def _run_uefi_extract_on_md(self, test, md):
# remove any old shards we added
for shard in md.shards:
if shard.plugin_id == self.id:
db.session.delete(shard)
db.session.commit()
# is this a AMI BIOS with PFAT sections
if md.blob[8:16] == b'_AMIPFAT':
pfat = PfatFile(md.blob)
shards = []
for shard in pfat.shards:
shards.append(shard)
if shard.name == 'com.ami.BIOS_FV_BB.bin':
continue
shards.extend(self._get_shards_for_blob(shard.blob))
test.add_pass('Found PFAT blob')
# try with the plain blob (possibly with a capsule header) and
# then look for a Zlib section (with an optional PFS-prefixed) blob
else:
shards = self._get_shards_for_blob(md.blob)
if not shards:
for blob in self._find_zlib_sections(md.blob):
try:
pfs = PfsFile(blob)
for shard in pfs.shards:
shards.append(shard)
shards.extend(self._get_shards_for_blob(
shard.blob))
test.add_pass('Found PFS in Zlib compressed blob')
except RuntimeError as _:
shard = ComponentShard(plugin_id=self.id)
shard.set_blob(blob)
shard.name = 'Zlib'
shard.guid = '68b8cc0e-4664-5c7a-9ce3-8ed9b4ffbffb'
shards.append(shard)
shards.extend(self._get_shards_for_blob(shard.blob))
test.add_pass('Found Zlib compressed blob')
if not shards:
test.add_pass('No firmware volumes found in {}'.format(
md.filename_contents))
return
# add shard to component
for shard in shards:
shard.plugin_id = self.id
shard.component_id = md.component_id
if self.get_setting_bool('uefi_extract_write_shards'):
shard.save()
md.shards.append(shard)
def _run_chipsec_on_md(self, test, md):
# remove any old shards we added
for shard in md.shards:
if shard.plugin_id == self.id:
for result in shard.yara_query_results:
db.session.delete(result)
db.session.delete(shard)
db.session.commit()
# try first with the plain blob (possibly with a capsule header) and
# then look for a Zlib section (with an optional PFS-prefixed) blob
shards = self._get_shards_for_blob(md.blob)
if not shards:
for blob in self._find_zlib_sections(md.blob):
try:
pfs = PfsFile(blob)
for shard in pfs.shards:
shards.append(shard)
shards.extend(self._get_shards_for_blob(shard.blob))
test.add_pass('Found PFS in Zlib compressed blob')
except RuntimeError as _:
shard = ComponentShard(plugin_id=self.id)
shard.set_blob(blob)
shard.name = 'Zlib'
shard.guid = '68b8cc0e-4664-5c7a-9ce3-8ed9b4ffbffb'
shards.append(shard)
shards.extend(self._get_shards_for_blob(shard.blob))
test.add_pass('Found Zlib compressed blob')
if not shards:
test.add_pass('No firmware volumes found in {}'.format(
md.filename_contents))
return
# add shard to component
for shard in shards:
shard.plugin_id = self.id
shard.component_id = md.component_id
if self.get_setting_bool('chipsec_write_shards'):
shard.save()
md.shards.append(shard)