def check_s3_bootscript(self, bootscript_pa):
res = BOOTSCRIPT_OK
self.logger.log(
"[*] Checking S3 boot-script at 0x{:016X}".format(bootscript_pa))
# Checking if it's in SMRAM
scriptInsideSMRAM = self.is_inside_SMRAM(bootscript_pa)
if scriptInsideSMRAM:
res |= BOOTSCRIPT_INSIDE_SMRAM
self.logger.log_good('S3 boot-script is in SMRAM')
self.logger.log_important(
"Note: the test could not verify Dispatch opcodes because the script is in SMRAM. Entry-points of Dispatch opcodes also need to be protected."
)
else:
res |= BOOTSCRIPT_OUTSIDE_SMRAM
self.logger.log_bad('S3 boot-script is not in SMRAM')
self.logger.log('[*] Reading S3 boot-script from memory..')
script_all = self.cs.mem.read_physical_mem(bootscript_pa, 0x100000)
self.logger.log('[*] Decoding S3 boot-script opcodes..')
script_entries = parse_script(script_all, False)
dispatch_opcodes_ok = self.check_dispatch_opcodes(script_entries)
if dispatch_opcodes_ok:
res |= DISPATCH_OPCODES_PROTECTED
self.logger.log_important(
"S3 boot-script is not in protected memory but didn't find unprotected Dispatch entry-points"
)
else:
res |= DISPATCH_OPCODES_UNPROTECTED
self.logger.log_bad(
'Entry-points of Dispatch opcodes in S3 boot-script are not in protected memory'
)
return res
def s3bootscript(self):
self.logger.log( "[CHIPSEC] Searching for and parsing S3 resume bootscripts.." )
if self.bootscript_pa is not None:
self.logger.log( '[*] Reading S3 boot-script from memory at 0x{:016X}..'.format(self.bootscript_pa) )
script_all = self.cs.mem.read_physical_mem( self.bootscript_pa, 0x100000 )
self.logger.log( '[*] Decoding S3 boot-script opcodes..' )
script_entries = parse_script( script_all, True )
else:
(bootscript_PAs, parsed_scripts) = self._uefi.get_s3_bootscript( True )