn’t necessarily have anything to do with BIOS or VMMs, although that’s the use case Intel promotes the most through the open source tboot project)

10

xxxxx@gmail.com wrote:

… And when I look at the BAR1 entry, it says 0x5051. The fact that it’s 0x5051 instead of 0x5050 is something I’m sure is something I don’t know about serial ports, but the end result is that we worked together to find how to find the port IO port :smiley:

It’s not a serial port thing, it’s a PCI thing. The low-order bit of a
BAR tells whether it is a memory range (0) or an I/O port range (1).
So, 0x5051 means an I/O port range starting at 0x5050.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

11

>>Does this include the glorious encrypted Intel’s BMC BIOS hardcoded to south
bridge chip?

I do not think so; its chip function actually (with TPM assistance), and as rightly pointed out by OP; can be used to compare any thing with a know good measure. Though as if now is majorly used for the given use case.

12

If it is a PCI device, then its logical address can change on a reboot.
And I still express concern that if you are going after the raw hardware,
you have no synchronization with the other users of the hardware. This
sounds risky. If there is a device driver for this, why can’t you call
that driver?
joe

Where did I get port 0x5050? I finally thought to check the CMU “Flicker”
people’s code :slight_smile: (Flicker being an academic project to try and make TXT
useful for small “piece of application logic” (PAL) chunks of code)
http://sourceforge.net/p/flickertcb/code/ci/master/tree/flicker/pal/Makefile
But you’ll note it doesn’t say that in a single file, I had to backtrace
their serial port writing code which had references to AMT SOL.

And Tim, thanks for your description of what that Intel page was trying to
say. While my system did have a thing that looked like
“PCI\VEN_8086&DEV_3B67&CC_0700”, I wouldn’t have known that the CC_0700
meant to go look at a class code 0x700 in PCI devices (though it makes
sense in retrospect). I did then walk the PCI devices, not with code, but
with my new favorite tool - Read Write Everything! However nothing showed
up with that CC. But in he COM3 port properties it also had an entry for
CC 0x070002, and indeed the thing that RWE identifies as “Intel
Corporation Serial Device” has at CC of 0x070002. And when I look at the
BAR1 entry, it says 0x5051. The fact that it’s 0x5051 instead of 0x5050 is
something I’m sure is something I don’t know about serial ports, but the
end result is that we worked together to find how to find the port IO port
:smiley:

Thanks!

Gerri F.

p.s. Maxim, every Intel chip since Core 2s that were marketed as “vPro”
has come with TXT (which as I already described doesn’t necessarily have
anything to do with BIOS or VMMs, although that’s the use case Intel
promotes the most through the open source tboot project)

NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

13

To put it another way: would you want some random driver to directly send
bits to the ports of a ATAPI controller card? Seems a good way to trash a
file system. Why is the AMT any different?
joe

If it is a PCI device, then its logical address can change on a reboot.
And I still express concern that if you are going after the raw hardware,
you have no synchronization with the other users of the hardware. This
sounds risky. If there is a device driver for this, why can’t you call
that driver?
joe

> Where did I get port 0x5050? I finally thought to check the CMU
> “Flicker”
> people’s code :slight_smile: (Flicker being an academic project to try and make TXT
> useful for small “piece of application logic” (PAL) chunks of code)
> http://sourceforge.net/p/flickertcb/code/ci/master/tree/flicker/pal/Makefile
> But you’ll note it doesn’t say that in a single file, I had to backtrace
> their serial port writing code which had references to AMT SOL.
>
> And Tim, thanks for your description of what that Intel page was trying
> to
> say. While my system did have a thing that looked like
> “PCI\VEN_8086&DEV_3B67&CC_0700”, I wouldn’t have known that the CC_0700
> meant to go look at a class code 0x700 in PCI devices (though it makes
> sense in retrospect). I did then walk the PCI devices, not with code,
> but
> with my new favorite tool - Read Write Everything! However nothing
> showed
> up with that CC. But in he COM3 port properties it also had an entry for
> CC 0x070002, and indeed the thing that RWE identifies as “Intel
> Corporation Serial Device” has at CC of 0x070002. And when I look at the
> BAR1 entry, it says 0x5051. The fact that it’s 0x5051 instead of 0x5050
> is
> something I’m sure is something I don’t know about serial ports, but the
> end result is that we worked together to find how to find the port IO
> port
> :smiley:
>
> Thanks!
>
> Gerri F.
>
> p.s. Maxim, every Intel chip since Core 2s that were marketed as “vPro”
> has come with TXT (which as I already described doesn’t necessarily have
> anything to do with BIOS or VMMs, although that’s the use case Intel
> promotes the most through the open source tboot project)
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer