efivalidate 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/efivalidate.gemspec +2 -2
  3. data/lib/efivalidate/ealf_row.rb +32 -1
  4. data/lib/efivalidate/efi_validator.rb +3 -1
  5. data/lib/efivalidate/version.rb +1 -1
  6. metadata +21 -20
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 037ca593ce0ba5a08920d051c191e5f9c4d3a71a
4
- data.tar.gz: cd59412dc988879399f553b91a965cdca1a59a77
3
+ metadata.gz: 514d5fb2a75126d7d039f6cc058a0fc19bedfbe4
4
+ data.tar.gz: a0164e6b1dd712b69a02b676a7d7bc4c0c232ac3
5
5
  SHA512:
6
- metadata.gz: 156c354cdf536fbc2a09b9a820cf29c023ebdcbd3042241f4286e0689d0b37441ef5b187fea248a6bd218b64d874e726923b2747412356263ce7543457976281
7
- data.tar.gz: 8496a21db212539db45a5e6547e361c16a6b25a581855e899ec7c45ad7a73c3a13f543c93d3bba114745709d784cd8e5a218598f294cb288262712ca5513a9de
6
+ metadata.gz: 1203c3812f4f9251bc4faf8103e91b8e1b5fb3f8043812c6aa4bcf3f6e3a8919ad51cf1b0dbad544e13dde405a7d39897aa5f90a49e0237e1ab542499b0ed200
7
+ data.tar.gz: 51db27828f8b0f91edddd7c292c5a0ebe64daca5661aa878e02f8eb836b4419c776a54ae3e66c44110b62a0ab34a0e12fcbfe9a76add6e07cf6c448306d63758
data/efivalidate.gemspec CHANGED
@@ -9,8 +9,8 @@ Gem::Specification.new do |spec|
9
9
  spec.authors = ["Rick Mark"]
10
10
  spec.email = ["rickmark@dropbox.com"]
11
11
 
12
- spec.summary = %q{Validate Apple EFI images offline}
13
- spec.description = %q{Implements an algorithm to compare Apple EFI against their EALF baselines.}
12
+ spec.summary = %q{Validate Apple EFI images against whitelist}
13
+ spec.description = %q{Implements an algorithm to compare Apple EFI against their EALF whitelist baselines.}
14
14
  spec.homepage = "https://github.com/rickmark/efivalidate"
15
15
  spec.license = "MIT"
16
16
 
data/lib/efivalidate/ealf_row.rb CHANGED
@@ -23,8 +23,39 @@ module EFIValidate
23
23
  UUIDTools::UUID.parse_raw(self.ealf_uuid)
24
24
  end
25
25
 
26
+ def is_privacy_row?
27
+ self.ealf_hash.each_byte.all? { |b| b == 0 }
28
+ end
29
+
26
30
  def to_s
27
- "<#{'%02x' % ealf_component}:#{ '%02x' % self.ealf_region }:#{ "%04x" % self.ealf_master }:#{ "%08x" % self.ealf_offset }:#{ "%08x" % self.ealf_length}:#{self.uuid}:#{self.hash}>"
31
+ "<#{'%02x' % ealf_component}:#{ '%02x' % self.ealf_region }:#{ "%04x" % self.ealf_master }:#{ "%08x" % self.ealf_offset }:#{ "%08x" % self.ealf_length}:#{self.format_uuid}:#{self.hash}>"
32
+ end
33
+
34
+ def format_uuid
35
+
36
+ value = EFIValidate::ROW_GUIDS[self.uuid.to_s]
37
+
38
+ if value
39
+ sprintf "%36.36s", value
40
+ else
41
+ self.uuid
42
+ end
28
43
  end
29
44
  end
45
+
46
+ ROW_GUIDS = { 'ef7f23e1-7ba0-a64a-baea-33edff15ba3f' => 'BIOS_EMPTY_SPACE',
47
+ 'd954937a-6804-4a44-81ce-0bf617d890df' => 'EFI_FLASH_FILE_SYSTEM_VOLUME',
48
+ '8c1b00bd-716a-7b48-a14f-0c2a2dcf7a5d' => 'APPLE_IMMUTABLE_FIRMWARE_VOLUME',
49
+ '78e58c8c-3d8a-1c4f-9935-896185c32dd3' => 'EFI_FIRMWARE_FILE_SYSTEM_2_VOLUME',
50
+ 'a980b9e3-e35f-e548-9b92-2798385a9027' => 'EMPTY_SHMOO_FIRMWARE_VOLUME',
51
+ '484c38ef-0cab-544b-8ed9-0710ad500c0f' => 'FIELD_SHMOO_FIRMWARE_VOLUME',
52
+ '0a369089-370e-2245-a8a7-a55041013deb' => 'DALE_SHMOO_FIRMWARE_VOLUME',
53
+ '97213d15-bd29-dc44-ac59-887f70e41a6b' => 'MICROCODE_FIRMWARE_VOLUME',
54
+ '8d2bf1ff-9676-8b4c-a985-2747075b4f50' => 'EFI_SYSTEM_NNRAM_FIRMWARE_VOLUME',
55
+ '096de3c3-9482-974b-a857-d5288fe33e28' => 'BIOS_IDENTIFIER',
56
+ 'b57d69bb-60ed-ac46-8754-7580b8b27ed0' => 'APPLE_SEC_VOLUMES_FILE',
57
+ '2e06a01b-79c7-8245-8566-336ae8f78f09' => 'SEC_CORE',
58
+ '17706906-2e5f-225e-ad94-5816399c720a' => 'APPLE_ROM_MANIFEST',
59
+ 'a3b9f5ce-6d47-7f49-9fdc-e98143e0422c' => 'AMI_NVRAM_FILE',
60
+ '24465000-598a-eb4e-bd0f-6b36e96128e0' => 'PHOENIX_NVRAM_FIRMWARE_VOLUME' }
30
61
  end
data/lib/efivalidate/efi_validator.rb CHANGED
@@ -12,11 +12,13 @@ module EFIValidate
12
12
  @errors = []
13
13
 
14
14
  @parser.rows.each do |row|
15
+ next if row.is_privacy_row?
16
+
15
17
  @data.seek row.ealf_offset
16
18
 
17
19
  section_data = @data.read row.ealf_length
18
20
 
19
- calculated_hash = @parser.header.create_hash.hexdigest section_data
21
+ calculated_hash = @parser.header.create_hash.hexdigest (section_data || '')
20
22
 
21
23
  @errors << EFIValidationError.new(row, section_data, calculated_hash) unless calculated_hash == row.hash
22
24
  end
data/lib/efivalidate/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module EFIValidate
2
- VERSION = "1.0.0"
2
+ VERSION = "1.1.0"
3
3
  end
metadata CHANGED
@@ -1,86 +1,87 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: efivalidate
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rick Mark
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-12-24 00:00:00.000000000 Z
11
+ date: 2018-01-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: iostruct
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ~>
18
18
  - !ruby/object:Gem::Version
19
19
  version: 0.0.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ~>
25
25
  - !ruby/object:Gem::Version
26
26
  version: 0.0.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: uuidtools
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ~>
32
32
  - !ruby/object:Gem::Version
33
33
  version: '2.1'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ~>
39
39
  - !ruby/object:Gem::Version
40
40
  version: '2.1'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ~>
46
46
  - !ruby/object:Gem::Version
47
47
  version: '1.15'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ~>
53
53
  - !ruby/object:Gem::Version
54
54
  version: '1.15'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rake
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - "~>"
59
+ - - ~>
60
60
  - !ruby/object:Gem::Version
61
61
  version: '10.0'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - "~>"
66
+ - - ~>
67
67
  - !ruby/object:Gem::Version
68
68
  version: '10.0'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rspec
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - "~>"
73
+ - - ~>
74
74
  - !ruby/object:Gem::Version
75
75
  version: '3.0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - "~>"
80
+ - - ~>
81
81
  - !ruby/object:Gem::Version
82
82
  version: '3.0'
83
- description: Implements an algorithm to compare Apple EFI against their EALF baselines.
83
+ description: Implements an algorithm to compare Apple EFI against their EALF whitelist
84
+ baselines.
84
85
  email:
85
86
  - rickmark@dropbox.com
86
87
  executables:
@@ -88,9 +89,9 @@ executables:
88
89
  extensions: []
89
90
  extra_rdoc_files: []
90
91
  files:
91
- - ".gitignore"
92
- - ".rspec"
93
- - ".travis.yml"
92
+ - .gitignore
93
+ - .rspec
94
+ - .travis.yml
94
95
  - CODE_OF_CONDUCT.md
95
96
  - FORMAT.md
96
97
  - Gemfile
@@ -120,18 +121,18 @@ require_paths:
120
121
  - lib
121
122
  required_ruby_version: !ruby/object:Gem::Requirement
122
123
  requirements:
123
- - - ">="
124
+ - - '>='
124
125
  - !ruby/object:Gem::Version
125
126
  version: '0'
126
127
  required_rubygems_version: !ruby/object:Gem::Requirement
127
128
  requirements:
128
- - - ">="
129
+ - - '>='
129
130
  - !ruby/object:Gem::Version
130
131
  version: '0'
131
132
  requirements: []
132
133
  rubyforge_project:
133
- rubygems_version: 2.6.14
134
+ rubygems_version: 2.0.14.1
134
135
  signing_key:
135
136
  specification_version: 4
136
- summary: Validate Apple EFI images offline
137
+ summary: Validate Apple EFI images against whitelist
137
138
  test_files: []