def PrintSEM(filepath): if(filepath and os.path.isfile(filepath)): s = open(filepath, "rb") SEM = PermissionApplyVariable(s) s.close() #now print it out. SEM.Print()
def main(): parser = argparse.ArgumentParser(description='Create SEM Permission Packet Variable') #Output debug log parser.add_argument("-l", dest="OutputLog", help="Create an output log file: ie -l out.txt", default=None) parser.add_argument("-p", dest="PrintFile", help="Print File as Permission Blob", default= None) parser.add_argument("-pr", dest="PrintResultsFile", help="Print Result File as Permission Blob", default= None) parser.add_argument("-pc", dest="PrintCurrentFile", help="Print Current File to {basename}_Current.xml", default= None) parser.add_argument("--dirty", action="store_true", dest="dirty", help="Leave around the temp files after finished", default=False) Step1Group = parser.add_argument_group(title="Step1", description="Signed Data Prep. Build data structure.") Step1Group.add_argument("--Step1Enable", dest="Step1Enable", help="Do Step 1 - Signed Data Prep", default=False, action="store_true") Step1Group.add_argument("--SnTarget", dest="SnTarget", help="Target to only a device with given Serial Number in decimal. Zero means all devices", default=0) Step1Group.add_argument("--XmlFilePath", dest="XmlFilePath", help="Path to Xml Permission Packet File", default=None) Step1Group.add_argument("--PrepResultFile", dest="PrepResultFile", help="Optional File for output from Step1. Required if not doing step2", default=None) Step1Group.add_argument("--HdrVersion", dest="HdrVersion", help="Specify packet version", default= PermissionApplyVariable.VERSION_V1) Step1Group.add_argument("--SMBIOSMfg", dest="SMBIOSMfg", help="Specify SMBIOS Manufacturer", default=None) Step1Group.add_argument("--SMBIOSProd", dest="SMBIOSProd", help="Specify SMBIOS Product Name", default=None) Step1Group.add_argument("--SMBIOSSerial", dest="SMBIOSSerial", help="Specify SMBIOS Serial Number", default=None) Step2Group = parser.add_argument_group(title="Step2", description="Signature Generation Step.") Step2Group.add_argument("--Step2Enable", dest="Step2Enable", help="Do Step 2 - Local Signing", default=False, action="store_true") #need to add arguments here for signing. signtool path and parameters Step2Group.add_argument("--SigningInputFile", dest="SigningInputFile", help="Optional File for intput for Step2. Required if not doing step1", default=None) Step2Group.add_argument("--SigningResultFile", dest="SigningResultFile", help="Optional File for output from Step2. Required if not doing step3", default=None) Step2Group.add_argument("--SigningPfxFile", dest="SigningPfxFile", help="Path to PFX file for signing", default=None) Step2Group.add_argument("--SigningPfxPw", dest="SigningPfxPw", help="Optional Password for PFX file for signing", default=None) Step3Group = parser.add_argument_group(title="Step3", description="Final Var Construction.") Step3Group.add_argument("--Step3Enable", dest="Step3Enable", help="Do Step 3 - Final Provisioning Var Construction", default=False, action="store_true") Step3Group.add_argument("--FinalizeInputFile", dest="FinalizeInputFile", help="Optional if doing Step2. Generally Step1 Output or Step2 input. ", default=None) Step3Group.add_argument("--FinalizeInputDetachedSignatureFile", dest="FinalizeInputDetachedSignatureFile", help="Signtool Detached Signature File. Optional if doing Step2", default=None) Step3Group.add_argument("--FinalizeResultFile", dest="FinalizeResultFile", help="File for output from Step3. Complete SEM Provisioning Var File.", default=None) #Turn on debug level logging parser.add_argument("--debug", action="store_true", dest="debug", help="turn on debug logging level for file log", default=False) options = parser.parse_args() #setup file based logging if outputReport specified if(options.OutputLog): if(len(options.OutputLog) < 2): logging.critical("the output log file parameter is invalid") return -2 else: #setup file based logging filelogger = logging.FileHandler(filename=options.OutputLog, mode='w') if(options.debug): filelogger.setLevel(logging.DEBUG) else: filelogger.setLevel(logging.INFO) filelogger.setFormatter(formatter) logging.getLogger('').addHandler(filelogger) logging.info("Log Started: " + datetime.datetime.strftime(datetime.datetime.now(), "%A, %B %d, %Y %I:%M%p" )) #Step 1 Prep if(options.Step1Enable): logging.debug("Step 1 Enabled") if(not options.XmlFilePath) or (not os.path.isfile(options.XmlFilePath)): logging.critical("For Step1 there must be a valid XML Permission file") return -2 if(not options.Step2Enable): #must have output file if(not options.PrepResultFile): logging.critical("Since Step2 is not enabled there must be a PrepResultFile for the result") return -3 if(options.PrepResultFile): logging.debug("Step 1 Result will be written to: " + options.PrepResultFile) if(options.SigningInputFile): logging.critical("Since Step1 is enabled an Input File for Step2 is not allowed") return -11 #Step 2 signing if(options.Step2Enable): logging.debug("Step 2 Enabled") if(not options.SigningPfxFile): logging.critical("Since Step2 is enabled you must supply a path to a PFX file for signing") return -10 if(not options.Step1Enable) and ((not options.SigningInputFile) or (not os.path.isfile(options.SigningInputFile))): logging.critical("For Step2 you must do Step1 or have a valid SigningInputFile") return -4 if(not options.Step3Enable): #must have output file if(not options.SigningResultFile): logging.critical("Since Step3 is not enabled there must be a SigningResultFile for the result") return -5 if(options.SigningResultFile): logging.debug("Step2 Result will be written to: " + options.SigningResultFile) if(options.FinalizeInputDetachedSignatureFile): logging.critical("Since Step2 is enabled an Input Detached signature file for Step3 is not allowed") return -13 if(options.FinalizeInputFile): logging.critical("Since Step2 is enabled an Input file for Step3 is not allowed") return -14 #Step 3 Finalize if(options.Step3Enable): logging.debug("Step 3 Enabled") if(not options.Step2Enable) and (options.Step1Enable): logging.critical("Can't have only Step1 and 3 Enabled") return -12 if(not options.Step2Enable) and ((not options.FinalizeInputFile) or (not os.path.isfile(options.FinalizeInputFile)) or (not options.FinalizeInputDetachedSignatureFile) or (not os.path.isfile(options.FinalizeInputDetachedSignatureFile))): logging.critical("For Step3 you must do Step2 or have a valid FinalizeInputFile and FinalizeInputDetachedSignatureFile") return -6 #must have an output file if(not options.FinalizeResultFile): logging.critical("For Step3 you must have a FinalizeResultFile") return -7 else: logging.debug("Step3 Result will be written to: " + options.FinalizeResultFile) tempdir = "_temp_" + str(time.time()) logging.critical("Temp directory is: " + os.path.join(os.getcwd(), tempdir)) os.makedirs(tempdir) #STEP 1 - Prep Var if(options.Step1Enable): logging.critical("Step1 Started") Step1OutFile = os.path.join(tempdir, "Step1Out.bin") SEM = PermissionApplyVariable(None, int(options.HdrVersion)) if (int(options.HdrVersion) == PermissionApplyVariable.VERSION_V1): SEM.SNTarget = int(options.SnTarget); elif (int(options.HdrVersion) == PermissionApplyVariable.VERSION_V2): if options.SMBIOSMfg == None: SEM.Manufacturer = "OEMSH" else: SEM.Manufacturer = options.SMBIOSMfg if options.SMBIOSProd == None: SEM.ProductName = "OEMSH Product" else: SEM.ProductName = options.SMBIOSProd if options.SMBIOSSerial == None: SEM.SerialNumber = "789789789" else: SEM.SerialNumber = options.SMBIOSSerial else: logging.critical("Invalid header version specified") return -31 a = open(options.XmlFilePath, "r") SEM.AddXmlPayload(a.read()) a.close() of = open(Step1OutFile, "wb") SEM.Write(of) of.close() #if user requested a step1 output file copy the temp file if(options.PrepResultFile): shutil.copy(Step1OutFile, options.PrepResultFile) #setup input for Step2 options.SigningInputFile = Step1OutFile #STEP 2 - Local sign if(options.Step2Enable): logging.critical("Step2 Started") #copy signinginputfile into temp dir FileToSign = os.path.join(tempdir, "Step2In.bin") shutil.copy(options.SigningInputFile, FileToSign) options.SigningInputFile = FileToSign options.SigningOutputFile = os.path.join(tempdir, "Step2Signature.bin") #do local signature ret = SignSEMData(options) if(ret != 0): logging.critical("SignSEMData (Step2) Failed: " + str(ret)) return ret if(options.SigningResultFile): shutil.copy(options.SigningOutputFile, options.SigningResultFile) #setup input for Step3 options.FinalizeInputFile = options.SigningInputFile options.FinalizeInputDetachedSignatureFile = options.SigningOutputFile #STEP 3 - Write Signature Structure and complete file if(options.Step3Enable): logging.critical("Step3 Started") sstep1file = open(options.FinalizeInputFile, "rb") SEM = PermissionApplyVariable(sstep1file) sstep1file.close() SEM.Signature = WinCertUefiGuid() detached = open(options.FinalizeInputDetachedSignatureFile, "rb") SEM.Signature.AddCertData(detached) detached.close() SEM.SessionId = random.randint(0, 4294967295) #generate a random session id if(not options.FinalizeResultFile): options.FinalizeResultFile = os.path.join(tempdir, "Step3Out.bin") of = open(options.FinalizeResultFile, "wb") SEM.Write(of) of.close() # # Function to print SEM # if(options.PrintFile) and (os.path.isfile(options.PrintFile)): PrintSEM(options.PrintFile) if(options.PrintResultsFile) and (os.path.isfile(options.PrintResultsFile)): PrintSEMResults(options.PrintResultsFile) if(options.PrintCurrentFile) and (os.path.isfile(options.PrintCurrentFile)): PrintSEMCurrent(options.PrintCurrentFile) #clean up if user didn't request to leave around if(not options.dirty): shutil.rmtree(tempdir) return 0
def get_sessionid_from_permission_packet(self, identityfile): f = open(identityfile, 'rb') rslt = PermissionApplyVariable(f) f.close() rslt.Print() return rslt.SessionId