efivalidate 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/README.md +12 -3
- data/exe/efivalidate +5 -5
- data/lib/efivalidate/ealf_row.rb +29 -28
- data/lib/efivalidate/ealf_updater.rb +7 -0
- data/lib/efivalidate/efi_validation_error.rb +1 -1
- data/lib/efivalidate/efi_validator.rb +26 -14
- data/lib/efivalidate/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 84d71f648e520f9603aa92358f3954f3acfd2de7
|
|
4
|
+
data.tar.gz: e52dfe120d6d0fa2eeb4c5fc07452792c7f60ff0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 14b85c0913533aa3801fdb18ea96ec6d5ae1190f7f837ea69176411c87f8d0faaf1a1c040ce794f261454271765932a7952c92efa13ad4582e7a873314ac7b50
|
|
7
|
+
data.tar.gz: b286c02363bb09b91e0231f83c7087c6589a4d066d1adef8d826ed30bdde7859136f7b2cb60912196cd3a7e3ddb32c929ba8449b24ae800355edd3959b6f3ecb
|
data/.rubocop.yml
ADDED
data/README.md
CHANGED
|
@@ -47,12 +47,21 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
|
47
47
|
|
|
48
48
|
## Contributing
|
|
49
49
|
|
|
50
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
|
50
|
+
Bug reports and pull requests are welcome on GitHub at [https://github.com/dropbox/efivalidate]. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
|
51
51
|
|
|
52
52
|
## License
|
|
53
53
|
|
|
54
54
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
|
55
55
|
|
|
56
|
-
##
|
|
56
|
+
## We need your help!
|
|
57
|
+
`efivalidate` is under active development! As you can see from the API docs, we only support a small number of features today and have only scratched the surface of what's possible. We would love feedback from you, our users, to guide what to build next and how to improve the tool.
|
|
57
58
|
|
|
58
|
-
|
|
59
|
+
So please, file feature requests, report bugs or better yet, send us pull requests! More on contributing below.
|
|
60
|
+
|
|
61
|
+
## Code Changes
|
|
62
|
+
|
|
63
|
+
Step 1: If you're submitting a non-trivial change, please fill out the [Dropbox Contributor License Agreement](https://opensource.dropbox.com/cla/) first.
|
|
64
|
+
|
|
65
|
+
Step 2: send a [pull request](https://help.github.com/articles/using-pull-requests/)
|
|
66
|
+
|
|
67
|
+
Step 3: Profit!
|
data/exe/efivalidate
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
require 'bundler/setup'
|
|
3
3
|
|
|
4
|
-
require
|
|
4
|
+
require 'efivalidate'
|
|
5
5
|
require 'optionparser'
|
|
6
6
|
|
|
7
7
|
if ARGV.count != 2
|
|
8
8
|
puts "efivalidate EFI_FILE EALF_FILE"
|
|
9
|
-
exit
|
|
9
|
+
exit(-1)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
efi = ARGV[0]
|
|
13
13
|
ealf = ARGV[1]
|
|
14
14
|
|
|
15
15
|
parser = EFIValidate::EALFParser.read ealf
|
|
16
|
-
validator = EFIValidate::EFIValidator.new parser,
|
|
16
|
+
validator = EFIValidate::EFIValidator.new parser, efi
|
|
17
17
|
|
|
18
18
|
validator.validate
|
|
19
19
|
|
|
20
|
-
if validator.
|
|
20
|
+
if validator.valid?
|
|
21
21
|
puts "EFI file matches EALF baseline. (#{parser.rows.count} hashes match)"
|
|
22
22
|
else
|
|
23
23
|
puts "EFI file matched #{parser.rows.count - validator.errors.count} hashes from EALF.\n"
|
|
24
24
|
puts "EFI file has #{validator.errors.count} hash errors:\n\n"
|
|
25
25
|
validator.errors.each do |error|
|
|
26
26
|
puts "Actual Hash: #{error.hash}"
|
|
27
|
-
puts "Expected Hash from EALF:\n#{error.row
|
|
27
|
+
puts "Expected Hash from EALF:\n#{error.row}\n\n"
|
|
28
28
|
end
|
|
29
29
|
end
|
data/lib/efivalidate/ealf_row.rb
CHANGED
|
@@ -16,46 +16,47 @@ module EFIValidate
|
|
|
16
16
|
attr_accessor :header
|
|
17
17
|
|
|
18
18
|
def hash
|
|
19
|
-
|
|
19
|
+
ealf_hash.each_byte.map { |b| '%02x' % b }.join
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def uuid
|
|
23
|
-
UUIDTools::UUID.parse_raw(
|
|
23
|
+
UUIDTools::UUID.parse_raw(ealf_uuid)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
def
|
|
27
|
-
|
|
26
|
+
def privacy_row?
|
|
27
|
+
ealf_hash.each_byte.all?(&:zero?)
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def core_sec?
|
|
31
|
+
uuid == SEC_CORE
|
|
28
32
|
end
|
|
29
33
|
|
|
30
34
|
def to_s
|
|
31
|
-
|
|
35
|
+
format '<%02x:%02x:%04x:%08x:%08x:%s:%s>', ealf_component, ealf_region, ealf_master, ealf_offset, ealf_length, format_uuid, hash
|
|
32
36
|
end
|
|
33
37
|
|
|
34
38
|
def format_uuid
|
|
35
|
-
|
|
36
|
-
value = EFIValidate::ROW_GUIDS[self.uuid.to_s]
|
|
37
|
-
|
|
38
|
-
if value
|
|
39
|
-
sprintf "%36.36s", value
|
|
40
|
-
else
|
|
41
|
-
self.uuid
|
|
42
|
-
end
|
|
39
|
+
format '%36.36s', (EFIValidate::ROW_GUIDS[uuid.to_s] || uuid)
|
|
43
40
|
end
|
|
44
41
|
end
|
|
45
42
|
|
|
46
|
-
ROW_GUIDS = {
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
43
|
+
ROW_GUIDS = { "ef7f23e1-7ba0-a64a-baea-33edff15ba3f" => 'BIOS_EMPTY_SPACE',
|
|
44
|
+
"d954937a-6804-4a44-81ce-0bf617d890df" => 'EFI_FLASH_FILE_SYSTEM_VOLUME',
|
|
45
|
+
"8c1b00bd-716a-7b48-a14f-0c2a2dcf7a5d" => 'APPLE_IMMUTABLE_FIRMWARE_VOLUME',
|
|
46
|
+
"78e58c8c-3d8a-1c4f-9935-896185c32dd3" => 'EFI_FIRMWARE_FILE_SYSTEM_2_VOLUME',
|
|
47
|
+
"a980b9e3-e35f-e548-9b92-2798385a9027" => 'EMPTY_SHMOO_FIRMWARE_VOLUME',
|
|
48
|
+
"484c38ef-0cab-544b-8ed9-0710ad500c0f" => 'FIELD_SHMOO_FIRMWARE_VOLUME',
|
|
49
|
+
"0a369089-370e-2245-a8a7-a55041013deb" => 'DALE_SHMOO_FIRMWARE_VOLUME',
|
|
50
|
+
"97213d15-bd29-dc44-ac59-887f70e41a6b" => 'MICROCODE_FIRMWARE_VOLUME',
|
|
51
|
+
"8d2bf1ff-9676-8b4c-a985-2747075b4f50" => 'EFI_SYSTEM_NNRAM_FIRMWARE_VOLUME',
|
|
52
|
+
"096de3c3-9482-974b-a857-d5288fe33e28" => 'BIOS_IDENTIFIER',
|
|
53
|
+
"b57d69bb-60ed-ac46-8754-7580b8b27ed0" => 'APPLE_SEC_VOLUMES_FILE',
|
|
54
|
+
"2e06a01b-79c7-8245-8566-336ae8f78f09" => 'SEC_CORE',
|
|
55
|
+
"17706906-2e5f-225e-ad94-5816399c720a" => 'APPLE_ROM_MANIFEST',
|
|
56
|
+
"a3b9f5ce-6d47-7f49-9fdc-e98143e0422c" => 'AMI_NVRAM_FILE',
|
|
57
|
+
"24465000-598a-eb4e-bd0f-6b36e96128e0" => 'PHOENIX_NVRAM_FIRMWARE_VOLUME' }
|
|
58
|
+
|
|
59
|
+
ROW_GUIDS.each do |key, value|
|
|
60
|
+
const_set(value, UUIDTools::UUID.parse(key))
|
|
61
|
+
end
|
|
61
62
|
end
|
|
@@ -1,37 +1,49 @@
|
|
|
1
1
|
module EFIValidate
|
|
2
|
+
# Class that represents a single run of a validator against a firmware
|
|
2
3
|
class EFIValidator
|
|
3
4
|
attr_reader :parser, :data, :errors
|
|
4
5
|
|
|
5
|
-
def initialize(parser,
|
|
6
|
+
def initialize(parser, file)
|
|
6
7
|
@parser = parser
|
|
7
|
-
@data = data
|
|
8
|
-
end
|
|
9
8
|
|
|
9
|
+
reader = File.open(file, mode: 'rb')
|
|
10
|
+
@data = reader.read
|
|
11
|
+
reader.close
|
|
12
|
+
|
|
13
|
+
perform_core_sec_fixup if @parser.rows.any?(&:core_sec?)
|
|
14
|
+
end
|
|
10
15
|
|
|
11
16
|
def validate!
|
|
12
17
|
@errors = []
|
|
13
18
|
|
|
14
|
-
@parser.rows.each do |row|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
@data.seek row.ealf_offset
|
|
18
|
-
|
|
19
|
-
section_data = @data.read row.ealf_length
|
|
19
|
+
@parser.rows.reject(&:privacy_row?).each do |row|
|
|
20
|
+
section_data = get_region(row.ealf_offset, row.ealf_length)
|
|
20
21
|
|
|
21
|
-
calculated_hash = @parser.header.create_hash.hexdigest
|
|
22
|
+
calculated_hash = @parser.header.create_hash.hexdigest section_data
|
|
22
23
|
|
|
23
24
|
@errors << EFIValidationError.new(row, section_data, calculated_hash) unless calculated_hash == row.hash
|
|
24
25
|
end
|
|
25
26
|
end
|
|
26
27
|
|
|
28
|
+
def get_region(offset, length)
|
|
29
|
+
@data[offset, length] || ''
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def perform_core_sec_fixup
|
|
33
|
+
# Apple zeros out what appears to be a hash and checksum before validating the SEC_CORE region
|
|
34
|
+
|
|
35
|
+
@data[-0x100, 0x80] = "\0" * 0x80
|
|
36
|
+
@data[-0x04, 0x04] = "\0" * 0x04
|
|
37
|
+
end
|
|
38
|
+
|
|
27
39
|
def validate
|
|
28
|
-
|
|
40
|
+
validate! unless @errors
|
|
29
41
|
end
|
|
30
42
|
|
|
31
|
-
def
|
|
32
|
-
|
|
43
|
+
def valid?
|
|
44
|
+
validate
|
|
33
45
|
|
|
34
|
-
|
|
46
|
+
errors.count.zero?
|
|
35
47
|
end
|
|
36
48
|
end
|
|
37
49
|
end
|
data/lib/efivalidate/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: efivalidate
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rick Mark
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-01-
|
|
11
|
+
date: 2018-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: iostruct
|
|
@@ -91,6 +91,7 @@ extra_rdoc_files: []
|
|
|
91
91
|
files:
|
|
92
92
|
- .gitignore
|
|
93
93
|
- .rspec
|
|
94
|
+
- .rubocop.yml
|
|
94
95
|
- .travis.yml
|
|
95
96
|
- CODE_OF_CONDUCT.md
|
|
96
97
|
- FORMAT.md
|
|
@@ -106,6 +107,7 @@ files:
|
|
|
106
107
|
- lib/efivalidate/ealf_header.rb
|
|
107
108
|
- lib/efivalidate/ealf_parser.rb
|
|
108
109
|
- lib/efivalidate/ealf_row.rb
|
|
110
|
+
- lib/efivalidate/ealf_updater.rb
|
|
109
111
|
- lib/efivalidate/efi_validation_error.rb
|
|
110
112
|
- lib/efivalidate/efi_validator.rb
|
|
111
113
|
- lib/efivalidate/intel_firmware_descriptor.rb
|