From a933b1337d5cee38b1d84c739bfa8a8dd1e050b5 Mon Sep 17 00:00:00 2001 From: Dan Scott Date: Wed, 6 Mar 2024 17:08:35 -0800 Subject: [PATCH] Update references to functions in new library files --- chipsec/chipset.py | 4 +- chipsec/config.py | 2 +- chipsec/defines.py | 236 ------------------ chipsec/hal/acpi.py | 2 +- chipsec/hal/cpu.py | 18 +- chipsec/hal/igd.py | 14 +- chipsec/hal/interrupts.py | 6 +- chipsec/hal/iobar.py | 12 +- chipsec/hal/iommu.py | 70 +++--- chipsec/hal/locks.py | 10 +- chipsec/hal/mmio.py | 50 ++-- chipsec/hal/msgbus.py | 30 +-- chipsec/hal/msr.py | 4 +- chipsec/hal/paging.py | 18 +- chipsec/hal/pci.py | 2 +- chipsec/hal/smbios.py | 2 +- chipsec/hal/smbus.py | 84 +++---- chipsec/hal/spi.py | 130 +++++----- chipsec/hal/spi_descriptor.py | 38 +-- chipsec/hal/tpm.py | 2 +- chipsec/hal/ucode.py | 2 +- chipsec/hal/uefi.py | 2 +- chipsec/hal/uefi_common.py | 2 +- chipsec/hal/uefi_fv.py | 2 +- chipsec/hal/uefi_platform.py | 2 +- chipsec/hal/uefi_search.py | 2 +- chipsec/helper/linux/linuxhelper.py | 2 +- .../helper/linuxnative/linuxnativehelper.py | 2 +- chipsec/helper/record/recordhelper.py | 2 +- chipsec/helper/replay/replayhelper.py | 2 +- chipsec/helper/windows/windowshelper.py | 2 +- chipsec/library/defines.py | 7 +- chipsec/library/register.py | 22 +- chipsec/library/returncode.py | 23 +- chipsec/module.py | 2 +- chipsec/modules/common/bios_smi.py | 36 +-- chipsec/modules/common/bios_ts.py | 16 +- chipsec/modules/common/bios_wp.py | 18 +- chipsec/modules/common/cet.py | 20 +- chipsec/modules/common/cpu/cpu_info.py | 16 +- chipsec/modules/common/cpu/ia_untrusted.py | 28 ++- chipsec/modules/common/cpu/spectre_v2.py | 36 +-- chipsec/modules/common/debugenabled.py | 44 ++-- chipsec/modules/common/ia32cfg.py | 24 +- chipsec/modules/common/me_mfg_mode.py | 20 +- chipsec/modules/common/memconfig.py | 26 +- chipsec/modules/common/memlock.py | 24 +- chipsec/modules/common/remap.py | 50 ++-- chipsec/modules/common/rtclock.py | 30 +-- .../modules/common/secureboot/variables.py | 34 +-- chipsec/modules/common/sgx_check.py | 88 +++---- chipsec/modules/common/smm.py | 28 ++- chipsec/modules/common/smm_code_chk.py | 36 +-- chipsec/modules/common/smm_dma.py | 34 +-- chipsec/modules/common/smrr.py | 44 ++-- chipsec/modules/common/spd_wd.py | 30 +-- chipsec/modules/common/spi_access.py | 28 ++- chipsec/modules/common/spi_desc.py | 24 +- chipsec/modules/common/spi_fdopss.py | 24 +- chipsec/modules/common/spi_lock.py | 24 +- .../modules/common/uefi/access_uefispec.py | 20 +- chipsec/modules/common/uefi/s3bootscript.py | 28 ++- chipsec/modules/tools/cpu/sinkhole.py | 76 +++--- chipsec/modules/tools/generate_test_id.py | 22 +- chipsec/modules/tools/secureboot/te.py | 26 +- chipsec/modules/tools/smm/rogue_mmio_bar.py | 16 +- chipsec/modules/tools/smm/smm_ptr.py | 18 +- chipsec/modules/tools/uefi/reputation.py | 14 +- chipsec/modules/tools/uefi/s3script_modify.py | 42 ++-- chipsec/modules/tools/uefi/scan_blocked.py | 14 +- chipsec/modules/tools/uefi/scan_image.py | 3 +- chipsec/modules/tools/uefi/uefivar_fuzz.py | 16 +- chipsec/modules/tools/vmm/common.py | 22 +- chipsec/modules/tools/vmm/cpuid_fuzz.py | 12 +- chipsec/modules/tools/vmm/ept_finder.py | 67 ++--- chipsec/modules/tools/vmm/hv/hypercallfuzz.py | 7 +- chipsec/modules/tools/vmm/hv/synth_dev.py | 7 +- chipsec/modules/tools/vmm/hv/synth_kbd.py | 13 +- chipsec/modules/tools/vmm/hv/vmbus.py | 62 +++-- chipsec/modules/tools/vmm/hv/vmbusfuzz.py | 11 +- chipsec/modules/tools/vmm/hypercallfuzz.py | 14 +- chipsec/modules/tools/vmm/iofuzz.py | 16 +- chipsec/modules/tools/vmm/msr_fuzz.py | 10 +- chipsec/modules/tools/vmm/pcie_fuzz.py | 12 +- .../modules/tools/vmm/pcie_overlap_fuzz.py | 20 +- .../tools/vmm/vbox/vbox_crash_apicbase.py | 18 +- chipsec/modules/tools/vmm/venom.py | 12 +- chipsec/modules/tools/vmm/xen/define.py | 2 +- .../modules/tools/vmm/xen/hypercallfuzz.py | 14 +- chipsec/modules/tools/vmm/xen/xsa188.py | 10 +- chipsec/modules/tools/wsmt.py | 32 ++- chipsec/result_deltas.py | 2 +- chipsec/utilcmd/interrupts_cmd.py | 2 +- chipsec/utilcmd/lock_check_cmd.py | 4 +- chipsec/utilcmd/mem_cmd.py | 2 +- chipsec/utilcmd/reg_cmd.py | 24 +- chipsec/utilcmd/txt_cmd.py | 12 +- chipsec/utilcmd/vmem_cmd.py | 2 +- chipsec_main.py | 14 +- chipsec_util.py | 2 +- docs/create_manual.py | 2 +- .../sphinx/contribution/code-style-python.rst | 3 +- docs/sphinx/development/Developing.rst | 2 +- .../sphinx/development/Sample-Module-Code.rst | 3 +- tests/cfg_checker.py | 2 +- tests/hal/test_cpu.py | 34 +-- tests/modules/test_cpu_info.py | 4 +- tests/modules/test_sgx_check.py | 2 +- 108 files changed, 1114 insertions(+), 1250 deletions(-) delete mode 100644 chipsec/defines.py diff --git a/chipsec/chipset.py b/chipsec/chipset.py index be53beebed..088c971ca5 100644 --- a/chipsec/chipset.py +++ b/chipsec/chipset.py @@ -32,7 +32,7 @@ from chipsec.exceptions import UnknownChipsetError, OsHelperError from chipsec.logger import logger -from chipsec.defines import ARCH_VID +from chipsec.library.defines import ARCH_VID from chipsec.library.register import Register from chipsec.library.lock import Lock from chipsec.library.control import Control @@ -250,5 +250,5 @@ def cs(): global _chipset if _chipset is None: - _chipset: Chipset = Chipset() + _chipset = Chipset() return _chipset diff --git a/chipsec/config.py b/chipsec/config.py index ad820ace6a..8e3e98763a 100644 --- a/chipsec/config.py +++ b/chipsec/config.py @@ -22,7 +22,7 @@ import importlib import os import xml.etree.ElementTree as ET -from chipsec.defines import is_hex +from chipsec.library.defines import is_hex from chipsec.exceptions import CSConfigError from chipsec.file import get_main_dir from chipsec.logger import logger diff --git a/chipsec/defines.py b/chipsec/defines.py deleted file mode 100644 index 42b72b09e9..0000000000 --- a/chipsec/defines.py +++ /dev/null @@ -1,236 +0,0 @@ -# CHIPSEC: Platform Security Assessment Framework -# Copyright (c) 2010-2022, Intel Corporation -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; Version 2. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# Contact information: -# chipsec@intel.com -# - -import struct -import os -import string -import platform -from typing import Dict, Tuple, Optional, AnyStr, Iterable -from chipsec.file import get_main_dir - -BIT0 = 0x0001 -BIT1 = 0x0002 -BIT2 = 0x0004 -BIT3 = 0x0008 -BIT4 = 0x0010 -BIT5 = 0x0020 -BIT6 = 0x0040 -BIT7 = 0x0080 -BIT8 = 0x0100 -BIT9 = 0x0200 -BIT10 = 0x0400 -BIT11 = 0x0800 -BIT12 = 0x1000 -BIT13 = 0x2000 -BIT14 = 0x4000 -BIT15 = 0x8000 -BIT16 = 0x00010000 -BIT17 = 0x00020000 -BIT18 = 0x00040000 -BIT19 = 0x00080000 -BIT20 = 0x00100000 -BIT21 = 0x00200000 -BIT22 = 0x00400000 -BIT23 = 0x00800000 -BIT24 = 0x01000000 -BIT25 = 0x02000000 -BIT26 = 0x04000000 -BIT27 = 0x08000000 -BIT28 = 0x10000000 -BIT29 = 0x20000000 -BIT30 = 0x40000000 -BIT31 = 0x80000000 -BIT32 = 0x100000000 -BIT33 = 0x200000000 -BIT34 = 0x400000000 -BIT35 = 0x800000000 -BIT36 = 0x1000000000 -BIT37 = 0x2000000000 -BIT38 = 0x4000000000 -BIT39 = 0x8000000000 -BIT40 = 0x10000000000 -BIT41 = 0x20000000000 -BIT42 = 0x40000000000 -BIT43 = 0x80000000000 -BIT44 = 0x100000000000 -BIT45 = 0x200000000000 -BIT46 = 0x400000000000 -BIT47 = 0x800000000000 -BIT48 = 0x1000000000000 -BIT49 = 0x2000000000000 -BIT50 = 0x4000000000000 -BIT51 = 0x8000000000000 -BIT52 = 0x10000000000000 -BIT53 = 0x20000000000000 -BIT54 = 0x40000000000000 -BIT55 = 0x80000000000000 -BIT56 = 0x100000000000000 -BIT57 = 0x200000000000000 -BIT58 = 0x400000000000000 -BIT59 = 0x800000000000000 -BIT60 = 0x1000000000000000 -BIT61 = 0x2000000000000000 -BIT62 = 0x4000000000000000 -BIT63 = 0x8000000000000000 - -BOUNDARY_1KB = 0x400 -BOUNDARY_2KB = 0x800 -BOUNDARY_4KB = 0x1000 -BOUNDARY_1MB = 0x100000 -BOUNDARY_2MB = 0x200000 -BOUNDARY_4MB = 0x400000 -BOUNDARY_8MB = 0x800000 -BOUNDARY_16MB = 0x1000000 -BOUNDARY_32MB = 0x2000000 -BOUNDARY_64MB = 0x4000000 -BOUNDARY_128MB = 0x8000000 -BOUNDARY_256MB = 0x10000000 -BOUNDARY_512MB = 0x20000000 -BOUNDARY_1GB = 0x40000000 -BOUNDARY_2GB = 0x80000000 -BOUNDARY_4GB = 0x100000000 - -ALIGNED_4KB = 0xFFF -ALIGNED_1MB = 0xFFFFF -ALIGNED_8MB = 0x7FFFFF -ALIGNED_64MB = 0x3FFFFFF -ALIGNED_128MB = 0x7FFFFFF -ALIGNED_256MB = 0xFFFFFFF - -MASK_8b = 0xFF -MASK_16b = 0xFFFF -MASK_32b = 0xFFFFFFFF -MASK_64b = 0xFFFFFFFFFFFFFFFF - - -def bit(bit_num: int) -> int: - return int(1 << bit_num) - - -def is_set(val: int, bit_mask: int) -> bool: - return bool(val & bit_mask != 0) - - -def is_all_value(values_list, value): - '''Checks if all elements in a list equal a given value''' - return all(n == value for n in values_list) - - -def scan_single_bit_mask(bit_mask: int) -> Optional[int]: - for bit_num in range(0, 7): - if bit_mask >> bit_num == 1: - return bit_num - return None - - -def DB(val: int) -> bytes: - return struct.pack(' bytes: - return struct.pack(' bytes: - return struct.pack(' bytes: - return struct.pack(' str: - if isinstance(mbytes, bytes) or isinstance(mbytes, bytearray): - return mbytes.decode("latin_1") - else: - return mbytes - - -def stringtobytes(mstr: AnyStr) -> bytes: - if isinstance(mstr, str): - return mstr.encode("latin_1") - else: - return mstr - - -def pack1(value: int, size: int) -> bytes: - """Shortcut to pack a single value into a string based on its size.""" - return struct.pack(SIZE2FORMAT[size], value) - - -def unpack1(string: bytes, size: int) -> int: - """Shortcut to unpack a single value from a string based on its size.""" - return struct.unpack(SIZE2FORMAT[size], string)[0] - - -def get_bits(value: int, start: int, nbits: int) -> int: - ret = value >> start - ret &= (1 << nbits) - 1 - return ret - - -def get_version() -> str: - version_strs = [] - chipsec_folder = os.path.abspath(get_main_dir()) - for fname in sorted([x for x in os.listdir(os.path.join(chipsec_folder, "chipsec")) if x.startswith('VERSION')]): - version_file = os.path.join(chipsec_folder, "chipsec", fname) - with open(version_file, "r") as verFile: - version_strs.append(verFile.read().strip()) - return '-'.join(version_strs) - - -def os_version() -> Tuple[str, str, str, str]: - return platform.system(), platform.release(), platform.version(), platform.machine() - - -def is_printable(seq: AnyStr) -> bool: - return set(bytestostring(seq)).issubset(set(string.printable)) - - -def is_hex(maybe_hex: Iterable) -> bool: - return all(char in string.hexdigits for char in maybe_hex) - - -def is_all_ones(value: int, size: int, width: int = 8) -> bool: - mask = (1 << (size * width)) - 1 - return (mask == (mask & value)) - - -def get_message() -> str: - msg_str = "" - chipsec_folder = os.path.abspath(get_main_dir()) - msg_file = os.path.join(chipsec_folder, "chipsec", "MESSAGE") - if os.path.exists(msg_file): - with open(msg_file, "r") as msgFile: - msg_str = msgFile.read() - return msg_str - - -class ARCH_VID: - INTEL = 0x8086 - AMD = 0x1022 diff --git a/chipsec/hal/acpi.py b/chipsec/hal/acpi.py index 31bd226ca3..04fcb20741 100644 --- a/chipsec/hal/acpi.py +++ b/chipsec/hal/acpi.py @@ -29,7 +29,7 @@ from collections import defaultdict from collections import namedtuple -from chipsec.defines import bytestostring +from chipsec.library.defines import bytestostring from chipsec.exceptions import UnimplementedAPIError from chipsec.file import read_file from chipsec.hal import acpi_tables diff --git a/chipsec/hal/cpu.py b/chipsec/hal/cpu.py index c82d737b36..20e86ab1fd 100644 --- a/chipsec/hal/cpu.py +++ b/chipsec/hal/cpu.py @@ -153,8 +153,8 @@ def get_number_sockets_from_APIC_table(self) -> int: # Return SMRR MSR physical base and mask # def get_SMRR(self) -> Tuple[int, int]: - smrambase = self.cs.read_register_field('IA32_SMRR_PHYSBASE', 'PhysBase', True) - smrrmask = self.cs.read_register_field('IA32_SMRR_PHYSMASK', 'PhysMask', True) + smrambase = self.cs.register.read_field('IA32_SMRR_PHYSBASE', 'PhysBase', True) + smrrmask = self.cs.register.read_field('IA32_SMRR_PHYSMASK', 'PhysMask', True) return (smrambase, smrrmask) # @@ -173,13 +173,13 @@ def get_SMRR_SMRAM(self) -> Tuple[int, int, int]: def get_TSEG(self) -> Tuple[int, int, int]: if self.cs.is_server(): # tseg register has base and limit - tseg_base = self.cs.read_register_field('TSEG_BASE', 'base', preserve_field_position=True) - tseg_limit = self.cs.read_register_field('TSEG_LIMIT', 'limit', preserve_field_position=True) + tseg_base = self.cs.register.read_field('TSEG_BASE', 'base', preserve_field_position=True) + tseg_limit = self.cs.register.read_field('TSEG_LIMIT', 'limit', preserve_field_position=True) tseg_limit += 0xFFFFF else: # TSEG base is in TSEGMB, TSEG limit is BGSM - 1 - tseg_base = self.cs.read_register_field('PCI0.0.0_TSEGMB', 'TSEGMB', preserve_field_position=True) - bgsm = self.cs.read_register_field('PCI0.0.0_BGSM', 'BGSM', preserve_field_position=True) + tseg_base = self.cs.register.read_field('PCI0.0.0_TSEGMB', 'TSEGMB', preserve_field_position=True) + bgsm = self.cs.register.read_field('PCI0.0.0_BGSM', 'BGSM', preserve_field_position=True) tseg_limit = bgsm - 1 tseg_size = tseg_limit - tseg_base + 1 @@ -211,10 +211,10 @@ def get_SMRAM(self) -> Tuple[int, int, int]: # Check that SMRR is supported by CPU in IA32_MTRRCAP_MSR[SMRR] # def check_SMRR_supported(self) -> bool: - mtrrcap_msr_reg = self.cs.read_register('MTRRCAP') + mtrrcap_msr_reg = self.cs.register.read('MTRRCAP') if logger().HAL: - self.cs.print_register('MTRRCAP', mtrrcap_msr_reg) - smrr = self.cs.get_register_field('MTRRCAP', mtrrcap_msr_reg, 'SMRR') + self.cs.register.print('MTRRCAP', mtrrcap_msr_reg) + smrr = self.cs.register.get_field('MTRRCAP', mtrrcap_msr_reg, 'SMRR') return (1 == smrr) # diff --git a/chipsec/hal/igd.py b/chipsec/hal/igd.py index 77289422f1..3941f6388c 100644 --- a/chipsec/hal/igd.py +++ b/chipsec/hal/igd.py @@ -47,7 +47,7 @@ def __init__(self, cs): def __identify_device(self) -> Tuple[bool, bool]: if self.enabled is None: try: - self.dev_id = self.cs.read_register("PCI0.2.0_DID") + self.dev_id = self.cs.register.read("PCI0.2.0_DID") self.enabled = (self.dev_id != 0xFFFF) if self.enabled: self.is_legacy = bool(self.dev_id < 0x1600) @@ -57,14 +57,14 @@ def __identify_device(self) -> Tuple[bool, bool]: return (self.enabled, self.is_legacy) def is_enabled(self) -> bool: - if self.cs.register_has_field("PCI0.0.0_DEVEN", "D2EN") and self.cs.register_has_field("PCI0.0.0_CAPID0_A", "IGD"): - if self.cs.read_register_field("PCI0.0.0_DEVEN", "D2EN") == 1 and self.cs.read_register_field("PCI0.0.0_CAPID0_A", "IGD") == 0: + if self.cs.register.has_field("PCI0.0.0_DEVEN", "D2EN") and self.cs.register.has_field("PCI0.0.0_CAPID0_A", "IGD"): + if self.cs.register.read_field("PCI0.0.0_DEVEN", "D2EN") == 1 and self.cs.register.read_field("PCI0.0.0_CAPID0_A", "IGD") == 0: return True - elif self.cs.register_has_field("PCI0.0.0_DEVEN", "D2EN"): - if self.cs.read_register_field("PCI0.0.0_DEVEN", "D2EN") == 1: + elif self.cs.register.has_field("PCI0.0.0_DEVEN", "D2EN"): + if self.cs.register.read_field("PCI0.0.0_DEVEN", "D2EN") == 1: return True - elif self.cs.register_has_field("PCI0.0.0_CAPID0_A", "IGD"): - if self.cs.read_register_field("PCI0.0.0_CAPID0_A", "IGD") == 0: + elif self.cs.register.has_field("PCI0.0.0_CAPID0_A", "IGD"): + if self.cs.register.read_field("PCI0.0.0_CAPID0_A", "IGD") == 0: return True return self.is_device_enabled() diff --git a/chipsec/hal/interrupts.py b/chipsec/hal/interrupts.py index 8d1db0754c..c83235bb71 100644 --- a/chipsec/hal/interrupts.py +++ b/chipsec/hal/interrupts.py @@ -36,7 +36,7 @@ from chipsec.logger import logger, print_buffer_bytes from chipsec.hal.acpi import ACPI from chipsec.hal.acpi_tables import UEFI_TABLE, GAS -from chipsec.defines import bytestostring +from chipsec.library.defines import bytestostring SMI_APMC_PORT = 0xB2 SMI_DATA_PORT = 0xB3 @@ -69,8 +69,8 @@ def send_SMI_APMC(self, SMI_code_port_value: int, SMI_data_port_value: int) -> N def send_NMI(self) -> None: logger().log_hal("[intr] Sending NMI# through TCO1_CTL[NMI_NOW]") - reg, ba = self.cs.get_IO_space("TCOBASE") - tcobase = self.cs.read_register_field(reg, ba) + reg, ba = self.cs.device.get_IO_space("TCOBASE") + tcobase = self.cs.register.read_field(reg, ba) return self.cs.io.write_port_byte(tcobase + NMI_TCO1_CTL + 1, NMI_NOW) def find_ACPI_SMI_Buffer(self) -> Optional[UEFI_TABLE.CommBuffInfo]: diff --git a/chipsec/hal/iobar.py b/chipsec/hal/iobar.py index 26ca028691..92a930ce81 100644 --- a/chipsec/hal/iobar.py +++ b/chipsec/hal/iobar.py @@ -67,25 +67,25 @@ def get_IO_BAR_base_address(self, bar_name: str) -> Tuple[int, int]: if 'base_field' in bar: base_field = bar['base_field'] try: - base = self.cs.read_register_field(bar_reg, base_field, preserve_field_position=True) + base = self.cs.register.read_field(bar_reg, base_field, preserve_field_position=True) except Exception: base = 0 try: - empty_base = self.cs.get_register_field_mask(bar_reg, base_field, preserve_field_position=True) + empty_base = self.cs.register.get_field_mask(bar_reg, base_field, preserve_field_position=True) except Exception: empty_base = 0 else: try: - base = self.cs.read_register(bar_reg) + base = self.cs.register.read(bar_reg) except Exception: base = 0 try: - empty_base = self.cs.get_register_field_mask(bar_reg, preserve_field_position=True) + empty_base = self.cs.register.get_field_mask(bar_reg, preserve_field_position=True) except Exception: empty_base = 0 else: # this method is not preferred - base = self.cs.pci.read_word(self.cs.get_first_bus(bar), bar['dev'], bar['fun'], bar['reg']) + base = self.cs.pci.read_word(self.cs.device.get_first_bus(bar), bar['dev'], bar['fun'], bar['reg']) empty_base = 0xFFFF if 'fixed_address' in bar and (base == empty_base or base == 0): @@ -140,7 +140,7 @@ def is_IO_BAR_enabled(self, bar_name: str) -> bool: bar_reg = bar['register'] if 'enable_field' in bar: bar_en_field = bar['enable_field'] - is_enabled = (1 == self.cs.read_register_field(bar_reg, bar_en_field)) + is_enabled = (1 == self.cs.register.read_field(bar_reg, bar_en_field)) return is_enabled def list_IO_BARs(self) -> None: diff --git a/chipsec/hal/iommu.py b/chipsec/hal/iommu.py index c3f2a4011e..6c6e30cbf6 100644 --- a/chipsec/hal/iommu.py +++ b/chipsec/hal/iommu.py @@ -62,11 +62,11 @@ def is_IOMMU_Engine_Enabled(self, iommu_engine: str) -> bool: return self.mmio.is_MMIO_BAR_defined(vtd_base_name) and self.mmio.is_MMIO_BAR_enabled(vtd_base_name) def is_IOMMU_Translation_Enabled(self, iommu_engine: str) -> bool: - tes = self.cs.read_register_field(f'{IOMMU_ENGINES[iommu_engine]}_GSTS', 'TES') + tes = self.cs.register.read_field(f'{IOMMU_ENGINES[iommu_engine]}_GSTS', 'TES') return (1 == tes) def set_IOMMU_Translation(self, iommu_engine: str, te: int) -> bool: - return self.cs.write_register_field(f'{IOMMU_ENGINES[iommu_engine]}_GCMD', 'TE', te) + return self.cs.register.write_field(f'{IOMMU_ENGINES[iommu_engine]}_GCMD', 'TE', te) def dump_IOMMU_configuration(self, iommu_engine: str) -> None: self.logger.log("==================================================================") @@ -74,61 +74,61 @@ def dump_IOMMU_configuration(self, iommu_engine: str) -> None: self.logger.log(f'[iommu] {iommu_engine} IOMMU Engine Configuration') self.logger.log("==================================================================") self.logger.log(f'Base register (BAR) : {vtd}') - reg = self.cs.read_register(vtd) + reg = self.cs.register.read(vtd) self.logger.log(f'BAR register value : 0x{reg:X}') if reg == 0: return base = self.get_IOMMU_Base_Address(iommu_engine) self.logger.log(f'MMIO base : 0x{base:016X}') self.logger.log("------------------------------------------------------------------") - ver_min = self.cs.read_register_field(f'{vtd}_VER', 'MIN') - ver_max = self.cs.read_register_field(f'{vtd}_VER', 'MAX') + ver_min = self.cs.register.read_field(f'{vtd}_VER', 'MIN') + ver_max = self.cs.register.read_field(f'{vtd}_VER', 'MAX') self.logger.log(f'Version : {ver_max:X}.{ver_min:X}') enabled = self.is_IOMMU_Engine_Enabled(iommu_engine) self.logger.log(f'Engine enabled : {enabled:d}') te = self.is_IOMMU_Translation_Enabled(iommu_engine) self.logger.log(f'Translation enabled : {te:d}') - rtaddr_rta = self.cs.read_register_field(f'{vtd}_RTADDR', 'RTA', True) + rtaddr_rta = self.cs.register.read_field(f'{vtd}_RTADDR', 'RTA', True) self.logger.log(f'Root Table Address : 0x{rtaddr_rta:016X}') - irta = self.cs.read_register_field(f'{vtd}_IRTA', 'IRTA') + irta = self.cs.register.read_field(f'{vtd}_IRTA', 'IRTA') self.logger.log(f'Interrupt Remapping Table : 0x{irta:016X}') self.logger.log("------------------------------------------------------------------") self.logger.log("Protected Memory:") - pmen_epm = self.cs.read_register_field(f'{vtd}_PMEN', 'EPM') - pmen_prs = self.cs.read_register_field(f'{vtd}_PMEN', 'PRS') + pmen_epm = self.cs.register.read_field(f'{vtd}_PMEN', 'EPM') + pmen_prs = self.cs.register.read_field(f'{vtd}_PMEN', 'PRS') self.logger.log(f' Enabled : {pmen_epm:d}') self.logger.log(f' Status : {pmen_prs:d}') - plmbase = self.cs.read_register_field(f'{vtd}_PLMBASE', 'PLMB') - plmlimit = self.cs.read_register_field(f'{vtd}_PLMLIMIT', 'PLML') - phmbase = self.cs.read_register_field(f'{vtd}_PHMBASE', 'PHMB') - phmlimit = self.cs.read_register_field(f'{vtd}_PHMLIMIT', 'PHML') + plmbase = self.cs.register.read_field(f'{vtd}_PLMBASE', 'PLMB') + plmlimit = self.cs.register.read_field(f'{vtd}_PLMLIMIT', 'PLML') + phmbase = self.cs.register.read_field(f'{vtd}_PHMBASE', 'PHMB') + phmlimit = self.cs.register.read_field(f'{vtd}_PHMLIMIT', 'PHML') self.logger.log(f' Low Memory Base : 0x{plmbase:016X}') self.logger.log(f' Low Memory Limit : 0x{plmlimit:016X}') self.logger.log(f' High Memory Base : 0x{phmbase:016X}') self.logger.log(f' High Memory Limit : 0x{phmlimit:016X}') self.logger.log("------------------------------------------------------------------") self.logger.log("Capabilities:\n") - cap_reg = self.cs.read_register(f'{vtd}_CAP') - self.cs.print_register(f'{vtd}_CAP', cap_reg) - ecap_reg = self.cs.read_register(f'{vtd}_ECAP') - self.cs.print_register(f'{vtd}_ECAP', ecap_reg) + cap_reg = self.cs.register.read(f'{vtd}_CAP') + self.cs.register.print(f'{vtd}_CAP', cap_reg) + ecap_reg = self.cs.register.read(f'{vtd}_ECAP') + self.cs.register.print(f'{vtd}_ECAP', ecap_reg) self.logger.log('') def dump_IOMMU_page_tables(self, iommu_engine: str) -> None: vtd = IOMMU_ENGINES[iommu_engine] - if self.cs.read_register(vtd) == 0: + if self.cs.register.read(vtd) == 0: self.logger.log(f'[iommu] {vtd} value is zero') return te = self.is_IOMMU_Translation_Enabled(iommu_engine) self.logger.log(f'[iommu] Translation enabled : {te:d}') - rtaddr_reg = self.cs.read_register(f'{vtd}_RTADDR') - rtaddr_rta = self.cs.get_register_field(f'{vtd}_RTADDR', rtaddr_reg, 'RTA', True) - rtaddr_rtt = self.cs.get_register_field(f'{vtd}_RTADDR', rtaddr_reg, 'RTT') + rtaddr_reg = self.cs.register.read(f'{vtd}_RTADDR') + rtaddr_rta = self.cs.register.get_field(f'{vtd}_RTADDR', rtaddr_reg, 'RTA', True) + rtaddr_rtt = self.cs.register.get_field(f'{vtd}_RTADDR', rtaddr_reg, 'RTT') self.logger.log(f'[iommu] Root Table Address/Type: 0x{rtaddr_rta:016X}/{rtaddr_rtt:X}') - ecap_reg = self.cs.read_register(f'{vtd}_ECAP') - ecs = self.cs.get_register_field(f'{vtd}_ECAP', ecap_reg, 'ECS') - pasid = self.cs.get_register_field(f'{vtd}_ECAP', ecap_reg, 'PASID') + ecap_reg = self.cs.register.read(f'{vtd}_ECAP') + ecs = self.cs.register.get_field(f'{vtd}_ECAP', ecap_reg, 'ECS') + pasid = self.cs.register.get_field(f'{vtd}_ECAP', ecap_reg, 'PASID') self.logger.log(f'[iommu] PASID / ECS : {pasid:X} / {ecs:X}') if 0xFFFFFFFFFFFFFFFF != rtaddr_reg: @@ -149,17 +149,17 @@ def dump_IOMMU_status(self, iommu_engine: str) -> None: self.logger.log('==================================================================') self.logger.log(f'[iommu] {iommu_engine} IOMMU Engine Status:') self.logger.log('==================================================================') - if self.cs.read_register(vtd) == 0: + if self.cs.register.read(vtd) == 0: self.logger.log(f'[iommu] {vtd} value is zero') return None - gsts_reg = self.cs.read_register(f'{vtd}_GSTS') - self.cs.print_register(f'{vtd}_GSTS', gsts_reg) - fsts_reg = self.cs.read_register(f'{vtd}_FSTS') - self.cs.print_register(f'{vtd}_FSTS', fsts_reg) - frcdl_reg = self.cs.read_register(f'{vtd}_FRCDL') - self.cs.print_register(f'{vtd}_FRCDL', frcdl_reg) - frcdh_reg = self.cs.read_register(f'{vtd}_FRCDH') - self.cs.print_register(f'{vtd}_FRCDH', frcdh_reg) - ics_reg = self.cs.read_register(f'{vtd}_ICS') - self.cs.print_register(f'{vtd}_ICS', ics_reg) + gsts_reg = self.cs.register.read(f'{vtd}_GSTS') + self.cs.register.print(f'{vtd}_GSTS', gsts_reg) + fsts_reg = self.cs.register.read(f'{vtd}_FSTS') + self.cs.register.print(f'{vtd}_FSTS', fsts_reg) + frcdl_reg = self.cs.register.read(f'{vtd}_FRCDL') + self.cs.register.print(f'{vtd}_FRCDL', frcdl_reg) + frcdh_reg = self.cs.register.read(f'{vtd}_FRCDH') + self.cs.register.print(f'{vtd}_FRCDH', frcdh_reg) + ics_reg = self.cs.register.read(f'{vtd}_ICS') + self.cs.register.print(f'{vtd}_ICS', ics_reg) return None diff --git a/chipsec/hal/locks.py b/chipsec/hal/locks.py index 43b332c76c..8b6d129b5a 100644 --- a/chipsec/hal/locks.py +++ b/chipsec/hal/locks.py @@ -21,7 +21,7 @@ __version__ = '1.0' from typing import List, Optional -from chipsec.defines import bit, is_set +from chipsec.library.defines import bit, is_set from chipsec.hal.hal_base import HALBase from chipsec.exceptions import CSReadError, HWAccessViolationError @@ -42,15 +42,15 @@ def get_locks(self) -> List[str]: """ Return a list of locks defined within the configuration file """ - return self.cs.get_lock_list() + return self.cs.lock.get_list() def lock_valid(self, lock_name: str, bus: Optional[int] = None) -> int: res = 0 - if self.cs.is_lock_defined(lock_name): + if self.cs.lock.is_defined(lock_name): res |= LockResult.DEFINED try: self.cs.get_locked_value(lock_name) - self.cs.get_lock(lock_name, bus=bus) + self.cs.lock.get(lock_name, bus=bus) res |= LockResult.HAS_CONFIG res |= LockResult.CAN_READ except KeyError: @@ -68,7 +68,7 @@ def is_locked(self, lock_name: str, bus: Optional[int] = None) -> int: res = self.lock_valid(lock_name, bus) if is_set(res, LockResult.HAS_CONFIG) and is_set(res, LockResult.CAN_READ): locked = self.cs.get_locked_value(lock_name) - lock_setting = self.cs.get_lock(lock_name, bus=bus) + lock_setting = self.cs.lock.get(lock_name, bus=bus) if not all(lock_setting[0] == elem for elem in lock_setting): res |= LockResult.INCONSISTENT if all(locked == elem for elem in lock_setting): diff --git a/chipsec/hal/mmio.py b/chipsec/hal/mmio.py index d2a88ed106..289427d407 100644 --- a/chipsec/hal/mmio.py +++ b/chipsec/hal/mmio.py @@ -47,7 +47,7 @@ from chipsec.hal import hal_base from chipsec.exceptions import CSReadError from chipsec.logger import logger -from chipsec.defines import get_bits +from chipsec.library.defines import get_bits DEFAULT_MMIO_BAR_SIZE = 0x1000 @@ -159,7 +159,7 @@ def is_MMIO_BAR_defined(self, bar_name: str) -> bool: _bar = self.cs.Cfg.MMIO_BARS[bar_name] if _bar is not None: if 'register' in _bar: - is_bar_defined = self.cs.is_register_defined(_bar['register']) + is_bar_defined = self.cs.register.is_defined(_bar['register']) elif ('bus' in _bar) and ('dev' in _bar) and ('fun' in _bar) and ('reg' in _bar): # old definition is_bar_defined = True @@ -200,28 +200,28 @@ def get_MMIO_BAR_base_address(self, bar_name: str, bus: Optional[int] = None) -> preserve = True bar_reg = bar['register'] if _bus is None: - _buses = self.cs.get_register_bus(bar_reg) + _buses = self.cs.register.get_bus(bar_reg) _bus = _buses[0] if _buses else None if 'align_bits' in bar: preserve = False if 'base_field' in bar: base_field = bar['base_field'] try: - base = self.cs.read_register_field(bar_reg, base_field, preserve, bus=_bus) + base = self.cs.register.read_field(bar_reg, base_field, preserve, bus=_bus) except CSReadError: base = 0 self.logger.log_hal(f'[mmio] Unable to determine MMIO Base. Using Base = 0x{base:X}') try: - reg_mask = self.cs.get_register_field_mask(bar_reg, base_field, preserve) + reg_mask = self.cs.register.get_field_mask(bar_reg, base_field, preserve) except CSReadError: reg_mask = 0xFFFF self.logger.log_hal(f'[mmio] Unable to determine MMIO Mask. Using Mask = 0x{reg_mask:X}') else: - base = self.cs.read_register(bar_reg, bus=_bus) - reg_mask = self.cs.get_register_field_mask(bar_reg, preserve_field_position=preserve) + base = self.cs.register.read(bar_reg, bus=_bus) + reg_mask = self.cs.register.get_field_mask(bar_reg, preserve_field_position=preserve) if 'limit_field' in bar: limit_field = bar['limit_field'] - limit = self.cs.read_register_field(bar_reg, limit_field, bus=_bus) + limit = self.cs.register.read_field(bar_reg, limit_field, bus=_bus) else: if self.logger.HAL: self.logger.log_warning(f"[mmio] 'limit_field' field not defined for bar, using limit = 0x{limit:X}") @@ -230,7 +230,7 @@ def get_MMIO_BAR_base_address(self, bar_name: str, bus: Optional[int] = None) -> if _bus is not None: b = _bus else: - b = self.cs.get_first_bus(bar) + b = self.cs.device.get_first_bus(bar) d = bar['dev'] f = bar['fun'] r = bar['reg'] @@ -251,9 +251,9 @@ def get_MMIO_BAR_base_address(self, bar_name: str, bus: Optional[int] = None) -> if 'offset' in bar: base = base + bar['offset'] if 'align_bits' in bar: - _buses = self.cs.get_register_bus(bar['base_reg']) + _buses = self.cs.register.get_bus(bar['base_reg']) _bus = _buses[0] if _buses else None - start = self.cs.read_register_field(bar['base_reg'], bar['base_addr'], bus=_bus) + start = self.cs.register.read_field(bar['base_reg'], bar['base_addr'], bus=_bus) start <<= int(bar['base_align']) base <<= int(bar['align_bits']) limit <<= int(bar['align_bits']) @@ -285,13 +285,13 @@ def is_MMIO_BAR_enabled(self, bar_name: str, bus: Optional[int] = None) -> bool: bar_reg = bar['register'] if 'enable_field' in bar: bar_en_field = bar['enable_field'] - is_enabled = (1 == self.cs.read_register_field(bar_reg, bar_en_field, bus=bus)) + is_enabled = (1 == self.cs.register.read_field(bar_reg, bar_en_field, bus=bus)) else: # this method is not preferred (less flexible) if bus is not None: b = bus else: - b = self.cs.get_first_bus(bar) + b = self.cs.device.get_first_bus(bar) d = bar['dev'] f = bar['fun'] r = bar['reg'] @@ -321,12 +321,12 @@ def is_MMIO_BAR_programmed(self, bar_name: str) -> bool: bar_reg = bar['register'] if 'base_field' in bar: base_field = bar['base_field'] - base = self.cs.read_register_field(bar_reg, base_field, preserve_field_position=True) + base = self.cs.register.read_field(bar_reg, base_field, preserve_field_position=True) else: - base = self.cs.read_register(bar_reg) + base = self.cs.register.read(bar_reg) else: # this method is not preferred (less flexible) - b = self.cs.get_first_bus(bar) + b = self.cs.device.get_first_bus(bar) d = bar['dev'] f = bar['fun'] r = bar['reg'] @@ -380,16 +380,16 @@ def list_MMIO_BARs(self) -> None: _bar = self.cs.Cfg.MMIO_BARS[_bar_name] bus_data = [] if 'register' in _bar: - bus_data = self.cs.get_register_bus(_bar['register']) + bus_data = self.cs.register.get_bus(_bar['register']) if not bus_data: - if 'bus' in self.cs.get_register_def(_bar['register']): - bus_data.extend(self.cs.get_register_def(_bar['register'])['bus']) + if 'bus' in self.cs.register.get_def(_bar['register']): + bus_data = [self.cs.register.get_def(_bar['register'])['bus']] elif 'bus' in _bar: bus_data.extend(_bar['bus']) else: continue for bus in bus_data: - bus = self.cs.get_first(bus) + bus = self.cs.device.get_first(bus) try: (_base, _size) = self.get_MMIO_BAR_base_address(_bar_name, bus) except: @@ -402,7 +402,7 @@ def list_MMIO_BARs(self) -> None: if 'offset' in _bar: _s += (f' + 0x{_bar["offset"]:X}') else: - bus_value = self.cs.get_first(_bar["bus"]) + bus_value = self.cs.device.get_first(_bar["bus"]) dev_value = _bar["dev"] fun_value = _bar["fun"] _s = f'{bus_value:02X}:{dev_value:02X}.{fun_value:01X} + {_bar["reg"]}' @@ -415,8 +415,8 @@ def list_MMIO_BARs(self) -> None: def get_MMCFG_base_address(self) -> Tuple[int, int]: (bar_base, bar_size) = self.get_MMIO_BAR_base_address('MMCFG') - if self.cs.register_has_field("PCI0.0.0_PCIEXBAR", "LENGTH") and not self.cs.is_server(): - len = self.cs.read_register_field("PCI0.0.0_PCIEXBAR", "LENGTH") + if self.cs.register.has_field("PCI0.0.0_PCIEXBAR", "LENGTH") and not self.cs.is_server(): + len = self.cs.register.read_field("PCI0.0.0_PCIEXBAR", "LENGTH") if len == PCI_PCIEXBAR_REG_LENGTH_256MB: bar_base &= (PCI_PCIEBAR_REG_MASK << 2) elif len == PCI_PCIEXBAR_REG_LENGTH_128MB: @@ -431,8 +431,8 @@ def get_MMCFG_base_address(self) -> Tuple[int, int]: bar_base &= (PCI_PCIEBAR_REG_MASK << 5) if len == PCI_PCIEXBAR_REG_LENGTH_4096MB: bar_base &= (PCI_PCIEBAR_REG_MASK << 6) - if self.cs.register_has_field("MmioCfgBaseAddr", "BusRange"): - num_buses = self.cs.read_register_field("MmioCfgBaseAddr", "BusRange") + if self.cs.register.has_field("MmioCfgBaseAddr", "BusRange"): + num_buses = self.cs.register.read_field("MmioCfgBaseAddr", "BusRange") if num_buses <= 8: bar_size = 2**20 * 2**num_buses else: diff --git a/chipsec/hal/msgbus.py b/chipsec/hal/msgbus.py index a8040081f8..0599be20a4 100644 --- a/chipsec/hal/msgbus.py +++ b/chipsec/hal/msgbus.py @@ -95,36 +95,36 @@ def __init__(self, cs): def __MB_MESSAGE_MCR(self, port: int, reg: int, opcode: int) -> int: mcr = 0x0 - mcr = self.cs.set_register_field('MSG_CTRL_REG', mcr, 'MESSAGE_WR_BYTE_ENABLES', 0xF) - mcr = self.cs.set_register_field('MSG_CTRL_REG', mcr, 'MESSAGE_ADDRESS_OFFSET', reg) - mcr = self.cs.set_register_field('MSG_CTRL_REG', mcr, 'MESSAGE_PORT', port) - mcr = self.cs.set_register_field('MSG_CTRL_REG', mcr, 'MESSAGE_OPCODE', opcode) + mcr = self.cs.register.set_field('MSG_CTRL_REG', mcr, 'MESSAGE_WR_BYTE_ENABLES', 0xF) + mcr = self.cs.register.set_field('MSG_CTRL_REG', mcr, 'MESSAGE_ADDRESS_OFFSET', reg) + mcr = self.cs.register.set_field('MSG_CTRL_REG', mcr, 'MESSAGE_PORT', port) + mcr = self.cs.register.set_field('MSG_CTRL_REG', mcr, 'MESSAGE_OPCODE', opcode) return mcr def __MB_MESSAGE_MCRX(self, reg: int) -> int: mcrx = 0x0 - mcrx = self.cs.set_register_field('MSG_CTRL_REG_EXT', mcrx, 'MESSAGE_ADDRESS_OFFSET_EXT', (reg >> 8), preserve_field_position=True) + mcrx = self.cs.register.set_field('MSG_CTRL_REG_EXT', mcrx, 'MESSAGE_ADDRESS_OFFSET_EXT', (reg >> 8), preserve_field_position=True) return mcrx def __MB_MESSAGE_MDR(self, data: int) -> int: mdr = 0x0 - mdr = self.cs.set_register_field('MSG_DATA_REG', mdr, 'MESSAGE_DATA', data) + mdr = self.cs.register.set_field('MSG_DATA_REG', mdr, 'MESSAGE_DATA', data) return mdr def __hide_p2sb(self, hide: bool) -> bool: if not self.p2sbHide: - if self.cs.register_has_field("P2SBC", "HIDE"): + if self.cs.register.has_field("P2SBC", "HIDE"): self.p2sbHide = {'reg': 'P2SBC', 'field': 'HIDE'} - elif self.cs.register_has_field("P2SB_HIDE", "HIDE"): + elif self.cs.register.has_field("P2SB_HIDE", "HIDE"): self.p2sbHide = {'reg': 'P2SB_HIDE', 'field': 'HIDE'} else: raise RegisterNotFoundError('RegisterNotFound: P2SBC') - hidden = not self.cs.is_device_enabled('P2SBC') + hidden = not self.cs.device.is_enabled('P2SBC') if hide: - self.cs.write_register_field(self.p2sbHide['reg'], self.p2sbHide['field'], 1) + self.cs.register.write_field(self.p2sbHide['reg'], self.p2sbHide['field'], 1) else: - self.cs.write_register_field(self.p2sbHide['reg'], self.p2sbHide['field'], 0) + self.cs.register.write_field(self.p2sbHide['reg'], self.p2sbHide['field'], 0) return hidden # @@ -187,20 +187,20 @@ def msgbus_reg_write(self, port: int, register: int, data: int) -> None: def mm_msgbus_reg_read(self, port: int, register: int) -> int: was_hidden = False - if self.cs.is_register_defined('P2SBC'): + if self.cs.register.is_defined('P2SBC'): was_hidden = self.__hide_p2sb(False) mmio_addr = self.cs.mmio.get_MMIO_BAR_base_address('SBREGBAR')[0] reg_val = self.cs.mmio.read_MMIO_reg_dword(mmio_addr, ((port & 0xFF) << 16) | (register & 0xFFFF)) - if self.cs.is_register_defined('P2SBC') and was_hidden: + if self.cs.register.is_defined('P2SBC') and was_hidden: self.__hide_p2sb(True) return reg_val def mm_msgbus_reg_write(self, port: int, register: int, data: int) -> Optional[int]: was_hidden = False - if self.cs.is_register_defined('P2SBC'): + if self.cs.register.is_defined('P2SBC'): was_hidden = self.__hide_p2sb(False) mmio_addr = self.cs.mmio.get_MMIO_BAR_base_address('SBREGBAR')[0] reg_val = self.cs.mmio.write_MMIO_reg_dword(mmio_addr, ((port & 0xFF) << 16) | (register & 0xFFFF), data) - if self.cs.is_register_defined('P2SBC') and was_hidden: + if self.cs.register.is_defined('P2SBC') and was_hidden: self.__hide_p2sb(True) return reg_val diff --git a/chipsec/hal/msr.py b/chipsec/hal/msr.py index 93b34bfce8..0f65242efe 100644 --- a/chipsec/hal/msr.py +++ b/chipsec/hal/msr.py @@ -66,7 +66,7 @@ def get_cpu_thread_count(self) -> int: thread_count = self.helper.get_threads_count() if thread_count is None or thread_count < 0: logger().log_hal("helper.get_threads_count didn't return anything. Reading MSR 0x35 to find out number of logical CPUs (use CPUID Leaf B instead?)") - thread_count = self.cs.read_register_field("IA32_MSR_CORE_THREAD_COUNT", "Thread_Count") + thread_count = self.cs.register.read_field("IA32_MSR_CORE_THREAD_COUNT", "Thread_Count") if 0 == thread_count: thread_count = 1 @@ -75,7 +75,7 @@ def get_cpu_thread_count(self) -> int: # @TODO: fix def get_cpu_core_count(self) -> int: - core_count = self.cs.read_register_field("IA32_MSR_CORE_THREAD_COUNT", "Core_Count") + core_count = self.cs.register.read_field("IA32_MSR_CORE_THREAD_COUNT", "Core_Count") return core_count diff --git a/chipsec/hal/paging.py b/chipsec/hal/paging.py index 6c3f531ac6..1a474059ca 100644 --- a/chipsec/hal/paging.py +++ b/chipsec/hal/paging.py @@ -25,16 +25,16 @@ import sys import struct from typing import Dict, List, Optional, Any -import chipsec.defines +import chipsec.library.defines as defines from chipsec.logger import logger from chipsec.exceptions import InvalidMemoryAddress -ADDR_MASK = chipsec.defines.MASK_64b +ADDR_MASK = defines.MASK_64b MAXPHYADDR = 0x000FFFFFFFFFF000 -SIZE_4KB = chipsec.defines.BOUNDARY_4KB -SIZE_2MB = chipsec.defines.BOUNDARY_2MB -SIZE_1GB = chipsec.defines.BOUNDARY_1GB +SIZE_4KB = defines.BOUNDARY_4KB +SIZE_2MB = defines.BOUNDARY_2MB +SIZE_1GB = defines.BOUNDARY_1GB ADDR_4KB = 0xFFFFFFFFFFFFF000 & MAXPHYADDR ADDR_2MB = 0xFFFFFFFFFFE00000 & MAXPHYADDR ADDR_1GB = 0xFFFFFFFFC0000000 & MAXPHYADDR @@ -314,10 +314,10 @@ def read_page_tables(self, ptr: int) -> None: return def is_present(self, entry: int) -> int: - return entry & chipsec.defines.BIT0 + return entry & defines.BIT0 def is_bigpage(self, entry: int) -> int: - return entry & chipsec.defines.BIT7 + return entry & defines.BIT7 def read_pml4(self, addr: int) -> None: pml4 = self.read_entries('pml4', addr) @@ -332,11 +332,11 @@ def read_pml4(self, addr: int) -> None: def get_attr(self, entry: int) -> str: ret = '' - if entry & chipsec.defines.BIT1: + if entry & defines.BIT1: ret += 'W' else: ret += "R" - if entry & chipsec.defines.BIT2: + if entry & defines.BIT2: ret += 'U' else: ret += 'S' diff --git a/chipsec/hal/pci.py b/chipsec/hal/pci.py index 76ea54725f..1817280ebc 100644 --- a/chipsec/hal/pci.py +++ b/chipsec/hal/pci.py @@ -44,7 +44,7 @@ from chipsec.file import write_file from chipsec.hal.pcidb import VENDORS, DEVICES from chipsec.exceptions import OsHelperError -from chipsec.defines import is_all_ones, MASK_16b, MASK_32b, MASK_64b, BOUNDARY_4KB +from chipsec.library.defines import is_all_ones, MASK_16b, MASK_32b, MASK_64b, BOUNDARY_4KB # # PCI configuration header registers diff --git a/chipsec/hal/smbios.py b/chipsec/hal/smbios.py index 9c7caafe88..bc03238a50 100644 --- a/chipsec/hal/smbios.py +++ b/chipsec/hal/smbios.py @@ -25,7 +25,7 @@ import struct from collections import namedtuple from typing import Dict, List, Optional, Tuple, Any, Union, Type -from chipsec.defines import BOUNDARY_1MB, bytestostring +from chipsec.library.defines import BOUNDARY_1MB, bytestostring from chipsec.hal import hal_base, uefi from chipsec.logger import logger diff --git a/chipsec/hal/smbus.py b/chipsec/hal/smbus.py index 8b6efe68d6..811011a27f 100644 --- a/chipsec/hal/smbus.py +++ b/chipsec/hal/smbus.py @@ -67,10 +67,10 @@ def get_SMBus_Base_Address(self) -> int: raise IOBARNotFoundError('IOBARAccessError: SMBUS_BASE') def get_SMBus_HCFG(self) -> int: - if self.cs.is_register_defined('SMBUS_HCFG'): - reg_value = self.cs.read_register('SMBUS_HCFG') + if self.cs.register.is_defined('SMBUS_HCFG'): + reg_value = self.cs.register.read('SMBUS_HCFG') if self.logger.HAL: - self.cs.print_register('SMBUS_HCFG', reg_value) + self.cs.register.print('SMBUS_HCFG', reg_value) return reg_value else: raise RegisterNotFoundError('RegisterNotFound: SMBUS_HCFG') @@ -80,10 +80,10 @@ def display_SMBus_info(self) -> None: self.get_SMBus_HCFG() def is_SMBus_enabled(self) -> bool: - return self.cs.is_device_enabled('SMBUS') + return self.cs.device.is_enabled('SMBUS') def is_SMBus_supported(self) -> bool: - (did, vid) = self.cs.get_DeviceVendorID('SMBUS') + (did, vid) = self.cs.device.get_VendorID('SMBUS') self.logger.log_hal(f'[smbus] SMBus Controller (DID,VID) = (0x{did:04X},0x{vid:04X})') if (0x8086 == vid): return True @@ -93,25 +93,25 @@ def is_SMBus_supported(self) -> bool: def is_SMBus_host_controller_enabled(self) -> int: hcfg = self.get_SMBus_HCFG() - return self.cs.get_register_field("SMBUS_HCFG", hcfg, "HST_EN") + return self.cs.register.get_field("SMBUS_HCFG", hcfg, "HST_EN") def enable_SMBus_host_controller(self) -> None: # Enable SMBus Host Controller Interface in HCFG - reg_value = self.cs.read_register('SMBUS_HCFG') + reg_value = self.cs.register.read('SMBUS_HCFG') if 0 == (reg_value & 0x1): - self.cs.write_register('SMBUS_HCFG', (reg_value | 0x1)) + self.cs.register.write('SMBUS_HCFG', (reg_value | 0x1)) # @TODO: check SBA is programmed sba = self.get_SMBus_Base_Address() # Enable SMBus I/O Space - cmd = self.cs.read_register('SMBUS_CMD') + cmd = self.cs.register.read('SMBUS_CMD') if 0 == (cmd & 0x1): - self.cs.write_register('SMBUS_CMD', (cmd | 0x1)) + self.cs.register.write('SMBUS_CMD', (cmd | 0x1)) def reset_SMBus_controller(self) -> bool: - reg_value = self.cs.read_register('SMBUS_HCFG') - self.cs.write_register('SMBUS_HCFG', reg_value | 0x08) + reg_value = self.cs.register.read('SMBUS_HCFG') + self.cs.register.write('SMBUS_HCFG', reg_value | 0x08) for i in range(SMBUS_POLL_COUNT): - if (self.cs.read_register('SMBUS_HCFG') & 0x08) == 0: + if (self.cs.register.read('SMBUS_HCFG') & 0x08) == 0: return True return False @@ -124,7 +124,7 @@ def _is_smbus_ready(self) -> bool: busy = None for i in range(SMBUS_POLL_COUNT): #time.sleep( SMBUS_POLL_SLEEP_INTERVAL ) - busy = self.cs.read_register_field(self.smb_reg_status, 'BUSY') + busy = self.cs.register.read_field(self.smb_reg_status, 'BUSY') if 0 == busy: return True return 0 == busy @@ -134,10 +134,10 @@ def _wait_for_cycle(self) -> bool: busy = None for i in range(SMBUS_POLL_COUNT): #time.sleep( SMBUS_POLL_SLEEP_INTERVAL ) - sts = self.cs.read_register(self.smb_reg_status) - busy = self.cs.get_register_field(self.smb_reg_status, sts, 'BUSY') - intr = self.cs.get_register_field(self.smb_reg_status, sts, 'INTR') - failed = self.cs.get_register_field(self.smb_reg_status, sts, 'FAILED') + sts = self.cs.register.read(self.smb_reg_status) + busy = self.cs.register.get_field(self.smb_reg_status, sts, 'BUSY') + intr = self.cs.register.get_field(self.smb_reg_status, sts, 'INTR') + failed = self.cs.register.get_field(self.smb_reg_status, sts, 'FAILED') if 0 == busy and 1 == intr: # if self.logger.HAL: # intr = chipsec.chipset.get_register_field( self.cs, self.smb_reg_status, sts, 'INTR' ) @@ -151,13 +151,13 @@ def _wait_for_cycle(self) -> bool: self.logger.log_error("SMBus transaction failed (FAILED/ERROR bit = 1)") return False else: - if self.cs.register_has_field(self.smb_reg_status, 'DEV_ERR'): - if 1 == self.cs.get_register_field(self.smb_reg_status, sts, 'DEV_ERR'): + if self.cs.register.has_field(self.smb_reg_status, 'DEV_ERR'): + if 1 == self.cs.register.get_field(self.smb_reg_status, sts, 'DEV_ERR'): if self.logger.HAL: self.logger.log_error("SMBus device error (invalid cmd, unclaimed cycle or time-out error)") return False - if self.cs.register_has_field(self.smb_reg_status, 'BUS_ERR'): - if 1 == self.cs.get_register_field(self.smb_reg_status, sts, 'BUS_ERR'): + if self.cs.register.has_field(self.smb_reg_status, 'BUS_ERR'): + if 1 == self.cs.register.get_field(self.smb_reg_status, sts, 'BUS_ERR'): if self.logger.HAL: self.logger.log_error("SMBus bus error") return False @@ -165,28 +165,28 @@ def _wait_for_cycle(self) -> bool: def read_byte(self, target_address: int, offset: int) -> int: # clear status bits - self.cs.write_register(self.smb_reg_status, 0xFF) + self.cs.register.write(self.smb_reg_status, 0xFF) # SMBus txn RW direction = Read, SMBus slave address = target_address hst_sa = 0x0 - hst_sa = self.cs.set_register_field(self.smb_reg_address, hst_sa, 'RW', SMBUS_COMMAND_READ) - hst_sa = self.cs.set_register_field(self.smb_reg_address, hst_sa, 'Address', target_address, True) - self.cs.write_register(self.smb_reg_address, hst_sa) + hst_sa = self.cs.register.set_field(self.smb_reg_address, hst_sa, 'RW', SMBUS_COMMAND_READ) + hst_sa = self.cs.register.set_field(self.smb_reg_address, hst_sa, 'Address', target_address, True) + self.cs.register.write(self.smb_reg_address, hst_sa) # command data = byte offset (bus txn address) - self.cs.write_register_field(self.smb_reg_command, 'DataOffset', offset) + self.cs.register.write_field(self.smb_reg_command, 'DataOffset', offset) # command = Byte Data - # if self.cs.register_has_field( self.smb_reg_control, 'SMB_CMD' ): - self.cs.write_register_field(self.smb_reg_control, 'SMB_CMD', SMBUS_COMMAND_BYTE_DATA) + # if self.cs.register.has_field( self.smb_reg_control, 'SMB_CMD' ): + self.cs.register.write_field(self.smb_reg_control, 'SMB_CMD', SMBUS_COMMAND_BYTE_DATA) # send SMBus txn - self.cs.write_register_field(self.smb_reg_control, 'START', 1) + self.cs.register.write_field(self.smb_reg_control, 'START', 1) # wait for cycle to complete if not self._wait_for_cycle(): return 0xFF # read the data - value = self.cs.read_register_field(self.smb_reg_data0, 'Data') + value = self.cs.register.read_field(self.smb_reg_data0, 'Data') # clear status bits - self.cs.write_register(self.smb_reg_status, 0xFF) + self.cs.register.write(self.smb_reg_status, 0xFF) # clear address/offset registers #chipsec.chipset.write_register( self.cs, self.smb_reg_address, 0x0 ) #chipsec.chipset.write_register( self.cs, self.smb_reg_command, 0x0 ) @@ -195,28 +195,28 @@ def read_byte(self, target_address: int, offset: int) -> int: def write_byte(self, target_address: int, offset: int, value: int) -> bool: # clear status bits - self.cs.write_register(self.smb_reg_status, 0xFF) + self.cs.register.write(self.smb_reg_status, 0xFF) # SMBus txn RW direction = Write, SMBus slave address = target_address hst_sa = 0x0 - hst_sa = self.cs.set_register_field(self.smb_reg_address, hst_sa, 'RW', SMBUS_COMMAND_WRITE) - hst_sa = self.cs.set_register_field(self.smb_reg_address, hst_sa, 'Address', target_address, True) - self.cs.write_register(self.smb_reg_address, hst_sa) + hst_sa = self.cs.register.set_field(self.smb_reg_address, hst_sa, 'RW', SMBUS_COMMAND_WRITE) + hst_sa = self.cs.register.set_field(self.smb_reg_address, hst_sa, 'Address', target_address, True) + self.cs.register.write(self.smb_reg_address, hst_sa) # command data = byte offset (bus txn address) - self.cs.write_register_field(self.smb_reg_command, 'DataOffset', offset) + self.cs.register.write_field(self.smb_reg_command, 'DataOffset', offset) # write the data - self.cs.write_register_field(self.smb_reg_data0, 'Data', value) + self.cs.register.write_field(self.smb_reg_data0, 'Data', value) # command = Byte Data - # if self.cs.register_has_field( self.smb_reg_control, 'SMB_CMD' ): - self.cs.write_register_field(self.smb_reg_control, 'SMB_CMD', SMBUS_COMMAND_BYTE_DATA) + # if self.cs.register.has_field( self.smb_reg_control, 'SMB_CMD' ): + self.cs.register.write_field(self.smb_reg_control, 'SMB_CMD', SMBUS_COMMAND_BYTE_DATA) # send SMBus txn - self.cs.write_register_field(self.smb_reg_control, 'START', 1) + self.cs.register.write_field(self.smb_reg_control, 'START', 1) # wait for cycle to complete if not self._wait_for_cycle(): return False # clear status bits - self.cs.write_register(self.smb_reg_status, 0xFF) + self.cs.register.write(self.smb_reg_status, 0xFF) # clear address/offset registers #chipsec.chipset.write_register( self.cs, self.smb_reg_address, 0x0 ) #chipsec.chipset.write_register( self.cs, self.smb_reg_command, 0x0 ) diff --git a/chipsec/hal/spi.py b/chipsec/hal/spi.py index 310aceedf3..ce3039be8f 100644 --- a/chipsec/hal/spi.py +++ b/chipsec/hal/spi.py @@ -45,7 +45,7 @@ import struct import time from typing import Dict, Tuple, Optional -from chipsec.defines import ALIGNED_4KB, BIT0, BIT1, BIT2, BIT5 +from chipsec.library.defines import ALIGNED_4KB, BIT0, BIT1, BIT2, BIT5 from chipsec.file import write_file, read_file from chipsec.logger import print_buffer_bytes from chipsec.hal import hal_base, mmio @@ -202,27 +202,27 @@ def __init__(self, cs): # Reading definitions of SPI flash controller registers # which are required to send SPI cycles once for performance reasons - self.hsfs_off = self.cs.get_register_def("HSFS")['offset'] - self.hsfc_off = self.cs.get_register_def("HSFC")['offset'] - self.faddr_off = self.cs.get_register_def("FADDR")['offset'] - self.fdata0_off = self.cs.get_register_def("FDATA0")['offset'] - self.fdata1_off = self.cs.get_register_def("FDATA1")['offset'] - self.fdata2_off = self.cs.get_register_def("FDATA2")['offset'] - self.fdata3_off = self.cs.get_register_def("FDATA3")['offset'] - self.fdata4_off = self.cs.get_register_def("FDATA4")['offset'] - self.fdata5_off = self.cs.get_register_def("FDATA5")['offset'] - self.fdata6_off = self.cs.get_register_def("FDATA6")['offset'] - self.fdata7_off = self.cs.get_register_def("FDATA7")['offset'] - self.fdata8_off = self.cs.get_register_def("FDATA8")['offset'] - self.fdata9_off = self.cs.get_register_def("FDATA9")['offset'] - self.fdata10_off = self.cs.get_register_def("FDATA10")['offset'] - self.fdata11_off = self.cs.get_register_def("FDATA11")['offset'] - self.fdata12_off = self.cs.get_register_def("FDATA12")['offset'] - self.fdata13_off = self.cs.get_register_def("FDATA13")['offset'] - self.fdata14_off = self.cs.get_register_def("FDATA14")['offset'] - self.fdata15_off = self.cs.get_register_def("FDATA15")['offset'] - self.bios_ptinx = self.cs.get_register_def("BIOS_PTINX")['offset'] - self.bios_ptdata = self.cs.get_register_def("BIOS_PTDATA")['offset'] + self.hsfs_off = self.cs.register.get_def("HSFS")['offset'] + self.hsfc_off = self.cs.register.get_def("HSFC")['offset'] + self.faddr_off = self.cs.register.get_def("FADDR")['offset'] + self.fdata0_off = self.cs.register.get_def("FDATA0")['offset'] + self.fdata1_off = self.cs.register.get_def("FDATA1")['offset'] + self.fdata2_off = self.cs.register.get_def("FDATA2")['offset'] + self.fdata3_off = self.cs.register.get_def("FDATA3")['offset'] + self.fdata4_off = self.cs.register.get_def("FDATA4")['offset'] + self.fdata5_off = self.cs.register.get_def("FDATA5")['offset'] + self.fdata6_off = self.cs.register.get_def("FDATA6")['offset'] + self.fdata7_off = self.cs.register.get_def("FDATA7")['offset'] + self.fdata8_off = self.cs.register.get_def("FDATA8")['offset'] + self.fdata9_off = self.cs.register.get_def("FDATA9")['offset'] + self.fdata10_off = self.cs.register.get_def("FDATA10")['offset'] + self.fdata11_off = self.cs.register.get_def("FDATA11")['offset'] + self.fdata12_off = self.cs.register.get_def("FDATA12")['offset'] + self.fdata13_off = self.cs.register.get_def("FDATA13")['offset'] + self.fdata14_off = self.cs.register.get_def("FDATA14")['offset'] + self.fdata15_off = self.cs.register.get_def("FDATA15")['offset'] + self.bios_ptinx = self.cs.register.get_def("BIOS_PTINX")['offset'] + self.bios_ptdata = self.cs.register.get_def("BIOS_PTDATA")['offset'] self.logger.log_hal("[spi] Reading SPI flash controller registers definitions:") self.logger.log_hal(f' HSFS offset = 0x{self.hsfs_off:04X}') @@ -247,13 +247,13 @@ def spi_reg_write(self, reg: int, value: int, size: int = 4) -> Optional[int]: def get_SPI_region(self, spi_region_id: int) -> Tuple[int, int, int]: freg_name = SPI_REGION[spi_region_id] - if not self.cs.is_register_defined(freg_name): + if not self.cs.register.is_defined(freg_name): return (0, 0, 0) - freg = self.cs.read_register(freg_name) + freg = self.cs.register.read(freg_name) # Region Base corresponds to FLA bits 24:12 - range_base = self.cs.get_register_field(freg_name, freg, 'RB') << SPI_FLA_SHIFT + range_base = self.cs.register.get_field(freg_name, freg, 'RB') << SPI_FLA_SHIFT # Region Limit corresponds to FLA bits 24:12 - range_limit = self.cs.get_register_field(freg_name, freg, 'RL') << SPI_FLA_SHIFT + range_limit = self.cs.register.get_field(freg_name, freg, 'RL') << SPI_FLA_SHIFT # FLA bits 11:0 are assumed to be FFFh for the limit comparison range_limit |= SPI_FLA_PAGE_MASK return (range_base, range_limit, freg) @@ -278,16 +278,16 @@ def get_SPI_Protected_Range(self, pr_num: int) -> Tuple[int, int, int, int, int, return (0, 0, 0, 0, 0, 0) pr_name = f'PR{pr_num:x}' - pr_j_reg = self.cs.get_register_def(pr_name)['offset'] - pr_j = self.cs.read_register(pr_name) + pr_j_reg = self.cs.register.get_def(pr_name)['offset'] + pr_j = self.cs.register.read(pr_name) # Protected Range Base corresponds to FLA bits 24:12 - base = self.cs.get_register_field(pr_name, pr_j, 'PRB') << SPI_FLA_SHIFT + base = self.cs.register.get_field(pr_name, pr_j, 'PRB') << SPI_FLA_SHIFT # Protected Range Limit corresponds to FLA bits 24:12 - limit = self.cs.get_register_field(pr_name, pr_j, 'PRL') << SPI_FLA_SHIFT + limit = self.cs.register.get_field(pr_name, pr_j, 'PRL') << SPI_FLA_SHIFT - wpe = (0 != self.cs.get_register_field(pr_name, pr_j, 'WPE')) - rpe = (0 != self.cs.get_register_field(pr_name, pr_j, 'RPE')) + wpe = (0 != self.cs.register.get_field(pr_name, pr_j, 'WPE')) + rpe = (0 != self.cs.register.get_field(pr_name, pr_j, 'RPE')) # Check if this is a valid PRx config if wpe or rpe: @@ -306,38 +306,38 @@ def display_SPI_Flash_Descriptor(self) -> None: self.logger.log("------------------------------------------------------------") self.logger.log("\nFlash Signature and Descriptor Map:") for j in range(5): - self.cs.write_register('FDOC', (PCH_RCBA_SPI_FDOC_FDSS_FSDM | (j << 2))) - fdod = self.cs.read_register('FDOD') + self.cs.register.write('FDOC', (PCH_RCBA_SPI_FDOC_FDSS_FSDM | (j << 2))) + fdod = self.cs.register.read('FDOD') self.logger.log(f'{fdod:08X}') self.logger.log("\nComponents:") for j in range(3): - self.cs.write_register('FDOC', (PCH_RCBA_SPI_FDOC_FDSS_COMP | (j << 2))) - fdod = self.cs.read_register('FDOD') + self.cs.register.write('FDOC', (PCH_RCBA_SPI_FDOC_FDSS_COMP | (j << 2))) + fdod = self.cs.register.read('FDOD') self.logger.log(f'{fdod:08X}') self.logger.log("\nRegions:") for j in range(5): - self.cs.write_register('FDOC', (PCH_RCBA_SPI_FDOC_FDSS_REGN | (j << 2))) - fdod = self.cs.read_register('FDOD') + self.cs.register.write('FDOC', (PCH_RCBA_SPI_FDOC_FDSS_REGN | (j << 2))) + fdod = self.cs.register.read('FDOD') self.logger.log(f'{fdod:08X}') self.logger.log("\nMasters:") for j in range(3): - self.cs.write_register('FDOC', (PCH_RCBA_SPI_FDOC_FDSS_MSTR | (j << 2))) - fdod = self.cs.read_register('FDOD') + self.cs.register.write('FDOC', (PCH_RCBA_SPI_FDOC_FDSS_MSTR | (j << 2))) + fdod = self.cs.register.read('FDOD') self.logger.log(f'{fdod:08X}') def display_SPI_opcode_info(self) -> None: self.logger.log("============================================================") self.logger.log("SPI Opcode Info") self.logger.log("------------------------------------------------------------") - preop = self.cs.read_register('PREOP') + preop = self.cs.register.read('PREOP') self.logger.log(f'PREOP : 0x{preop:04X}') - optype = self.cs.read_register('OPTYPE') + optype = self.cs.register.read('OPTYPE') self.logger.log(f'OPTYPE: 0x{optype:04X}') - opmenu_lo = self.cs.read_register('OPMENU_LO') - opmenu_hi = self.cs.read_register('OPMENU_HI') + opmenu_lo = self.cs.register.read('OPMENU_LO') + opmenu_hi = self.cs.register.read('OPMENU_HI') opmenu = ((opmenu_hi << 32) | opmenu_lo) self.logger.log(f'OPMENU: 0x{opmenu:016X}') self.logger.log('') @@ -373,9 +373,9 @@ def display_SPI_Flash_Regions(self) -> None: self.logger.log(f'{region_id:d} {name:22} | {freg:08X} | {base:08X} | {limit:08X} ') def display_BIOS_region(self) -> None: - bfpreg = self.cs.read_register('BFPR') - base = self.cs.get_register_field('BFPR', bfpreg, 'PRB') << SPI_FLA_SHIFT - limit = self.cs.get_register_field('BFPR', bfpreg, 'PRL') << SPI_FLA_SHIFT + bfpreg = self.cs.register.read('BFPR') + base = self.cs.register.get_field('BFPR', bfpreg, 'PRB') << SPI_FLA_SHIFT + limit = self.cs.register.get_field('BFPR', bfpreg, 'PRL') << SPI_FLA_SHIFT limit |= SPI_FLA_PAGE_MASK self.logger.log("BIOS Flash Primary Region") self.logger.log("------------------------------------------------------------") @@ -386,13 +386,13 @@ def display_BIOS_region(self) -> None: def display_SPI_Ranges_Access_Permissions(self) -> None: self.logger.log("SPI Flash Region Access Permissions") self.logger.log("------------------------------------------------------------") - fracc = self.cs.read_register('FRAP') + fracc = self.cs.register.read('FRAP') if self.logger.HAL: - self.cs.print_register('FRAP', fracc) - brra = self.cs.get_register_field('FRAP', fracc, 'BRRA') - brwa = self.cs.get_register_field('FRAP', fracc, 'BRWA') - bmrag = self.cs.get_register_field('FRAP', fracc, 'BMRAG') - bmwag = self.cs.get_register_field('FRAP', fracc, 'BMWAG') + self.cs.register.print('FRAP', fracc) + brra = self.cs.register.get_field('FRAP', fracc, 'BRRA') + brwa = self.cs.register.get_field('FRAP', fracc, 'BRWA') + bmrag = self.cs.register.get_field('FRAP', fracc, 'BMRAG') + bmwag = self.cs.register.get_field('FRAP', fracc, 'BMWAG') self.logger.log('') self.logger.log(f'BIOS Region Write Access Grant ({bmwag:02X}):') regions = self.get_SPI_regions() @@ -448,9 +448,9 @@ def display_SPI_map(self) -> None: ############################################################################################################## def display_BIOS_write_protection(self) -> None: - if self.cs.is_register_defined('BC'): - reg_value = self.cs.read_register('BC') - self.cs.print_register('BC', reg_value) + if self.cs.register.is_defined('BC'): + reg_value = self.cs.register.read('BC') + self.cs.register.print('BC', reg_value) else: if self.logger.HAL: self.logger.log_error("Could not locate the definition of 'BIOS Control' register..") @@ -458,9 +458,9 @@ def display_BIOS_write_protection(self) -> None: def disable_BIOS_write_protection(self) -> bool: if self.logger.HAL: self.display_BIOS_write_protection() - ble = self.cs.get_control('BiosLockEnable') - bioswe = self.cs.get_control('BiosWriteEnable') - smmbwp = self.cs.get_control('SmmBiosWriteProtection') + ble = self.cs.control.get('BiosLockEnable') + bioswe = self.cs.control.get('BiosWriteEnable') + smmbwp = self.cs.control.get('SmmBiosWriteProtection') if smmbwp == 1: self.logger.log_hal("[spi] SMM BIOS write protection (SmmBiosWriteProtection) is enabled") @@ -474,10 +474,10 @@ def disable_BIOS_write_protection(self) -> bool: self.logger.log_hal("[spi] BIOS write protection is enabled. Attempting to disable..") # Set BiosWriteEnable control bit - self.cs.set_control('BiosWriteEnable', 1) + self.cs.control.set('BiosWriteEnable', 1) # read BiosWriteEnable back to check if BIOS writes are enabled - bioswe = self.cs.get_control('BiosWriteEnable') + bioswe = self.cs.control.get('BiosWriteEnable') if self.logger.HAL: self.display_BIOS_write_protection() @@ -560,7 +560,7 @@ def _send_spi_cycle(self, hsfctl_spi_cycle_cmd: int, dbc: int, spi_fla: int) -> def check_hardware_sequencing(self) -> None: # Test if the flash decriptor is valid (and hardware sequencing enabled) - fdv = self.cs.read_register_field('HSFS', 'FDV') + fdv = self.cs.register.read_field('HSFS', 'FDV') if fdv == 0: self.logger.log_error("HSFS.FDV is 0, hardware sequencing is disabled") raise SpiRuntimeError("Chipset does not support hardware sequencing") @@ -733,7 +733,7 @@ def get_SPI_SFDP(self) -> bool: self.logger.log(" * Parameter Header 1 (JEDEC)") self.logger.log(f' ** Parameter version number: {param1_major_version}.{param1_minor_version}') self.logger.log(f' ** Parameter length in double words: {hex(param1_length)}') - if (num_of_param_headers > 1) and self.cs.register_has_field('HSFS', 'FCYCLE'): + if (num_of_param_headers > 1) and self.cs.register.has_field('HSFS', 'FCYCLE'): self.check_hardware_sequencing() self.spi_reg_write(self.fdata12_off, 0x00000000) self.spi_reg_write(self.fdata13_off, 0x00000000) @@ -770,7 +770,7 @@ def get_SPI_SFDP(self) -> bool: for count in range(1, param1_length + 1): sfdp_data = self.ptmesg(offset) offset += 4 - self.cs.print_register(f'DWORD{count}', sfdp_data) + self.cs.register.print(f'DWORD{count}', sfdp_data) return ret # @@ -779,7 +779,7 @@ def get_SPI_SFDP(self) -> bool: def get_SPI_JEDEC_ID(self) -> int: - if self.cs.register_has_field('HSFS', 'FCYCLE'): + if self.cs.register.has_field('HSFS', 'FCYCLE'): self.check_hardware_sequencing() if not self._send_spi_cycle(HSFCTL_JEDEC_CYCLE, 4, 0): diff --git a/chipsec/hal/spi_descriptor.py b/chipsec/hal/spi_descriptor.py index 38f5a20709..ac6c117a22 100644 --- a/chipsec/hal/spi_descriptor.py +++ b/chipsec/hal/spi_descriptor.py @@ -109,13 +109,13 @@ def parse_spi_flash_descriptor(cs, rom: bytes) -> None: flmap0 = struct.unpack_from('=I', fd[0x14:0x18])[0] flmap1 = struct.unpack_from('=I', fd[0x18:0x1C])[0] flmap2 = struct.unpack_from('=I', fd[0x1C:0x20])[0] - cs.print_register('FLMAP0', flmap0) - cs.print_register('FLMAP1', flmap1) - cs.print_register('FLMAP2', flmap2) + cs.register.print('FLMAP0', flmap0) + cs.register.print('FLMAP1', flmap1) + cs.register.print('FLMAP2', flmap2) - fcba = cs.get_register_field('FLMAP0', flmap0, 'FCBA') - nc = cs.get_register_field('FLMAP0', flmap0, 'NC') - frba = cs.get_register_field('FLMAP0', flmap0, 'FRBA') + fcba = cs.register.get_field('FLMAP0', flmap0, 'FCBA') + nc = cs.register.get_field('FLMAP0', flmap0, 'NC') + frba = cs.register.get_field('FLMAP0', flmap0, 'FRBA') fcba = fcba << 4 frba = frba << 4 nc += 1 @@ -127,17 +127,17 @@ def parse_spi_flash_descriptor(cs, rom: bytes) -> None: logger().log(f' Number of Flash Components : {nc:d}') nr = spi.SPI_REGION_NUMBER_IN_FD - if cs.register_has_field('FLMAP0', 'NR'): - nr = cs.get_register_field('FLMAP0', flmap0, 'NR') + if cs.register.has_field('FLMAP0', 'NR'): + nr = cs.register.get_field('FLMAP0', flmap0, 'NR') if nr == 0: logger().log_warning('only 1 region (FD) is found. Looks like flash descriptor binary is from Skylake platform or later. Try with option --platform') nr += 1 logger().log(f' Number of Regions : {nr:d}') - fmba = cs.get_register_field('FLMAP1', flmap1, 'FMBA') - nm = cs.get_register_field('FLMAP1', flmap1, 'NM') - fpsba = cs.get_register_field('FLMAP1', flmap1, 'FPSBA') - psl = cs.get_register_field('FLMAP1', flmap1, 'PSL') + fmba = cs.register.get_field('FLMAP1', flmap1, 'FMBA') + nm = cs.register.get_field('FLMAP1', flmap1, 'NM') + fpsba = cs.register.get_field('FLMAP1', flmap1, 'FPSBA') + psl = cs.register.get_field('FLMAP1', flmap1, 'PSL') fmba = fmba << 4 fpsba = fpsba << 4 logger().log(f' Flash Master Base Address : 0x{fmba:08X}') @@ -145,8 +145,8 @@ def parse_spi_flash_descriptor(cs, rom: bytes) -> None: logger().log(f' Flash PCH Strap Base Address: 0x{fpsba:08X}') logger().log(f' PCH Strap Length : 0x{psl:X}') - fcpusba = cs.get_register_field('FLMAP2', flmap2, 'FCPUSBA') - cpusl = cs.get_register_field('FLMAP2', flmap2, 'CPUSL') + fcpusba = cs.register.get_field('FLMAP2', flmap2, 'FCPUSBA') + cpusl = cs.register.get_field('FLMAP2', flmap2, 'CPUSL') logger().log(f' Flash CPU Strap Base Address: 0x{fcpusba:08X}') logger().log(f' CPU Strap Length : 0x{cpusl:X}') @@ -175,10 +175,10 @@ def parse_spi_flash_descriptor(cs, rom: bytes) -> None: for r in range(nr): flreg_off = frba + r * 4 flreg = struct.unpack_from('=I', fd[flreg_off:flreg_off + 0x4])[0] - if not cs.is_register_defined(f'FLREG{r:d}'): + if not cs.register.is_defined(f'FLREG{r:d}'): continue - base = cs.get_register_field((f'FLREG{r:d}'), flreg, 'RB') << spi.SPI_FLA_SHIFT - limit = cs.get_register_field((f'FLREG{r:d}'), flreg, 'RL') << spi.SPI_FLA_SHIFT + base = cs.register.get_field((f'FLREG{r:d}'), flreg, 'RB') << spi.SPI_FLA_SHIFT + limit = cs.register.get_field((f'FLREG{r:d}'), flreg, 'RL') << spi.SPI_FLA_SHIFT notused = '(not used)' if base > limit or flreg == 0xFFFFFFFF else '' flregs[r] = (flreg, base, limit, notused) logger().log(f'+ 0x{flreg_off:04X} FLREG{r:d} : 0x{flreg:08X} {notused}') @@ -203,8 +203,8 @@ def parse_spi_flash_descriptor(cs, rom: bytes) -> None: for m in range(nm): flmstr_off = fmba + m * 4 flmstr = struct.unpack_from('=I', fd[flmstr_off:flmstr_off + 0x4])[0] - master_region_ra = cs.get_register_field('FLMSTR1', flmstr, 'MRRA') - master_region_wa = cs.get_register_field('FLMSTR1', flmstr, 'MRWA') + master_region_ra = cs.register.get_field('FLMSTR1', flmstr, 'MRRA') + master_region_wa = cs.register.get_field('FLMSTR1', flmstr, 'MRWA') flmstrs[m] = (master_region_ra, master_region_wa) logger().log(f'+ 0x{flmstr_off:04X} FLMSTR{m + 1:d} : 0x{flmstr:08X}') diff --git a/chipsec/hal/tpm.py b/chipsec/hal/tpm.py index ce9d971ff7..df40730da7 100644 --- a/chipsec/hal/tpm.py +++ b/chipsec/hal/tpm.py @@ -357,7 +357,7 @@ def log_register_header(self, register_name: str, locality: str) -> None: def dump_register(self, register_name: str, locality: str) -> None: self.cs.Cfg.REGISTERS[register_name]['address'] = self.cs.Cfg.REGISTERS[register_name]['address'] ^ LOCALITY[locality] - register = self.cs.read_register_dict(register_name) + register = self.cs.register.read_dict(register_name) self.log_register_header(register_name, locality) diff --git a/chipsec/hal/ucode.py b/chipsec/hal/ucode.py index 915f7b8d7e..50295c9628 100644 --- a/chipsec/hal/ucode.py +++ b/chipsec/hal/ucode.py @@ -90,7 +90,7 @@ def __init__(self, cs): # @TODO remove later/replace with msr.get_cpu_thread_count() def get_cpu_thread_count(self) -> int: - thread_count = self.cs.read_register_field("IA32_MSR_CORE_THREAD_COUNT", "Thread_Count") + thread_count = self.cs.register.read_field("IA32_MSR_CORE_THREAD_COUNT", "Thread_Count") return thread_count def ucode_update_id(self, cpu_thread_id: int) -> int: diff --git a/chipsec/hal/uefi.py b/chipsec/hal/uefi.py index ca340c07a6..0718ec0c50 100644 --- a/chipsec/hal/uefi.py +++ b/chipsec/hal/uefi.py @@ -37,7 +37,7 @@ from chipsec.hal.uefi_common import EFI_DXE_SERVICES_TABLE_SIGNATURE, EFI_CONFIGURATION_TABLE, ACPI_VARIABLE_SET_STRUCT_SIZE from chipsec.logger import logger, print_buffer_bytes from chipsec.file import write_file, read_file -from chipsec.defines import bytestostring +from chipsec.library.defines import bytestostring from chipsec.helper.oshelper import OsHelperError diff --git a/chipsec/hal/uefi_common.py b/chipsec/hal/uefi_common.py index 9223c847dc..4a8bd01412 100644 --- a/chipsec/hal/uefi_common.py +++ b/chipsec/hal/uefi_common.py @@ -32,7 +32,7 @@ from chipsec.file import read_file, write_file from chipsec.logger import logger, dump_buffer, dump_buffer_bytes -from chipsec.defines import bytestostring +from chipsec.library.defines import bytestostring # from chipsec.helper.oshelper import helper diff --git a/chipsec/hal/uefi_fv.py b/chipsec/hal/uefi_fv.py index b2e5dfeaf6..c61139947e 100644 --- a/chipsec/hal/uefi_fv.py +++ b/chipsec/hal/uefi_fv.py @@ -26,7 +26,7 @@ import struct from typing import Optional, Tuple from uuid import UUID -from chipsec.defines import bytestostring +from chipsec.library.defines import bytestostring from chipsec.hal.uefi_common import get_3b_size, bit_set, align from chipsec.logger import logger diff --git a/chipsec/hal/uefi_platform.py b/chipsec/hal/uefi_platform.py index cf978fa646..b4fc1a54e9 100644 --- a/chipsec/hal/uefi_platform.py +++ b/chipsec/hal/uefi_platform.py @@ -26,7 +26,7 @@ from collections import namedtuple from uuid import UUID from typing import Dict, List, Tuple, Optional, Union, Any -from chipsec import defines +from chipsec.library import defines from chipsec.logger import logger from chipsec.hal.uefi_common import bit_set, VARIABLE_SIGNATURE_VSS, S3BootScriptOpcode_MDE, op_io_pci_mem, S3BootScriptOpcode_EdkCompat, EFI_GUID_STR, EFI_GUID_SIZE from chipsec.hal.uefi_common import op_stall, op_dispatch, op_terminate, op_mem_poll, op_unknown, get_3b_size, get_nvar_name, op_smbus_execute, script_width_formats diff --git a/chipsec/hal/uefi_search.py b/chipsec/hal/uefi_search.py index 4d0008beed..250bc93e30 100644 --- a/chipsec/hal/uefi_search.py +++ b/chipsec/hal/uefi_search.py @@ -36,7 +36,7 @@ from uuid import UUID from typing import Dict, Callable, Optional, Any -from chipsec import defines +from chipsec.library import defines from chipsec.hal.spi_uefi import EFI_SECTION from chipsec.logger import logger diff --git a/chipsec/helper/linux/linuxhelper.py b/chipsec/helper/linux/linuxhelper.py index 920197c860..a20a0bc959 100644 --- a/chipsec/helper/linux/linuxhelper.py +++ b/chipsec/helper/linux/linuxhelper.py @@ -37,7 +37,7 @@ from typing import Dict, List, Optional, Tuple, Iterable, TYPE_CHECKING if TYPE_CHECKING: from chipsec.library.types import EfiVariableType -from chipsec import defines +from chipsec.library import defines from chipsec.helper.oshelper import get_tools_path from chipsec.exceptions import OsHelperError, UnimplementedAPIError from chipsec.helper.basehelper import Helper diff --git a/chipsec/helper/linuxnative/linuxnativehelper.py b/chipsec/helper/linuxnative/linuxnativehelper.py index cec223eb12..7c646421c2 100644 --- a/chipsec/helper/linuxnative/linuxnativehelper.py +++ b/chipsec/helper/linuxnative/linuxnativehelper.py @@ -30,7 +30,7 @@ import sys from typing import Optional, Tuple -from chipsec import defines +from chipsec.library import defines from chipsec.exceptions import OsHelperError from chipsec.helper.basehelper import Helper from chipsec.helper.linuxnative.cpuid import CPUID diff --git a/chipsec/helper/record/recordhelper.py b/chipsec/helper/record/recordhelper.py index 1ee210f696..d7fee8be73 100644 --- a/chipsec/helper/record/recordhelper.py +++ b/chipsec/helper/record/recordhelper.py @@ -20,7 +20,7 @@ from datetime import datetime from chipsec.logger import logger -from chipsec.defines import bytestostring +from chipsec.library.defines import bytestostring from chipsec.helper.basehelper import Helper from chipsec.helper.oshelper import helper from chipsec.file import read_file, write_file diff --git a/chipsec/helper/replay/replayhelper.py b/chipsec/helper/replay/replayhelper.py index 92429145f8..e636d4a613 100644 --- a/chipsec/helper/replay/replayhelper.py +++ b/chipsec/helper/replay/replayhelper.py @@ -19,7 +19,7 @@ from errno import EACCES, EFAULT from glob import glob from typing import Any, Dict, List, Optional, Tuple -from chipsec.defines import stringtobytes +from chipsec.library.defines import stringtobytes from chipsec.exceptions import OsHelperError from chipsec.file import read_file from chipsec.logger import logger diff --git a/chipsec/helper/windows/windowshelper.py b/chipsec/helper/windows/windowshelper.py index f46eabf72c..800627555a 100644 --- a/chipsec/helper/windows/windowshelper.py +++ b/chipsec/helper/windows/windowshelper.py @@ -47,7 +47,7 @@ from chipsec.exceptions import OsHelperError, HWAccessViolationError, UnimplementedAPIError from chipsec.helper.basehelper import Helper -from chipsec.defines import stringtobytes, bytestostring +from chipsec.library.defines import stringtobytes, bytestostring from chipsec.logger import logger import chipsec.file from chipsec.hal.uefi_common import EFI_GUID_STR diff --git a/chipsec/library/defines.py b/chipsec/library/defines.py index aaaed59e08..3502d6652a 100644 --- a/chipsec/library/defines.py +++ b/chipsec/library/defines.py @@ -22,7 +22,7 @@ import os import string import platform -from typing import Dict, Tuple, Optional, AnyStr, Iterable +from typing import Any, Dict, Tuple, Optional, AnyStr, Iterable from chipsec.file import get_main_dir BIT0 = 0x0001 @@ -226,6 +226,11 @@ def get_message() -> str: return msg_str +def is_all_value(value_list: list, value: Any) -> bool: + '''Checks if all elements in a list are equal to a given value''' + return all(n == value for n in value_list) + + class ARCH_VID: INTEL = 0x8086 AMD = 0x1022 diff --git a/chipsec/library/register.py b/chipsec/library/register.py index 9ca09f51e8..fef96e35bb 100644 --- a/chipsec/library/register.py +++ b/chipsec/library/register.py @@ -71,16 +71,16 @@ def is_device_enabled(self, reg_name: str, bus: Optional[int]=None) -> bool: return self.cs.mmio.is_MMIO_BAR_enabled(bar_name, bus) return False - def get_pci_def(self, reg_def: Dict[str, Any], dev_name: str) -> Dict[str, Any]: + def _get_pci_def(self, reg_def: Dict[str, Any], dev_name: str) -> Dict[str, Any]: '''Return Bus Dev Fun of a PCI register''' if dev_name in self.cs.Cfg.CONFIG_PCI: dev = self.cs.Cfg.CONFIG_PCI[dev_name] - reg_def['bus'] = self.cs.get_first_bus(dev) + reg_def['bus'] = self.cs.device.get_first_bus(dev) reg_def['dev'] = dev['dev'] reg_def['fun'] = dev['fun'] return reg_def - def get_memory_def(self, reg_def: Dict[str, Any], dev_name: str) -> Dict[str, Any]: + def _get_memory_def(self, reg_def: Dict[str, Any], dev_name: str) -> Dict[str, Any]: '''Return address access of a MEM register''' if dev_name in self.cs.Cfg.MEMORY_RANGES: dev = self.cs.Cfg.MEMORY_RANGES[dev_name] @@ -90,7 +90,7 @@ def get_memory_def(self, reg_def: Dict[str, Any], dev_name: str) -> Dict[str, An logger().log_error(f'Memory device {dev_name} not found') return reg_def - def get_indirect_def(self, reg_def: Dict[str, Any], dev_name: str) -> Dict[str, Any]: + def _get_indirect_def(self, reg_def: Dict[str, Any], dev_name: str) -> Dict[str, Any]: '''Return base index data of a IMA register''' if dev_name in self.cs.Cfg.IMA_REGISTERS: dev = self.cs.Cfg.IMA_REGISTERS[dev_name] @@ -116,11 +116,11 @@ def get_def(self, reg_name: str) -> Dict[str, Any]: if "device" in reg_def: dev_name = reg_def["device"] if reg_def["type"] in ["pcicfg", "mmcfg"]: - reg_def = self.get_pci_def(reg_def, dev_name) + reg_def = self._get_pci_def(reg_def, dev_name) elif reg_def["type"] == "memory": - reg_def = self.get_memory_def(reg_def, dev_name) + reg_def = self._get_memory_def(reg_def, dev_name) elif reg_def["type"] == "indirect": - reg_def = self.get_indirect_def(reg_def, dev_name) + reg_def = self._get_indirect_def(reg_def, dev_name) return reg_def def get_bus(self, reg_name: str) -> List[int]: @@ -139,9 +139,9 @@ def _read_pci(self, bus: Optional[int], reg: Dict[str, Any], rtype: str, do_chec '''Returns PCI register value''' reg_value = 0 if bus is not None: - b = self.cs.get_first(bus) + b = self.cs.device.get_first(bus) else: - b = self.cs.get_first_bus(reg) + b = self.cs.device.get_first_bus(reg) d = reg['dev'] f = reg['fun'] o = reg['offset'] @@ -272,7 +272,7 @@ def _write_pci(self, bus: Optional[int], reg: Dict[str, Any], rtype: str, reg_va if bus is not None: b = bus else: - b = self.cs.get_first_bus(reg) + b = self.cs.device.get_first_bus(reg) d = reg['dev'] f = reg['fun'] o = reg['offset'] @@ -555,7 +555,7 @@ def print(self, reg_name: str, reg_val: int, bus: Optional[int]=None, cpu_thread if bus is not None: b = bus else: - b = self.cs.get_first_bus(reg) + b = self.cs.device.get_first_bus(reg) d = reg['dev'] f = reg['fun'] o = reg['offset'] diff --git a/chipsec/library/returncode.py b/chipsec/library/returncode.py index afd152c75b..f3ab611199 100644 --- a/chipsec/library/returncode.py +++ b/chipsec/library/returncode.py @@ -24,7 +24,7 @@ """ from enum import Enum -from chipsec.defines import bit, is_set +from chipsec.library.defines import bit, is_set from chipsec.logger import logger from hashlib import sha256 @@ -91,23 +91,30 @@ def buildReturnCode(self) -> None: self.setTestID() self.printLogOutput() + def resetReturnCodeValues(self): + self.id = 0x0 + self._result = 0x00000000 + self._return_code = self.status.SUCCESS.value[0] + def getReturnCode(self, result: int) -> int: if self.cs.using_return_codes: self.buildReturnCode() else: self._return_code = result - return self._return_code + ret_value = self._return_code + self.resetReturnCodeValues() + return ret_value # ------------------------------------------------------- # Legacy results # ------------------------------------------------------- class ModuleResult(Enum): - FAILED = 0, - PASSED = 1, - WARNING = 2, - DEPRECATED = 4, - INFORMATION = 5, - NOTAPPLICABLE = 6, + FAILED = 0 + PASSED = 1 + WARNING = 2 + DEPRECATED = 4 + INFORMATION = 5 + NOTAPPLICABLE = 6 ERROR = -1 result_priority = { diff --git a/chipsec/module.py b/chipsec/module.py index 70e94b62f5..e1c5d82597 100644 --- a/chipsec/module.py +++ b/chipsec/module.py @@ -22,7 +22,7 @@ import re import traceback import chipsec.logger -from chipsec.module_common import ModuleResult +from chipsec.library.returncode import ModuleResult _importlib = True try: diff --git a/chipsec/modules/common/bios_smi.py b/chipsec/modules/common/bios_smi.py index d5d8ed7c18..08278694b5 100644 --- a/chipsec/modules/common/bios_smi.py +++ b/chipsec/modules/common/bios_smi.py @@ -42,7 +42,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS, MTAG_SMM +from chipsec.module_common import BaseModule, MTAG_BIOS, MTAG_SMM +from chipsec.library.returncode import ModuleResult from typing import List @@ -53,15 +54,16 @@ class bios_smi(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x744c3dc, 'https://chipsec.github.io/modules/chipsec.modules.common.bios_smi.html') + self.result.id = 0x744c3dc + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.bios_smi.html' def is_supported(self) -> bool: - if not self.cs.is_control_defined('SmmBiosWriteProtection') or \ - not self.cs.is_control_defined('TCOSMILock') or \ - not self.cs.is_control_defined('SMILock') or \ - not self.cs.is_control_defined('BiosWriteEnable'): - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + if not self.cs.control.is_defined('SmmBiosWriteProtection') or \ + not self.cs.control.is_defined('TCOSMILock') or \ + not self.cs.control.is_defined('SMILock') or \ + not self.cs.control.is_defined('BiosWriteEnable'): + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) self.logger.log_important('Required controls not defined for platform. Skipping module.') return False return True @@ -71,7 +73,7 @@ def check_SMI_locks(self) -> int: # # Checking SMM_BWP first in BIOS control to warn if SMM write-protection of the BIOS is not enabled # - smm_bwp = self.cs.get_control('SmmBiosWriteProtection') + smm_bwp = self.cs.control.get('SmmBiosWriteProtection') if 0 == smm_bwp: self.logger.log_bad("SMM BIOS region write protection has not been enabled (SMM_BWP is not used)\n") else: @@ -83,10 +85,10 @@ def check_SMI_locks(self) -> int: # # Checking if global SMI and TCO SMI are enabled (GBL_SMI_EN and TCO_EN bits in SMI_EN register) # - if self.cs.is_control_defined('TCOSMIEnable') and self.cs.is_control_defined('GlobalSMIEnable'): + if self.cs.control.is_defined('TCOSMIEnable') and self.cs.control.is_defined('GlobalSMIEnable'): self.logger.log("[*] Checking SMI enables..") - tco_en = self.cs.get_control('TCOSMIEnable') - gbl_smi_en = self.cs.get_control('GlobalSMIEnable') + tco_en = self.cs.control.get('TCOSMIEnable') + gbl_smi_en = self.cs.control.get('GlobalSMIEnable') self.logger.log(f" Global SMI enable: {gbl_smi_en:d}") self.logger.log(f" TCO SMI enable : {tco_en:d}") @@ -107,7 +109,7 @@ def check_SMI_locks(self) -> int: # # Checking TCO_LOCK # - tco_lock = self.cs.get_control('TCOSMILock') + tco_lock = self.cs.control.get('TCOSMILock') if tco_lock != 1: ok = False self.logger.log_bad("TCO SMI event configuration is not locked. TCO SMI events can be disabled") @@ -117,7 +119,7 @@ def check_SMI_locks(self) -> int: # # Checking SMI_LOCK # - smi_lock = self.cs.get_control('SMILock') + smi_lock = self.cs.control.get('SMILock') if smi_lock != 1: ok = False self.logger.log_bad("SMI events global configuration is not locked. SMI events can be disabled") @@ -130,14 +132,14 @@ def check_SMI_locks(self) -> int: self.logger.log_passed("All required SMI sources seem to be enabled and locked") elif ok and warn: res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + self.result.setStatusBit(self.result.status.VERIFY) self.logger.log_warning("One or more warnings detected when checking SMI enable state") else: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) self.logger.log_failed("Not all required SMI sources are enabled and locked") - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) def run(self, module_argv: List[str]) -> int: self.logger.start_test("SMI Events Configuration") diff --git a/chipsec/modules/common/bios_ts.py b/chipsec/modules/common/bios_ts.py index 06b2eff6ac..2dd5140457 100644 --- a/chipsec/modules/common/bios_ts.py +++ b/chipsec/modules/common/bios_ts.py @@ -51,7 +51,7 @@ def __init__(self): self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.bios_ts.html' def is_supported(self) -> bool: - if self.cs.is_control_defined('BiosInterfaceLockDown'): + if self.cs.control.is_defined('BiosInterfaceLockDown'): return True self.logger.log_important('BiosInterfaceLockDown control not defined for platform. Skipping module.') self.result.setStatusBit(self.result.status.NOT_APPLICABLE) @@ -59,23 +59,23 @@ def is_supported(self) -> bool: return False def check_bios_iface_lock(self) -> int: - bild = self.cs.get_control('BiosInterfaceLockDown') + bild = self.cs.control.get('BiosInterfaceLockDown') self.logger.log(f"[*] BiosInterfaceLockDown (BILD) control = {bild:d}") - if self.cs.is_control_defined('TopSwapStatus'): - if self.cs.is_control_all_ffs('TopSwapStatus'): + if self.cs.control.is_defined('TopSwapStatus'): + if self.cs.control.is_all_ffs('TopSwapStatus'): self.logger.log("[*] BIOS Top Swap mode: can't determine status.") self.logger.log_verbose('TopSwapStatus read returned all 0xFs.') else: - tss = self.cs.get_control('TopSwapStatus') + tss = self.cs.control.get('TopSwapStatus') self.logger.log(f"[*] BIOS Top Swap mode is {'enabled' if (1 == tss) else 'disabled'} (TSS = {tss:d})") - if self.cs.is_control_defined('TopSwap'): - if self.cs.is_control_all_ffs('TopSwap'): + if self.cs.control.is_defined('TopSwap'): + if self.cs.control.is_all_ffs('TopSwap'): self.logger.log("[*] RTC Top Swap control (TS): can't determine status.") self.logger.log_verbose('TopSwap read returned all 0xFs.') else: - ts = self.cs.get_control('TopSwap') + ts = self.cs.control.get('TopSwap') self.logger.log(f"[*] RTC TopSwap control (TS) = {ts:x}") if bild == 0: diff --git a/chipsec/modules/common/bios_wp.py b/chipsec/modules/common/bios_wp.py index a06884d3fb..db867467c0 100644 --- a/chipsec/modules/common/bios_wp.py +++ b/chipsec/modules/common/bios_wp.py @@ -57,7 +57,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS +from chipsec.module_common import BaseModule, MTAG_BIOS +from chipsec.library.returncode import ModuleResult from chipsec.hal.spi import BIOS, SPI from typing import List @@ -70,7 +71,8 @@ class bios_wp(BaseModule): def __init__(self): BaseModule.__init__(self) self.spi = SPI(self.cs) - self.rc_res = ModuleResult(0xd1e21a2, 'https://chipsec.github.io/modules/chipsec.modules.common.bios_wp.html') + self.result.id = 0xd1e21a2 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.bios_wp.html' def is_supported(self) -> bool: ble_exists = self.cs.control.is_defined('BiosLockEnable') @@ -80,8 +82,8 @@ def is_supported(self) -> bool: if ble_exists and bioswe_exists and smmbwp_exists: return True self.logger.log_important('Required Controls are not defined for platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_BIOS_write_protection(self) -> int: @@ -175,8 +177,8 @@ def run(self, module_argv: List[str]) -> int: self.logger.log_failed("BIOS is NOT protected completely") if wp or spr: - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - return self.rc_res.getReturnCode(ModuleResult.PASSED) + self.result.setStatusBit(self.result.status.SUCCESS) + return self.result.getReturnCode(ModuleResult.PASSED) else: - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) - return self.rc_res.getReturnCode(ModuleResult.FAILED) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) + return self.result.getReturnCode(ModuleResult.FAILED) diff --git a/chipsec/modules/common/cet.py b/chipsec/modules/common/cet.py index aea8cbf667..fe9f20ff85 100644 --- a/chipsec/modules/common/cet.py +++ b/chipsec/modules/common/cet.py @@ -33,15 +33,17 @@ - Module is INFORMATION only and does NOT return a Pass/Fail """ -from chipsec.module_common import BaseModule, ModuleResult -from chipsec.defines import BIT7, BIT20 +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult +from chipsec.library.defines import BIT7, BIT20 from chipsec.exceptions import HWAccessViolationError class cet(BaseModule): def __init__(self): super(cet, self).__init__() - self.rc_res = ModuleResult(0x014b813, 'https://chipsec.github.io/modules/chipsec.modules.common.cet.html') + self.result.id = 0x014b813 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.cet.html' self.cpuid_7_0__ecx_val = None def is_supported(self): @@ -49,8 +51,8 @@ def is_supported(self): if supported: return True self.logger.log_important('CET is not defined for the platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def get_cpuid_value(self) -> None: @@ -85,11 +87,11 @@ def print_cet_state(self, cet_msr): 'SUPPRESS_DIS', 'SUPPRESS'] try: - msr_vals = self.cs.read_register_all(cet_msr) - reg = self.cs.get_register_def(cet_msr) + msr_vals = self.cs.register.read_all(cet_msr) + reg = self.cs.register.get_def(cet_msr) self.logger.log(f'{cet_msr} Settings:') for key in fields: - mask = self.cs.get_register_field_mask(cet_msr, key, True) + mask = self.cs.register.get_field_mask(cet_msr, key, True) desc = reg['FIELDS'][key]['desc'] self.setting_enabled(msr_vals, key, mask, desc) except HWAccessViolationError: @@ -105,7 +107,7 @@ def check_cet(self): self.logger.log("CET Indirect Branch Tracking is supported") else: self.logger.log("CET Indirect Branch Tracking is unsupported") - if self.cs.is_register_defined("IA32_U_CET") and self.cs.is_register_defined("IA32_S_CET"): + if self.cs.register.is_defined("IA32_U_CET") and self.cs.register.is_defined("IA32_S_CET"): self.print_cet_state("IA32_U_CET") self.print_cet_state('IA32_S_CET') return res diff --git a/chipsec/modules/common/cpu/cpu_info.py b/chipsec/modules/common/cpu/cpu_info.py index 522280656b..7608a09327 100644 --- a/chipsec/modules/common/cpu/cpu_info.py +++ b/chipsec/modules/common/cpu/cpu_info.py @@ -40,21 +40,23 @@ """ import struct -from chipsec.module_common import BaseModule, ModuleResult -from chipsec.defines import bytestostring +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult +from chipsec.library.defines import bytestostring from typing import List class cpu_info(BaseModule): def __init__(self): super(cpu_info, self).__init__() - self.rc_res = ModuleResult(0x74b9b60, 'https://chipsec.github.io/modules/chipsec.modules.common.cpu.cpu_info.html') + self.result.id = 0x74b9b60 + self.result.url ='https://chipsec.github.io/modules/chipsec.modules.common.cpu.cpu_info.html' def is_supported(self) -> bool: if self.cs.register.has_field('IA32_BIOS_SIGN_ID', 'Microcode'): return True self.logger.log_important('IA32_BIOS_SIGN_ID.Microcode not defined for platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def run(self, module_argv: List[str]) -> int: @@ -102,7 +104,7 @@ def run(self, module_argv: List[str]) -> int: self.logger.log_information('Processor information displayed') - self.rc_res.setStatusBit(self.rc_res.status.INFORMATION) - return self.rc_res.getReturnCode(ModuleResult.INFORMATION) + self.result.setStatusBit(self.result.status.INFORMATION) + return self.result.getReturnCode(ModuleResult.INFORMATION) diff --git a/chipsec/modules/common/cpu/ia_untrusted.py b/chipsec/modules/common/cpu/ia_untrusted.py index 124091503b..afe3beb3df 100644 --- a/chipsec/modules/common/cpu/ia_untrusted.py +++ b/chipsec/modules/common/cpu/ia_untrusted.py @@ -33,7 +33,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_HWCONFIG +from chipsec.module_common import BaseModule, MTAG_HWCONFIG +from chipsec.library.returncode import ModuleResult from typing import List TAGS = [MTAG_HWCONFIG] @@ -42,37 +43,38 @@ class ia_untrusted(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x63d2b37, 'https://chipsec.github.io/modules/chipsec.modules.common.cpu.ia_untrusted.html') + self.result.id = 0x63d2b37 + self.result.url ='https://chipsec.github.io/modules/chipsec.modules.common.cpu.ia_untrusted.html' def is_supported(self) -> bool: - if self.cs.register_has_field('MSR_BIOS_DONE', 'IA_UNTRUSTED'): + if self.cs.register.has_field('MSR_BIOS_DONE', 'IA_UNTRUSTED'): return True self.logger.log_important('MSR_BIOS_DONE.IA_UNTRUSTED is not defined for platform. Skipping checks.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_untrusted(self) -> int: self.logger.log('[*] Check that untrusted mode has been set.') res = ModuleResult.PASSED - if self.cs.register_has_field('MSR_BIOS_DONE', 'SoC_BIOS_DONE'): - soc = self.cs.read_register_field('MSR_BIOS_DONE', 'SoC_BIOS_DONE') + if self.cs.register.has_field('MSR_BIOS_DONE', 'SoC_BIOS_DONE'): + soc = self.cs.register.read_field('MSR_BIOS_DONE', 'SoC_BIOS_DONE') if soc == 0: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) + self.result.setStatusBit(self.result.status.CONFIGURATION) self.logger.log_bad('SoC_BIOS_DONE not set.') else: self.logger.log_good('SoC_BIOS_DONE set.') self.logger.log("") for tid in range(self.cs.msr.get_cpu_thread_count()): - bd = self.cs.read_register('MSR_BIOS_DONE', tid) + bd = self.cs.register.read('MSR_BIOS_DONE', tid) if self.logger.VERBOSE: - self.cs.print_register('MSR_BIOS_DONE', bd) - ia_untrusted = self.cs.get_register_field('MSR_BIOS_DONE', bd, "IA_UNTRUSTED") + self.cs.register.print('MSR_BIOS_DONE', bd) + ia_untrusted = self.cs.register.get_field('MSR_BIOS_DONE', bd, "IA_UNTRUSTED") if ia_untrusted == 0: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) + self.result.setStatusBit(self.result.status.CONFIGURATION) self.logger.log_bad(f'IA_UNTRUSTED not set on thread {tid:d}.') else: self.logger.log_good(f'IA_UNTRUSTED set on thread {tid:d}.') @@ -87,4 +89,4 @@ def run(self, module_argv: List[str]) -> int: elif self.res == ModuleResult.FAILED: self.logger.log_failed("IA_UNTRUSTED not set on all threads") - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/common/cpu/spectre_v2.py b/chipsec/modules/common/cpu/spectre_v2.py index 8f0c4abc53..d96df720c2 100644 --- a/chipsec/modules/common/cpu/spectre_v2.py +++ b/chipsec/modules/common/cpu/spectre_v2.py @@ -124,9 +124,10 @@ """ -from chipsec.module_common import BaseModule, MTAG_CPU, MTAG_HWCONFIG, MTAG_SMM, ModuleResult +from chipsec.module_common import BaseModule, MTAG_CPU, MTAG_HWCONFIG, MTAG_SMM +from chipsec.library.returncode import ModuleResult from chipsec.exceptions import HWAccessViolationError, UnimplementedAPIError -from chipsec.defines import BIT26, BIT27, BIT29 +from chipsec.library.defines import BIT26, BIT27, BIT29 from typing import List TAGS = [MTAG_CPU, MTAG_HWCONFIG, MTAG_SMM] @@ -136,17 +137,18 @@ class spectre_v2(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0xceea2c8, 'https://chipsec.github.io/modules/chipsec.modules.common.cpu.spectre_v2.html') + self.result.id = 0xceea2c8 + self.result.url ='https://chipsec.github.io/modules/chipsec.modules.common.cpu.spectre_v2.html' def is_supported(self) -> bool: - if self.cs.is_register_defined('IA32_ARCH_CAPABILITIES'): - if self.cs.is_register_defined('IA32_SPEC_CTRL'): + if self.cs.register.is_defined('IA32_ARCH_CAPABILITIES'): + if self.cs.register.is_defined('IA32_SPEC_CTRL'): return True self.logger.log_important('IA32_SPEC_CTRL register not defined for platform. Skipping module.') else: self.logger.log_important('IA32_ARCH_CAPABILITIES register not defined for platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_spectre_mitigations(self) -> int: @@ -182,13 +184,13 @@ def check_spectre_mitigations(self) -> int: for tid in range(cpu_thread_count): arch_cap_msr = 0 try: - arch_cap_msr = self.cs.read_register('IA32_ARCH_CAPABILITIES', tid) + arch_cap_msr = self.cs.register.read('IA32_ARCH_CAPABILITIES', tid) except HWAccessViolationError: self.logger.log_error("Couldn't read IA32_ARCH_CAPABILITIES") ibrs_enh_supported = False break - ibrs_all = self.cs.get_register_field('IA32_ARCH_CAPABILITIES', arch_cap_msr, 'IBRS_ALL') + ibrs_all = self.cs.register.get_field('IA32_ARCH_CAPABILITIES', arch_cap_msr, 'IBRS_ALL') self.logger.log(f"[*] cpu{tid:d}: IBRS_ALL = {ibrs_all:x}") if 0 == ibrs_all: ibrs_enh_supported = False @@ -209,19 +211,19 @@ def check_spectre_mitigations(self) -> int: for tid in range(cpu_thread_count): spec_ctrl_msr = 0 try: - spec_ctrl_msr = self.cs.read_register('IA32_SPEC_CTRL', tid) + spec_ctrl_msr = self.cs.register.read('IA32_SPEC_CTRL', tid) except HWAccessViolationError: self.logger.log_error("Couldn't read IA32_SPEC_CTRL") ibrs_enabled = False break - ibrs = self.cs.get_register_field('IA32_SPEC_CTRL', spec_ctrl_msr, 'IBRS') + ibrs = self.cs.register.get_field('IA32_SPEC_CTRL', spec_ctrl_msr, 'IBRS') self.logger.log(f"[*] cpu{tid:d}: IA32_SPEC_CTRL[IBRS] = {ibrs:x}") if 0 == ibrs: ibrs_enabled = False # ok to access STIBP bit even if STIBP is not supported - stibp = self.cs.get_register_field('IA32_SPEC_CTRL', spec_ctrl_msr, 'STIBP') + stibp = self.cs.register.get_field('IA32_SPEC_CTRL', spec_ctrl_msr, 'STIBP') self.logger.log(f"[*] cpu{tid:d}: IA32_SPEC_CTRL[STIBP] = {stibp:x}") if 1 == stibp: stibp_enabled_count += 1 @@ -255,20 +257,20 @@ def check_spectre_mitigations(self) -> int: # if not ibrs_ibpb_supported: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.MITIGATION) + self.result.setStatusBit(self.result.status.MITIGATION) self.logger.log_failed("CPU mitigation (IBRS) is missing") elif not ibrs_enh_supported: res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.PROTECTION) + self.result.setStatusBit(self.result.status.PROTECTION) self.logger.log_warning("CPU supports mitigation (IBRS) but doesn't support enhanced IBRS") elif ibrs_enh_supported and (not ibrs_enabled): res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.MITIGATION) + self.result.setStatusBit(self.result.status.MITIGATION) self.logger.log_warning("CPU supports mitigation (enhanced IBRS) but OS is not using it") else: if not stibp_supported: res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.MITIGATION) + self.result.setStatusBit(self.result.status.MITIGATION) self.logger.log_warning("CPU supports mitigation (enhanced IBRS) but STIBP is not supported") else: res = ModuleResult.PASSED @@ -291,4 +293,4 @@ def check_spectre_mitigations(self) -> int: def run(self, module_argv: List[str]) -> int: self.logger.start_test("Checks for Branch Target Injection / Spectre v2 (CVE-2017-5715)") self.res = self.check_spectre_mitigations() - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/common/debugenabled.py b/chipsec/modules/common/debugenabled.py index 079fb16908..3830a7f330 100644 --- a/chipsec/modules/common/debugenabled.py +++ b/chipsec/modules/common/debugenabled.py @@ -40,8 +40,9 @@ """ -from chipsec.module_common import BaseModule, ModuleResult -from chipsec.defines import BIT11 +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult +from chipsec.library.defines import BIT11 from typing import List _MODULE_NAME = 'debugenabled' @@ -51,7 +52,8 @@ class debugenabled(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0xe516a56, 'https://chipsec.github.io/modules/chipsec.modules.common.debugenabled.html') + self.result.id = 0xe516a56 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.debugenabled.html' self.is_enable_set = False self.is_debug_set = False self.is_lock_set = True @@ -61,24 +63,24 @@ def is_supported(self) -> bool: # See IA32 SDM CPUID Instruction for details. (SDBG ECX bit 11) (_, _, ecx, _) = self.cs.cpu.cpuid(1, 0) supported = (ecx & BIT11) != 0 - if not supported and not self.cs.is_register_defined('ECTRL'): + if not supported and not self.cs.register.is_defined('ECTRL'): self.logger.log_important('CPU Debug features are not supported on this platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return supported def check_dci(self) -> int: TestFail = ModuleResult.PASSED self.logger.log('') self.logger.log('[*] Checking DCI register status') - ectrl = self.cs.read_register('ECTRL') - HDCIEN = self.cs.get_register_field('ECTRL', ectrl, 'ENABLE') == 1 + ectrl = self.cs.register.read('ECTRL') + HDCIEN = self.cs.register.get_field('ECTRL', ectrl, 'ENABLE') == 1 if self.logger.VERBOSE: - self.cs.print_register('ECTRL', ectrl) + self.cs.register.print('ECTRL', ectrl) if HDCIEN: self.logger.log_bad('DCI Debug is enabled') TestFail = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.DEBUG_FEATURE) + self.result.setStatusBit(self.result.status.DEBUG_FEATURE) else: self.logger.log_good('DCI Debug is disabled') return TestFail @@ -88,28 +90,28 @@ def check_cpu_debug_enable(self) -> int: self.logger.log('[*] Checking IA32_DEBUG_INTERFACE MSR status') TestFail = ModuleResult.PASSED for tid in range(self.cs.msr.get_cpu_thread_count()): - dbgiface = self.cs.read_register('IA32_DEBUG_INTERFACE', tid) - IA32_DEBUG_INTERFACE_DEBUGENABLE = self.cs.get_register_field('IA32_DEBUG_INTERFACE', dbgiface, 'ENABLE') == 1 - IA32_DEBUG_INTERFACE_DEBUGELOCK = self.cs.get_register_field('IA32_DEBUG_INTERFACE', dbgiface, 'LOCK') == 1 - IA32_DEBUG_INTERFACE_DEBUGEOCCURED = self.cs.get_register_field('IA32_DEBUG_INTERFACE', dbgiface, 'DEBUG_OCCURRED') == 1 + dbgiface = self.cs.register.read('IA32_DEBUG_INTERFACE', tid) + IA32_DEBUG_INTERFACE_DEBUGENABLE = self.cs.register.get_field('IA32_DEBUG_INTERFACE', dbgiface, 'ENABLE') == 1 + IA32_DEBUG_INTERFACE_DEBUGELOCK = self.cs.register.get_field('IA32_DEBUG_INTERFACE', dbgiface, 'LOCK') == 1 + IA32_DEBUG_INTERFACE_DEBUGEOCCURED = self.cs.register.get_field('IA32_DEBUG_INTERFACE', dbgiface, 'DEBUG_OCCURRED') == 1 if self.logger.VERBOSE: - self.cs.print_register('IA32_DEBUG_INTERFACE', dbgiface) + self.cs.register.print('IA32_DEBUG_INTERFACE', dbgiface) if IA32_DEBUG_INTERFACE_DEBUGENABLE: self.logger.log_bad('CPU debug enable requested by software.') self.is_enable_set = True TestFail = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.DEBUG_FEATURE) + self.result.setStatusBit(self.result.status.DEBUG_FEATURE) if not IA32_DEBUG_INTERFACE_DEBUGELOCK: self.logger.log_bad('CPU debug interface is not locked.') self.is_lock_set = False TestFail = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) if IA32_DEBUG_INTERFACE_DEBUGEOCCURED: self.logger.log_important('Debug Occurred bit set in IA32_DEBUG_INTERFACE MSR') self.is_debug_set = True - self.rc_res.setStatusBit(self.rc_res.status.DEBUG_FEATURE) + self.result.setStatusBit(self.result.status.DEBUG_FEATURE) if TestFail == ModuleResult.PASSED: TestFail = ModuleResult.WARNING if TestFail == ModuleResult.PASSED: @@ -122,7 +124,7 @@ def run(self, module_argv: List[str]) -> int: cpu_debug_test_fail = self.check_cpu_debug_enable() dci_test_fail = ModuleResult.PASSED - if self.cs.is_register_defined('ECTRL'): + if self.cs.register.is_defined('ECTRL'): dci_test_fail = self.check_dci() self.logger.log('') @@ -137,10 +139,10 @@ def run(self, module_argv: List[str]) -> int: if (dci_test_fail == ModuleResult.FAILED) or (cpu_debug_test_fail == ModuleResult.FAILED): self.logger.log_failed('One or more of the debug checks have failed and a debug feature is enabled') - self.res = self.rc_res.getReturnCode(ModuleResult.FAILED) + self.res = self.result.getReturnCode(ModuleResult.FAILED) elif (dci_test_fail == ModuleResult.WARNING) or (cpu_debug_test_fail == ModuleResult.WARNING): self.logger.log_warning('An unexpected debug state was discovered on this platform') - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.res = self.result.getReturnCode(ModuleResult.WARNING) else: self.logger.log_passed('All checks have successfully passed') diff --git a/chipsec/modules/common/ia32cfg.py b/chipsec/modules/common/ia32cfg.py index e4d1d55feb..aa78f48b5e 100644 --- a/chipsec/modules/common/ia32cfg.py +++ b/chipsec/modules/common/ia32cfg.py @@ -37,7 +37,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_HWCONFIG +from chipsec.module_common import BaseModule, MTAG_HWCONFIG +from chipsec.library.returncode import ModuleResult from typing import List @@ -47,18 +48,19 @@ class ia32cfg(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0xcc8cd5d, 'https://chipsec.github.io/modules/chipsec.modules.common.ia32cfg.html') + self.result.id = 0xcc8cd5d + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.ia32cfg.html' self.res = ModuleResult.PASSED def is_supported(self) -> bool: - if self.cs.is_register_defined('IA32_FEATURE_CONTROL'): - if self.cs.is_control_defined('Ia32FeatureControlLock'): + if self.cs.register.is_defined('IA32_FEATURE_CONTROL'): + if self.cs.control.is_defined('Ia32FeatureControlLock'): return True self.logger.log_important('Ia32FeatureControlLock control not defined for platform. Skipping module.') else: self.logger.log_important('IA32_FEATURE_CONTROL register not defined for platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_ia32feature_control(self) -> int: @@ -67,13 +69,13 @@ def check_ia32feature_control(self) -> int: res = ModuleResult.PASSED for tid in range(self.cs.msr.get_cpu_thread_count()): if self.logger.VERBOSE: - feature_cntl = self.cs.read_register('IA32_FEATURE_CONTROL', tid) - self.cs.print_register('IA32_FEATURE_CONTROL', feature_cntl) - feature_cntl_lock = self.cs.get_control('Ia32FeatureControlLock', tid) + feature_cntl = self.cs.register.read('IA32_FEATURE_CONTROL', tid) + self.cs.register.print('IA32_FEATURE_CONTROL', feature_cntl) + feature_cntl_lock = self.cs.control.get('Ia32FeatureControlLock', tid) self.logger.log(f"[*] cpu{tid:d}: IA32_FEATURE_CONTROL Lock = {feature_cntl_lock:d}") if 0 == feature_cntl_lock: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) if res == ModuleResult.PASSED: @@ -81,7 +83,7 @@ def check_ia32feature_control(self) -> int: else: self.logger.log_failed("IA32_FEATURE_CONTROL MSR is not locked on all logical CPUs") - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) def run(self, module_argv: List[str]) -> int: self.logger.start_test("IA32 Feature Control Lock") diff --git a/chipsec/modules/common/me_mfg_mode.py b/chipsec/modules/common/me_mfg_mode.py index d00c4da80f..04bc5c1534 100755 --- a/chipsec/modules/common/me_mfg_mode.py +++ b/chipsec/modules/common/me_mfg_mode.py @@ -92,7 +92,8 @@ - HFS.MFG_MODE """ -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from typing import List @@ -100,30 +101,31 @@ class me_mfg_mode(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x98e5e8c, 'https://chipsec.github.io/modules/chipsec.modules.common.me_mfg_mode.html') + self.result.id = 0x98e5e8c + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.me_mfg_mode.html' def is_supported(self) -> bool: - if self.cs.is_device_enabled("MEI1"): + if self.cs.device.is_enabled("MEI1"): return True else: self.logger.log_important('MEI1 not enabled. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_me_mfg_mode(self) -> int: me_mfg_mode_res = ModuleResult.FAILED - me_hfs_reg = self.cs.read_register('HFS') - me_mfg_mode = self.cs.get_register_field('HFS', me_hfs_reg, 'MFG_MODE') + me_hfs_reg = self.cs.register.read('HFS') + me_mfg_mode = self.cs.register.get_field('HFS', me_hfs_reg, 'MFG_MODE') if 0 == me_mfg_mode: me_mfg_mode_res = ModuleResult.PASSED self.logger.log_passed("ME is not in Manufacturing Mode") else: self.logger.log_failed("ME is in Manufacturing Mode") - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) - return self.rc_res.getReturnCode(me_mfg_mode_res) + return self.result.getReturnCode(me_mfg_mode_res) def run(self, module_argv: List[str]) -> int: diff --git a/chipsec/modules/common/memconfig.py b/chipsec/modules/common/memconfig.py index 6ddb5ccd3c..0b876d646b 100644 --- a/chipsec/modules/common/memconfig.py +++ b/chipsec/modules/common/memconfig.py @@ -33,7 +33,8 @@ - This module will only run on Core (client) platforms. """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_HWCONFIG +from chipsec.module_common import BaseModule, MTAG_HWCONFIG +from chipsec.library.returncode import ModuleResult from typing import List _MODULE_NAME = 'memconfig' @@ -45,7 +46,8 @@ class memconfig(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x9feb705, 'https://chipsec.github.io/modules/chipsec.modules.common.memconfig.html') + self.result.id = 0x9feb705 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.memconfig.html' self.memmap_registers = { "PCI0.0.0_GGC": 'GGCLOCK', "PCI0.0.0_PAVPC": 'PAVPLCK', @@ -68,16 +70,16 @@ def is_supported(self) -> bool: self.logger.log_important("Not a 'Core' (Desktop) platform. Skipping test.") else: self.logger.log_important("Not an Intel platform. Skipping test.") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_memmap_locks(self) -> int: # Determine if IA_UNTRUSTED can be used to lock the system. ia_untrusted = None - if self.cs.register_has_field('MSR_BIOS_DONE', 'IA_UNTRUSTED'): - ia_untrusted = self.cs.read_register_field('MSR_BIOS_DONE', 'IA_UNTRUSTED') + if self.cs.register.has_field('MSR_BIOS_DONE', 'IA_UNTRUSTED'): + ia_untrusted = self.cs.register.read_field('MSR_BIOS_DONE', 'IA_UNTRUSTED') regs = sorted(self.memmap_registers.keys()) all_locked = True @@ -89,13 +91,13 @@ def check_memmap_locks(self) -> int: self.logger.log('[*] Checking register lock state:') for reg in regs: reg_field = self.memmap_registers[reg] - if not self.cs.register_has_field(reg, reg_field): + if not self.cs.register.has_field(reg, reg_field): self.logger.log_important(f'Skipping Validation: Register {reg} or field {reg_field} was not defined for this platform.') continue - reg_def = self.cs.get_register_def(reg) - reg_value = self.cs.read_register(reg) + reg_def = self.cs.register.get_def(reg) + reg_value = self.cs.register.read(reg) reg_desc = reg_def['desc'] - locked = self.cs.get_register_field(reg, reg_value, reg_field) + locked = self.cs.register.get_field(reg, reg_value, reg_field) if locked == 1: self.logger.log_good(f"{reg:20} = 0x{reg_value:016X} - LOCKED - {reg_desc}") else: @@ -118,11 +120,11 @@ def check_memmap_locks(self) -> int: else: res = ModuleResult.FAILED self.logger.log_failed("Not all memory map registers are locked down") - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) return res def run(self, module_argv: List[str]) -> int: self.logger.start_test("Host Bridge Memory Map Locks") self.res = self.check_memmap_locks() - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/common/memlock.py b/chipsec/modules/common/memlock.py index 54549817c8..c3d0060c82 100644 --- a/chipsec/modules/common/memlock.py +++ b/chipsec/modules/common/memlock.py @@ -41,7 +41,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.exceptions import HWAccessViolationError from typing import List @@ -52,21 +53,22 @@ class memlock(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x4e16e90, 'https://chipsec.github.io/modules/chipsec.modules.common.memlock.html') + self.result.id = 0x4e16e90 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.memlock.html' self.is_read_error = False def is_supported(self) -> bool: # Workaround for Atom based processors. Accessing this MSR on these systems # causes a GP fault and can't be caught in UEFI Shell. if not self.cs.is_atom(): - if self.cs.register_has_field('MSR_LT_LOCK_MEMORY', 'LT_LOCK'): + if self.cs.register.has_field('MSR_LT_LOCK_MEMORY', 'LT_LOCK'): return True else: self.logger.log_important("'MSR_LT_LOCK_MEMORY.LT_LOCK' not defined for platform. Skipping module.") else: self.logger.log_important('Found an Atom based platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_MSR_LT_LOCK_MEMORY(self) -> bool: @@ -75,14 +77,14 @@ def check_MSR_LT_LOCK_MEMORY(self) -> bool: for tid in range(self.cs.msr.get_cpu_thread_count()): lt_lock_msr = 0 try: - lt_lock_msr = self.cs.read_register('MSR_LT_LOCK_MEMORY', tid) + lt_lock_msr = self.cs.register.read('MSR_LT_LOCK_MEMORY', tid) except HWAccessViolationError: self.logger.log_important('Could not read MSR_LT_LOCK_MEMORY') self.is_read_error = True break if self.logger.VERBOSE: - self.cs.print_register('MSR_LT_LOCK_MEMORY', lt_lock_msr) - lt_lock = self.cs.get_register_field('MSR_LT_LOCK_MEMORY', lt_lock_msr, 'LT_LOCK') + self.cs.register.print('MSR_LT_LOCK_MEMORY', lt_lock_msr) + lt_lock = self.cs.register.get_field('MSR_LT_LOCK_MEMORY', lt_lock_msr, 'LT_LOCK') self.logger.log(f"[*] cpu{tid:d}: MSR_LT_LOCK_MEMORY[LT_LOCK] = {lt_lock:x}") if 0 == lt_lock: status = True @@ -96,14 +98,14 @@ def run(self, module_argv: List[str]) -> int: self.logger.log_error('There was a problem reading MSR_LT_LOCK_MEMORY.') self.logger.log_important('Possible the environment or a platform feature is preventing these reads.') self.res = ModuleResult.ERROR - self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW) + self.result.setStatusBit(self.result.status.ACCESS_RW) elif check_MSR_LT_LOCK_MEMORY_test_fail == True: self.logger.log_failed("MSR_LT_LOCK_MEMORY.LT_LOCK bit is not configured correctly") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) else: self.logger.log_passed('MSR_LT_LOCK_MEMORY.LT_LOCK bit is set') self.res = ModuleResult.PASSED - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/common/remap.py b/chipsec/modules/common/remap.py index 2926d22e03..9e82e8c0b7 100644 --- a/chipsec/modules/common/remap.py +++ b/chipsec/modules/common/remap.py @@ -43,8 +43,9 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_HWCONFIG, MTAG_SMM -from chipsec.defines import BIT32, ALIGNED_1MB +from chipsec.module_common import BaseModule, MTAG_HWCONFIG, MTAG_SMM +from chipsec.library.returncode import ModuleResult +from chipsec.library.defines import BIT32, ALIGNED_1MB _MODULE_NAME = 'remap' @@ -59,28 +60,29 @@ class remap(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x43aa254, 'https://chipsec.github.io/modules/chipsec.modules.common.remap.html') + self.result.id = 0x43aa254 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.remap.html' def is_supported(self) -> bool: if self.cs.is_core(): - rbase_exist = self.cs.is_register_defined('PCI0.0.0_REMAPBASE') - rlimit_exist = self.cs.is_register_defined('PCI0.0.0_REMAPLIMIT') - touud_exist = self.cs.is_register_defined('PCI0.0.0_TOUUD') - tolud_exist = self.cs.is_register_defined('PCI0.0.0_TOLUD') - tseg_exist = self.cs.is_register_defined('PCI0.0.0_TSEGMB') + rbase_exist = self.cs.register.is_defined('PCI0.0.0_REMAPBASE') + rlimit_exist = self.cs.register.is_defined('PCI0.0.0_REMAPLIMIT') + touud_exist = self.cs.register.is_defined('PCI0.0.0_TOUUD') + tolud_exist = self.cs.register.is_defined('PCI0.0.0_TOLUD') + tseg_exist = self.cs.register.is_defined('PCI0.0.0_TSEGMB') if rbase_exist and rlimit_exist and touud_exist and tolud_exist and tseg_exist: return True self.logger.log_important('Required register definitions not defined for platform. Skipping module.') else: self.logger.log_important('Not a Core (client) platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def is_ibecc_enabled(self) -> bool: - if self.cs.is_register_defined('IBECC_ACTIVATE'): - edsr = self.cs.read_register_field('IBECC_ACTIVATE', 'IBECC_EN') + if self.cs.register.is_defined('IBECC_ACTIVATE'): + edsr = self.cs.register.read_field('IBECC_ACTIVATE', 'IBECC_EN') if edsr == 1: return True else: @@ -92,11 +94,11 @@ def is_ibecc_enabled(self) -> bool: def check_remap_config(self) -> int: is_warning = False - remapbase = self.cs.read_register('PCI0.0.0_REMAPBASE') - remaplimit = self.cs.read_register('PCI0.0.0_REMAPLIMIT') - touud = self.cs.read_register('PCI0.0.0_TOUUD') - tolud = self.cs.read_register('PCI0.0.0_TOLUD') - tsegmb = self.cs.read_register('PCI0.0.0_TSEGMB') + remapbase = self.cs.register.read('PCI0.0.0_REMAPBASE') + remaplimit = self.cs.register.read('PCI0.0.0_REMAPLIMIT') + touud = self.cs.register.read('PCI0.0.0_TOUUD') + tolud = self.cs.register.read('PCI0.0.0_TOLUD') + tsegmb = self.cs.register.read('PCI0.0.0_TSEGMB') self.logger.log("[*] Registers:") self.logger.log(f"[*] TOUUD : 0x{touud:016X}") self.logger.log(f"[*] REMAPLIMIT: 0x{remaplimit:016X}") @@ -106,8 +108,8 @@ def check_remap_config(self) -> int: self.logger.log("") ia_untrusted = 0 - if self.cs.register_has_field('MSR_BIOS_DONE', 'IA_UNTRUSTED'): - ia_untrusted = self.cs.read_register_field('MSR_BIOS_DONE', 'IA_UNTRUSTED') + if self.cs.register.has_field('MSR_BIOS_DONE', 'IA_UNTRUSTED'): + ia_untrusted = self.cs.register.read_field('MSR_BIOS_DONE', 'IA_UNTRUSTED') remapbase_lock = remapbase & 0x1 remaplimit_lock = remaplimit & 0x1 touud_lock = touud & 0x1 @@ -185,18 +187,18 @@ def check_remap_config(self) -> int: self.logger.log_warning("Most Memory Remap registers are configured correctly and locked") self.logger.log("[!] Manual verification of REMAP BASE and LIMIT register values may be needed.") res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + self.result.setStatusBit(self.result.status.VERIFY) else: res = ModuleResult.PASSED - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) + self.result.setStatusBit(self.result.status.SUCCESS) self.logger.log_passed("Memory Remap is configured correctly and locked") else: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.CONFIGURATION) + self.result.setStatusBit(self.result.status.LOCKS) self.logger.log_failed("Memory Remap is not properly configured/locked. Remaping attack may be possible") - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) # -------------------------------------------------------------------------- diff --git a/chipsec/modules/common/rtclock.py b/chipsec/modules/common/rtclock.py index 880b7e507b..d54e31ab4b 100644 --- a/chipsec/modules/common/rtclock.py +++ b/chipsec/modules/common/rtclock.py @@ -39,7 +39,8 @@ - This module will only run on Core platforms """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS, MTAG_HWCONFIG +from chipsec.module_common import BaseModule, MTAG_BIOS, MTAG_HWCONFIG +from chipsec.library.returncode import ModuleResult from chipsec.hal.cmos import CMOS from chipsec.config import CHIPSET_CODE_AVN from typing import List @@ -51,31 +52,32 @@ class rtclock(BaseModule): def __init__(self): BaseModule.__init__(self) self.cmos = CMOS(self.cs) - self.rc_res = ModuleResult(0xb305218, 'https://chipsec.github.io/modules/chipsec.modules.common.rtclock.html') + self.result.id = 0xb305218 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.rtclock.html' self.user_request = False self.test_offset = 0x38 self.test_value = 0xAA def is_supported(self) -> bool: if self.cs.is_core() or (self.cs.Cfg.get_chipset_code() == CHIPSET_CODE_AVN): - if self.cs.is_register_defined('RC'): + if self.cs.register.is_defined('RC'): return True self.logger.log_important('RC register not defined for platform. Skipping module.') else: self.logger.log_important('Not a Core platform. Skipping check.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_rtclock(self) -> int: ll = ul = 0 - check_config_regs = self.cs.read_register('RC') != 0xFFFFFFFF + check_config_regs = self.cs.register.read('RC') != 0xFFFFFFFF if check_config_regs: - rc_reg = self.cs.read_register('RC') - self.cs.print_register('RC', rc_reg) - ll = self.cs.get_register_field('RC', rc_reg, 'LL') - ul = self.cs.get_register_field('RC', rc_reg, 'UL') + rc_reg = self.cs.register.read('RC') + self.cs.register.print('RC', rc_reg) + ll = self.cs.register.get_field('RC', rc_reg, 'LL') + ul = self.cs.register.get_field('RC', rc_reg, 'UL') elif self.user_request: self.logger.log_important('Writing to CMOS to determine write protection (original values will be restored)') @@ -100,8 +102,8 @@ def check_rtclock(self) -> int: self.logger.log_important("Unable to test lock bits without attempting to modify CMOS.") self.logger.log("[*] Run chipsec_main manually with the following commandline flags.") self.logger.log("[*] python chipsec_main -m common.rtclock -a modify") - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + return self.result.getReturnCode(ModuleResult.WARNING) if ll == 1: self.logger.log_good("Protected bytes (0x38-0x3F) in low 128-byte bank of RTC memory are locked") @@ -117,10 +119,10 @@ def check_rtclock(self) -> int: self.logger.log_passed("Protected locations in RTC memory are locked") else: res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) self.logger.log_warning("Protected locations in RTC memory are accessible (BIOS may not be using them)") - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) def run(self, module_argv: List[str]) -> int: self.logger.start_test("Protected RTC memory locations") diff --git a/chipsec/modules/common/secureboot/variables.py b/chipsec/modules/common/secureboot/variables.py index 68a724394d..dc44a2544b 100644 --- a/chipsec/modules/common/secureboot/variables.py +++ b/chipsec/modules/common/secureboot/variables.py @@ -43,7 +43,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_SECUREBOOT, OPT_MODIFY +from chipsec.module_common import BaseModule, MTAG_SECUREBOOT, OPT_MODIFY +from chipsec.library.returncode import ModuleResult from chipsec.hal.uefi import UEFI, SECURE_BOOT_VARIABLES, IS_VARIABLE_ATTRIBUTE, EFI_VAR_NAME_SecureBoot, SECURE_BOOT_KEY_VARIABLES from chipsec.hal.uefi import EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS from chipsec.hal.uefi import SECURE_BOOT_OPTIONAL_VARIABLES @@ -64,14 +65,15 @@ class variables(BaseModule): def __init__(self): BaseModule.__init__(self) self._uefi = UEFI(self.cs) - self.rc_res = ModuleResult(0x7af0b3e, 'https://chipsec.github.io/modules/chipsec.modules.common.secureboot.variables.html') + self.result.id = 0x7af0b3e + self.result.url ='https://chipsec.github.io/modules/chipsec.modules.common.secureboot.variables.html' def is_supported(self) -> bool: supported = self.cs.helper.EFI_supported() if not supported: self.logger.log_important('OS does not support UEFI Runtime API. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return supported def can_modify(self, name: str, guid: Optional[AnyStr], data: Optional[bytes]) -> bool: @@ -117,16 +119,16 @@ def check_secureboot_variable_attributes(self, do_modify: bool) -> int: sbvars = self._uefi.list_EFI_variables() if sbvars is None: self.logger.log_warning('Could not enumerate UEFI variables.') - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.CONFIGURATION) + return self.result.getReturnCode(ModuleResult.WARNING) for name in SECURE_BOOT_VARIABLES: if (name in sbvars.keys()) and (sbvars[name] is not None): if len(sbvars[name]) > 1: self.logger.log_failed(f'There should only be one instance of variable {name}') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - return self.rc_res.getReturnCode(ModuleResult.FAILED) + self.result.setStatusBit(self.result.status.VERIFY) + return self.result.getReturnCode(ModuleResult.FAILED) for (_, _, _, data, guid, attrs) in sbvars[name]: self.logger.log(f'[*] Checking protections of UEFI variable {guid}:{name}') @@ -168,8 +170,8 @@ def check_secureboot_variable_attributes(self, do_modify: bool) -> int: # None of Secure Boot variables were not found self.logger.log_warning('None of required Secure Boot variables found.') self.logger.log_important('If Secure Boot is enabled, this could be a problem.') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + return self.result.getReturnCode(ModuleResult.WARNING) else: # Some Secure Boot variables exist sb_vars_failed = (not_found > 0) or (not_auth > 0) or (not_wp > 0) @@ -183,17 +185,17 @@ def check_secureboot_variable_attributes(self, do_modify: bool) -> int: if is_secureboot_enabled: self.logger.log_failed('Not all Secure Boot UEFI variables are protected') - self.rc_res.setStatusBit(self.rc_res.status.PROTECTION) - return self.rc_res.getReturnCode(ModuleResult.FAILED) + self.result.setStatusBit(self.result.status.PROTECTION) + return self.result.getReturnCode(ModuleResult.FAILED) else: self.logger.log_warning('Not all Secure Boot UEFI variables are protected') - self.rc_res.setStatusBit(self.rc_res.status.FEATURE_DISABLED) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.FEATURE_DISABLED) + return self.result.getReturnCode(ModuleResult.WARNING) else: self.logger.log_passed('All Secure Boot UEFI variables are protected') - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - return self.rc_res.getReturnCode(ModuleResult.PASSED) + self.result.setStatusBit(self.result.status.SUCCESS) + return self.result.getReturnCode(ModuleResult.PASSED) def run(self, module_argv: List[str]) -> int: self.logger.start_test('Attributes of Secure Boot EFI Variables') diff --git a/chipsec/modules/common/sgx_check.py b/chipsec/modules/common/sgx_check.py index bfe0ae31f1..10d2383386 100644 --- a/chipsec/modules/common/sgx_check.py +++ b/chipsec/modules/common/sgx_check.py @@ -63,15 +63,17 @@ _MODULE_NAME = 'sgx_check' from chipsec.exceptions import HWAccessViolationError -from chipsec.module_common import BaseModule, ModuleResult, MTAG_HWCONFIG -from chipsec.defines import BIT0, BIT1, BIT2, BIT5, BIT6, BIT7, BIT8 +from chipsec.module_common import BaseModule, MTAG_HWCONFIG +from chipsec.library.returncode import ModuleResult +from chipsec.library.defines import BIT0, BIT1, BIT2, BIT5, BIT6, BIT7, BIT8 TAGS = [MTAG_HWCONFIG] class sgx_check(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0xb64a5d0, 'https://chipsec.github.io/modules/chipsec.modules.common.sgx_check.html') + self.result.id = 0xb64a5d0 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.sgx_check.html' self.helper = self.cs.helper self.res = ModuleResult.PASSED @@ -79,7 +81,7 @@ def is_supported(self) -> bool: sgx_cpu_support = False if self.cs.os_helper.is_efi(): self.logger.log_important('Currently this module cannot run within the EFI Shell. Exiting.') - elif not self.cs.register_has_field('IA32_FEATURE_CONTROL', 'SGX_GLOBAL_EN'): + elif not self.cs.register.has_field('IA32_FEATURE_CONTROL', 'SGX_GLOBAL_EN'): self.logger.log_important('IA32_FEATURE_CONTROL.SGX_GLOBAL_EN not defined for platform. Skipping module.') else: for tid in range(self.cs.msr.get_cpu_thread_count()): @@ -94,8 +96,8 @@ def is_supported(self) -> bool: self.logger.log_verbose(f"[*]CPU{tid:d}: does not support SGX") self.logger.log_important('SGX not supported. Skipping module.') if not sgx_cpu_support: - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return sgx_cpu_support def check_sgx_config(self) -> int: @@ -106,19 +108,19 @@ def check_sgx_config(self) -> int: self.logger.log("[*] Verifying IA32_FEATURE_CONTROL MSR is configured") bios_feature_control_enable = True for tid in range(self.cs.msr.get_cpu_thread_count()): - if not (self.cs.read_register_field('IA32_FEATURE_CONTROL', 'SGX_GLOBAL_EN', False, tid) == 1): + if not (self.cs.register.read_field('IA32_FEATURE_CONTROL', 'SGX_GLOBAL_EN', False, tid) == 1): bios_feature_control_enable = False if bios_feature_control_enable: self.logger.log_good("Intel SGX is Enabled in BIOS") else: self.logger.log_important("Intel SGX is not enabled in BIOS") self.res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.FEATURE_DISABLED) + self.result.setStatusBit(self.result.status.FEATURE_DISABLED) self.logger.log("\n[*] Verifying IA32_FEATURE_CONTROL MSR is locked") locked = True for tid in range(self.cs.msr.get_cpu_thread_count()): - feature_cntl_lock = self.cs.get_control('Ia32FeatureControlLock', tid) + feature_cntl_lock = self.cs.control.get('Ia32FeatureControlLock', tid) self.logger.log_verbose(f"[*] cpu{tid:d}: IA32_Feature_Control Lock = {feature_cntl_lock:d}") if 0 == feature_cntl_lock: locked = False @@ -127,14 +129,14 @@ def check_sgx_config(self) -> int: else: self.logger.log_bad("IA32_Feature_Control is unlocked") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) # Verify that Protected Memory Range (PRM) is supported, MSR IA32_MTRRCAP (FEh) [12]=1 # Check on every CPU and make sure that they are all the same values self.logger.log("\n[*] Verifying if Protected Memory Range (PRMRR) is configured") prmrr_enable = False for tid in range(self.cs.msr.get_cpu_thread_count()): - mtrrcap = self.cs.read_register_field('MTRRCAP', 'PRMRR', False, tid) + mtrrcap = self.cs.register.read_field('MTRRCAP', 'PRMRR', False, tid) if mtrrcap == 0: self.logger.log_verbose(f"[*] CPU{tid:d} Protected Memory Range configuration is not supported") else: @@ -145,7 +147,7 @@ def check_sgx_config(self) -> int: else: self.logger.log_bad("Protected Memory Range configuration is not supported") self.res - ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) # Check PRMRR configurations on each core. self.logger.log("\n[*] Verifying PRMRR Configuration on each core.") @@ -200,33 +202,33 @@ def check_sgx_config(self) -> int: self.logger.log_good("Intel SGX is available to use") elif (not sgx_ok) and (not bios_feature_control_enable) and prmrr_enable and self.prmrr.uniform: self.logger.log_important("Intel SGX instructions disabled by firmware") - self.rc_res.setStatusBit(self.rc_res.status.FEATURE_DISABLED) + self.result.setStatusBit(self.result.status.FEATURE_DISABLED) if self.res == ModuleResult.PASSED: self.res = ModuleResult.WARNING else: self.logger.log_bad("Intel SGX is not available to use") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.FEATURE_DISABLED) + self.result.setStatusBit(self.result.status.FEATURE_DISABLED) - if self.cs.is_register_defined('BIOS_SE_SVN') and self.cs.is_register_defined('BIOS_SE_SVN_STATUS'): - self.cs.print_register('BIOS_SE_SVN', self.cs.read_register('BIOS_SE_SVN')) - self.cs.print_register('BIOS_SE_SVN_STATUS', self.cs.read_register('BIOS_SE_SVN_STATUS')) + if self.cs.register.is_defined('BIOS_SE_SVN') and self.cs.register.is_defined('BIOS_SE_SVN_STATUS'): + self.cs.register.print('BIOS_SE_SVN', self.cs.register.read('BIOS_SE_SVN')) + self.cs.register.print('BIOS_SE_SVN_STATUS', self.cs.register.read('BIOS_SE_SVN_STATUS')) self.logger.log("\n[*] Check SGX debug feature settings") - sgx_debug_status = self.cs.read_register_field('SGX_DEBUG_MODE', 'SGX_DEBUG_MODE_STATUS_BIT') + sgx_debug_status = self.cs.register.read_field('SGX_DEBUG_MODE', 'SGX_DEBUG_MODE_STATUS_BIT') self.logger.log(f"[*] SGX Debug Enable : {sgx_debug_status:d}") self.logger.log("[*] Check Silicon debug feature settings") - debug_interface = self.cs.read_register('IA32_DEBUG_INTERFACE') + debug_interface = self.cs.register.read('IA32_DEBUG_INTERFACE') self.logger.log(f"[*] IA32_DEBUG_INTERFACE : 0x{debug_interface:08X}") - debug_enable = self.cs.get_register_field('IA32_DEBUG_INTERFACE', debug_interface, 'ENABLE') - debug_lock = self.cs.get_register_field('IA32_DEBUG_INTERFACE', debug_interface, 'LOCK') + debug_enable = self.cs.register.get_field('IA32_DEBUG_INTERFACE', debug_interface, 'ENABLE') + debug_lock = self.cs.register.get_field('IA32_DEBUG_INTERFACE', debug_interface, 'LOCK') self.logger.log(f"[*] Debug enabled : {debug_enable:d}") self.logger.log(f"[*] Lock : {debug_lock:d}") if sgx_debug_status == 1: self.logger.log_bad("SGX debug mode is enabled") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.DEBUG_FEATURE) + self.result.setStatusBit(self.result.status.DEBUG_FEATURE) else: self.logger.log_good("SGX debug mode is disabled") if debug_enable == 0: @@ -234,17 +236,17 @@ def check_sgx_config(self) -> int: else: self.logger.log_bad("Silicon debug features are not disabled") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.DEBUG_FEATURE) + self.result.setStatusBit(self.result.status.DEBUG_FEATURE) if (0 == debug_enable) and (1 == sgx_debug_status): self.logger.log_bad("Enabling sgx_debug without enabling debug mode in msr IA32_DEBUG_INTERFACE is not a valid configuration") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) + self.result.setStatusBit(self.result.status.CONFIGURATION) if debug_lock == 1: self.logger.log_good("Silicon debug Feature Control register is locked") else: self.logger.log_bad("Silicon debug Feature Control register is not locked") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) return self.res @@ -255,7 +257,7 @@ def check_prmrr_values(self) -> None: if not self.prmrr.uniform: self.logger.log_bad("PRMRR config is not uniform across all CPUs") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) + self.result.setStatusBit(self.result.status.CONFIGURATION) else: self.logger.log_good("PRMRR config is uniform across all CPUs") prmrr_configs = [] @@ -296,7 +298,7 @@ def check_prmrr_values(self) -> None: else: self.logger.log_bad("Unexpected PRMRR memory type (not WB)") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) + self.result.setStatusBit(self.result.status.CONFIGURATION) self.logger.log(f"[*] PRMRR mask address: 0x{self.prmrr.mask:012X}") self.logger.log("[*] Verifying PRMR address are valid") self.logger.log(f"[*] PRMRR uncore mask valid: 0x{self.prmrr.uncore_mask_vld:d}") @@ -305,7 +307,7 @@ def check_prmrr_values(self) -> None: else: self.logger.log_bad("Mcheck marked PRMRR address as invalid") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) + self.result.setStatusBit(self.result.status.CONFIGURATION) self.logger.log("[*] Verifying if PRMR mask register is locked") self.logger.log(f"[*] PRMRR mask lock: 0x{self.prmrr.mask_lock:X}") if self.prmrr.locked: @@ -313,7 +315,7 @@ def check_prmrr_values(self) -> None: else: self.logger.log_bad("PRMRR MASK register is not locked") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) if self.prmrr.check_uncore_vals: self.logger.log(f"[*] PRMRR uncore base address: 0x{self.prmrr.uncore_base:012X}") self.logger.log(f"[*] PRMRR uncore mask address: 0x{self.prmrr.uncore_mask:012X}") @@ -324,7 +326,7 @@ def check_prmrr_values(self) -> None: else: self.logger.log_bad("Mcheck marked uncore PRMRR address as invalid") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) + self.result.setStatusBit(self.result.status.CONFIGURATION) self.logger.log("[*] Verifying if PRMR uncore mask register is locked") self.logger.log(f"[*] PRMRR uncore mask lock: 0x{self.prmrr.uncore_mask_lock:X}") if self.prmrr.uncore_mask_lock == 0x1: @@ -332,7 +334,7 @@ def check_prmrr_values(self) -> None: else: self.logger.log_bad("PMRR uncore MASK register is not locked") self.res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) class PRMRR(): @@ -365,19 +367,19 @@ def _check_prmrr(self) -> None: first_iter = True self.uniform = True self.locked = True - self.check_uncore_vals = self.cs.is_register_defined('PRMRR_UNCORE_PHYBASE') and self.cs.is_register_defined('PRMRR_UNCORE_MASK') + self.check_uncore_vals = self.cs.register.is_defined('PRMRR_UNCORE_PHYBASE') and self.cs.register.is_defined('PRMRR_UNCORE_MASK') for tid in range(self.cs.msr.get_cpu_thread_count()): - self.valid_config_new = self.cs.read_register('PRMRR_VALID_CONFIG', tid) - self.base_new = self.cs.read_register_field('PRMRR_PHYBASE', 'PRMRR_base_address_fields', False, tid) - self.base_memtype_new = self.cs.read_register_field('PRMRR_PHYBASE', 'PRMRR_MEMTYPE', False, tid) - self.mask_new = self.cs.read_register_field('PRMRR_MASK', 'PRMRR_mask_bits', False, tid) - self.mask_vld_new = self.cs.read_register_field('PRMRR_MASK', 'PRMRR_VLD', False, tid) - self.mask_lock_new = self.cs.read_register_field('PRMRR_MASK', 'PRMRR_LOCK', False, tid) + self.valid_config_new = self.cs.register.read('PRMRR_VALID_CONFIG', tid) + self.base_new = self.cs.register.read_field('PRMRR_PHYBASE', 'PRMRR_base_address_fields', False, tid) + self.base_memtype_new = self.cs.register.read_field('PRMRR_PHYBASE', 'PRMRR_MEMTYPE', False, tid) + self.mask_new = self.cs.register.read_field('PRMRR_MASK', 'PRMRR_mask_bits', False, tid) + self.mask_vld_new = self.cs.register.read_field('PRMRR_MASK', 'PRMRR_VLD', False, tid) + self.mask_lock_new = self.cs.register.read_field('PRMRR_MASK', 'PRMRR_LOCK', False, tid) if self.check_uncore_vals: - self.uncore_base_new = self.cs.read_register_field('PRMRR_UNCORE_PHYBASE', 'PRMRR_base_address_fields', False, tid) - self.uncore_mask_new = self.cs.read_register_field('PRMRR_UNCORE_MASK', 'PRMRR_mask_bits', False, tid) - self.uncore_mask_vld_new = self.cs.read_register_field('PRMRR_UNCORE_MASK', 'PRMRR_VLD', False, tid) - self.uncore_mask_lock_new = self.cs.read_register_field('PRMRR_UNCORE_MASK', 'PRMRR_LOCK', False, tid) + self.uncore_base_new = self.cs.register.read_field('PRMRR_UNCORE_PHYBASE', 'PRMRR_base_address_fields', False, tid) + self.uncore_mask_new = self.cs.register.read_field('PRMRR_UNCORE_MASK', 'PRMRR_mask_bits', False, tid) + self.uncore_mask_vld_new = self.cs.register.read_field('PRMRR_UNCORE_MASK', 'PRMRR_VLD', False, tid) + self.uncore_mask_lock_new = self.cs.register.read_field('PRMRR_UNCORE_MASK', 'PRMRR_LOCK', False, tid) if self.logger.VERBOSE: self.logger.log(f"[*] CPU{tid:d} PRMRR_VALID_CONFIG: 0x{self.valid_config_new:010X}") self.logger.log(f"[*] CPU{tid:d} PRMRR base address: 0x{self.base_new:012X}") @@ -428,5 +430,5 @@ def run(self, _) -> int: else: self.logger.log_failed('One or more SGX checks failed') - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/common/smm.py b/chipsec/modules/common/smm.py index c053cffa29..16b080e548 100644 --- a/chipsec/modules/common/smm.py +++ b/chipsec/modules/common/smm.py @@ -37,7 +37,8 @@ This module will only run on client (core) platforms that have PCI0.0.0_SMRAMC defined. """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS, MTAG_SMM +from chipsec.module_common import BaseModule, MTAG_BIOS, MTAG_SMM +from chipsec.library.returncode import ModuleResult from typing import List TAGS = [MTAG_BIOS, MTAG_SMM] @@ -47,24 +48,25 @@ class smm(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x3486891, 'https://chipsec.github.io/modules/chipsec.modules.common.smm.html') + self.result.id = 0x3486891 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.smm.html' def is_supported(self) -> bool: - if self.cs.is_core() and self.cs.is_register_defined('PCI0.0.0_SMRAMC'): + if self.cs.is_core() and self.cs.register.is_defined('PCI0.0.0_SMRAMC'): return True self.logger.log("Either not a Core (client) platform or 'PCI0.0.0_SMRAMC' not defined for platform. Skipping module.") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_SMRAMC(self) -> int: - regval = self.cs.read_register('PCI0.0.0_SMRAMC') - g_smrame = self.cs.get_register_field('PCI0.0.0_SMRAMC', regval, 'G_SMRAME') - d_open = self.cs.get_register_field('PCI0.0.0_SMRAMC', regval, 'D_OPEN') - d_lock = self.cs.get_register_field('PCI0.0.0_SMRAMC', regval, 'D_LCK') + regval = self.cs.register.read('PCI0.0.0_SMRAMC') + g_smrame = self.cs.register.get_field('PCI0.0.0_SMRAMC', regval, 'G_SMRAME') + d_open = self.cs.register.get_field('PCI0.0.0_SMRAMC', regval, 'D_OPEN') + d_lock = self.cs.register.get_field('PCI0.0.0_SMRAMC', regval, 'D_LCK') - self.cs.print_register('PCI0.0.0_SMRAMC', regval) + self.cs.register.print('PCI0.0.0_SMRAMC', regval) if 1 == g_smrame: self.logger.log("[*] Compatible SMRAM is enabled") @@ -75,13 +77,13 @@ def check_SMRAMC(self) -> int: else: res = ModuleResult.FAILED self.logger.log_failed("Compatible SMRAM is not properly locked. Expected ( D_LCK = 1, D_OPEN = 0 )") - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) else: res = ModuleResult.NOTAPPLICABLE - self.rc_res.setStatusBit(self.rc_res.status.FEATURE_DISABLED) + self.result.setStatusBit(self.result.status.FEATURE_DISABLED) self.logger.log("[*] Compatible SMRAM is not enabled. Skipping..") - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) # -------------------------------------------------------------------------- # run( module_argv ) diff --git a/chipsec/modules/common/smm_code_chk.py b/chipsec/modules/common/smm_code_chk.py index c6dff8da3f..107ee3d045 100644 --- a/chipsec/modules/common/smm_code_chk.py +++ b/chipsec/modules/common/smm_code_chk.py @@ -43,7 +43,8 @@ """ from chipsec.exceptions import HWAccessViolationError -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS, MTAG_SMM +from chipsec.module_common import BaseModule, MTAG_BIOS, MTAG_SMM +from chipsec.library.returncode import ModuleResult from typing import List TAGS = [MTAG_BIOS, MTAG_SMM] @@ -53,44 +54,45 @@ class smm_code_chk(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x08f743d, 'https://chipsec.github.io/modules/chipsec.modules.common.smm_code_chk.html') + self.result.id = 0x08f743d + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.smm_code_chk.html' def is_supported(self) -> bool: - if not self.cs.is_register_defined('MSR_SMM_FEATURE_CONTROL'): + if not self.cs.register.is_defined('MSR_SMM_FEATURE_CONTROL'): # The MSR_SMM_FEATURE_CONTROL register is available starting from: # * 4th Generation Intel® Core™ Processors (Haswell microarchitecture) # * Atom Processors Based on the Goldmont Microarchitecture self.logger.log_important('Register MSR_SMM_FEATURE_CONTROL not defined for platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False # The Intel SDM states that MSR_SMM_FEATURE_CONTROL can only be accessed while the CPU executes in SMM. # However, in reality many users report that there is no problem reading this register from outside of SMM. # Just to be on the safe side of things, we'll verify we can read this register successfully before moving on. try: - self.cs.read_register('MSR_SMM_FEATURE_CONTROL') + self.cs.register.read('MSR_SMM_FEATURE_CONTROL') except HWAccessViolationError: self.logger.log_important('MSR_SMM_FEATURE_CONTROL is unreadable. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False else: return True def _check_SMM_Code_Chk_En(self, thread_id: int) -> int: - regval = self.cs.read_register('MSR_SMM_FEATURE_CONTROL', thread_id) - lock = self.cs.get_register_field('MSR_SMM_FEATURE_CONTROL', regval, 'LOCK') - code_chk_en = self.cs.get_register_field('MSR_SMM_FEATURE_CONTROL', regval, 'SMM_Code_Chk_En') + regval = self.cs.register.read('MSR_SMM_FEATURE_CONTROL', thread_id) + lock = self.cs.register.get_field('MSR_SMM_FEATURE_CONTROL', regval, 'LOCK') + code_chk_en = self.cs.register.get_field('MSR_SMM_FEATURE_CONTROL', regval, 'SMM_Code_Chk_En') - self.cs.print_register('MSR_SMM_FEATURE_CONTROL', regval, cpu_thread=thread_id) + self.cs.register.print('MSR_SMM_FEATURE_CONTROL', regval, cpu_thread=thread_id) if 1 == code_chk_en: if 1 == lock: res = ModuleResult.PASSED else: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) else: # MSR_SMM_MCA_CAP (the register that reports enhanced SMM capabilities) can only be read from SMM. # Thus, there is no way to tell whether the the CPU doesn't support SMM_Code_Chk_En in the first place, @@ -111,22 +113,22 @@ def check_SMM_Code_Chk_En(self) -> int: # Check that all CPUs have the same value of MSR_SMM_FEATURE_CONTROL. if not all(_ == results[0] for _ in results): self.logger.log_failed("MSR_SMM_FEATURE_CONTROL does not have the same value across all CPUs") - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) return ModuleResult.FAILED res = results[0] if res == ModuleResult.FAILED: self.logger.log_failed("SMM_Code_Chk_En is enabled but not locked down") - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) elif res == ModuleResult.WARNING: self.logger.log_warning("""[*] SMM_Code_Chk_En is not enabled. This can happen either because this feature is not supported by the CPU or because the BIOS forgot to enable it. Please consult the Intel SDM to determine whether or not your CPU supports SMM_Code_Chk_En.""") - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + self.result.setStatusBit(self.result.status.VERIFY) else: self.logger.log_passed("SMM_Code_Chk_En is enabled and locked down") - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) # -------------------------------------------------------------------------- # run( module_argv ) diff --git a/chipsec/modules/common/smm_dma.py b/chipsec/modules/common/smm_dma.py index 65bf27e7bd..f6e463a8b9 100644 --- a/chipsec/modules/common/smm_dma.py +++ b/chipsec/modules/common/smm_dma.py @@ -55,7 +55,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_SMM, MTAG_HWCONFIG +from chipsec.module_common import BaseModule, MTAG_SMM, MTAG_HWCONFIG +from chipsec.library.returncode import ModuleResult from typing import List _MODULE_NAME = 'smm_dma' @@ -67,38 +68,39 @@ class smm_dma(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x72f5ed1, 'https://chipsec.github.io/modules/chipsec.modules.common.smm_dma.html') + self.result.id = 0x72f5ed1 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.smm_dma.html' def is_supported(self) -> bool: - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) if self.cs.is_atom(): self.logger.log_important('Module not supported on Atom platforms. Skipping module.') - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False elif self.cs.is_server(): self.logger.log_important('Xeon (server) platform detected. Skipping module.') - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False - elif not self.cs.is_control_defined('TSEGBaseLock') or not self.cs.is_control_defined('TSEGLimitLock'): + elif not self.cs.control.is_defined('TSEGBaseLock') or not self.cs.control.is_defined('TSEGLimitLock'): self.logger.log_important('TSEGBaseLock and/or TSEGLimitLock control(s) not defined for platform. Skipping module.') - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False else: return True def check_tseg_locks(self) -> int: - tseg_base_lock = self.cs.get_control('TSEGBaseLock') - tseg_limit_lock = self.cs.get_control('TSEGLimitLock') + tseg_base_lock = self.cs.control.get('TSEGBaseLock') + tseg_limit_lock = self.cs.control.get('TSEGLimitLock') ia_untrusted = 0 - if self.cs.register_has_field('MSR_BIOS_DONE', 'IA_UNTRUSTED'): - ia_untrusted = self.cs.read_register_field('MSR_BIOS_DONE', 'IA_UNTRUSTED') + if self.cs.register.has_field('MSR_BIOS_DONE', 'IA_UNTRUSTED'): + ia_untrusted = self.cs.register.read_field('MSR_BIOS_DONE', 'IA_UNTRUSTED') if (tseg_base_lock and tseg_limit_lock) or (0 != ia_untrusted): self.logger.log_good("TSEG range is locked") return ModuleResult.PASSED else: self.logger.log_bad("TSEG range is not locked") - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) return ModuleResult.FAILED def check_tseg_config(self) -> int: @@ -117,7 +119,7 @@ def check_tseg_config(self) -> int: if (0 == smram_base) and (0 == smram_limit): res = ModuleResult.WARNING self.logger.log_warning("TSEG is properly configured but can't determine if it covers entire SMRAM") - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + self.result.setStatusBit(self.result.status.VERIFY) else: if (tseg_base <= smram_base) and (smram_limit <= tseg_limit): self.logger.log_good("TSEG range covers entire SMRAM") @@ -126,13 +128,13 @@ def check_tseg_config(self) -> int: self.logger.log_passed("TSEG is properly configured. SMRAM is protected from DMA attacks") else: self.logger.log_failed("TSEG is properly configured, but the configuration is not locked.") - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) else: self.logger.log_bad("TSEG range doesn't cover entire SMRAM") self.logger.log_failed("TSEG is not properly configured. Portions of SMRAM may be vulnerable to DMA attacks") - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) def run(self, module_argv: List[str]) -> int: self.logger.start_test("SMM TSEG Range Configuration Check") diff --git a/chipsec/modules/common/smrr.py b/chipsec/modules/common/smrr.py index 1a9725ef1f..de1dce7d7a 100644 --- a/chipsec/modules/common/smrr.py +++ b/chipsec/modules/common/smrr.py @@ -50,7 +50,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS, MTAG_SMM, OPT_MODIFY +from chipsec.module_common import BaseModule, MTAG_BIOS, MTAG_SMM, OPT_MODIFY +from chipsec.library.returncode import ModuleResult from chipsec.hal.msr import MemType from typing import List @@ -61,17 +62,18 @@ class smrr(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0xdf11080, 'https://chipsec.github.io/modules/chipsec.modules.common.smrr.html') + self.result.id = 0xdf11080 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.smrr.html' def is_supported(self) -> bool: - mtrr_exist = self.cs.is_register_defined('MTRRCAP') - pbase_exist = self.cs.is_register_defined('IA32_SMRR_PHYSBASE') - pmask_exist = self.cs.is_register_defined('IA32_SMRR_PHYSMASK') + mtrr_exist = self.cs.register.is_defined('MTRRCAP') + pbase_exist = self.cs.register.is_defined('IA32_SMRR_PHYSBASE') + pmask_exist = self.cs.register.is_defined('IA32_SMRR_PHYSMASK') if mtrr_exist and pbase_exist and pmask_exist: return True self.logger.log_information('Required registers are not defined for this platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False # @@ -83,8 +85,8 @@ def check_SMRR(self, do_modify: bool) -> int: self.logger.log_good("OK. SMRR range protection is supported") else: self.logger.log_not_applicable("CPU does not support SMRR range protection of SMRAM") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) # # SMRR are supported # @@ -95,10 +97,10 @@ def check_SMRR(self, do_modify: bool) -> int: # self.logger.log('') self.logger.log("[*] Checking SMRR range base programming..") - msr_smrrbase = self.cs.read_register('IA32_SMRR_PHYSBASE') - self.cs.print_register('IA32_SMRR_PHYSBASE', msr_smrrbase) - smrrbase = self.cs.get_register_field('IA32_SMRR_PHYSBASE', msr_smrrbase, 'PhysBase', True) - smrrtype = self.cs.get_register_field('IA32_SMRR_PHYSBASE', msr_smrrbase, 'Type') + msr_smrrbase = self.cs.register.read('IA32_SMRR_PHYSBASE') + self.cs.register.print('IA32_SMRR_PHYSBASE', msr_smrrbase) + smrrbase = self.cs.register.get_field('IA32_SMRR_PHYSBASE', msr_smrrbase, 'PhysBase', True) + smrrtype = self.cs.register.get_field('IA32_SMRR_PHYSBASE', msr_smrrbase, 'Type') self.logger.log(f"[*] SMRR range base: 0x{smrrbase:016X}") if smrrtype in MemType: @@ -119,10 +121,10 @@ def check_SMRR(self, do_modify: bool) -> int: # self.logger.log('') self.logger.log("[*] Checking SMRR range mask programming..") - msr_smrrmask = self.cs.read_register('IA32_SMRR_PHYSMASK') - self.cs.print_register('IA32_SMRR_PHYSMASK', msr_smrrmask) - smrrmask = self.cs.get_register_field('IA32_SMRR_PHYSMASK', msr_smrrmask, 'PhysMask', True) - smrrvalid = self.cs.get_register_field('IA32_SMRR_PHYSMASK', msr_smrrmask, 'Valid') + msr_smrrmask = self.cs.register.read('IA32_SMRR_PHYSMASK') + self.cs.register.print('IA32_SMRR_PHYSMASK', msr_smrrmask) + smrrmask = self.cs.register.get_field('IA32_SMRR_PHYSMASK', msr_smrrmask, 'PhysMask', True) + smrrvalid = self.cs.register.get_field('IA32_SMRR_PHYSMASK', msr_smrrmask, 'Valid') self.logger.log(f"[*] SMRR range mask: 0x{smrrmask:016X}") if not (smrrvalid and (0 != smrrmask)): @@ -138,8 +140,8 @@ def check_SMRR(self, do_modify: bool) -> int: self.logger.log('') self.logger.log("[*] Verifying that SMRR range base & mask are the same on all logical CPUs..") for tid in range(self.cs.msr.get_cpu_thread_count()): - msr_base = self.cs.read_register('IA32_SMRR_PHYSBASE', tid) - msr_mask = self.cs.read_register('IA32_SMRR_PHYSMASK', tid) + msr_base = self.cs.register.read('IA32_SMRR_PHYSBASE', tid) + msr_mask = self.cs.register.read('IA32_SMRR_PHYSMASK', tid) self.logger.log(f"[CPU{tid:d}] SMRR_PHYSBASE = {msr_base:016X}, SMRR_PHYSMASK = {msr_mask:016X}") if (msr_base != msr_smrrbase) or (msr_mask != msr_smrrmask): smrr_ok = False @@ -176,13 +178,13 @@ def check_SMRR(self, do_modify: bool) -> int: self.logger.log('') if not smrr_ok: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) + self.result.setStatusBit(self.result.status.CONFIGURATION) self.logger.log_failed("SMRR protection against cache attack is not configured properly") else: res = ModuleResult.PASSED self.logger.log_passed("SMRR protection against cache attack is properly configured") - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) # -------------------------------------------------------------------------- # run( module_argv ) diff --git a/chipsec/modules/common/spd_wd.py b/chipsec/modules/common/spd_wd.py index 9a37dd9307..0c0739e25f 100644 --- a/chipsec/modules/common/spd_wd.py +++ b/chipsec/modules/common/spd_wd.py @@ -50,7 +50,8 @@ - SMBUS_HCFG.SPD_WD is defined for the platform """ -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.hal.smbus import SMBus from chipsec.hal.spd import SPD from typing import List @@ -60,18 +61,19 @@ class spd_wd(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x122cf72, 'https://chipsec.github.io/modules/chipsec.modules.common.spd_wd.html') + self.result.id = 0x122cf72 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.spd_wd.html' def is_supported(self) -> bool: - if self.cs.is_device_enabled('SMBUS'): - if self.cs.register_has_field('SMBUS_HCFG', 'SPD_WD'): + if self.cs.device.is_enabled('SMBUS'): + if self.cs.register.has_field('SMBUS_HCFG', 'SPD_WD'): return True else: self.logger.log_important('SMBUS_HCFG.SPD_WD is not defined for this platform. Skipping module.') else: self.logger.log_important('SMBUS device appears disabled. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_spd_wd(self) -> int: @@ -80,14 +82,14 @@ def check_spd_wd(self) -> int: _spd = SPD(_smbus) except BaseException as msg: self.logger.log_error(msg) - self.rc_res.setStatusBit(self.rc_res.status.INFORMATION) - self.res = self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.INFORMATION) + self.res = self.result.getReturnCode(ModuleResult.ERROR) return self.res - spd_wd_reg = self.cs.read_register('SMBUS_HCFG') - spd_wd = self.cs.get_register_field('SMBUS_HCFG', spd_wd_reg, 'SPD_WD') + spd_wd_reg = self.cs.register.read('SMBUS_HCFG') + spd_wd = self.cs.register.get_field('SMBUS_HCFG', spd_wd_reg, 'SPD_WD') - self.cs.print_register('SMBUS_HCFG', spd_wd_reg) + self.cs.register.print('SMBUS_HCFG', spd_wd_reg) if 1 == spd_wd: self.logger.log_passed("SPD Write Disable is set") @@ -95,14 +97,14 @@ def check_spd_wd(self) -> int: else: if _spd.detect(): self.logger.log_failed("SPD Write Disable is not set and SPDs were detected") - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) self.res = ModuleResult.FAILED else: self.logger.log_information("SPD Write Disable is not set, but no SPDs detected") - self.rc_res.setStatusBit(self.rc_res.status.INFORMATION) + self.result.setStatusBit(self.result.status.INFORMATION) self.res = ModuleResult.INFORMATION - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) def run(self, module_argv: List[str]) -> int: self.logger.start_test("SPD Write Disable") diff --git a/chipsec/modules/common/spi_access.py b/chipsec/modules/common/spi_access.py index b9691e5a01..15fa150068 100644 --- a/chipsec/modules/common/spi_access.py +++ b/chipsec/modules/common/spi_access.py @@ -45,7 +45,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS +from chipsec.module_common import BaseModule, MTAG_BIOS +from chipsec.library.returncode import ModuleResult from chipsec.hal.spi import SPI, GBE, PLATFORM_DATA, ME, FLASH_DESCRIPTOR from typing import List @@ -57,14 +58,15 @@ class spi_access(BaseModule): def __init__(self): BaseModule.__init__(self) self.spi = SPI(self.cs) - self.rc_res = ModuleResult(0x23bb5d0, 'https://chipsec.github.io/modules/chipsec.modules.common.spi_access.html') + self.result.id = 0x23bb5d0 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.spi_access.html' def is_supported(self) -> bool: - if self.cs.register_has_field('HSFS', 'FDV') and self.cs.register_has_field('FRAP', 'BRWA'): + if self.cs.register.has_field('HSFS', 'FDV') and self.cs.register.has_field('FRAP', 'BRWA'): return True self.logger.log_important('HSFS.FDV or FRAP.BRWA registers not defined for platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False ## @@ -72,9 +74,9 @@ def is_supported(self) -> bool: def check_flash_access_permissions(self) -> int: res = ModuleResult.PASSED - fdv = self.cs.read_register_field('HSFS', 'FDV') == 1 - frap = self.cs.read_register('FRAP') - brwa = self.cs.get_register_field('FRAP', frap, 'BRWA') + fdv = self.cs.register.read_field('HSFS', 'FDV') == 1 + frap = self.cs.register.read('FRAP') + brwa = self.cs.register.get_field('FRAP', frap, 'BRWA') # Informational # State of Flash Descriptor Valid bit @@ -89,20 +91,20 @@ def check_flash_access_permissions(self) -> int: # CPU/Software access to GBe region if brwa & (1 << GBE): res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW) + self.result.setStatusBit(self.result.status.ACCESS_RW) self.logger.log_warning("Software has write access to GBe region in SPI flash") # Failures # CPU/Software access to Flash Descriptor region (Read Only) if brwa & (1 << FLASH_DESCRIPTOR): res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW) + self.result.setStatusBit(self.result.status.ACCESS_RW) self.logger.log_bad("Software has write access to SPI flash descriptor") # CPU/Software access to Intel ME region (Read Only) if brwa & (1 << ME): res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW) + self.result.setStatusBit(self.result.status.ACCESS_RW) self.logger.log_bad("Software has write access to Management Engine (ME) region in SPI flash") if fdv: @@ -116,10 +118,10 @@ def check_flash_access_permissions(self) -> int: self.logger.log_warning("Certain SPI flash regions are writeable by software") else: res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) self.logger.log_warning("Either flash descriptor is not valid or not present on this system") - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) def run(self, module_argv: List[str]) -> int: self.logger.start_test("SPI Flash Region Access Control") diff --git a/chipsec/modules/common/spi_desc.py b/chipsec/modules/common/spi_desc.py index daf368f7b1..c684e4dacc 100644 --- a/chipsec/modules/common/spi_desc.py +++ b/chipsec/modules/common/spi_desc.py @@ -39,7 +39,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS +from chipsec.module_common import BaseModule, MTAG_BIOS +from chipsec.library.returncode import ModuleResult from chipsec.hal.spi import FLASH_DESCRIPTOR from typing import List @@ -50,14 +51,15 @@ class spi_desc(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x63fa19c, 'https://chipsec.github.io/modules/chipsec.modules.common.spi_desc.html') + self.result.id = 0x63fa19c + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.spi_desc.html' def is_supported(self) -> bool: - if self.cs.register_has_all_fields('FRAP', ['BRRA', 'BRWA']): + if self.cs.register.has_all_fields('FRAP', ['BRRA', 'BRWA']): return True self.logger.log_important('FRAP.BRWA or FRAP.BRRA registers not defined for platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False ## @@ -65,15 +67,15 @@ def is_supported(self) -> bool: def check_flash_access_permissions(self) -> int: res = ModuleResult.PASSED - frap = self.cs.read_register('FRAP') - self.cs.print_register('FRAP', frap) - brra = self.cs.get_register_field('FRAP', frap, 'BRRA') - brwa = self.cs.get_register_field('FRAP', frap, 'BRWA') + frap = self.cs.register.read('FRAP') + self.cs.register.print('FRAP', frap) + brra = self.cs.register.get_field('FRAP', frap, 'BRRA') + brwa = self.cs.register.get_field('FRAP', frap, 'BRWA') self.logger.log(f"[*] Software access to SPI flash regions: read = 0x{brra:02X}, write = 0x{brwa:02X}") if brwa & (1 << FLASH_DESCRIPTOR): res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW) + self.result.setStatusBit(self.result.status.ACCESS_RW) self.logger.log_bad("Software has write access to SPI flash descriptor") self.logger.log('') @@ -83,7 +85,7 @@ def check_flash_access_permissions(self) -> int: self.logger.log_failed("SPI flash permissions allow SW to write flash descriptor") self.logger.log_important('System may be using alternative protection by including descriptor region in SPI Protected Range Registers') - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) def run(self, module_argv: List[str]) -> int: self.logger.start_test("SPI Flash Region Access Control") diff --git a/chipsec/modules/common/spi_fdopss.py b/chipsec/modules/common/spi_fdopss.py index 215583b3df..8cc7132d40 100644 --- a/chipsec/modules/common/spi_fdopss.py +++ b/chipsec/modules/common/spi_fdopss.py @@ -33,7 +33,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS +from chipsec.module_common import BaseModule, MTAG_BIOS +from chipsec.library.returncode import ModuleResult from typing import List TAGS = [MTAG_BIOS] @@ -43,28 +44,29 @@ class spi_fdopss(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x9b73a54, 'https://chipsec.github.io/modules/chipsec.modules.common.spi_fdopss.html') + self.result.id = 0x9b73a54 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.spi_fdopss.html' def is_supported(self) -> bool: - if not self.cs.register_has_field('HSFS', 'FDOPSS'): + if not self.cs.register.has_field('HSFS', 'FDOPSS'): self.logger.log_important('HSFS.FDOPSS field not defined for platform. Skipping module.') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False return True def check_fd_security_override_strap(self) -> int: - hsfs_reg = self.cs.read_register('HSFS') - self.cs.print_register('HSFS', hsfs_reg) - fdopss = self.cs.get_register_field('HSFS', hsfs_reg, 'FDOPSS') + hsfs_reg = self.cs.register.read('HSFS') + self.cs.register.print('HSFS', hsfs_reg) + fdopss = self.cs.register.get_field('HSFS', hsfs_reg, 'FDOPSS') if (fdopss != 0): self.logger.log_passed("SPI Flash Descriptor Security Override is disabled") - return self.rc_res.getReturnCode(ModuleResult.PASSED) + return self.result.getReturnCode(ModuleResult.PASSED) else: self.logger.log_failed("SPI Flash Descriptor Security Override is enabled") - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) - return self.rc_res.getReturnCode(ModuleResult.FAILED) + self.result.setStatusBit(self.result.status.CONFIGURATION) + return self.result.getReturnCode(ModuleResult.FAILED) # -------------------------------------------------------------------------- # run( module_argv ) diff --git a/chipsec/modules/common/spi_lock.py b/chipsec/modules/common/spi_lock.py index db5090daca..5975031dbf 100644 --- a/chipsec/modules/common/spi_lock.py +++ b/chipsec/modules/common/spi_lock.py @@ -43,7 +43,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS +from chipsec.module_common import BaseModule, MTAG_BIOS +from chipsec.library.returncode import ModuleResult from typing import List TAGS = [MTAG_BIOS] @@ -53,35 +54,36 @@ class spi_lock(BaseModule): def __init__(self): super(spi_lock, self).__init__() - self.rc_res = ModuleResult(0xf73c7bd, 'https://chipsec.github.io/modules/chipsec.modules.common.spi_lock.html') + self.result.id = 0xf73c7bd + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.spi_lock.html' def is_supported(self) -> bool: - if self.cs.is_control_defined('FlashLockDown'): + if self.cs.control.is_defined('FlashLockDown'): return True - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) self.logger.log_important('FlashLockDown control not define for platform. Skipping module.') return False def check_spi_lock(self) -> int: res = ModuleResult.PASSED reg_print = True - if self.cs.is_control_defined('SpiWriteStatusDis'): - wrsdis = self.cs.get_control('SpiWriteStatusDis', with_print=reg_print) + if self.cs.control.is_defined('SpiWriteStatusDis'): + wrsdis = self.cs.control.get('SpiWriteStatusDis', with_print=reg_print) if 1 == wrsdis: self.logger.log_good('SPI write status disable set.') else: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW) + self.result.setStatusBit(self.result.status.ACCESS_RW) self.logger.log_bad('SPI write status disable not set.') reg_print = False - flockdn = self.cs.get_control('FlashLockDown', with_print=reg_print) + flockdn = self.cs.control.get('FlashLockDown', with_print=reg_print) if 1 == flockdn: self.logger.log_good("SPI Flash Controller configuration is locked") else: res = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + self.result.setStatusBit(self.result.status.LOCKS) self.logger.log_bad("SPI Flash Controller configuration is not locked") reg_print = False @@ -92,7 +94,7 @@ def check_spi_lock(self) -> int: else: self.logger.log_warning("Unable to determine if SPI Flash Controller is locked correctly.") - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) def run(self, module_argv: List[str]) -> int: self.logger.start_test("SPI Flash Controller Configuration Locks") diff --git a/chipsec/modules/common/uefi/access_uefispec.py b/chipsec/modules/common/uefi/access_uefispec.py index eb6e8337e2..4603ab3760 100644 --- a/chipsec/modules/common/uefi/access_uefispec.py +++ b/chipsec/modules/common/uefi/access_uefispec.py @@ -40,7 +40,8 @@ Requires an OS with UEFI Runtime API support. """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_SECUREBOOT, MTAG_BIOS, OPT_MODIFY +from chipsec.module_common import BaseModule, MTAG_SECUREBOOT, MTAG_BIOS, OPT_MODIFY +from chipsec.library.returncode import ModuleResult from chipsec.hal.uefi import UEFI, EFI_VARIABLE_NON_VOLATILE, EFI_VARIABLE_BOOTSERVICE_ACCESS, EFI_VARIABLE_RUNTIME_ACCESS, get_attr_string from chipsec.hal.uefi import EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, EFI_VARIABLE_APPEND_WRITE from chipsec.hal.uefi_common import StatusCode @@ -55,7 +56,8 @@ class access_uefispec(BaseModule): def __init__(self): BaseModule.__init__(self) self._uefi = UEFI(self.cs) - self.rc_res = ModuleResult(0xadd835b, 'https://chipsec.github.io/modules/chipsec.modules.common.uefi.access_uefispec.html') + self.result.id = 0xadd835b + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.uefi.access_uefispec.html' nv = EFI_VARIABLE_NON_VOLATILE bs = EFI_VARIABLE_BOOTSERVICE_ACCESS @@ -121,8 +123,8 @@ def is_supported(self) -> bool: supported = self.cs.helper.EFI_supported() if not supported: self.logger.log("OS does not support UEFI Runtime API") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return supported def diff_var(self, data1: int, data2: int) -> bool: @@ -167,8 +169,8 @@ def check_vars(self, do_modify: bool) -> int: if vars is None: self.logger.log_warning('Could not enumerate UEFI Variables from runtime.') self.logger.log_important("Note that UEFI variables may still exist, OS just did not expose runtime UEFI Variable API to read them.\nYou can extract variables directly from ROM file via 'chipsec_util.py uefi nvram bios.bin' command and verify their attributes manually.") - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + return self.result.getReturnCode(ModuleResult.WARNING) uefispec_concern = [] ro_concern = [] @@ -200,7 +202,7 @@ def check_vars(self, do_modify: bool) -> int: self.logger.log_important(' Missing attributes:' + get_attr_string(missing_attr)) if res != ModuleResult.FAILED: res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + self.result.setStatusBit(self.result.status.VERIFY) if do_modify: self.logger.log(f"[*] Testing modification of {name} ..") @@ -208,7 +210,7 @@ def check_vars(self, do_modify: bool) -> int: if self.can_modify(name, guid, data): ro_concern.append(name) self.logger.log_bad(f"Variable {name} should be read only.") - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) res = ModuleResult.FAILED else: if self.can_modify(name, guid, data): @@ -246,4 +248,4 @@ def run(self, module_argv: List[str]) -> int: do_modify = (len(module_argv) > 0 and module_argv[0] == OPT_MODIFY) self.res = self.check_vars(do_modify) - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/common/uefi/s3bootscript.py b/chipsec/modules/common/uefi/s3bootscript.py index 4842919e02..3f5244d9c3 100644 --- a/chipsec/modules/common/uefi/s3bootscript.py +++ b/chipsec/modules/common/uefi/s3bootscript.py @@ -50,8 +50,9 @@ Requires an OS with UEFI Runtime API support. """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS, MTAG_SMM, MTAG_SECUREBOOT -from chipsec.defines import BOUNDARY_1MB, BOUNDARY_4GB +from chipsec.module_common import BaseModule, MTAG_BIOS, MTAG_SMM, MTAG_SECUREBOOT +from chipsec.library.returncode import ModuleResult +from chipsec.library.defines import BOUNDARY_1MB, BOUNDARY_4GB from chipsec.hal.uefi import UEFI, parse_script from chipsec.hal.uefi_common import S3BootScriptOpcode, S3BOOTSCRIPT_ENTRY from typing import List @@ -77,14 +78,15 @@ class s3bootscript(BaseModule): def __init__(self): BaseModule.__init__(self) self._uefi = UEFI(self.cs) - self.rc_res = ModuleResult(0x9e3cf54, 'https://chipsec.github.io/modules/chipsec.modules.common.uefi.s3bootscript.html') + self.result.id = 0x9e3cf54 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.common.uefi.s3bootscript.html' def is_supported(self) -> bool: supported = self.cs.helper.EFI_supported() if not supported: self.logger.log("OS does not support UEFI Runtime API") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return supported def is_inside_SMRAM(self, pa: int) -> bool: @@ -148,8 +150,8 @@ def check_s3_bootscripts(self, bsaddress=None) -> int: if not found: self.logger.log_good("Didn't find any S3 boot-scripts in EFI variables") self.logger.log_warning("S3 Boot-Script was not found. Firmware may be using other ways to store/locate it, or OS might be blocking access.") - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + return self.result.getReturnCode(ModuleResult.WARNING) self.logger.log_important(f'Found {len(bootscript_PAs):d} S3 boot-script(s) in EFI variables') @@ -166,17 +168,17 @@ def check_s3_bootscripts(self, bsaddress=None) -> int: if (res & DISPATCH_OPCODES_UNPROTECTED) != 0: # DISPATCH_OPCODES_UNPROTECTED status = ModuleResult.FAILED - self.rc_res.setStatusBit(self.rc_res.status.PROTECTION) + self.result.setStatusBit(self.result.status.PROTECTION) self.logger.log_failed('S3 Boot-Script and Dispatch entry-points do not appear to be protected') else: # DISPATCH_OPCODES_PROTECTED status = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + self.result.setStatusBit(self.result.status.VERIFY) self.logger.log_warning('S3 Boot-Script is not in SMRAM but Dispatch entry-points appear to be protected. Recommend further testing') else: # BOOTSCRIPT_INSIDE_SMRAM status = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + self.result.setStatusBit(self.result.status.VERIFY) self.logger.log_warning("S3 Boot-Script is inside SMRAM. The script is protected but Dispatch opcodes cannot be inspected") self.logger.log_important("Additional testing of the S3 boot-script can be done using tools.uefi.s3script_modify") @@ -188,8 +190,8 @@ def run(self, module_argv: List[str]) -> int: if len(module_argv) > 2: self.logger.log_error('Expected module options: -a ') - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_OPTION) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_OPTION) + return self.result.getReturnCode(ModuleResult.ERROR) script_pa = None @@ -211,4 +213,4 @@ def run(self, module_argv: List[str]) -> int: raise self.res = ModuleResult.ERROR - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/tools/cpu/sinkhole.py b/chipsec/modules/tools/cpu/sinkhole.py index e224b5988b..0764d4dd29 100644 --- a/chipsec/modules/tools/cpu/sinkhole.py +++ b/chipsec/modules/tools/cpu/sinkhole.py @@ -45,7 +45,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_SMM +from chipsec.module_common import BaseModule, MTAG_SMM +from chipsec.library.returncode import ModuleResult TAGS = [MTAG_SMM] @@ -55,79 +56,76 @@ class sinkhole(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x230312a, 'https://chipsec.github.io/modules/chipsec.modules.tools.cpu.sinkhole.html') + self.result.id = 0x230312a + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.cpu.sinkhole.html' def is_supported(self): if not (self.cs.os_helper.is_windows() or self.cs.os_helper.is_linux()): self.logger.log_important('Unsupported OS found. Skipping module.') self.logger.log_important('Supported OS: Windows or Linux') - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False - elif not self.cs.is_register_defined('IA32_APIC_BASE') or \ - not self.cs.is_register_defined('IA32_SMRR_PHYSBASE') or \ - not self.cs.is_register_defined('IA32_SMRR_PHYSMASK'): + elif not self.cs.register.is_defined('IA32_APIC_BASE') or \ + not self.cs.register.is_defined('IA32_SMRR_PHYSBASE') or \ + not self.cs.register.is_defined('IA32_SMRR_PHYSMASK'): self.logger.log_error("Couldn't find definition of required configuration registers.") - self.rc_res.setStatusBit(self.rc_res.status.CONFIGURATION) - self.res =self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.CONFIGURATION) + self.res =self.result.getReturnCode(ModuleResult.ERROR) return False else: return True def check_LAPIC_SMRR_overlap(self): - smrr_physbase_msr = self.cs.read_register('IA32_SMRR_PHYSBASE', 0) - apic_base_msr = self.cs.read_register('IA32_APIC_BASE', 0) - self.cs.print_register('IA32_APIC_BASE', apic_base_msr) - self.cs.print_register('IA32_SMRR_PHYSBASE', smrr_physbase_msr) + smrr_physbase_msr = self.cs.register.read('IA32_SMRR_PHYSBASE', 0) + apic_base_msr = self.cs.register.read('IA32_APIC_BASE', 0) + self.cs.register.print('IA32_APIC_BASE', apic_base_msr) + self.cs.register.print('IA32_SMRR_PHYSBASE', smrr_physbase_msr) - smrrbase = self.cs.get_register_field('IA32_SMRR_PHYSBASE', smrr_physbase_msr, 'PhysBase') - smrr_base = self.cs.get_register_field('IA32_SMRR_PHYSBASE', smrr_physbase_msr, 'PhysBase', True) - apic_base = self.cs.get_register_field('IA32_APIC_BASE', apic_base_msr, 'APICBase', True) + smrrbase = self.cs.register.get_field('IA32_SMRR_PHYSBASE', smrr_physbase_msr, 'PhysBase') + smrr_base = self.cs.register.get_field('IA32_SMRR_PHYSBASE', smrr_physbase_msr, 'PhysBase', True) + apic_base = self.cs.register.get_field('IA32_APIC_BASE', apic_base_msr, 'APICBase', True) self.logger.log(f'[*] Local APIC Base: 0x{apic_base:016X}') self.logger.log(f'[*] SMRR Base : 0x{smrr_base:016X}') - self.logger.log("[*] Attempting to overlap Local APIC page with SMRR region") + self.logger.log('[*] Attempting to overlap Local APIC page with SMRR region') self.logger.log(f' Writing 0x{smrrbase:X} to IA32_APIC_BASE[APICBase]..') - self.logger.log_important("NOTE: The system may hang or process may crash when running this test.") - self.logger.log(" In that case, the mitigation to this issue is likely working but we may not be handling the exception generated.") + self.logger.log_important('NOTE: The system may hang or process may crash when running this test.') + self.logger.log(' In that case, the mitigation to this issue is likely working but we may not be handling the exception generated.') - res = self.cs.write_register_field('IA32_APIC_BASE', 'APICBase', smrrbase, preserve_field_position=False, cpu_thread=0) + res = self.cs.register.write_field('IA32_APIC_BASE', 'APICBase', smrrbase, preserve_field_position=False, cpu_thread=0) if res is None: - self.logger.log_important("Error encountered when attempting to modify IA32_APIC_BASE") + self.logger.log_important('Error encountered when attempting to modify IA32_APIC_BASE') - apic_base_msr_new = self.cs.read_register('IA32_APIC_BASE', 0) + apic_base_msr_new = self.cs.register.read('IA32_APIC_BASE', 0) self.logger.log(f'[*] New IA32_APIC_BASE: 0x{apic_base_msr_new:016X}') if apic_base_msr_new == apic_base_msr: - self.logger.log_good("Could not modify IA32_APIC_BASE to overlap SMRR") - self.logger.log_passed("CPU does not seem to have SMM memory sinkhole vulnerability") - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) + self.logger.log_good('Could not modify IA32_APIC_BASE to overlap SMRR') + self.logger.log_passed('CPU does not seem to have SMM memory sinkhole vulnerability') + self.result.setStatusBit(self.result.status.SUCCESS) res = ModuleResult.PASSED else: - self.logger.log_bad("Could modify IA32_APIC_BASE to overlap SMRR") - self.cs.write_register('IA32_APIC_BASE', apic_base_msr, 0) + self.logger.log_bad('Could modify IA32_APIC_BASE to overlap SMRR') + self.cs.register.write('IA32_APIC_BASE', apic_base_msr, 0) self.logger.log(f'[*] Restored original value 0x{apic_base_msr:016X}') - self.logger.log_failed("CPU is susceptible to SMM memory sinkhole vulnerability. Verify that SMRR is programmed correctly.") - self.rc_res.setStatusBit(self.rc_res.status.PROTECTION) + self.logger.log_failed('CPU is susceptible to SMM memory sinkhole vulnerability. Verify that SMRR is programmed correctly.') + self.result.setStatusBit(self.result.status.PROTECTION) res = ModuleResult.FAILED - return self.rc_res.getReturnCode(res) + return self.result.getReturnCode(res) - # -------------------------------------------------------------------------- - # run( module_argv ) - # Required function: run here all tests from this module - # -------------------------------------------------------------------------- def run(self, module_argv): - self.logger.start_test("x86 SMM Memory Sinkhole") + self.logger.start_test('x86 SMM Memory Sinkhole') if self.cs.cpu.check_SMRR_supported(): - self.logger.log_good("SMRR range protection is supported") + self.logger.log_good('SMRR range protection is supported') self.res = self.check_LAPIC_SMRR_overlap() else: - self.logger.log_important("CPU does not support SMRR range protection of SMRAM. Skipping module.") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.logger.log_important('CPU does not support SMRR range protection of SMRAM. Skipping module.') + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return self.res \ No newline at end of file diff --git a/chipsec/modules/tools/generate_test_id.py b/chipsec/modules/tools/generate_test_id.py index 547bd4d4a2..2caa964839 100644 --- a/chipsec/modules/tools/generate_test_id.py +++ b/chipsec/modules/tools/generate_test_id.py @@ -19,7 +19,7 @@ # """ -Generate a test ID using hashlib from the test's file name (no file extension). +Generate a test ID using hashlib from the test's file name (no file extension). Hash is truncated to 28 bits. Usage: @@ -31,19 +31,21 @@ >>> chipsec_main.py -m common.tools.generate_test_id -a bios_ts """ -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from typing import List import hashlib class generate_test_id(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0xd711589, 'https://chipsec.github.io/modules/chipsec.modules.tools.generate_test_id.html') + self.result.id = 0xd711589 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.generate_test_id.html' def usage(self): self.logger.log(__doc__.replace('`', '')) return - + def is_supported(self) -> bool: return True @@ -51,16 +53,16 @@ def generate_id(self, test_name: str) -> int: return hashlib.sha256(test_name.encode('ascii')).hexdigest()[:7] def run(self, module_argv: List[str]) -> int: - self.logger.start_test("Generate test ID") + self.logger.start_test('Generate test ID') if len(module_argv) == 1: module_name = module_argv[0] self.logger.log_good(f'Test ID for {module_name} is 0x{self.generate_id(module_name)}\n') - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - self.res = self.rc_res.getReturnCode(ModuleResult.INFORMATION) + self.result.setStatusBit(self.result.status.SUCCESS) + self.res = self.result.getReturnCode(ModuleResult.INFORMATION) else: self.usage() - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_OPTION) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) - + self.result.setStatusBit(self.result.status.UNSUPPORTED_OPTION) + self.res = self.result.getReturnCode(ModuleResult.WARNING) + return self.res \ No newline at end of file diff --git a/chipsec/modules/tools/secureboot/te.py b/chipsec/modules/tools/secureboot/te.py index b69cea4daa..8e273c2bc3 100644 --- a/chipsec/modules/tools/secureboot/te.py +++ b/chipsec/modules/tools/secureboot/te.py @@ -55,7 +55,8 @@ import struct import sys -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.logger import logger @@ -493,7 +494,8 @@ class te(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x2d6c9a9, 'https://chipsec.github.io/modules/chipsec.modules.tools.secureboot.te.html') + self.result.id = 0x2d6c9a9 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.secureboot.te.html' def is_supported(self): #win8 = self.cs.helper.is_win8_or_greater() @@ -517,8 +519,8 @@ def run(self, module_argv): file_path = module_argv[1] if not os.path.exists(file_path): self.logger.log_error(f'Cannot find file \'{file_path}\'') - self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.ACCESS_RW) + return self.result.getReturnCode(ModuleResult.ERROR) sts = replace_efi_binary(file_path, file_path) @@ -529,14 +531,14 @@ def run(self, module_argv): te_cfg = module_argv[1] if not os.path.exists(te_cfg): self.logger.log_error(f'Cannot find file \'{te_cfg}\'') - self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.ACCESS_RW) + return self.result.getReturnCode(ModuleResult.ERROR) bootloader_paths = get_bootloader_paths(te_cfg) if len(bootloader_paths) == 0: self.logger.log("[*] no bootloaders to replace. Exit...") - self.rc_res.setStatusBit(self.rc_res.status.FEATURE_DISABLED) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.FEATURE_DISABLED) + return self.result.getReturnCode(ModuleResult.WARNING) do_mount = self.cs.os_helper.is_windows() # @TODO if 'restore_bootloader' == mode: @@ -550,8 +552,8 @@ def run(self, module_argv): self.logger.log_error(f'Invalid mode: \'{mode}\'') if sts: - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - return self.rc_res.getReturnCode(ModuleResult.PASSED) + self.result.setStatusBit(self.result.status.SUCCESS) + return self.result.getReturnCode(ModuleResult.PASSED) else: - self.rc_res.setStatusBit(self.rc_res.status.RESTORE) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.RESTORE) + return self.result.getReturnCode(ModuleResult.ERROR) diff --git a/chipsec/modules/tools/smm/rogue_mmio_bar.py b/chipsec/modules/tools/smm/rogue_mmio_bar.py index ae684d0dd4..cb12db34ca 100644 --- a/chipsec/modules/tools/smm/rogue_mmio_bar.py +++ b/chipsec/modules/tools/smm/rogue_mmio_bar.py @@ -40,8 +40,9 @@ """ -from chipsec.module_common import BaseModule, ModuleResult -from chipsec.defines import BOUNDARY_4GB +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult +from chipsec.library.defines import BOUNDARY_4GB from chipsec.file import write_file from chipsec.hal.pci import PCI_HDR_BAR_STEP, PCI_HDR_BAR_BASE_MASK_MMIO64, PCI_HDR_BAR_CFGBITS_MASK from chipsec.hal.interrupts import Interrupts @@ -70,7 +71,8 @@ class rogue_mmio_bar(BaseModule): def __init__(self): BaseModule.__init__(self) self._interrupts = Interrupts(self.cs) - self.rc_res = ModuleResult(0x293f9e8, 'https://chipsec.github.io/modules/chipsec.modules.tools.smm.rogue_mmio_bar.html') + self.result.id = 0x293f9e8 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.smm.rogue_mmio_bar.html' # SMI code to be written to I/O port 0xB2 self.smic_start = 0x00 @@ -201,8 +203,8 @@ def run(self, module_argv): self.logger.log(f'[*] Found MMIO BAR +0x{bar_off:02X} (base 0x{base:016X}, size 0x{size:X})') new_bar = ((self.reloc_mmio & PCI_HDR_BAR_BASE_MASK_MMIO64) | (bar & PCI_HDR_BAR_CFGBITS_MASK)) if self.smi_mmio_range_fuzz(0, b, d, f, bar_off, is64bit, bar, new_bar, base, size): - self.rc_res.setStatusBit(self.rc_res.status.RESTORE) - return self.rc_res.getReturnCode(ModuleResult.FAILED) + self.result.setStatusBit(self.result.status.RESTORE) + return self.result.getReturnCode(ModuleResult.FAILED) - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - return self.rc_res.getReturnCode(ModuleResult.PASSED) \ No newline at end of file + self.result.setStatusBit(self.result.status.SUCCESS) + return self.result.getReturnCode(ModuleResult.PASSED) \ No newline at end of file diff --git a/chipsec/modules/tools/smm/smm_ptr.py b/chipsec/modules/tools/smm/smm_ptr.py index 66311f7e47..152e2c828f 100644 --- a/chipsec/modules/tools/smm/smm_ptr.py +++ b/chipsec/modules/tools/smm/smm_ptr.py @@ -80,7 +80,8 @@ import struct import os -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.file import write_file from chipsec.logger import print_buffer_bytes from chipsec.hal.interrupts import Interrupts @@ -188,7 +189,8 @@ def __init__(self): self.test_ptr_in_buffer = False self.fill_byte = _MEM_FILL_VALUE self.fill_size = _MEM_FILL_SIZE - self.rc_res = ModuleResult(0xf8457d4, 'https://chipsec.github.io/modules/chipsec.modules.tools.smm.smm_ptr.html') + self.result.id = 0xf8457d4 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.smm.smm_ptr.html' def is_supported(self): return True @@ -487,8 +489,8 @@ def run(self, module_argv): DUMP_GPRS_EVERY_SMI = False else: self.logger.log_error(f'Unknown fuzzing mode \'{module_argv[0]}\'') - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_OPTION) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_OPTION) + return self.result.getReturnCode(ModuleResult.ERROR) if len(module_argv) > 2: self.fill_size = int(module_argv[2], 16) @@ -550,11 +552,11 @@ def run(self, module_argv): if bad_ptr_cnt > 0: self.logger.log_bad(f'<<< Done: found {bad_ptr_cnt:d} potential occurrences of unchecked input pointers') - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.FAILED) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) + self.res = self.result.getReturnCode(ModuleResult.FAILED) else: self.logger.log_good("<<< Done: didn't find unchecked input pointers in tested SMI handlers") - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - self.res = self.rc_res.getReturnCode(ModuleResult.PASSED) + self.result.setStatusBit(self.result.status.SUCCESS) + self.res = self.result.getReturnCode(ModuleResult.PASSED) return self.res diff --git a/chipsec/modules/tools/uefi/reputation.py b/chipsec/modules/tools/uefi/reputation.py index 691cd494d5..7eb7b97723 100644 --- a/chipsec/modules/tools/uefi/reputation.py +++ b/chipsec/modules/tools/uefi/reputation.py @@ -21,7 +21,8 @@ """ import time -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS +from chipsec.module_common import BaseModule, MTAG_BIOS +from chipsec.library.returncode import ModuleResult from chipsec.hal.spi_uefi import search_efi_tree, build_efi_model, EFIModuleType from chipsec.hal.uefi import UEFI from chipsec.hal.spi import SPI, BIOS @@ -55,7 +56,8 @@ class reputation(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x556ec74, 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.reputation.html') + self.result.id = 0x556ec74 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.reputation.html' self.uefi = UEFI(self.cs) self.image = None self.vt_threshold = 10 @@ -67,8 +69,8 @@ def is_supported(self): else: self.logger.log_important("""Can't import module 'virus_total_apis'. Please run 'pip install virustotal-api' and try again.""") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def reputation_callback(self, efi_module): @@ -109,7 +111,7 @@ def check_reputation(self): if found: res = ModuleResult.WARNING self.logger.log_warning("Suspicious EFI binary found in the UEFI firmware image") - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) else: self.logger.log_passed("Didn't find any suspicious EFI binary") return res @@ -144,4 +146,4 @@ def run(self, module_argv): self.image = read_file(image_file) self.res = self.check_reputation() - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/tools/uefi/s3script_modify.py b/chipsec/modules/tools/uefi/s3script_modify.py index c4d2c08d57..f06483906a 100644 --- a/chipsec/modules/tools/uefi/s3script_modify.py +++ b/chipsec/modules/tools/uefi/s3script_modify.py @@ -99,7 +99,8 @@ import struct -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.logger import print_buffer_bytes from chipsec.hal.uefi import UEFI from chipsec.hal.uefi_common import S3BootScriptOpcode, script_width_values, script_width_formats, op_io_pci_mem, op_dispatch @@ -136,7 +137,8 @@ class s3script_modify(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0xa33100e, 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.s3script_modify.html') + self.result.id = 0xa33100e + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.s3script_modify.html' self.logger.HAL = True self._uefi = UEFI(self.cs) self.bootscript_PAs = None @@ -151,14 +153,14 @@ def is_supported(self): supported = self.cs.helper.EFI_supported() if not supported: self.logger.log("OS does not support UEFI Runtime API. Skipping module.") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) else: _, ps = self.get_bootscript() if not ps: self.logger.log("Unable to locate boot script. Skipping module.") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) supported = False return supported @@ -366,8 +368,8 @@ def run(self, module_argv): if scmd in cmd2opcode: if len(module_argv) < 4: self.logger.log_error(f'Expected module options: -a replace_op,{scmd},,') - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) + return self.result.getReturnCode(ModuleResult.ERROR) reg_address = int(module_argv[2], 16) value = int(module_argv[3], 16) sts = self.modify_s3_reg(cmd2opcode[scmd], reg_address, value) @@ -384,16 +386,16 @@ def run(self, module_argv): else: self.logger.log_error(f'Unrecognized module command-line argument: {scmd}') self.logger.log(examples_str) - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) + return self.result.getReturnCode(ModuleResult.ERROR) elif op == 'add_op': scmd = module_argv[1].lower() if len(module_argv) > 1 else 'dispatch' new_opcode = None if scmd in cmd2opcode: if len(module_argv) < 5: self.logger.log_error(f'Expected module options: -a add_op,{scmd},,,') - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) + return self.result.getReturnCode(ModuleResult.ERROR) address = int(module_argv[2], 16) value = int(module_argv[3], 16) width = int(module_argv[4], 16) @@ -405,8 +407,8 @@ def run(self, module_argv): else: self.logger.log_error(f'Unsupported opcode: {scmd}') self.logger.log(examples_str) - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) + return self.result.getReturnCode(ModuleResult.ERROR) elif 'dispatch' == scmd: if len(module_argv) < 3: (smram_base, _, _) = self.cs.cpu.get_SMRAM() @@ -418,17 +420,17 @@ def run(self, module_argv): else: self.logger.log_error(f'Unrecognized opcode: {scmd}') self.logger.log(examples_str) - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) + return self.result.getReturnCode(ModuleResult.ERROR) sts = self.modify_s3_add(new_opcode) else: self.logger.log_error(f'Unrecognized module command-line argument: {op}') self.logger.log(examples_str) - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) + return self.result.getReturnCode(ModuleResult.ERROR) - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + self.result.setStatusBit(self.result.status.VERIFY) if sts: self.logger.log_passed('The script has been modified. Go to sleep..') @@ -436,4 +438,4 @@ def run(self, module_argv): else: self.res = ModuleResult.FAILED - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/tools/uefi/scan_blocked.py b/chipsec/modules/tools/uefi/scan_blocked.py index a46ab8d3a1..d2170f3727 100644 --- a/chipsec/modules/tools/uefi/scan_blocked.py +++ b/chipsec/modules/tools/uefi/scan_blocked.py @@ -52,7 +52,8 @@ import json import os -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS +from chipsec.module_common import BaseModule, MTAG_BIOS +from chipsec.library.returncode import ModuleResult from chipsec.hal.spi_uefi import search_efi_tree, build_efi_model, EFIModuleType from chipsec.hal.uefi import UEFI from chipsec.hal.spi import SPI, BIOS @@ -68,7 +69,8 @@ class scan_blocked(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x5df9386, 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.scan_blocked.html') + self.result.id = 0x5df9386 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.scan_blocked.html' self.uefi = UEFI(self.cs) self.cfg_name = 'blockedlist.json' self.image = None @@ -98,7 +100,7 @@ def check_blockedlist(self): self.logger.log('') if found: res = ModuleResult.WARNING - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + self.result.setStatusBit(self.result.status.VERIFY) self.logger.log_warning("Blocked EFI binary found in the UEFI firmware image") else: self.logger.log_passed("Didn't find any blocked EFI binary") @@ -138,8 +140,8 @@ def run(self, module_argv): if len(module_argv) == 0: self.logger.log_important('Unable to read SPI and generate FW image. Access may be blocked.') self.logger.log_error('No FW image file to read. Exiting!') - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) + return self.result.getReturnCode(ModuleResult.ERROR) # Load JSON config with blocked EFI modules if len(module_argv) > 1: @@ -149,5 +151,5 @@ def run(self, module_argv): self.efi_blockedlist = json.load(blockedlist_json) self.res = self.check_blockedlist() - return self.rc_res.getReturnCode(self.res) + return self.result.getReturnCode(self.res) diff --git a/chipsec/modules/tools/uefi/scan_image.py b/chipsec/modules/tools/uefi/scan_image.py index a2936b9b8a..f5686e8ffc 100644 --- a/chipsec/modules/tools/uefi/scan_image.py +++ b/chipsec/modules/tools/uefi/scan_image.py @@ -56,7 +56,8 @@ import json import os -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS +from chipsec.module_common import BaseModule, MTAG_BIOS +from chipsec.library.returncode import ModuleResult from chipsec.hal.uefi import UEFI from chipsec.hal.spi import SPI, BIOS diff --git a/chipsec/modules/tools/uefi/uefivar_fuzz.py b/chipsec/modules/tools/uefi/uefivar_fuzz.py index d76586499f..3047a0b5d2 100644 --- a/chipsec/modules/tools/uefi/uefivar_fuzz.py +++ b/chipsec/modules/tools/uefi/uefivar_fuzz.py @@ -63,10 +63,11 @@ from uuid import uuid4, UUID import struct -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.file import write_file from chipsec.hal.uefi import UEFI -from chipsec.defines import bytestostring +from chipsec.library.defines import bytestostring from chipsec.fuzzing import primitives as prim @@ -75,15 +76,16 @@ class uefivar_fuzz(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x430f248, 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.uefivar_fuzz.html') + self.result.id = 0x430f248 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.uefivar_fuzz.html' self._uefi = UEFI(self.cs) def is_supported(self): supported = self.cs.helper.EFI_supported() if not supported: self.logger.log_important("OS does not support UEFI Runtime API. Skipping module.") - self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) + self.result.setStatusBit(self.result.status.NOT_APPLICABLE) + self.res = self.result.getReturnCode(ModuleResult.NOTAPPLICABLE) return supported def rnd(self, n=1): @@ -229,5 +231,5 @@ def run(self, module_argv): self.logger.log_important('Evaluate the platform for expected behavior to determine PASS/FAIL') self.logger.log_important('Behavior can include platform stability and retaining protections.') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + return self.result.getReturnCode(ModuleResult.WARNING) diff --git a/chipsec/modules/tools/vmm/common.py b/chipsec/modules/tools/vmm/common.py index e841b56af0..15627c236f 100644 --- a/chipsec/modules/tools/vmm/common.py +++ b/chipsec/modules/tools/vmm/common.py @@ -32,7 +32,7 @@ from random import getrandbits, randint from time import strftime, localtime from chipsec.module_common import BaseModule -from chipsec.defines import DD +from chipsec.library.defines import DD from typing import Dict, List, Tuple @@ -80,7 +80,7 @@ def hex(self, title: str, data:str, w=16) -> None: sys.stdout.write(f'\n[{self.prompt}] {a:08X}: ') elif a % w % 8 == 0: sys.stdout.write('| ') - sys.stdout.write('{:02X} '.format(ord(c))) + sys.stdout.write(f'{ord(c):02X} ') a = a + 1 sys.stdout.write('\n') return @@ -111,13 +111,13 @@ def __init__(self): BaseModuleDebug.__init__(self) self.initial_data = [] self.path = os.path.dirname(os.path.realpath(__file__)) - with open(os.path.join(self.path, 'hv', 'initial_data.json'), "r") as json_file: + with open(os.path.join(self.path, 'hv', 'initial_data.json'), 'r') as json_file: self.initial_data = json.load(json_file) self.statistics = {} self.hv_connectionid = {} def __del__(self) -> None: - # self.dump_initial_data("initial_data_auto_generated.json") + # self.dump_initial_data('initial_data_auto_generated.json') BaseModuleDebug.__del__(self) def stats_reset(self) -> None: @@ -136,7 +136,7 @@ def stats_print(self, title: str) -> None: self.msg('') return - def get_initial_data(self, statuses: List[str], vector: int, size: int, padding='\x00') -> List[str]: + def get_initial_data(self, statuses: List[str], vector: int, size: int, padding='\x00') -> List[str]: connectionid_message = [(' '.join([f'{x:02x}' for x in DD(k)])) for k, v in self.hv_connectionid.items() if v == 1] connectionid_event = [(' '.join([f'{x:02x}' for x in DD(k)])) for k, v in self.hv_connectionid.items() if v == 2] result = [] @@ -154,7 +154,7 @@ def get_initial_data(self, statuses: List[str], vector: int, size: int, padding= def add_initial_data(self, vector: int, buffer: str, status: str) -> None: found = False - buffer = buffer.rstrip("\x00") + buffer = buffer.rstrip('\x00') buffer = ' '.join(f'{x:02x}' for x in buffer) for item in self.initial_data: if int(item['vector'], 16) == vector: @@ -162,12 +162,12 @@ def add_initial_data(self, vector: int, buffer: str, status: str) -> None: found = True break if not found: - self.initial_data.append({"vector": f'{vector:02X}', "status": status, "data": buffer}) + self.initial_data.append({'vector': f'{vector:02X}', 'status': status, 'data': buffer}) return def dump_initial_data(self, filename: str) -> None: if self.initial_data: - with open(self.path + filename, "w") as json_file: + with open(self.path + filename, 'w') as json_file: json.dump(self.initial_data, json_file, indent=4) return @@ -226,7 +226,7 @@ def weighted_choice(choices: List[Tuple[int, float]]) -> int: if x + w >= r: return c x += w - assert False, "Invalid parameters" + assert False, 'Invalid parameters' def rand_dd(n: int, rndbytes: int = 1, rndbits: int = 1) -> List[int]: @@ -253,7 +253,7 @@ def get_int_arg(arg: str) -> int: try: ret = int(eval(arg)) except: - print("\n ERROR: Invalid parameter\n") + print('\n ERROR: Invalid parameter\n') exit(1) return ret @@ -275,8 +275,6 @@ def __init__(self, log: bool, details: str): self.log2term = True self.log2file = True if self.log: - # logpath = 'logs/' - # logfile = '{}.log'.format(details) logpath = f'logs/{strftime("%Yww%W.%w", localtime())}/' logfile = f'{details}-{strftime("%H%M", localtime())}.log' try: diff --git a/chipsec/modules/tools/vmm/cpuid_fuzz.py b/chipsec/modules/tools/vmm/cpuid_fuzz.py index 7d8f3661dc..43972bdc01 100644 --- a/chipsec/modules/tools/vmm/cpuid_fuzz.py +++ b/chipsec/modules/tools/vmm/cpuid_fuzz.py @@ -56,7 +56,8 @@ """ import random -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult _MODULE_NAME = 'cpuid_fuzz' @@ -86,7 +87,8 @@ class cpuid_fuzz (BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x846024f, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.cpuid_fuzz.html') + self.result.id = 0x846024f + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.cpuid_fuzz.html' def fuzz_CPUID(self, eax_start, random_order = False): eax_range = _NO_EAX_TO_FUZZ @@ -122,7 +124,7 @@ def fuzz_CPUID(self, eax_start, random_order = False): return True def run(self, module_argv): - self.logger.start_test("CPUID Fuzzer") + self.logger.start_test('CPUID Fuzzer') _random_order = False if (len(module_argv) > 0) and ('random' == module_argv[0]): @@ -144,6 +146,6 @@ def run(self, module_argv): self.logger.log_information('Module completed') self.logger.log_warning('System may be in an unknown state, further evaluation may be needed.') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + self.res = self.result.getReturnCode(ModuleResult.WARNING) return self.res diff --git a/chipsec/modules/tools/vmm/ept_finder.py b/chipsec/modules/tools/vmm/ept_finder.py index 9bc75f983b..1ac343ddd7 100644 --- a/chipsec/modules/tools/vmm/ept_finder.py +++ b/chipsec/modules/tools/vmm/ept_finder.py @@ -49,7 +49,8 @@ from chipsec.logger import logger from chipsec.file import write_file -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.hal.paging import c_extended_page_tables @@ -65,7 +66,7 @@ def readmem(self, name, addr, size=4096): if (pa <= addr) and (addr + size <= end_pa): source.seek(addr - pa) return source.read(size) - logger().log_error("Invalid memory address: {:016x}-{:016x}".format(addr, addr + size)) + logger().log_error(f'Invalid memory address: {addr:016x}-{addr + size:016x}') return '\xFF' * size return self.cs.mem.read_physical_mem(addr, size) @@ -82,27 +83,27 @@ def read_physical_mem(self, addr, size=0x1000): if (pa <= addr) and (addr + size <= end_pa): source.seek(addr - pa) return source.read(size) - self.logger.log_error("Invalid memory address: {:016x}-{:016x}".format(addr, addr + size)) + self.logger.log_error(f'Invalid memory address: {addr:016x}-{addr + size:016x}') return '\xFF' * size return self.cs.mem.read_physical_mem(addr, size) def read_physical_mem_dword(self, addr): - return struct.unpack(" 0) and (module_argv[0] == "file") + self.read_from_file = (len(module_argv) > 0) and (module_argv[0] == 'file') if self.read_from_file: if len(module_argv) == 3: revision_id = int(module_argv[2], 16) - pattern = "{}.dram_*".format(module_argv[1]) + pattern = f'{module_argv[1]}.dram_*' filenames = glob.glob(pattern) for name in filenames: addr = name[len(pattern) - 1:] - addr = 0 if addr == "lo" else 0x100000000 if addr == "hi" else int(addr, 16) + addr = 0 if addr == 'lo' else 0x100000000 if addr == 'hi' else int(addr, 16) size = os.stat(name).st_size - self.logger.log(" Mapping file to address: 0x{:012x} size: 0x{:012x} name: {}".format(addr, size, name)) - self.par.append((addr, addr + size, open(name, "rb"))) + self.logger.log(f' Mapping file to address: 0x{addr:012x} size: 0x{size:012x} name: {name}') + self.par.append((addr, addr + size, open(name, 'rb'))) else: self.logger.log_error('Invalid parameters') self.logger.log(self.__doc__.replace('`', '')) @@ -213,29 +214,29 @@ def run(self, module_argv): self.par = self.get_memory_ranges() if len(self.par) == 0: - self.logger.log_error("Memory ranges are not defined!") + self.logger.log_error('Memory ranges are not defined!') return ModuleResult.ERROR - if (len(module_argv) == 2) and (module_argv[0] == "dump"): + if (len(module_argv) == 2) and (module_argv[0] == 'dump'): for (pa, end_pa, _) in self.par: - postfix = "lo" if pa == 0x0 else "hi" if pa == 0x100000000 else "0x{:08x}".format(pa) - filename = "{}.dram_{}".format(module_argv[1], postfix) + postfix = 'lo' if pa == 0x0 else 'hi' if pa == 0x100000000 else f'0x{pa:08x}' + filename = f'{module_argv[1]}.dram_{postfix}' self.dump_dram(filename, pa, end_pa) return ModuleResult.PASSED self.logger.log('[*] Searching Extended Page Tables ...') ept_pt_list = self.find_ept_pt({}, 0, 4) - self.logger.log('[*] Found PTs : {:d}'.format(len(ept_pt_list))) + self.logger.log(f'[*] Found PTs : {len(ept_pt_list):d}') ept_pd_list = self.find_ept_pt(ept_pt_list, 4, 3) - self.logger.log('[*] Found PDs : {:d}'.format(len(ept_pd_list))) + self.logger.log(f'[*] Found PDs : {len(ept_pd_list):d}') ept_pdpt_list = self.find_ept_pt(ept_pd_list, 1, 2) - self.logger.log('[*] Found PDPTs: {:d}'.format(len(ept_pdpt_list))) + self.logger.log(f'[*] Found PDPTs: {len(ept_pdpt_list):d}') ept_pml4_list = self.find_ept_pt(ept_pdpt_list, 1, 1) - self.logger.log('[*] Found PML4s: {:d}'.format(len(ept_pml4_list))) - self.logger.log('[*] -> EPTP: ' + ' '.join(['{:08X}'.format(x) for x in sorted(ept_pml4_list.keys())])) + self.logger.log(f'[*] Found PML4s: {len(ept_pml4_list):d}') + self.logger.log('[*] -> EPTP: ' + ' '.join([f'{x:08X}' for x in sorted(ept_pml4_list.keys())])) ept_vmcs_list = self.find_vmcs_by_ept([x for x in ept_pml4_list.keys()], revision_id) - self.logger.log('[*] Found VMCSs: {:d}'.format(len(ept_vmcs_list))) - self.logger.log('[*] -> VMCS: ' + ' '.join(['{:08X}'.format(x) for x in sorted(ept_vmcs_list)])) + self.logger.log(f'[*] Found VMCSs: {len(ept_vmcs_list):d}') + self.logger.log('[*] -> VMCS: ' + ' '.join([f'{x:08X}' for x in sorted(ept_vmcs_list)])) try: self.path = 'VMs\\' @@ -244,15 +245,15 @@ def run(self, module_argv): pass for addr in sorted(ept_vmcs_list): - write_file(self.path + 'vmcs_{:08x}.bin'.format(addr), self.read_physical_mem(addr)) + write_file(self.path + f'vmcs_{addr:08x}.bin', self.read_physical_mem(addr)) count = 1 for eptp in sorted(ept_pml4_list.keys()): ept = c_extended_page_tables_from_file(self.cs, self.read_from_file, self.par) - ept.prompt = '[VM{:d}]'.format(count) - ept.read_pt_and_show_status(self.path + 'ept_{:08x}'.format(eptp), 'Extended', eptp) + ept.prompt = f'[VM{count:d}]' + ept.read_pt_and_show_status(self.path + f'ept_{eptp:08x}', 'Extended', eptp) if not ept.failure: - ept.save_configuration(self.path + 'ept_{:08x}.py'.format(eptp)) + ept.save_configuration(self.path + f'ept_{eptp:08x}.py') count += 1 return ModuleResult.INFORMATION diff --git a/chipsec/modules/tools/vmm/hv/hypercallfuzz.py b/chipsec/modules/tools/vmm/hv/hypercallfuzz.py index f761e07764..5cbe4f09ac 100644 --- a/chipsec/modules/tools/vmm/hv/hypercallfuzz.py +++ b/chipsec/modules/tools/vmm/hv/hypercallfuzz.py @@ -48,7 +48,8 @@ class HypercallFuzz(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x6dc9bb0, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.hypercallfuzz.html') + self.result.id = 0x6dc9bb0 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.hypercallfuzz.html' def usage(self): print(' Usage:') @@ -140,5 +141,5 @@ def run(self, module_argv): hv.err('Invalid mode!') self.usage() - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - return self.rc_res.getReturnCode(ModuleResult.PASSED) + self.result.setStatusBit(self.result.status.SUCCESS) + return self.result.getReturnCode(ModuleResult.PASSED) diff --git a/chipsec/modules/tools/vmm/hv/synth_dev.py b/chipsec/modules/tools/vmm/hv/synth_dev.py index 8e15f6f1cd..807e918e8e 100644 --- a/chipsec/modules/tools/vmm/hv/synth_dev.py +++ b/chipsec/modules/tools/vmm/hv/synth_dev.py @@ -96,7 +96,8 @@ def print_statistics(self): class synth_dev(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x6221b7e, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.synth_dev.html') + self.result.id = 0x6221b7e + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.synth_dev.html' def usage(self): print(' Usage:') @@ -153,5 +154,5 @@ def run(self, module_argv): finally: vb.vmbus_rescind_all_offers() del vb - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - return self.rc_res.getReturnCode(ModuleResult.PASSED) + self.result.setStatusBit(self.result.status.SUCCESS) + return self.result.getReturnCode(ModuleResult.PASSED) diff --git a/chipsec/modules/tools/vmm/hv/synth_kbd.py b/chipsec/modules/tools/vmm/hv/synth_kbd.py index ca71371bea..a50ba0438c 100644 --- a/chipsec/modules/tools/vmm/hv/synth_kbd.py +++ b/chipsec/modules/tools/vmm/hv/synth_kbd.py @@ -33,7 +33,7 @@ from chipsec.modules.tools.vmm.hv.define import * from chipsec.modules.tools.vmm.common import * from chipsec.modules.tools.vmm.hv.vmbus import * -from chipsec.defines import * +from chipsec.library.defines import * import chipsec_util SYNTH_KBD_VERSION = 0x00010000 @@ -72,7 +72,8 @@ def ringbuffer_read(self): class synth_kbd(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x0d28d62, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.synth_kbd.html') + self.result.id = 0x0d28d62 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.synth_kbd.html' def usage(self): print(' Usage:') @@ -87,8 +88,8 @@ def run(self, module_argv): command = module_argv[0] else: self.usage() - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_OPTION) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_OPTION) + return self.result.getReturnCode(ModuleResult.ERROR) vb = VMBusDiscovery() vb.debug = True @@ -153,5 +154,5 @@ def run(self, module_argv): vb.vmbus_rescind_all_offers() del vb.ringbuffers[relid] del vb - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - return self.rc_res.getReturnCode(ModuleResult.PASSED) + self.result.setStatusBit(self.result.status.SUCCESS) + return self.result.getReturnCode(ModuleResult.PASSED) diff --git a/chipsec/modules/tools/vmm/hv/vmbus.py b/chipsec/modules/tools/vmm/hv/vmbus.py index cdfb5854cd..1f32112bfe 100644 --- a/chipsec/modules/tools/vmm/hv/vmbus.py +++ b/chipsec/modules/tools/vmm/hv/vmbus.py @@ -34,7 +34,7 @@ from chipsec.file import * from chipsec.module_common import * from chipsec.hal.vmm import VMM -from chipsec.defines import * +from chipsec.library.defines import * class RingBuffer(BaseModuleDebug): @@ -49,8 +49,6 @@ def __init__(self): def __del__(self): BaseModuleDebug.__del__(self) self.dbg('Free kernel memory (pfn pages)') - # for addr in self.base_addr: - # self.cs.mem.free_physical_mem(addr) self.base_addr = [] self.send_size = 0 self.pfn = [] @@ -114,7 +112,7 @@ def ringbuffer_copyto(self, index, data): def ringbuffer_read(self): ring_data_size = (len(self.pfn) - self.send_size - 1) << 12 buffer = self.cs.mem.read_physical_mem(self.pfn[self.send_size], 0x10) - write_index, read_index, interrupt_mask, pending_send_sz = unpack('<4L', buffer) + write_index, read_index, _, _ = unpack('<4L', buffer) delta = write_index - read_index avail = delta if delta >= 0 else ring_data_size + delta if avail == 0: @@ -132,7 +130,7 @@ def ringbuffer_read(self): def ringbuffer_write(self, data): ring_data_size = (self.send_size - 1) << 12 buffer = self.cs.mem.read_physical_mem(self.pfn[0], 0x10) - write_index, read_index, interrupt_mask, pending_send_sz = unpack('<4L', buffer) + write_index, read_index, _, _ = unpack('<4L', buffer) delta = read_index - write_index avail = delta if delta > 0 else ring_data_size + delta data += DD(0) + DD(write_index) @@ -169,7 +167,7 @@ def __init__(self): self.hypercall = VMM(self.cs) self.hypercall.init() self.membuf = self.cs.mem.alloc_physical_mem(4 * 0x1000, 0xFFFFFFFF) - self.cs.mem.write_physical_mem(self.membuf[1], 4 * 0x1000, '\x00' * 4 * 0x1000) + self.cs.mem.write_physical_mem(self.membuf[1], 4 * 0x1000, b'\x00' * 4 * 0x1000) self.old_sint2 = [] self.old_simp = [] self.old_siefp = [] @@ -307,13 +305,13 @@ def vmbus_get_next_gpadl(self): ## def vmbus_post_msg(self, message): if len(message) > 240: - self.err('vmbus_post_msg: message it too long {:d} bytes'.format(len(message))) + self.err(f'vmbus_post_msg: message it too long {len(message):d} bytes') message = message[:240] header = pack('<4L', VMBUS_MESSAGE_CONNECTION_ID, 0x0, 0x1, len(message)) result = self.hv_post_msg(header + message) if result != HV_STATUS_SUCCESS: status = hypercall_status_codes[result] if result in hypercall_status_codes else '' - self.err('vmbus_post_msg returns {:02X} {}'.format(result, status)) + self.err(f'vmbus_post_msg returns {result:02X} {status}') return result == HV_STATUS_SUCCESS ## @@ -329,12 +327,12 @@ def vmbus_recv_msg(self, timeout=0): msg_type, payload_size, msg_flags, rsvd, port_id = unpack(' 240): - self.msg('vmbus_recv_msg: invalid payload size {:d}'.format(payload_size)) + self.msg(f'vmbus_recv_msg: invalid payload size {payload_size:d}') payload_size = 240 if rsvd != 0x0000: - self.msg('vmbus_recv_msg: invalid reserved field 0x{:04X}'.format(rsvd)) + self.msg(f'vmbus_recv_msg: invalid reserved field 0x{rsvd:04X}') # if port_id != VMBUS_MESSAGE_PORT_ID: # self.msg('vmbus_recv_msg: invalid ConnectionID 0x%016x' % port_id) message = message[16: 16 + payload_size] @@ -346,7 +344,7 @@ def vmbus_recv_msg(self, timeout=0): def vmbus_setevent(self, child_relid): self.dbg('Trigger an event notification on the specified channel ...') if child_relid not in self.open_channels: - self.err('vmbus_setevent could not find channel with child relid: {:d}'.format(child_relid)) + self.err(f'vmbus_setevent could not find channel with child relid: {child_relid:d}') return False channel = self.open_channels[child_relid]['offer'] if channel['monitor_allocated'] == 1: @@ -362,7 +360,7 @@ def vmbus_setevent(self, child_relid): result = self.hv_signal_event(channel['connection_id'], 0x0) if result != 0: status = hypercall_status_codes[result] if result in hypercall_status_codes else '' - self.err('vmbus_setevent returns {:02X} {}'.format(result, status)) + self.err(f'vmbus_setevent returns {result:02X} {status}') return False return True @@ -513,10 +511,10 @@ def vmbus_onmessage(self): msgtype, padding = unpack(' len(message_body): self.msg('vmbus_onmessage: message is too short!') @@ -524,7 +522,7 @@ def vmbus_onmessage(self): exit(1) if padding != 0x00000000: - self.msg('vmbus_onmessage invalid padding {:d}'.format(padding)) + self.msg(f'vmbus_onmessage invalid padding {padding:d}') # vmbus_ongpadl_created - GPADL created handler if msgtype == CHANNELMSG_GPADL_CREATED: @@ -668,7 +666,7 @@ def scan_physical_addresses(self, version): for i in range(64): self.supported_versions = {} self.int_page = (FFs << (63 - i)) & FFs - self.dbg('Address: 0x{:016X}'.format(self.int_page)) + self.dbg(f'Address: 0x{self.int_page:016X}') self.vmbus_connect(version) print(self.supported_versions) (self.int_page, self.monitor_page1, self.monitor_page2) = pages @@ -682,7 +680,7 @@ def print_supported_versions(self): self.msg('******************** Supported versions ********************') for version in sorted(self.supported_versions.keys()): status = 'Unknown' if version not in vmbus_versions else vmbus_versions[version] - self.msg(' {:d} . {:2d} - {}'.format(version >> 16, version & 0xFFFF, status)) + self.msg(f' {version >> 16:d} . {version & 0xFFFF:2d} - {status}') return ## @@ -699,19 +697,19 @@ def print_offer_channels(self): if (n in channel_flags) and (((channel['flags'] >> n) & 0x1) == 0x1): flags.append(channel_flags[n]) - conid = 'Connection ID: 0x{:08X}'.format(channel['connection_id']) - relid = 'Child relid: 0x{:08X}'.format(channel['child_relid']) - mmios = 'MMIO: {:d}MB'.format(channel['mmio']) - subch = 'Sub channel: 0x{:04X}'.format(channel['sub_channel']) - monid = 'Monitor: {:d} ID=0x{:02X}'.format(channel['monitor_allocated'], channel['monitor_id']) - dintr = 'Dedicated interrupt: {:d}'.format(channel['dedicated_interrupt']) - flags = 'Flags: 0x{:04X} >{}'.format(channel['flags'], ', '.join(flags)) + conid = f'Connection ID: 0x{channel["connection_id"]:08X}' + relid = f'Child relid: 0x{channel["child_relid"]:08X}' + mmios = f'MMIO: {channel["mmio"]:d}MB' + subch = f'Sub channel: 0x{channel["sub_channel"]:04X}' + monid = f'Monitor: {channel["monitor_allocated"]:d} ID=0x{channel["monitor_id"]:02X}' + dintr = f'Dedicated interrupt: {channel["dedicated_interrupt"]:d}' + flags = f'Flags: 0x{channel["flags"]:04X} >{", ".join(flags)}' self.msg('') - self.msg('{}'.format(channel['name'])) - self.msg(' Hardware IDs: {} {}'.format(uuid(i[0x00:0x10]), uuid(i[0x10:0x20]))) - self.msg(' {} {} {} {}'.format(conid, relid, subch, monid)) - self.msg(' {} {} {}'.format(mmios, dintr, flags)) + self.msg(f'{channel["name"]}') + self.msg(f' Hardware IDs: {uuid(i[0x00:0x10])} {uuid(i[0x10:0x20])}') + self.msg(f' {conid} {relid} {subch} {monid}') + self.msg(f' {mmios} {dintr} {flags}') return ## @@ -724,7 +722,7 @@ def print_created_gpadl(self): self.msg('---------------------------------------------------') for gpadl in sorted(self.created_gpadl.keys()): channel = self.created_gpadl[gpadl] - self.msg(' 0x{:08X} | 0x{:08X} | 0x{:08X}'.format(gpadl, channel['child_relid'], channel['status'])) + self.msg(f' 0x{gpadl:08X} | 0x{channel["child_relid"]:08X} | 0x{channel["status"]:08X}') self.msg('---------------------------------------------------') return @@ -738,7 +736,7 @@ def print_open_channels(self): self.msg('---------------------------------------------------') for child_relid in sorted(self.open_channels): channel = self.open_channels[child_relid] - self.msg(' 0x{:08X} | 0x{:08X} | 0x{:08X}'.format(child_relid, channel['openid'], channel['status'])) + self.msg(f' 0x{child_relid:08X} | 0x{channel["openid"]:08X} | 0x{channel["status"]:08X}') self.msg('---------------------------------------------------') return @@ -749,7 +747,7 @@ def print_events(self): events = self.vmbus_recv_events() result = [] for i in events: - result.append('{:02X}'.format(i)) + result.append(f'{i:02X}') if len(result) != 0: self.msg('EVENTS: ' + ', '.join(result)) return diff --git a/chipsec/modules/tools/vmm/hv/vmbusfuzz.py b/chipsec/modules/tools/vmm/hv/vmbusfuzz.py index a21269e881..2a3104a521 100644 --- a/chipsec/modules/tools/vmm/hv/vmbusfuzz.py +++ b/chipsec/modules/tools/vmm/hv/vmbusfuzz.py @@ -50,7 +50,7 @@ import traceback from struct import pack from random import getrandbits, choice -from chipsec.module_common import ModuleResult +from chipsec.library.returncode import ModuleResult from chipsec.modules.tools.vmm.common import session_logger, overwrite, get_int_arg from chipsec.modules.tools.vmm.hv.vmbus import VMBusDiscovery, HyperV, RingBuffer @@ -65,7 +65,8 @@ def __init__(self): self.fuzzing = False self.fuzzing_rules = {} self.current_message = 0 - self.rc_res = ModuleResult(0x17f285c, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.vmbusfuzz.html') + self.result.id = 0x17f285c + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.vmbusfuzz.html' ## # hv_post_msg - Fuzzing a message to be sent @@ -113,7 +114,7 @@ def vmbus_test1_run(self): self.vmbus_rescind_all_offers() def run(self, module_argv): - self.logger.start_test("Hyper-V VMBus fuzzer") + self.logger.start_test('Hyper-V VMBus fuzzer') if len(module_argv) > 0: command = module_argv[0] @@ -168,6 +169,6 @@ def run(self, module_argv): self.logger.log_information('Module completed') self.logger.log_warning('System may be in an unknown state, further evaluation may be needed.') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + self.res = self.result.getReturnCode(ModuleResult.WARNING) return self.res diff --git a/chipsec/modules/tools/vmm/hypercallfuzz.py b/chipsec/modules/tools/vmm/hypercallfuzz.py index 47459ed6f0..2cbad59960 100644 --- a/chipsec/modules/tools/vmm/hypercallfuzz.py +++ b/chipsec/modules/tools/vmm/hypercallfuzz.py @@ -60,7 +60,8 @@ import random import time -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.hal.vmm import VMM DEFAULT_VECTOR_MAXVAL = 0xFF @@ -81,7 +82,8 @@ class hypercallfuzz(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0xf918ec4, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.hypercallfuzz.html') + self.result.id = 0xf918ec4 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.hv.hypercallfuzz.html' self.vmm = VMM(self.cs) self.random_order = True @@ -124,7 +126,7 @@ def fuzz_generic_hypercalls(self): pass else: it = 0 - self.logger.log("[*] Fuzzing hypercalls with arguments exhaustively...") + self.logger.log('[*] Fuzzing hypercalls with arguments exhaustively...') for rax in range(self.gprs['rax']): for rbx in range(self.gprs['rbx']): for rcx in range(self.gprs['rcx']): @@ -150,7 +152,7 @@ def fuzz_generic_hypercalls(self): self.logger.log(f'[*] Finished fuzzing: time elapsed {time.time() - t:.3f}') def run(self, module_argv): - self.logger.start_test("Dumb VMM hypercall fuzzer") + self.logger.start_test('Dumb VMM hypercall fuzzer') if len(module_argv) > 0: self.random_order = module_argv[0].lower() == 'random' @@ -177,5 +179,5 @@ def run(self, module_argv): self.logger.log_information('Module completed') self.logger.log_warning('System may be in an unknown state, further evaluation may be needed.') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + return self.result.getReturnCode(ModuleResult.WARNING) diff --git a/chipsec/modules/tools/vmm/iofuzz.py b/chipsec/modules/tools/vmm/iofuzz.py index 108e7cfeee..4d27409890 100644 --- a/chipsec/modules/tools/vmm/iofuzz.py +++ b/chipsec/modules/tools/vmm/iofuzz.py @@ -59,7 +59,8 @@ import random -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult MAX_PORTS = 0x10000 MAX_PORT_VALUE = 0xFF @@ -79,7 +80,8 @@ class iofuzz(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x485df2e, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.iofuzz.html') + self.result.id = 0x485df2e + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.iofuzz.html' def fuzz_ports(self, iterations, write_count, random_order=False): @@ -105,11 +107,11 @@ def fuzz_ports(self, iterations, write_count, random_order=False): self.logger.log(f'[*] Fuzzing I/O port 0x{io_addr:04X}') - self.logger.log(" Reading port") + self.logger.log(' Reading port') port_value = self.cs.io.read_port_byte(io_addr) if _FUZZ_SPECIAL_VALUES: - self.logger.log(" Writing special 1-2-4 byte values") + self.logger.log(' Writing special 1-2-4 byte values') try: self.cs.io.write_port_byte(io_addr, port_value) self.cs.io.write_port_byte(io_addr, (~port_value) & 0xFF) @@ -133,12 +135,12 @@ def fuzz_ports(self, iterations, write_count, random_order=False): except: pass - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + return self.result.getReturnCode(ModuleResult.WARNING) def run(self, module_argv): - self.logger.start_test("I/O port fuzzer") + self.logger.start_test('I/O port fuzzer') _random_order = (len(module_argv) > 0) and ('random' == module_argv[0].lower()) write_count = int(module_argv[1]) if len(module_argv) > 1 else DEFAULT_PORT_WRITE_COUNT diff --git a/chipsec/modules/tools/vmm/msr_fuzz.py b/chipsec/modules/tools/vmm/msr_fuzz.py index b9b129f020..07cd6dfe3a 100644 --- a/chipsec/modules/tools/vmm/msr_fuzz.py +++ b/chipsec/modules/tools/vmm/msr_fuzz.py @@ -55,7 +55,8 @@ import random -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult _MODULE_NAME = 'msr_fuzz' @@ -80,7 +81,8 @@ class msr_fuzz (BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x2e31482, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.msr_fuzz.html') + self.result.id = 0x2e31482 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.msr_fuzz.html' def fuzz_MSRs(self, msr_addr_start, random_order=False): msr_addr_range = 0x10000 @@ -161,6 +163,6 @@ def run(self, module_argv): self.logger.log_information('Module completed') self.logger.log_warning('System may be in an unknown state, further evaluation may be needed.') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + self.res = self.result.getReturnCode(ModuleResult.WARNING) return self.res diff --git a/chipsec/modules/tools/vmm/pcie_fuzz.py b/chipsec/modules/tools/vmm/pcie_fuzz.py index 14b530a700..fdbbc066ba 100644 --- a/chipsec/modules/tools/vmm/pcie_fuzz.py +++ b/chipsec/modules/tools/vmm/pcie_fuzz.py @@ -58,7 +58,8 @@ import time import random -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.hal.pci import print_pci_devices @@ -78,7 +79,8 @@ class pcie_fuzz(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x61c1431, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.pcie_fuzz.html') + self.result.id = 0x61c1431 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.pcie_fuzz.html' def fuzz_io_bar(self, bar, size=0x100): port_off = 0 @@ -170,7 +172,7 @@ def find_active_range(self, bar, size): return diff_index def fuzz_pcie_device(self, b, d, f): - self.logger.log("[*] Discovering MMIO and I/O BARs of the device..") + self.logger.log('[*] Discovering MMIO and I/O BARs of the device..') device_bars = self.cs.pci.get_device_bars(b, d, f, bCalcSize=CALC_BAR_SIZE) for (bar, isMMIO, is64bit, bar_off, bar_reg, size) in device_bars: if bar not in _EXCLUDE_BAR: @@ -217,6 +219,6 @@ def run(self, module_argv): self.logger.log_information('Module completed') self.logger.log_warning('System may be in an unknown state, further evaluation may be needed.') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + self.res = self.result.getReturnCode(ModuleResult.WARNING) return self.res diff --git a/chipsec/modules/tools/vmm/pcie_overlap_fuzz.py b/chipsec/modules/tools/vmm/pcie_overlap_fuzz.py index fb42d7eabc..cf27c2a4b1 100644 --- a/chipsec/modules/tools/vmm/pcie_overlap_fuzz.py +++ b/chipsec/modules/tools/vmm/pcie_overlap_fuzz.py @@ -35,7 +35,7 @@ - ``FUZZ_OVERLAP`` : Set for fuzz overlaps - ``FUZZ_RANDOM`` : Set to fuzz in random mode - ``_EXCLUDE_MMIO_BAR1`` : List 1 of MMIO bars to exclude - - ``_EXCLUDE_MMIO_BAR2`` : List 2 of MMIO bars to exclude + - ``_EXCLUDE_MMIO_BAR2`` : List 2 of MMIO bars to exclude .. note:: - Returns a Warning by default @@ -49,7 +49,8 @@ import random -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.hal.pci import print_pci_devices ################################################################# @@ -67,7 +68,8 @@ class pcie_overlap_fuzz(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x19702b2, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.pcie_overlap_fuzz.html') + self.result.id = 0x19702b2 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.pcie_overlap_fuzz.html' def overlap_mmio_range(self, bus1, dev1, fun1, is64bit1, off1, bus2, dev2, fun2, is64bit2, off2, direction): base_lo1 = self.cs.pci.read_dword(bus1, dev1, fun1, off1) @@ -133,7 +135,7 @@ def fuzz_mmio_bar_random(self, bar, is64bit, size=0x1000): def fuzz_overlap_pcie_device(self, pcie_devices): for (b1, d1, f1, _, _, _) in pcie_devices: - self.logger.log("[*] Overlapping MMIO bars...") + self.logger.log('[*] Overlapping MMIO bars...') device_bars1 = self.cs.pci.get_device_bars(b1, d1, f1, bCalcSize=True) for (bar1, isMMIO1, is64bit1, bar_off1, _, size1) in device_bars1: if bar1 not in _EXCLUDE_MMIO_BAR1: @@ -157,18 +159,18 @@ def fuzz_overlap_pcie_device(self, pcie_devices): self.fuzz_mmio_bar(_bar, _is64bit, _size) def run(self, module_argv): - self.logger.start_test("Tool to overlap and fuzz MMIO spaces of available PCIe devices") + self.logger.start_test('Tool to overlap and fuzz MMIO spaces of available PCIe devices') pcie_devices = [] - self.logger.log("[*] Enumerating available PCIe devices..") + self.logger.log('[*] Enumerating available PCIe devices..') pcie_devices = self.cs.pci.enumerate_devices() - self.logger.log("[*] About to fuzz the following PCIe devices..") + self.logger.log('[*] About to fuzz the following PCIe devices..') print_pci_devices(pcie_devices) self.fuzz_overlap_pcie_device(pcie_devices) self.logger.log_information('Module completed!') self.logger.log_warning('System may be in an unknown state, further evaluation may be needed.') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + self.res = self.result.getReturnCode(ModuleResult.WARNING) return self.res diff --git a/chipsec/modules/tools/vmm/vbox/vbox_crash_apicbase.py b/chipsec/modules/tools/vmm/vbox/vbox_crash_apicbase.py index bb80e81233..7f2623e907 100644 --- a/chipsec/modules/tools/vmm/vbox/vbox_crash_apicbase.py +++ b/chipsec/modules/tools/vmm/vbox/vbox_crash_apicbase.py @@ -41,7 +41,8 @@ """ from chipsec.exceptions import HWAccessViolationError -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult _MODULE_NAME = 'vbox_crash_apicbase' @@ -49,23 +50,24 @@ class vbox_crash_apicbase(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x14428af, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.vbox.vbox_crash_apicbase.html') + self.result.id = 0x14428af + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.vbox.vbox_crash_apicbase.html' def run(self, module_argv): - self.logger.start_test("Host OS Crash due to IA32_APIC_BASE (Oracle VirtualBox CVE-2015-0377)") + self.logger.start_test('Host OS Crash due to IA32_APIC_BASE (Oracle VirtualBox CVE-2015-0377)') tid = 0 - apicbase_msr = self.cs.read_register('IA32_APIC_BASE', tid) - self.cs.print_register('IA32_APIC_BASE', apicbase_msr) + apicbase_msr = self.cs.register.read('IA32_APIC_BASE', tid) + self.cs.register.print('IA32_APIC_BASE', apicbase_msr) apicbase_msr = 0xDEADBEEF00000000 | (apicbase_msr & 0xFFFFFFFF) self.logger.log(f'[*] Writing 0x{apicbase_msr:016X} to IA32_APIC_BASE MSR..') try: - self.cs.write_register('IA32_APIC_BASE', apicbase_msr, tid) + self.cs.register.write('IA32_APIC_BASE', apicbase_msr, tid) except HWAccessViolationError: self.logger.log('System blocked write attempt.') # If we are here, then we are fine ;) self.logger.log_passed("VMM/Host OS didn't crash (not vulnerable)") - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - self.res = self.rc_res.getReturnCode(ModuleResult.PASSED) + self.result.setStatusBit(self.result.status.SUCCESS) + self.res = self.result.getReturnCode(ModuleResult.PASSED) return self.res diff --git a/chipsec/modules/tools/vmm/venom.py b/chipsec/modules/tools/vmm/venom.py index c65683dc28..2242f33bb1 100644 --- a/chipsec/modules/tools/vmm/venom.py +++ b/chipsec/modules/tools/vmm/venom.py @@ -48,7 +48,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult _MODULE_NAME = 'venom' @@ -61,7 +62,8 @@ class venom (BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x6e48a35, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.venom.html') + self.result.id = 0x6e48a35 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.venom.html' def venom_impl(self): self.cs.io.write_port_byte(FDC_PORT_DATA_FIFO, FD_CMD) @@ -70,12 +72,12 @@ def venom_impl(self): return True def run(self, module_argv): - self.logger.start_test("QEMU VENOM vulnerability DoS PoC") + self.logger.start_test('QEMU VENOM vulnerability DoS PoC') self.venom_impl() self.logger.log_information('Module completed') self.logger.log_warning('System may be in an unknown state, further evaluation may be needed.') - self.rc_res.setStatusBit(self.rc_res.status.VERIFY) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.VERIFY) + self.res = self.result.getReturnCode(ModuleResult.WARNING) return self.res diff --git a/chipsec/modules/tools/vmm/xen/define.py b/chipsec/modules/tools/vmm/xen/define.py index e005abc71e..fd33536892 100644 --- a/chipsec/modules/tools/vmm/xen/define.py +++ b/chipsec/modules/tools/vmm/xen/define.py @@ -234,7 +234,7 @@ def get_invalid_hypercall_code(): def set_variables(varlist): import re for i in varlist: - var = re.sub(r"([a-z])([A-Z]+)", r"\1_\2", varlist[i]) + var = re.sub(r'([a-z])([A-Z]+)', r'\1_\2', varlist[i]) var = var.upper() exec(f'global {var}; {var}={i:d}') diff --git a/chipsec/modules/tools/vmm/xen/hypercallfuzz.py b/chipsec/modules/tools/vmm/xen/hypercallfuzz.py index 0cac6bd184..7c9e61f3e9 100644 --- a/chipsec/modules/tools/vmm/xen/hypercallfuzz.py +++ b/chipsec/modules/tools/vmm/xen/hypercallfuzz.py @@ -51,14 +51,16 @@ """ from chipsec.modules.tools.vmm.xen.define import * -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.modules.tools.vmm.xen.hypercall import XenHypercall class HypercallFuzz(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x9e42fe3, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.xen.hypercallfuzz.html') + self.result.id = 0x9e42fe3 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.xen.hypercallfuzz.html' def usage(self): self.logger.log(self.__doc__.replace('`', '')) @@ -99,8 +101,8 @@ def run(self, module_argv): except ValueError: if arg1.lower() not in name2code: self.logger.log_error(f'Unknown hypercall: \'{arg1}\'') - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_OPTION) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.UNSUPPORTED_OPTION) + return self.result.getReturnCode(ModuleResult.ERROR) code = name2code[arg1.lower()] count = self.get_int(arg2) xen.fuzz_hypercall(code, count) @@ -123,6 +125,6 @@ def run(self, module_argv): self.logger.log_information('Module completed') self.logger.log_warning('System may be in an unknown state, further evaluation may be needed.') - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) + self.res = self.result.getReturnCode(ModuleResult.WARNING) return self.res diff --git a/chipsec/modules/tools/vmm/xen/xsa188.py b/chipsec/modules/tools/vmm/xen/xsa188.py index be21255801..d2bf9bf4d7 100644 --- a/chipsec/modules/tools/vmm/xen/xsa188.py +++ b/chipsec/modules/tools/vmm/xen/xsa188.py @@ -43,7 +43,8 @@ """ -from chipsec.module_common import BaseModule, ModuleResult +from chipsec.module_common import BaseModule +from chipsec.library.returncode import ModuleResult from chipsec.hal.vmm import VMM EVENT_CHANNEL_OP = 32 @@ -53,7 +54,8 @@ class xsa188(BaseModule): def __init__(self): BaseModule.__init__(self) - self.rc_res = ModuleResult(0x13a3575, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.xen.xsa188.html') + self.result.id = 0x13a3575 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.xen.xsa188.html' def run(self, module_argv): self.logger.start_test('Xen XSA-188 PoC check') @@ -66,6 +68,6 @@ def run(self, module_argv): self.logger.log_information('Module completed') self.logger.log_warning('System may be in an unknown state, further evaluation may be needed.') - self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.POTENTIALLY_VULNERABLE) + self.res = self.result.getReturnCode(ModuleResult.WARNING) return self.res diff --git a/chipsec/modules/tools/wsmt.py b/chipsec/modules/tools/wsmt.py index f0a5fc16bf..f0614c4af1 100644 --- a/chipsec/modules/tools/wsmt.py +++ b/chipsec/modules/tools/wsmt.py @@ -34,7 +34,8 @@ - Analysis is only necessary if Windows is the primary OS """ -from chipsec.module_common import BaseModule, ModuleResult, MTAG_BIOS, MTAG_SMM +from chipsec.module_common import BaseModule, MTAG_BIOS, MTAG_SMM +from chipsec.library.returncode import ModuleResult from chipsec.hal.acpi import ACPI from chipsec.hal.acpi_tables import WSMT @@ -45,43 +46,40 @@ class wsmt(BaseModule): def __init__(self): BaseModule.__init__(self) self._acpi = ACPI(self.cs) - self.rc_res = ModuleResult(0x6ae0748, 'https://chipsec.github.io/modules/chipsec.modules.tools.wsmt.html') + self.result.id = 0x6ae0748 + self.result.url = 'https://chipsec.github.io/modules/chipsec.modules.tools.wsmt.html' def is_supported(self): return True def check_wsmt(self): - table_data = self._acpi.get_ACPI_table("WSMT") + table_data = self._acpi.get_ACPI_table('WSMT') if not table_data: self.logger.log_warning('WSMT table was not found.') - self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) - return self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.UNSUPPORTED_FEATURE) + return self.result.getReturnCode(ModuleResult.WARNING) wsmt_table = WSMT() try: wsmt_table.parse(table_data[0][1]) except TypeError: self.logger.log_error('Issue parsing the WSMT table data.') - self.rc_res.setStatusBit(self.rc_res.status.PARSE_ISSUE) - return self.rc_res.getReturnCode(ModuleResult.ERROR) + self.result.setStatusBit(self.result.status.PARSE_ISSUE) + return self.result.getReturnCode(ModuleResult.ERROR) self.logger.log(wsmt_table) if (not wsmt_table.fixed_comm_buffers) or (not wsmt_table.comm_buffer_nested_ptr_protection) or (not wsmt_table.system_resource_protection): self.logger.log_warning('WSMT table is present but certain mitigations are missing.') - self.rc_res.setStatusBit(self.rc_res.status.MITIGATION) - self.res = self.rc_res.getReturnCode(ModuleResult.WARNING) + self.result.setStatusBit(self.result.status.MITIGATION) + self.res = self.result.getReturnCode(ModuleResult.WARNING) else: - self.logger.log_passed("WSMT table is present and reports all supported mitigations.") - self.rc_res.setStatusBit(self.rc_res.status.SUCCESS) - self.res = self.rc_res.getReturnCode(ModuleResult.PASSED) + self.logger.log_passed('WSMT table is present and reports all supported mitigations.') + self.result.setStatusBit(self.result.status.SUCCESS) + self.res = self.result.getReturnCode(ModuleResult.PASSED) - # -------------------------------------------------------------------------- - # run( module_argv ) - # Required function: run here all tests from this module - # -------------------------------------------------------------------------- def run(self, module_argv): - self.logger.start_test("WSMT Configuration") + self.logger.start_test('WSMT Configuration') self.check_wsmt() if self.res == ModuleResult.WARNING: self.logger.log_important('Manual analysis of SMI handlers is required to determine if they can be abused by attackers to circumvent VBS.') diff --git a/chipsec/result_deltas.py b/chipsec/result_deltas.py index 8d358d1fad..e990b0bc2c 100644 --- a/chipsec/result_deltas.py +++ b/chipsec/result_deltas.py @@ -24,7 +24,7 @@ import chipsec.file from chipsec.logger import logger -from chipsec.defines import bytestostring +from chipsec.library.defines import bytestostring def get_json_results(json_file): diff --git a/chipsec/utilcmd/interrupts_cmd.py b/chipsec/utilcmd/interrupts_cmd.py index 72faebd4ef..f020f2bdee 100644 --- a/chipsec/utilcmd/interrupts_cmd.py +++ b/chipsec/utilcmd/interrupts_cmd.py @@ -106,7 +106,7 @@ def parse_arguments(self) -> None: def smi_count(self) -> None: self.logger.log("[CHIPSEC] SMI count:") for tid in range(self.cs.msr.get_cpu_thread_count()): - smi_cnt = self.cs.read_register_field('MSR_SMI_COUNT', 'Count', cpu_thread=tid) + smi_cnt = self.cs.register.read_field('MSR_SMI_COUNT', 'Count', cpu_thread=tid) self.logger.log(f' CPU{tid:d}: {smi_cnt:d}') def smi_smmc(self) -> None: diff --git a/chipsec/utilcmd/lock_check_cmd.py b/chipsec/utilcmd/lock_check_cmd.py index 3bf607e6f7..a0fc05c1be 100644 --- a/chipsec/utilcmd/lock_check_cmd.py +++ b/chipsec/utilcmd/lock_check_cmd.py @@ -47,7 +47,7 @@ from chipsec.command import BaseCommand, toLoad from chipsec.hal.locks import locks, LockResult -from chipsec.defines import is_set +from chipsec.library.defines import is_set class LOCKCHECKCommand(BaseCommand): @@ -153,7 +153,7 @@ def check_log(self, lock: str, is_locked: int) -> str: res_str = 'Undoc' elif not is_set(is_locked, LockResult.CAN_READ): res_str = 'Hidden' - elif self.cs.get_lock_type(lock) == "RW/O": + elif self.cs.lock.get_type(lock) == "RW/O": res_str = 'RW/O' elif is_set(is_locked, LockResult.LOCKED): res_str = 'Locked' diff --git a/chipsec/utilcmd/mem_cmd.py b/chipsec/utilcmd/mem_cmd.py index 25336ef489..bdd279af05 100644 --- a/chipsec/utilcmd/mem_cmd.py +++ b/chipsec/utilcmd/mem_cmd.py @@ -45,7 +45,7 @@ import os from chipsec.command import BaseCommand, toLoad -from chipsec.defines import ALIGNED_4KB, BOUNDARY_4KB, bytestostring +from chipsec.library.defines import ALIGNED_4KB, BOUNDARY_4KB, bytestostring from chipsec_util import get_option_width, is_option_valid_width, CMD_OPTS_WIDTH from chipsec.file import read_file, write_file, get_main_dir from chipsec.logger import print_buffer_bytes diff --git a/chipsec/utilcmd/reg_cmd.py b/chipsec/utilcmd/reg_cmd.py index f662cbb0e8..8863ce9a02 100644 --- a/chipsec/utilcmd/reg_cmd.py +++ b/chipsec/utilcmd/reg_cmd.py @@ -82,41 +82,41 @@ def parse_arguments(self) -> None: def reg_read(self): if self.field_name is not None: - value = self.cs.read_register_field(self.reg_name, self.field_name) + value = self.cs.register.read_field(self.reg_name, self.field_name) self.logger.log("[CHIPSEC] {}.{}=0x{:X}".format(self.reg_name, self.field_name, value)) else: - value = self.cs.read_register(self.reg_name) + value = self.cs.register.read(self.reg_name) self.logger.log("[CHIPSEC] {}=0x{:X}".format(self.reg_name, value)) - self.cs.print_register(self.reg_name, value) + self.cs.register.print(self.reg_name, value) def reg_read_field(self): - if self.cs.register_has_field(self.reg_name, self.field_name): - value = self.cs.read_register_field(self.reg_name, self.field_name) + if self.cs.register.has_field(self.reg_name, self.field_name): + value = self.cs.register.read_field(self.reg_name, self.field_name) self.logger.log("[CHIPSEC] {}.{}=0x{:X}".format(self.reg_name, self.field_name, value)) else: self.logger.log_error("[CHIPSEC] Register '{}' doesn't have field '{}' defined".format(self.reg_name, self.field_name)) def reg_write(self): self.logger.log("[CHIPSEC] Writing {} < 0x{:X}".format(self.reg_name, self.value)) - self.cs.write_register(self.reg_name, self.value) + self.cs.register.write(self.reg_name, self.value) def reg_write_field(self): - if self.cs.register_has_field(self.reg_name, self.field_name): + if self.cs.register.has_field(self.reg_name, self.field_name): self.logger.log("[CHIPSEC] Writing {}.{} < 0x{:X}".format(self.reg_name, self.field_name, self.value)) - self.cs.write_register_field(self.reg_name, self.field_name, self.value) + self.cs.register.write_field(self.reg_name, self.field_name, self.value) else: self.logger.log_error("[CHIPSEC] Register '{}' doesn't have field '{}' defined".format(self.reg_name, self.field_name)) def reg_get_control(self): - if self.cs.is_control_defined(self.control_name): - value = self.cs.get_control(self.control_name) + if self.cs.control.is_defined(self.control_name): + value = self.cs.control.get(self.control_name) self.logger.log("[CHIPSEC] {} = 0x{:X}".format(self.control_name, value)) else: self.logger.log_error("[CHIPSEC] Control '{}' isn't defined".format(self.control_name)) def reg_set_control(self): - if self.cs.is_control_defined(self.control_name): - self.cs.set_control(self.control_name, self.value) + if self.cs.control.is_defined(self.control_name): + self.cs.control.set(self.control_name, self.value) self.logger.log("[CHIPSEC] Setting control {} < 0x{:X}".format(self.control_name, self.value)) else: self.logger.log_error("[CHIPSEC] Control '{}' isn't defined".format(self.control_name)) diff --git a/chipsec/utilcmd/txt_cmd.py b/chipsec/utilcmd/txt_cmd.py index a3cf97b91d..4729b6726e 100644 --- a/chipsec/utilcmd/txt_cmd.py +++ b/chipsec/utilcmd/txt_cmd.py @@ -63,8 +63,8 @@ def txt_dump(self): def _log_register(self, reg_name): """Log the content of a register with lines starting with [CHIPSEC]""" - reg_def = self.cs.get_register_def(reg_name) - value = self.cs.read_register(reg_name) + reg_def = self.cs.register.get_def(reg_name) + value = self.cs.register.read(reg_name) desc = reg_def["desc"] if reg_def["type"] == "memory": addr = reg_def["address"] + reg_def["offset"] @@ -112,10 +112,10 @@ def txt_state(self): # Read hashes of public keys txt_pubkey = struct.pack("