efivalidate 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/efivalidate.gemspec +2 -2
- data/lib/efivalidate/ealf_row.rb +32 -1
- data/lib/efivalidate/efi_validator.rb +3 -1
- data/lib/efivalidate/version.rb +1 -1
- metadata +21 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 514d5fb2a75126d7d039f6cc058a0fc19bedfbe4
|
4
|
+
data.tar.gz: a0164e6b1dd712b69a02b676a7d7bc4c0c232ac3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1203c3812f4f9251bc4faf8103e91b8e1b5fb3f8043812c6aa4bcf3f6e3a8919ad51cf1b0dbad544e13dde405a7d39897aa5f90a49e0237e1ab542499b0ed200
|
7
|
+
data.tar.gz: 51db27828f8b0f91edddd7c292c5a0ebe64daca5661aa878e02f8eb836b4419c776a54ae3e66c44110b62a0ab34a0e12fcbfe9a76add6e07cf6c448306d63758
|
data/efivalidate.gemspec
CHANGED
@@ -9,8 +9,8 @@ Gem::Specification.new do |spec|
|
|
9
9
|
spec.authors = ["Rick Mark"]
|
10
10
|
spec.email = ["rickmark@dropbox.com"]
|
11
11
|
|
12
|
-
spec.summary = %q{Validate Apple EFI images
|
13
|
-
spec.description = %q{Implements an algorithm to compare Apple EFI against their EALF baselines.}
|
12
|
+
spec.summary = %q{Validate Apple EFI images against whitelist}
|
13
|
+
spec.description = %q{Implements an algorithm to compare Apple EFI against their EALF whitelist baselines.}
|
14
14
|
spec.homepage = "https://github.com/rickmark/efivalidate"
|
15
15
|
spec.license = "MIT"
|
16
16
|
|
data/lib/efivalidate/ealf_row.rb
CHANGED
@@ -23,8 +23,39 @@ module EFIValidate
|
|
23
23
|
UUIDTools::UUID.parse_raw(self.ealf_uuid)
|
24
24
|
end
|
25
25
|
|
26
|
+
def is_privacy_row?
|
27
|
+
self.ealf_hash.each_byte.all? { |b| b == 0 }
|
28
|
+
end
|
29
|
+
|
26
30
|
def to_s
|
27
|
-
"<#{'%02x' % ealf_component}:#{ '%02x' % self.ealf_region }:#{ "%04x" % self.ealf_master }:#{ "%08x" % self.ealf_offset }:#{ "%08x" % self.ealf_length}:#{self.
|
31
|
+
"<#{'%02x' % ealf_component}:#{ '%02x' % self.ealf_region }:#{ "%04x" % self.ealf_master }:#{ "%08x" % self.ealf_offset }:#{ "%08x" % self.ealf_length}:#{self.format_uuid}:#{self.hash}>"
|
32
|
+
end
|
33
|
+
|
34
|
+
def format_uuid
|
35
|
+
|
36
|
+
value = EFIValidate::ROW_GUIDS[self.uuid.to_s]
|
37
|
+
|
38
|
+
if value
|
39
|
+
sprintf "%36.36s", value
|
40
|
+
else
|
41
|
+
self.uuid
|
42
|
+
end
|
28
43
|
end
|
29
44
|
end
|
45
|
+
|
46
|
+
ROW_GUIDS = { 'ef7f23e1-7ba0-a64a-baea-33edff15ba3f' => 'BIOS_EMPTY_SPACE',
|
47
|
+
'd954937a-6804-4a44-81ce-0bf617d890df' => 'EFI_FLASH_FILE_SYSTEM_VOLUME',
|
48
|
+
'8c1b00bd-716a-7b48-a14f-0c2a2dcf7a5d' => 'APPLE_IMMUTABLE_FIRMWARE_VOLUME',
|
49
|
+
'78e58c8c-3d8a-1c4f-9935-896185c32dd3' => 'EFI_FIRMWARE_FILE_SYSTEM_2_VOLUME',
|
50
|
+
'a980b9e3-e35f-e548-9b92-2798385a9027' => 'EMPTY_SHMOO_FIRMWARE_VOLUME',
|
51
|
+
'484c38ef-0cab-544b-8ed9-0710ad500c0f' => 'FIELD_SHMOO_FIRMWARE_VOLUME',
|
52
|
+
'0a369089-370e-2245-a8a7-a55041013deb' => 'DALE_SHMOO_FIRMWARE_VOLUME',
|
53
|
+
'97213d15-bd29-dc44-ac59-887f70e41a6b' => 'MICROCODE_FIRMWARE_VOLUME',
|
54
|
+
'8d2bf1ff-9676-8b4c-a985-2747075b4f50' => 'EFI_SYSTEM_NNRAM_FIRMWARE_VOLUME',
|
55
|
+
'096de3c3-9482-974b-a857-d5288fe33e28' => 'BIOS_IDENTIFIER',
|
56
|
+
'b57d69bb-60ed-ac46-8754-7580b8b27ed0' => 'APPLE_SEC_VOLUMES_FILE',
|
57
|
+
'2e06a01b-79c7-8245-8566-336ae8f78f09' => 'SEC_CORE',
|
58
|
+
'17706906-2e5f-225e-ad94-5816399c720a' => 'APPLE_ROM_MANIFEST',
|
59
|
+
'a3b9f5ce-6d47-7f49-9fdc-e98143e0422c' => 'AMI_NVRAM_FILE',
|
60
|
+
'24465000-598a-eb4e-bd0f-6b36e96128e0' => 'PHOENIX_NVRAM_FIRMWARE_VOLUME' }
|
30
61
|
end
|
@@ -12,11 +12,13 @@ module EFIValidate
|
|
12
12
|
@errors = []
|
13
13
|
|
14
14
|
@parser.rows.each do |row|
|
15
|
+
next if row.is_privacy_row?
|
16
|
+
|
15
17
|
@data.seek row.ealf_offset
|
16
18
|
|
17
19
|
section_data = @data.read row.ealf_length
|
18
20
|
|
19
|
-
calculated_hash = @parser.header.create_hash.hexdigest section_data
|
21
|
+
calculated_hash = @parser.header.create_hash.hexdigest (section_data || '')
|
20
22
|
|
21
23
|
@errors << EFIValidationError.new(row, section_data, calculated_hash) unless calculated_hash == row.hash
|
22
24
|
end
|
data/lib/efivalidate/version.rb
CHANGED
metadata
CHANGED
@@ -1,86 +1,87 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: efivalidate
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rick Mark
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-01-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: iostruct
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - ~>
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: 0.0.4
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- -
|
24
|
+
- - ~>
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 0.0.4
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: uuidtools
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - ~>
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '2.1'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - ~>
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '2.1'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: bundler
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- -
|
45
|
+
- - ~>
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: '1.15'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- -
|
52
|
+
- - ~>
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '1.15'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rake
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- -
|
59
|
+
- - ~>
|
60
60
|
- !ruby/object:Gem::Version
|
61
61
|
version: '10.0'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
|
-
- -
|
66
|
+
- - ~>
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '10.0'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rspec
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
|
-
- -
|
73
|
+
- - ~>
|
74
74
|
- !ruby/object:Gem::Version
|
75
75
|
version: '3.0'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- -
|
80
|
+
- - ~>
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '3.0'
|
83
|
-
description: Implements an algorithm to compare Apple EFI against their EALF
|
83
|
+
description: Implements an algorithm to compare Apple EFI against their EALF whitelist
|
84
|
+
baselines.
|
84
85
|
email:
|
85
86
|
- rickmark@dropbox.com
|
86
87
|
executables:
|
@@ -88,9 +89,9 @@ executables:
|
|
88
89
|
extensions: []
|
89
90
|
extra_rdoc_files: []
|
90
91
|
files:
|
91
|
-
-
|
92
|
-
-
|
93
|
-
-
|
92
|
+
- .gitignore
|
93
|
+
- .rspec
|
94
|
+
- .travis.yml
|
94
95
|
- CODE_OF_CONDUCT.md
|
95
96
|
- FORMAT.md
|
96
97
|
- Gemfile
|
@@ -120,18 +121,18 @@ require_paths:
|
|
120
121
|
- lib
|
121
122
|
required_ruby_version: !ruby/object:Gem::Requirement
|
122
123
|
requirements:
|
123
|
-
- -
|
124
|
+
- - '>='
|
124
125
|
- !ruby/object:Gem::Version
|
125
126
|
version: '0'
|
126
127
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
127
128
|
requirements:
|
128
|
-
- -
|
129
|
+
- - '>='
|
129
130
|
- !ruby/object:Gem::Version
|
130
131
|
version: '0'
|
131
132
|
requirements: []
|
132
133
|
rubyforge_project:
|
133
|
-
rubygems_version: 2.
|
134
|
+
rubygems_version: 2.0.14.1
|
134
135
|
signing_key:
|
135
136
|
specification_version: 4
|
136
|
-
summary: Validate Apple EFI images
|
137
|
+
summary: Validate Apple EFI images against whitelist
|
137
138
|
test_files: []
|