예제 #1
0
def build_efi_tree(_uefi, data, fwtype):
    fvolumes = []
    fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume(
        data)
    while fv_off is not None:
        fv = EFI_FV(fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum,
                    fv_hdroff, fv_img, fv_calccsum)
        fv.calc_hashes()

        # Detect File System firmware volumes
        if fv.Guid in (EFI_PLATFORM_FS_GUIDS + EFI_FS_GUIDS):
            fwbin = build_efi_file_tree(_uefi, fv_img, fwtype)
            for i in fwbin:
                fv.children.append(i)

        # Detect NVRAM firmware volumes
        elif fv.Guid in EFI_NVRAM_GUIDS:  # == VARIABLE_STORE_FV_GUID:
            fv.isNVRAM = True
            try:
                fv.NVRAMType = identify_EFI_NVRAM(
                    fv.Image) if fwtype is None else fwtype
            except:
                logger().warn("couldn't identify NVRAM in FV {{{}}}".format(
                    fv.Guid))

        fvolumes.append(fv)
        fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume(
            data, fv.Offset + fv.Size)

    return fvolumes
예제 #2
0
def decode_uefi_region(_uefi, pth, fname, fwtype):

    bios_pth = os.path.join(pth, fname + '.dir')
    if not os.path.exists(bios_pth):
        os.makedirs(bios_pth)
    fv_pth = os.path.join(bios_pth, 'FV')
    if not os.path.exists(fv_pth):
        os.makedirs(fv_pth)

    # Decoding UEFI Firmware Volumes
    if logger().HAL:
        logger().log("[spi_uefi] decoding UEFI firmware volumes...")
    parse_uefi_region_from_file(_uefi, fname, fwtype, fv_pth)

    # Decoding EFI Variables NVRAM
    if logger().HAL: logger().log("[spi_uefi] decoding UEFI NVRAM...")
    region_data = read_file(fname)
    if fwtype is None:
        fwtype = identify_EFI_NVRAM(region_data)
        if fwtype is None: return
    elif fwtype not in fw_types:
        if logger().HAL:
            logger().error("unrecognized NVRAM type {}".format(fwtype))
        return
    nvram_fname = os.path.join(bios_pth, ('nvram_{}'.format(fwtype)))
    logger().set_log_file((nvram_fname + '.nvram.lst'))
    _uefi.parse_EFI_variables(nvram_fname, region_data, False, fwtype)
예제 #3
0
파일: spi_uefi.py 프로젝트: chipsec/chipsec
def decode_uefi_region(_uefi, pth, fname, fwtype):

    bios_pth = os.path.join( pth, fname + '.dir' )
    if not os.path.exists( bios_pth ):
        os.makedirs( bios_pth )
    fv_pth = os.path.join( bios_pth, 'FV' )
    if not os.path.exists( fv_pth ):
        os.makedirs( fv_pth )

    # Decoding UEFI Firmware Volumes
    if logger().HAL: logger().log( "[spi_uefi] decoding UEFI firmware volumes..." )
    parse_uefi_region_from_file( _uefi, fname, fwtype, fv_pth )

    # Decoding EFI Variables NVRAM
    if logger().HAL: logger().log( "[spi_uefi] decoding UEFI NVRAM..." )
    region_data = read_file( fname )
    if fwtype is None:
        fwtype = identify_EFI_NVRAM( region_data )
        if fwtype is None: return
    elif fwtype not in fw_types:
        if logger().HAL: logger().error( "unrecognized NVRAM type {}".format(fwtype) )
        return
    nvram_fname = os.path.join( bios_pth, ('nvram_{}'.format(fwtype)) )
    logger().set_log_file( (nvram_fname + '.nvram.lst') )
    _uefi.parse_EFI_variables( nvram_fname, region_data, False, fwtype )
예제 #4
0
def build_efi_tree(_uefi, data, fwtype):
    fvolumes = []
    fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume(
        data)
    while fv_off is not None:
        fv = EFI_FV(fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum,
                    fv_hdroff, fv_img, fv_calccsum)
        fv.calc_hashes()
        polarity = bit_set(fv.Attributes, EFI_FVB2_ERASE_POLARITY)

        # Detect File System firmware volumes
        if fv.Guid in (EFI_PLATFORM_FS_GUIDS + EFI_FS_GUIDS):
            foff, next_offset, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum = NextFwFile(
                fv.Image, fv.Size, fv.HeaderSize, polarity)
            while next_offset is not None:
                if fname:
                    fwbin = EFI_FILE(foff, fname, ftype, fattr, fstate, fcsum,
                                     fsz, fimg, fhdrsz, fUD, fcalcsum)
                    fwbin.calc_hashes()
                    if fwbin.Type not in (EFI_FV_FILETYPE_ALL,
                                          EFI_FV_FILETYPE_RAW,
                                          EFI_FV_FILETYPE_FFS_PAD):
                        fwbin.children = build_efi_modules_tree(
                            _uefi, fwtype, fwbin.Image, fwbin.Size,
                            fwbin.HeaderSize, polarity)
                    elif fwbin.Type == EFI_FV_FILETYPE_RAW:
                        if fwbin.Name != NVAR_NVRAM_FS_FILE:
                            fwbin.children = build_efi_tree(
                                _uefi, fwbin.Image, fwtype)
                        else:
                            fwbin.isNVRAM = True
                            fwbin.NVRAMType = FWType.EFI_FW_TYPE_NVAR

                    fv.children.append(fwbin)
                foff, next_offset, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum = NextFwFile(
                    fv.Image, fv.Size, next_offset, polarity)

        # Detect NVRAM firmware volumes
        elif fv.Guid in EFI_NVRAM_GUIDS:  # == VARIABLE_STORE_FV_GUID:
            fv.isNVRAM = True
            try:
                fv.NVRAMType = identify_EFI_NVRAM(
                    fv.Image) if fwtype is None else fwtype
            except:
                logger().warn("couldn't identify NVRAM in FV {%s}" % fv.Guid)

        fvolumes.append(fv)
        fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume(
            data, fv.Offset + fv.Size)

    return fvolumes
예제 #5
0
    def nvram_auth(self):
        authvars = 1
        rom = read_file( self.romfilename )
        if self.fwtype is None:
            self.fwtype = identify_EFI_NVRAM( rom )
            if self.fwtype is None:
                self.logger.error( "Could not automatically identify EFI NVRAM type" )
                return
        elif self.fwtype not in fw_types:
            self.logger.error( "Unrecognized EFI NVRAM type '{}'".format(self.fwtype) )
            return

        _orig_logname = self.logger.LOG_FILE_NAME
        self.logger.set_log_file( (self.romfilename + '.nv.lst') )
        self._uefi.parse_EFI_variables( self.romfilename, rom, authvars, self.fwtype )
        self.logger.set_log_file( _orig_logname )
예제 #6
0
def build_efi_tree( _uefi, data, fwtype ):
    fvolumes = []
    fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume( data )
    while fv_off is not None:
        fv = EFI_FV( fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum )
        fv.calc_hashes()
        polarity = bit_set( fv.Attributes, EFI_FVB2_ERASE_POLARITY )

        # Detect File System firmware volumes
        if fv.Guid in (EFI_PLATFORM_FS_GUIDS + EFI_FS_GUIDS):
            foff, next_offset, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum = NextFwFile( fv.Image, fv.Size, fv.HeaderSize, polarity )
            while next_offset is not None:
                if fname:
                    fwbin = EFI_FILE( foff, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum )
                    fwbin.calc_hashes()
                    if fwbin.Type not in (EFI_FV_FILETYPE_ALL, EFI_FV_FILETYPE_RAW, EFI_FV_FILETYPE_FFS_PAD):
                        fwbin.children = build_efi_modules_tree( _uefi, fwtype, fwbin.Image, fwbin.Size, fwbin.HeaderSize, polarity )
                    elif fwbin.Type == EFI_FV_FILETYPE_RAW:
                        if fwbin.Name != NVAR_NVRAM_FS_FILE:
                            fwbin.children = build_efi_tree( _uefi, fwbin.Image, fwtype )
                        else:
                            fwbin.isNVRAM   = True
                            fwbin.NVRAMType = FWType.EFI_FW_TYPE_NVAR

                    fv.children.append(fwbin)
                foff, next_offset, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum = NextFwFile( fv.Image, fv.Size, next_offset, polarity )

        # Detect NVRAM firmware volumes
        elif fv.Guid in EFI_NVRAM_GUIDS: # == VARIABLE_STORE_FV_GUID:
            fv.isNVRAM = True
            try:
                fv.NVRAMType = identify_EFI_NVRAM( fv.Image ) if fwtype is None else fwtype
            except: logger().warn("couldn't identify NVRAM in FV {%s}" % fv.Guid)

        fvolumes.append(fv)
        fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume( data, fv.Offset + fv.Size )

    return fvolumes
예제 #7
0
파일: spi_uefi.py 프로젝트: chipsec/chipsec
def build_efi_tree( _uefi, data, fwtype ):
    fvolumes = []
    fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume( data )
    while fv_off is not None:
        fv = EFI_FV( fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum )
        fv.calc_hashes()

        # Detect File System firmware volumes
        if fv.Guid in (EFI_PLATFORM_FS_GUIDS + EFI_FS_GUIDS):
            fwbin = build_efi_file_tree ( _uefi, fv_img, fwtype)
            for i in fwbin:
                fv.children.append(i)

        # Detect NVRAM firmware volumes
        elif fv.Guid in EFI_NVRAM_GUIDS: # == VARIABLE_STORE_FV_GUID:
            fv.isNVRAM = True
            try:
                fv.NVRAMType = identify_EFI_NVRAM( fv.Image ) if fwtype is None else fwtype
            except: logger().warn("couldn't identify NVRAM in FV {{{}}}".format(fv.Guid))

        fvolumes.append(fv)
        fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume( data, fv.Offset + fv.Size )

    return fvolumes
예제 #8
0
def traverse_uefi_region(_uefi,
                         data,
                         fwtype,
                         uefi_path='',
                         printall=True,
                         dumpall=True,
                         match_criteria=None,
                         findall=True):
    found, voln, fwbin_dir = False, 0, ''
    # caller specified non-empty matching rules so we'll need to look for specific EFI modules as we parse FVs
    bsearch = (match_criteria is not None)

    fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume(
        data)
    while fv_off is not None:
        fv = EFI_FV(fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum,
                    fv_hdroff, fv_img, fv_calccsum)
        add_hashes(fv)

        if printall: logger().log(fv)
        if dumpall: volume_path = dump_fv(fv, voln, uefi_path)
        # only check the match rules if we need to find specific EFI module
        if bsearch and check_match_criteria(fv, match_criteria):
            if findall: found = True
            else: return True

        polarity = bit_set(fv.Attributes, EFI_FVB2_ERASE_POLARITY)
        #
        # Detect File System firmware volumes
        #
        if fv.Guid == EFI_FIRMWARE_FILE_SYSTEM2_GUID or fv.Guid == EFI_FIRMWARE_FILE_SYSTEM_GUID:
            foff, next_offset, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum = NextFwFile(
                fv.Image, fv.Size, fv.HeaderSize, polarity)
            while (next_offset is not None):
                if fname is not None:
                    fwbin = EFI_FILE(foff, fname, ftype, fattr, fstate, fcsum,
                                     fsz, fimg, fhdrsz, fUD, fcalcsum)
                    fwbin.indent = DEF_INDENT
                    add_hashes(fwbin)

                    if printall: logger().log(fwbin)
                    if dumpall: fwbin_dir = dump_fw_file(fwbin, volume_path)
                    # only check the match rules if we need to find specific EFI module
                    if bsearch and check_match_criteria(fwbin, match_criteria):
                        if findall: found = True
                        else: return True

                    if fwbin.Type not in (EFI_FV_FILETYPE_ALL,
                                          EFI_FV_FILETYPE_RAW,
                                          EFI_FV_FILETYPE_FFS_PAD):
                        if dumpall: os.makedirs(fwbin_dir)
                        f = traverse_uefi_section(_uefi, fwtype, fwbin.Image,
                                                  fwbin.Size, fwbin.HeaderSize,
                                                  polarity,
                                                  fv.Offset + fwbin.Offset,
                                                  printall, dumpall, fwbin_dir,
                                                  match_criteria, findall)
                        if bsearch and f:
                            if findall: found = True
                            else: return True
                    elif fwbin.Type == EFI_FV_FILETYPE_RAW:
                        if fwbin.Name == NVAR_NVRAM_FS_FILE and fwbin.UD:
                            if dumpall:
                                _uefi.parse_EFI_variables(
                                    os.path.join(file_dir_path,
                                                 'DEFAULT_NVRAM'), FvImage,
                                    False, FWType.EFI_FW_TYPE_NVAR)

                foff, next_offset, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum = NextFwFile(
                    fv.Image, fv.Size, next_offset, polarity)
        #
        # Detect NVRAM firmware volumes
        #
        elif fv.Guid in EFI_NVRAM_GUIDS:  # == VARIABLE_STORE_FV_GUID:
            if dumpall:
                try:
                    t = identify_EFI_NVRAM(
                        fv.Image) if fwtype is None else fwtype
                    if t is not None:
                        _uefi.parse_EFI_variables(
                            os.path.join(volume_path, 'NVRAM'), fv.Image,
                            False, t)
                except:
                    logger().error(
                        "[uefi] couldn't parse NVRAM firmware volume {%s}" %
                        fv.Guid)
        #elif fv.Guid == ADDITIONAL_NV_STORE_GUID:
        #    if dumpall: _uefi.parse_EFI_variables( os.path.join(volume_path, 'DEFAULT_NVRAM'), fv.Image, False, FWType.EFI_FW_TYPE_EVSA )

        fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume(
            data, fv.Offset + fv.Size)
        voln += 1

    return found
예제 #9
0
파일: spi_uefi.py 프로젝트: daveti/chipsec
def traverse_uefi_region( _uefi, data, fwtype, uefi_path='', printall=True, dumpall=True, match_criteria=None, findall=True ):
    found, voln, fwbin_dir = False, 0, ''
    # caller specified non-empty matching rules so we'll need to look for specific EFI modules as we parse FVs
    bsearch = (match_criteria is not None)

    fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume( data )
    while fv_off is not None:
        fv = EFI_FV( fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum )
        add_hashes( fv )

        if printall: logger().log( fv )
        if dumpall: volume_path = dump_fv( fv, voln, uefi_path )
        # only check the match rules if we need to find specific EFI module
        if bsearch and check_match_criteria( fv, match_criteria ):
            if findall: found = True
            else: return True

        polarity = bit_set( fv.Attributes, EFI_FVB2_ERASE_POLARITY )
        #
        # Detect File System firmware volumes
        #
        if fv.Guid == EFI_FIRMWARE_FILE_SYSTEM2_GUID or fv.Guid == EFI_FIRMWARE_FILE_SYSTEM_GUID:
            foff, next_offset, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum = NextFwFile( fv.Image, fv.Size, fv.HeaderSize, polarity )
            while (next_offset is not None):
                if fname is not None:
                    fwbin = EFI_FILE( foff, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum )
                    fwbin.indent = DEF_INDENT
                    add_hashes( fwbin )

                    if printall: logger().log( fwbin )
                    if dumpall: fwbin_dir = dump_fw_file( fwbin, volume_path )
                    # only check the match rules if we need to find specific EFI module
                    if bsearch and check_match_criteria( fwbin, match_criteria ):
                        if findall: found = True
                        else: return True

                    if dumpall: os.makedirs( fwbin_dir )

                    if fwbin.Type not in (EFI_FV_FILETYPE_ALL, EFI_FV_FILETYPE_RAW, EFI_FV_FILETYPE_FFS_PAD):
                        f = traverse_uefi_section( _uefi, fwtype, fwbin.Image, fwbin.Size, fwbin.HeaderSize, polarity, fv.Offset + fwbin.Offset, printall, dumpall, fwbin_dir, match_criteria, findall )
                        if bsearch and f:
                            if findall: found = True
                            else: return True
                    elif fwbin.Type == EFI_FV_FILETYPE_RAW:
                        if (fwbin.Name == NVAR_NVRAM_FS_FILE) and dumpall:
                            _uefi.parse_EFI_variables( os.path.join(fwbin_dir, 'NVRAM%s' % ('.UD' if fwbin.UD else '')), fv.Image, False, FWType.EFI_FW_TYPE_NVAR )  
                        else:
                            f = traverse_uefi_region( _uefi, fwbin.Image, fwtype, fwbin_dir, printall, dumpall, match_criteria, findall )
                            if bsearch and f:
                                if findall: found = True
                                else: return True

                foff, next_offset, fname, ftype, fattr, fstate, fcsum, fsz, fimg, fhdrsz, fUD, fcalcsum = NextFwFile( fv.Image, fv.Size, next_offset, polarity )
        #
        # Detect NVRAM firmware volumes
        #
        elif fv.Guid in EFI_NVRAM_GUIDS: # == VARIABLE_STORE_FV_GUID:
            if dumpall:
                try:
                    t = identify_EFI_NVRAM( fv.Image ) if fwtype is None else fwtype
                    if t is not None: _uefi.parse_EFI_variables( os.path.join(volume_path, 'NVRAM'), fv.Image, False, t )
                except: logger().error( "[uefi] couldn't parse NVRAM firmware volume {%s}" % fv.Guid )
        #elif fv.Guid == ADDITIONAL_NV_STORE_GUID:
        #    if dumpall: _uefi.parse_EFI_variables( os.path.join(volume_path, 'DEFAULT_NVRAM'), fv.Image, False, FWType.EFI_FW_TYPE_EVSA )

        fv_off, fv_guid, fv_size, fv_attr, fv_hdrsz, fv_csum, fv_hdroff, fv_img, fv_calccsum = NextFwVolume( data, fv.Offset + fv.Size )
        voln += 1

    return found