efiencrypt 1.0.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -1
- package/{build-CUHiK1Y8.js → build-BfNzd1Cv.js} +675 -206
- package/efiencrypt +3 -3
- package/handlers.d.ts +4 -0
- package/index.js +1 -1
- package/package.json +1 -1
- package/schema.json +1 -1
- package/type.d.ts +16 -1
package/efiencrypt
CHANGED
|
@@ -5,7 +5,7 @@ import require$$2, { join, resolve } from "node:path";
|
|
|
5
5
|
import require$$3 from "node:fs";
|
|
6
6
|
import require$$4 from "node:process";
|
|
7
7
|
import { createRequire } from "node:module";
|
|
8
|
-
import { b as build } from "./build-
|
|
8
|
+
import { b as build } from "./build-BfNzd1Cv.js";
|
|
9
9
|
function getDefaultExportFromCjs(x) {
|
|
10
10
|
return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, "default") ? x["default"] : x;
|
|
11
11
|
}
|
|
@@ -3458,8 +3458,8 @@ const {
|
|
|
3458
3458
|
Help
|
|
3459
3459
|
} = commander;
|
|
3460
3460
|
const name = "efiencrypt";
|
|
3461
|
-
const version = "1.0
|
|
3462
|
-
const description = "Encrypts an EFI binary using a hash derived from user-defined data (random data, disk sectors, SMBIOS fields, ...)";
|
|
3461
|
+
const version = "1.1.0";
|
|
3462
|
+
const description = "Encrypts an EFI binary using a hash derived from user-defined data (random data, disk sectors, SMBIOS fields, EFI variables, ...). The resulting EFI can also optionally embed secure boot keys to enroll if the system is in setup mode.";
|
|
3463
3463
|
program.name(name).description(description).showHelpAfterError(true).option("-c, --config-file <configFile>", "configuration file").option("-i, --input-file <inputFile>", "path to the input efi file to embed").option("-o, --output-file <outputFile>", "path to the output efi file to write").option("-s, --smbios <smbios>", "path to the input smbios dump file").option("-b, --build-folder <buildFolder>", "folder where to build the code").option("--skip-gen-code", "skip generating code").option("--skip-extract", "skip extracting source code").option("--skip-make", "skip calling make").version(version).action(async (options) => {
|
|
3464
3464
|
try {
|
|
3465
3465
|
let config = {};
|
package/handlers.d.ts
CHANGED
package/index.js
CHANGED
package/package.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"name":"efiencrypt","version":"1.0
|
|
1
|
+
{"name":"efiencrypt","version":"1.1.0","description":"Encrypts an EFI binary using a hash derived from user-defined data (random data, disk sectors, SMBIOS fields, EFI variables, ...). The resulting EFI can also optionally embed secure boot keys to enroll if the system is in setup mode.","type":"module","license":"MIT","bin":{"efiencrypt":"efiencrypt"},"repository":{"url":"https://github.com/davdiv/efiencrypt"},"keywords":{"0":"uefi","1":"encrypt","2":"efi","3":"secure-boot","4":"smbios"},"exports":{".":{"types":"./index.d.ts","default":"./index.js"},"./smbios":{"types":"./smbios.d.ts","default":"./smbios.js"},"./schema.json":"./schema.json"}}
|
package/schema.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"type":"object","properties":{"$schema":{"type":"string"},"inputFile":{"description":"Path to the input efi file to embed.","type":"string"},"outputFile":{"description":"Path to the output efi file to write.","type":"string"},"skipGenCode":{"description":"Whether to skip generating code","type":"boolean"},"skipExtract":{"description":"Whether to skip extracting source code\n(can be useful if the extraction was already done)","type":"boolean"},"skipMake":{"description":"Whether to skip calling make\n(can be useful to change the code before calling make)","type":"boolean"},"buildFolder":{"description":"Folder where to build the code.\nDefaults to a temporary folder that is removed when the build is finished.","type":"string"},"hashComponents":{"description":"Data to include in the hash for encryption.","type":"array","items":{"$ref":"#/definitions/HashComponent"}},"smbios":{"description":"Path to the input smbios dump file.\nCan be produced by: dmidecode --dump-bin <filePath>","type":"string"}},"additionalProperties":false,"required":["inputFile"],"definitions":{"HashComponent":{"anyOf":[{"$ref":"#/definitions/HashComponentRandom"},{"$ref":"#/definitions/HashComponentSmbios"},{"$ref":"#/definitions/HashComponentHardDiskData"},{"$ref":"#/definitions/HashComponentHardDiskSize"},{"$ref":"#/definitions/HashComponentFileData"},{"$ref":"#/definitions/HashComponentFileSize"},{"$ref":"#/definitions/HashComponentMiscStringData"}]},"HashComponentRandom":{"type":"object","properties":{"type":{"type":"string","const":"random"},"length":{"type":"number"}},"additionalProperties":false,"required":["length","type"]},"HashComponentSmbios":{"type":"object","properties":{"type":{"type":"string","const":"smbios"},"ref":{"$ref":"#/definitions/SmbiosFieldRef"},"value":{"type":"string"}},"additionalProperties":false,"required":["ref","type"]},"SmbiosFieldRef":{"anyOf":[{"type":"object","properties":{"table":{"$ref":"#/definitions/SmbiosTableRef"},"offset":{"type":"number"},"type":{"enum":["byte","dword","qword","string","uuid","word"],"type":"string"}},"additionalProperties":false,"required":["offset","table","type"]},{"enum":["baseboard-asset-tag","baseboard-manufacturer","baseboard-product-name","baseboard-serial-number","baseboard-version","bios-release-date","bios-revision","bios-vendor","bios-version","chassis-asset-tag","chassis-manufacturer","chassis-serial-number","chassis-version","processor-manufacturer","processor-version","system-family","system-manufacturer","system-product-name","system-serial-number","system-sku-number","system-uuid","system-version"],"type":"string"}]},"SmbiosTableRef":{"anyOf":[{"type":"object","properties":{"handle":{"type":"number"}},"additionalProperties":false,"required":["handle"]},{"type":"object","properties":{"type":{"type":"number"},"index":{"type":"number"}},"additionalProperties":false,"required":["type"]},{"enum":["32-bit Memory Error","64-bit Memory Error","Additional Information","Baseboard","Boot Integrity Services","Built-in Pointing Device","Cache","Chassis","Cooling Device","Electrical Current Probe","Firmware Inventory","Firmware Language","Group Associations","Hardware Security","IPMI Device","Management Controller Host Interface","Management Device","Management Device Component","Management Device Threshold Data","Memory Array Mapped Address","Memory Channel","Memory Controller","Memory Device","Memory Device Mapped Address","Memory Module","OEM Strings","Onboard Devices","Onboard Devices Extended Information","Out-of-band Remote Access","Physical Memory Array","Platform Firmware","Port Connector","Portable Battery","Power Supply","Processor","Processor Additional Information","String Property","System","System Boot","System Configuration Options","System Event Log","System Power Controls","System Reset","System Slots","TPM Device","Temperature Probe","Voltage Probe"],"type":"string"},{"type":"number"}]},"HashComponentHardDiskData":{"type":"object","properties":{"type":{"type":"string","const":"hd-data"},"device":{"type":"string"},"offsetRef":{"enum":["end","start"],"type":"string"},"offset":{"$ref":"#/definitions/BigNumber"},"value":{"anyOf":[{"$ref":"#/definitions/BinaryDataFromFile"},{"$ref":"#/definitions/BinaryDataFromLiteral"},{"$ref":"#/definitions/BinaryDataFromBuffer"},{"$ref":"#/definitions/BinaryMissingData"}]}},"additionalProperties":false,"required":["offset","offsetRef","type","value"]},"BigNumber":{"type":["string","number"]},"
|
|
1
|
+
{"type":"object","properties":{"$schema":{"type":"string"},"inputFile":{"description":"Path to the input efi file to embed.","type":"string"},"outputFile":{"description":"Path to the output efi file to write.","type":"string"},"skipGenCode":{"description":"Whether to skip generating code","type":"boolean"},"skipExtract":{"description":"Whether to skip extracting source code\n(can be useful if the extraction was already done)","type":"boolean"},"skipMake":{"description":"Whether to skip calling make\n(can be useful to change the code before calling make)","type":"boolean"},"buildFolder":{"description":"Folder where to build the code.\nDefaults to a temporary folder that is removed when the build is finished.","type":"string"},"hashComponents":{"description":"Data to include in the hash for encryption.","type":"array","items":{"$ref":"#/definitions/HashComponent"}},"smbios":{"description":"Path to the input smbios dump file.\nCan be produced by: dmidecode --dump-bin <filePath>","type":"string"},"enrollSecureBoot":{"description":"Secure boot keys to enroll automatically if the system is in setup mode.","$ref":"#/definitions/SecureBootEnrollConfig"}},"additionalProperties":false,"required":["inputFile"],"definitions":{"HashComponent":{"anyOf":[{"$ref":"#/definitions/HashComponentRandom"},{"$ref":"#/definitions/HashEfiVariable"},{"$ref":"#/definitions/HashComponentSmbios"},{"$ref":"#/definitions/HashComponentHardDiskData"},{"$ref":"#/definitions/HashComponentHardDiskSize"},{"$ref":"#/definitions/HashComponentFileData"},{"$ref":"#/definitions/HashComponentFileSize"},{"$ref":"#/definitions/HashComponentMiscStringData"}]},"HashComponentRandom":{"type":"object","properties":{"type":{"type":"string","const":"random"},"length":{"type":"number"}},"additionalProperties":false,"required":["length","type"]},"HashEfiVariable":{"type":"object","properties":{"type":{"type":"string","const":"efivar"},"guid":{"type":"string"},"name":{"type":"string"},"value":{"$ref":"#/definitions/BinaryData"}},"additionalProperties":false,"required":["guid","name","type","value"]},"BinaryData":{"anyOf":[{"$ref":"#/definitions/BinaryDataFromFile"},{"$ref":"#/definitions/BinaryDataFromLiteral"},{"$ref":"#/definitions/BinaryDataFromBuffer"}]},"BinaryDataFromFile":{"type":"object","properties":{"type":{"type":"string","const":"file"},"file":{"type":"string"},"offset":{"type":"number"},"size":{"type":"number"}},"additionalProperties":false,"required":["file","type"]},"BinaryDataFromLiteral":{"type":"object","properties":{"type":{"$ref":"#/definitions/global.BufferEncoding"},"buffer":{"type":"string"}},"additionalProperties":false,"required":["buffer","type"]},"global.BufferEncoding":{"enum":["ascii","base64","base64url","binary","hex","latin1","ucs-2","ucs2","utf-16le","utf-8","utf16le","utf8"],"type":"string"},"BinaryDataFromBuffer":{"type":"object","properties":{"type":{"type":"string","const":"buffer"},"buffer":{"type":"object"}},"additionalProperties":false,"required":["buffer","type"]},"HashComponentSmbios":{"type":"object","properties":{"type":{"type":"string","const":"smbios"},"ref":{"$ref":"#/definitions/SmbiosFieldRef"},"value":{"type":"string"}},"additionalProperties":false,"required":["ref","type"]},"SmbiosFieldRef":{"anyOf":[{"type":"object","properties":{"table":{"$ref":"#/definitions/SmbiosTableRef"},"offset":{"type":"number"},"type":{"enum":["byte","dword","qword","string","uuid","word"],"type":"string"}},"additionalProperties":false,"required":["offset","table","type"]},{"enum":["baseboard-asset-tag","baseboard-manufacturer","baseboard-product-name","baseboard-serial-number","baseboard-version","bios-release-date","bios-revision","bios-vendor","bios-version","chassis-asset-tag","chassis-manufacturer","chassis-serial-number","chassis-version","processor-manufacturer","processor-version","system-family","system-manufacturer","system-product-name","system-serial-number","system-sku-number","system-uuid","system-version"],"type":"string"}]},"SmbiosTableRef":{"anyOf":[{"type":"object","properties":{"handle":{"type":"number"}},"additionalProperties":false,"required":["handle"]},{"type":"object","properties":{"type":{"type":"number"},"index":{"type":"number"}},"additionalProperties":false,"required":["type"]},{"enum":["32-bit Memory Error","64-bit Memory Error","Additional Information","Baseboard","Boot Integrity Services","Built-in Pointing Device","Cache","Chassis","Cooling Device","Electrical Current Probe","Firmware Inventory","Firmware Language","Group Associations","Hardware Security","IPMI Device","Management Controller Host Interface","Management Device","Management Device Component","Management Device Threshold Data","Memory Array Mapped Address","Memory Channel","Memory Controller","Memory Device","Memory Device Mapped Address","Memory Module","OEM Strings","Onboard Devices","Onboard Devices Extended Information","Out-of-band Remote Access","Physical Memory Array","Platform Firmware","Port Connector","Portable Battery","Power Supply","Processor","Processor Additional Information","String Property","System","System Boot","System Configuration Options","System Event Log","System Power Controls","System Reset","System Slots","TPM Device","Temperature Probe","Voltage Probe"],"type":"string"},{"type":"number"}]},"HashComponentHardDiskData":{"type":"object","properties":{"type":{"type":"string","const":"hd-data"},"device":{"type":"string"},"offsetRef":{"enum":["end","start"],"type":"string"},"offset":{"$ref":"#/definitions/BigNumber"},"value":{"anyOf":[{"$ref":"#/definitions/BinaryDataFromFile"},{"$ref":"#/definitions/BinaryDataFromLiteral"},{"$ref":"#/definitions/BinaryDataFromBuffer"},{"$ref":"#/definitions/BinaryMissingData"}]}},"additionalProperties":false,"required":["offset","offsetRef","type","value"]},"BigNumber":{"type":["string","number"]},"BinaryMissingData":{"type":"object","properties":{"type":{"type":"string","const":"missing"},"size":{"type":"number"}},"additionalProperties":false,"required":["type"]},"HashComponentHardDiskSize":{"type":"object","properties":{"type":{"type":"string","const":"hd-size"},"device":{"type":"string"},"value":{"$ref":"#/definitions/BigNumber"}},"additionalProperties":false,"required":["type","value"]},"HashComponentFileData":{"type":"object","properties":{"type":{"type":"string","const":"file-data"},"device":{"type":"string"},"file":{"type":"string"},"offsetRef":{"enum":["end","full","start"],"type":"string"},"offset":{"type":["string","number"]},"value":{"anyOf":[{"$ref":"#/definitions/BinaryDataFromFile"},{"$ref":"#/definitions/BinaryDataFromLiteral"},{"$ref":"#/definitions/BinaryDataFromBuffer"},{"$ref":"#/definitions/BinaryMissingData"}]}},"additionalProperties":false,"required":["file","type","value"]},"HashComponentFileSize":{"type":"object","properties":{"type":{"type":"string","const":"file-size"},"device":{"type":"string"},"file":{"type":"string"},"value":{"$ref":"#/definitions/BigNumber"}},"additionalProperties":false,"required":["file","type","value"]},"HashComponentMiscStringData":{"type":"object","properties":{"type":{"enum":["boot-file","boot-hd-device","boot-partition-device"],"type":"string"},"value":{"type":"string"}},"additionalProperties":false,"required":["type","value"]},"SecureBootEnrollConfig":{"type":"object","properties":{"kek":{"$ref":"#/definitions/BinaryData"},"db":{"$ref":"#/definitions/BinaryData"},"pk":{"$ref":"#/definitions/BinaryData"}},"additionalProperties":false,"required":["db","kek","pk"]}},"$schema":"http://json-schema.org/draft-07/schema#"}
|
package/type.d.ts
CHANGED
|
@@ -26,6 +26,12 @@ export interface HashComponentRandom {
|
|
|
26
26
|
type: "random";
|
|
27
27
|
length: number;
|
|
28
28
|
}
|
|
29
|
+
export interface HashEfiVariable {
|
|
30
|
+
type: "efivar";
|
|
31
|
+
guid: string;
|
|
32
|
+
name: string;
|
|
33
|
+
value: BinaryData;
|
|
34
|
+
}
|
|
29
35
|
export interface HashComponentSmbios {
|
|
30
36
|
type: "smbios";
|
|
31
37
|
ref: SmbiosFieldRef;
|
|
@@ -61,7 +67,12 @@ export interface HashComponentMiscStringData {
|
|
|
61
67
|
type: "boot-hd-device" | "boot-partition-device" | "boot-file";
|
|
62
68
|
value: string;
|
|
63
69
|
}
|
|
64
|
-
export type HashComponent = HashComponentRandom | HashComponentSmbios | HashComponentFileData | HashComponentFileSize | HashComponentHardDiskData | HashComponentHardDiskSize | HashComponentMiscStringData;
|
|
70
|
+
export type HashComponent = HashComponentRandom | HashEfiVariable | HashComponentSmbios | HashComponentFileData | HashComponentFileSize | HashComponentHardDiskData | HashComponentHardDiskSize | HashComponentMiscStringData;
|
|
71
|
+
export interface SecureBootEnrollConfig {
|
|
72
|
+
kek: BinaryData;
|
|
73
|
+
db: BinaryData;
|
|
74
|
+
pk: BinaryData;
|
|
75
|
+
}
|
|
65
76
|
export interface Config {
|
|
66
77
|
$schema?: string;
|
|
67
78
|
/**
|
|
@@ -100,4 +111,8 @@ export interface Config {
|
|
|
100
111
|
* Can be produced by: dmidecode --dump-bin <filePath>
|
|
101
112
|
*/
|
|
102
113
|
smbios?: string;
|
|
114
|
+
/**
|
|
115
|
+
* Secure boot keys to enroll automatically if the system is in setup mode.
|
|
116
|
+
*/
|
|
117
|
+
enrollSecureBoot?: SecureBootEnrollConfig;
|
|
103
118
|
}
|