def check_s3_bootscript(self, bootscript_pa): res = BOOTSCRIPT_OK self.logger.log( "[*] Checking S3 boot-script at 0x{:016X}".format(bootscript_pa)) # Checking if it's in SMRAM scriptInsideSMRAM = self.is_inside_SMRAM(bootscript_pa) if scriptInsideSMRAM: res |= BOOTSCRIPT_INSIDE_SMRAM self.logger.log_good('S3 boot-script is in SMRAM') self.logger.log_important( "Note: the test could not verify Dispatch opcodes because the script is in SMRAM. Entry-points of Dispatch opcodes also need to be protected." ) else: res |= BOOTSCRIPT_OUTSIDE_SMRAM self.logger.log_bad('S3 boot-script is not in SMRAM') self.logger.log('[*] Reading S3 boot-script from memory..') script_all = self.cs.mem.read_physical_mem(bootscript_pa, 0x100000) self.logger.log('[*] Decoding S3 boot-script opcodes..') script_entries = parse_script(script_all, False) dispatch_opcodes_ok = self.check_dispatch_opcodes(script_entries) if dispatch_opcodes_ok: res |= DISPATCH_OPCODES_PROTECTED self.logger.log_important( "S3 boot-script is not in protected memory but didn't find unprotected Dispatch entry-points" ) else: res |= DISPATCH_OPCODES_UNPROTECTED self.logger.log_bad( 'Entry-points of Dispatch opcodes in S3 boot-script are not in protected memory' ) return res
def s3bootscript(self): self.logger.log( "[CHIPSEC] Searching for and parsing S3 resume bootscripts.." ) if self.bootscript_pa is not None: self.logger.log( '[*] Reading S3 boot-script from memory at 0x{:016X}..'.format(self.bootscript_pa) ) script_all = self.cs.mem.read_physical_mem( self.bootscript_pa, 0x100000 ) self.logger.log( '[*] Decoding S3 boot-script opcodes..' ) script_entries = parse_script( script_all, True ) else: (bootscript_PAs, parsed_scripts) = self._uefi.get_s3_bootscript( True )