From 500bfd2aa3f7fb97bfaac57f9c1f5470e7a91211 Mon Sep 17 00:00:00 2001 From: Plato Mavropoulos Date: Sat, 3 Nov 2018 18:01:00 +0200 Subject: [PATCH] MEA v1.70.3 r144 v1.70.3 Added new CSE Key Hash Usages Added new known bad CSE firmware hash Improved CSE File System info display r144 CSME 12.0.10.1127_CON_H_B_PRD_EXTR CSME 12.0.10.1127_COR_H_B_PRD_EXTR CSME 12.0.9.1125_SLM_H_B_PRD_EXTR CSME 12.0.7.1122_CON_LP_C_PRD_RGN CSME 11.8.58.3511_SLM_LP_C0_NPDM_PRD_EXTR PMC CNP_300.2.11.1018_H_B_PRD --- Changelog DB.txt | 9 +++++++++ Changelog MEA.txt | 6 ++++++ MEA.dat | 22 +++++++++++++++------- MEA.py | 26 ++++++++++++++------------ 4 files changed, 44 insertions(+), 19 deletions(-) diff --git a/Changelog DB.txt b/Changelog DB.txt index 0a3a7aa..abd93e5 100644 --- a/Changelog DB.txt +++ b/Changelog DB.txt @@ -1,3 +1,12 @@ +r144 + +CSME 12.0.10.1127_CON_H_B_PRD_EXTR +CSME 12.0.10.1127_COR_H_B_PRD_EXTR +CSME 12.0.9.1125_SLM_H_B_PRD_EXTR +CSME 12.0.7.1122_CON_LP_C_PRD_RGN +CSME 11.8.58.3511_SLM_LP_C0_NPDM_PRD_EXTR +PMC CNP_300.2.11.1018_H_B_PRD + r143 CSME 11.8.59.3560_CON_LP_C0_NPDM_PRD_RGN diff --git a/Changelog MEA.txt b/Changelog MEA.txt index f21b5a1..5e58fb1 100644 --- a/Changelog MEA.txt +++ b/Changelog MEA.txt @@ -1,3 +1,9 @@ +v1.70.3 r144 + +Added new CSE Key Hash Usages +Added new known bad CSE firmware hash +Improved CSE File System info display + v1.70.2 r142 Fixed crash at Intel Engine Capsule images diff --git a/MEA.dat b/MEA.dat index ebcb63f..cce4fd5 100644 --- a/MEA.dat +++ b/MEA.dat @@ -1,15 +1,20 @@ *** ME Analyzer Engine Firmware Repository Database *** -*** Revision r143 (2018-10-26 , 19:32) *** +*** Revision r144 (2018-11-03 , 15:32) *** *** Converged Security Management Engine (CSME) *** *** Version_SKU_Stepping_Release_Type_FTPR-RSASIG-SHA256 *** *** 11 LP: Version_SKU_Stepping_Release_PDM_Type_FTPR-RSASIG-SHA256 *** +12.0.10.1127_CON_H_B_PRD_EXTR_8BC3C259551E4454B71BB26967C7D21F422A7AEB0933C9C7F6905DB2946C57DF +12.0.10.1127_COR_H_B_PRD_EXTR_834E23ED416BB39CF0295371958799D79D5E21FF6CDA35565AF1AE35717DF569 +12.0.9.1125_SLM_H_B_PRD_EXTR_1095597C285726CC1CD13CBD7E2296078FC01835B854316BD6791876DD7217D2 12.0.8.1124_COR_H_B_PRD_EXTR_C235199D1C1BEF21BB9A5BAA0564FE89FB93C6C325446D4E08268E8E2C84B72D 12.0.8.1123_CON_H_B_PRD_EXTR_FF16CC85C89935AFD429320EA1AFB58C28AB781EFC1F18920F9E2A8B6580B47A 12.0.7.1122_CON_H_B_PRD_EXTR_DB23033E9119D5DE7213762B98B6419B0B5E0796101C5BE75A4A39EC1C4678E6 12.0.7.1122_COR_H_B_PRD_EXTR_A9D390EEFC3A444A5014C3C4B9BF054E4C0585403D20C69FA9A5C82E36324799 +12.0.7.1122_CON_LP_C_PRD_RGN_8C0AC0CC36D0FC564A91C6A7F8999D4474554AFD80C5A146CDFEF00E6BF51141 +12.0.7.1122_CON_LP_C_PRE_RGN_B749A249F4FAAF07CE022A0990220CDB52A358C017D2995177C28D1C6BD32D54 12.0.6.1120_CON_H_B_PRD_RGN_96988C08A4F15B02D57110167B7E10AC0D06025EA600FFC3F66747D70DA975F4 12.0.6.1120_CON_H_B_PRE_RGN_C54EF909AD76694D6011666E1123EECBEC9B0564FF60E8CFCF14236CBA780EEF 12.0.6.1120_COR_H_B_PRD_RGN_6DE6932F21EEDF0C052DAF487CEB93FFA29702A5C5819AD8AAABA3A79A148198 @@ -94,6 +99,7 @@ 11.8.59.3560_CON_LP_C0_NPDM_PRD_RGN_662DDECC78AA0102CC577AB4E7ED361A8B46605AE16F7109FCFB89CDEC1086CA 11.8.59.3560_COR_LP_C0_NPDM_PRD_RGN_BFEDDAB75A0F3B1D12F5D400F062ADFE92BCDEFE388B2F6CF78DC94E7C443338 +11.8.58.3511_SLM_LP_C0_NPDM_PRD_EXTR_298C72119152EA3E7AE3468CAED82BBC47F707C35C1A4A647DD2C6713BB85244 11.8.55.3510_CON_H_D0_PRD_RGN_0F01B48A33C59D826E7DA53ECA91348291EDDC297C3FC0DBD9886AF33C971F32 11.8.55.3510_CON_H_D0_PRE_RGN_9F253A831A0F9DA3B8B9A3205304F1957FF4A01A807543833D8E2CA073CD6F85 11.8.55.3510_COR_H_D0_PRD_RGN_3B46C1229E58AA65896BC4001C19630FF40060970B120B0904D0C70F921537B5 @@ -1840,6 +1846,7 @@ *** Power Management Controller (PMC) *** +CNP_300.2.11.1018_H_B_PRD_0BE3F3DDD07502ACF1641EEAEB8459F319DDAE4D16CE07E492C15B2407F731A6 CNP_300.2.11.1017_H_B_PRD_DA47052AF6A290C696E25E9F7CA0A37959A27537B6447127A2ED29425EB3F71E CNP_300.2.11.1016_H_B_PRD_958F7DC9C53829B4716C3871317902DDE9801528EC1F88C1F98DAE0EDC15C7EE CNP_300.2.11.1015_H_B_PRD_475CD0F48C4459E99521118A5404D391440945BF7E5030C0F4BC0C24CAD0868E @@ -1863,6 +1870,7 @@ CNP_300.2.1.1012_H_A_PRE_5D2614AAA1373D6A57EF9C1AB29619283CB890B7D2D5446B5A13A92 CNP_300.2.1.1009_H_A_PRD_C857C63C5F62D05B73931279A634152E1909FA1038D2A41E8F572C8E721FCA38 CNP_300.2.1.1009_H_A_PRE_378771C097967D7ED25F17319B80AFFFEDF486FD4D03368A1DCBC17E1A58F48D CNP_300.1.20.1016_LP_C_PRD_EB3CE41A8A31E748F3937219E7BF5801B292C49E95F8ADF0FF1A7BCBAE22C09A +CNP_300.1.20.1016_LP_C_PRE_D294EC28C41AF3302F4E187C91886E19C924D0244EFBDC7BA7FD4443DE32EA40 CNP_300.1.20.1015_LP_C_PRD_70C3FBCB183C79C1ADB0005640CEFC031C5F7A1BDECBEC7ECE6D88997A05C266 CNP_300.1.20.1015_LP_C_PRE_B0EC88F8392BE978C3900DF42F538E66C45D73A27B5972F13E311437BD516174 CNP_300.1.20.1009_LP_C_PRD_458D80D5563249CA98BBFCAE271018B1ADFA0F20A076C6D98C1289A8E7077885 @@ -1937,11 +1945,11 @@ RSAPKEY_TBD1_86C0E5EF0CFEFF6D810D68D83D8C6ECB68306A644C03C0446B646A3971D37894 (M *** MEA-ID_Family_MajorMinor_SKU__Version *** -Latest_CSME_120_CONH__12.0.8.1123 -Latest_CSME_120_CORH__12.0.8.1124 -Latest_CSME_120_CONLP__12.0.6.1120 +Latest_CSME_120_CONH__12.0.10.1127 +Latest_CSME_120_CORH__12.0.10.1127 +Latest_CSME_120_CONLP__12.0.7.1122 Latest_CSME_120_CORLP__12.0.0.0000 -Latest_CSME_120_SLMH__12.0.5.1117 +Latest_CSME_120_SLMH__12.0.9.1125 Latest_CSME_120_SLMLP__12.0.5.1117 Latest_CSME_1121_CORH__11.21.55.1508 Latest_CSME_1111_CONH__11.11.55.1509 @@ -1952,7 +1960,7 @@ Latest_CSME_118_CORH__11.8.55.3510 Latest_CSME_118_CONLP__11.8.59.3560 Latest_CSME_118_CORLP__11.8.59.3560 Latest_CSME_118_SLMH__11.8.55.3510 -Latest_CSME_118_SLMLP__11.8.55.3510 +Latest_CSME_118_SLMLP__11.8.58.3511 Latest_ME_100_1.5MB__10.0.55.3000 Latest_ME_100_5MB__10.0.60.3000 Latest_ME_100_SLM__10.0.35.1012 @@ -1999,7 +2007,7 @@ Latest_TXE_10_3MB_MD__1.0.9.1153 Latest_TXE_10_3MB_IT__1.0.3.1164 Latest_TXE_07_3MB_MD__0.7.53.1133 -Latest_PMCCNP_H_B__300.2.11.1017 +Latest_PMCCNP_H_B__300.2.11.1018 Latest_PMCCNP_H_A__300.2.01.1013 Latest_PMCCNP_LP_C__300.1.20.1016 Latest_PMCCNP_LP_B__300.1.11.1014 \ No newline at end of file diff --git a/MEA.py b/MEA.py index c8666cd..aa65222 100644 --- a/MEA.py +++ b/MEA.py @@ -6,7 +6,7 @@ Copyright (C) 2014-2018 Plato Mavropoulos """ -title = 'ME Analyzer v1.70.2' +title = 'ME Analyzer v1.70.3' import os import re @@ -472,7 +472,7 @@ class MN2_Manifest(ctypes.LittleEndianStructure) : # Manifest $MAN/$MN2 (MANIFES ("Year", uint16_t), # 0x16 ("Size", uint32_t), # 0x18 dwords (0x2000 max) ("Tag", char*4), # 0x1C - ("NumModules", uint32_t), # 0x20 Unknown at CSE (some FTPR > Kernel value) + ("NumModules", uint32_t), # 0x20 Internal Info at CSE (FTPR > Kernel) ("Major", uint16_t), # 0x24 ("Minor", uint16_t), # 0x26 ("Hotfix", uint16_t), # 0x28 @@ -512,7 +512,7 @@ def hdr_print_cse(self) : pt.add_row(['Date', '%0.4X-%0.2X-%0.2X' % (self.Year,self.Month,self.Day)]) pt.add_row(['Manifest Size', '0x%X' % (self.Size * 4)]) pt.add_row(['Manifest Tag', '%s' % self.Tag.decode('utf-8')]) - pt.add_row(['Unknown', '0x%X' % self.NumModules]) + pt.add_row(['Internal Info', '0x%X' % self.NumModules]) pt.add_row(['Version', 'N/A' if self.Major in [0,0xFFFF] else version]) pt.add_row(['Security Version Number', '%d' % self.SVN]) pt.add_row(['Reserved 0', '0x%X' % self.SVN_8]) @@ -856,7 +856,7 @@ def mfs_print(self) : pt.add_row(['File Size', '0x%X' % self.FileSize]) pt.add_row(['Owner User ID', '%0.4X' % self.OwnerUserID]) pt.add_row(['Owner Group ID', '%0.4X' % self.OwnerGroupID]) - pt.add_row(['File Offset', '0x%X' % self.FileOffset]) + #pt.add_row(['File Offset', '0x%X' % self.FileOffset]) return pt @@ -2723,7 +2723,7 @@ def ext_print(self) : 0x80860032 : ['ISH FW Authentication', ['Enforced', 'Allow RnD Keys', 'Disabled']], 0x80860033 : ['IUNIT FW Authentication', ['Enforced', 'Allow RnD Keys', 'Disabled']], 0x80860040 : ['Anti-Rollback', ['Enabled', 'Disabled']], # (BtGuardArbOemKeyManifest) - 0x80860051 : ['ABL Elements', ['Enabled', 'Disabled']], # Guess, not in XML/PFT + 0x80860051 : ['OEM BIOS Payload', ['Enabled', 'Disabled']], # (KnobIdValues) 0x80860101 : ['Change Device Lifecycle', ['No', 'Customer Care', 'RnD', 'Refurbish']], 0x80860201 : ['Co-Signing', ['Enabled', 'Disabled']] } @@ -3138,6 +3138,7 @@ class BPDT_Entry_GetFlags(ctypes.Union): cse_known_bad_hashes = [ ('1E2FD3B838010854E7490776ACC8E4CB6FE03D602151DF653BA392FF6E0D29B4','B2EE55B55A787362F49DF79F57403DE2DC6B2D09077BA732583FF2F80C10F306'), # CSME 12.0.0.7075_CON_LP_A_PRE > FTPR > FTPR.man ('4D0ADC668CAB1E694ED165CA36D5CFF3F13FFDFEB1A2BBD121334A098485E309','0ADBCBA2EAEAA7307247D6D6747521CFBC3B9AD988BA9F949217DFBC32ECB864'), # CSME 12.0.0.7075_COR_LP_A_PRE > FTPR > FTPR.man +('CC2866DC330789AFB764E335F8F7396CE7E098128FD988238F24C38EE450F8F0','FC4608D9894D56474C14A6EC238650C929E8A9DD5C6C759AD6BE4A8E37024A25'), # CSME 11.8.58.3511_SLM_LP_C0_NPDM_PRD > FTPR > FTPR.man ('9831E6A8BD82EAE593161B3BFB3CD787EF4B8308C5ED0869EC5C29D2812AE07C','8362AC40855AF85779D66ECC0DEBB5D5E807873395807EEB853D235D286D4AB2'), # CSME 11.8.55.3510_SLM_H_D0_PRD > FTPR > FTPR.man ('E3DFAF8004464C3C77E562679BD177F81FB6D12D88A91CA4BEAFB1C65E724EA1','EE93E0318058FDC1D51906F50A4494B786D2874AB42CD4E5EFC029BBBB4733D8'), # CSME 11.8.55.3510_SLM_LP_C0_NPDM_PRD > FTPR > FTPR.man ('0833D56054E84412DDA84B400D13A13160D4ECEF6ABE407023D0AB502EA2A3EE','2394556989CA959938370811AD3937AAC02354671DB02704404E69CB816AFCF8'), # CSME 11.8.50.3425_SLM_H_D0_PRD > FTPR > FTPR.man @@ -3221,6 +3222,7 @@ class BPDT_Entry_GetFlags(ctypes.Union): 10 : 'LOCL', # AMT Localization 11 : 'Unlock Token', 13 : 'USB Type C D-PHY', + 14 : 'PCH Configuration', # OEM (32-127) 32 : 'Boot Policy', 33 : 'iUnit Boot Loader', # Imaging Unit (Camera) @@ -3241,6 +3243,7 @@ class BPDT_Entry_GetFlags(ctypes.Union): 48 : 'OEM DAL', # Dynamic Application Loader 49 : 'OEM DNX IFWI R1', # XML v1.0 (Download and Execute v1) 53 : 'OEM DNX IFWI R2', # XML v2.4 (Download and Execute v2) + 57 : 'OEM Descriptor', } # Unpack Engine CSE firmware @@ -4949,8 +4952,7 @@ def mfs_home_anl(mfs_files, file_buffer, file_records, root_folder, home_rec_siz def mfs_cfg_anl(buffer, rec_folder, root_folder, config_rec_size) : # Generate MFS Configuration Records Log mfs_pt = ext_table([col_y + 'Name' + col_e, col_y + 'Type' + col_e, col_y + 'Size' + col_e, col_y + 'Integrity' + col_e, col_y + 'Encryption' + col_e, - col_y + 'Anti-Replay' + col_e, col_y + 'Rights' + col_e, col_y + 'OEM' + col_e, col_y + 'MCA' + col_e, col_y + 'Access Unknown' + col_e, - col_y + 'Options Unknown' + col_e, col_y + 'Path' + col_e], True, 1) + col_y + 'Anti-Replay' + col_e, col_y + 'Rights' + col_e, col_y + 'OEM' + col_e, col_y + 'MCA' + col_e, col_y + 'Unknown' + col_e, col_y + 'Path' + col_e], True, 1) mfs_pt.title = col_y + 'MFS Configuration Records' + col_e rec_count = int.from_bytes(buffer[:4], 'little') # MFS Configuration Records Count @@ -4978,7 +4980,7 @@ def mfs_cfg_anl(buffer, rec_folder, root_folder, config_rec_size) : # Append MFS Configuration Record Info to Log mfs_pt.add_row([rec_name, ['File','Folder'][record_type], '0x%X' % rec_size, ['No','Yes'][integrity], ['No','Yes'][encryption], ['No','Yes'][anti_replay], - ''.join(map(str, rec_hdr.get_rights(unix_rights))), ['No','Yes'][fitc_cfg], ['No','Yes'][mca_upd], '{0:03b}b'.format(acc_unk), '{0:014b}b'.format(opt_unk), local_mfs_path]) + ''.join(map(str, rec_hdr.get_rights(unix_rights))), ['No','Yes'][fitc_cfg], ['No','Yes'][mca_upd], '{0:03b}b'.format(acc_unk) + ' {0:014b}b'.format(opt_unk), local_mfs_path]) mfs_txt(mfs_pt, root_folder, os.path.join(root_folder + 'home_records'), 'w') # Store/Print MFS Configuration Records Log @@ -7833,9 +7835,9 @@ def mass_scan(f_path) : if pmc_mn2_signed == 'Production' and (variant == 'CSME' and major >= 12) : msg_pt.add_row(['PMC Latest', [col_g + 'Yes' + col_e, col_r + 'No' + col_e][pmcp_upd_found]]) - if ((variant == 'CSME' and major >= 12) or (variant == 'CSTXE' and major >= 3)) and not wcod_found : - msg_pt.add_row(['OEM Configuration', ['No','Yes'][int(oem_config)]]) - msg_pt.add_row(['OEM RSA Signature', ['No','Yes'][int(oem_signed or oemp_found)]]) + if variant == 'CSTXE' and major >= 3 and not wcod_found : msg_pt.add_row(['OEM Configuration', ['No','Yes'][int(oem_config)]]) + + if variant in ('CSME','CSTXE','CSSPS') and not wcod_found : msg_pt.add_row(['OEM RSA Signature', ['No','Yes'][int(oem_signed or oemp_found)]]) if (rgn_exist or ifwi_exist) and variant in ('CSME','CSTXE','CSSPS','TXE') : msg_pt.add_row(['OEM Unlock Token', ['No','Yes'][int(utok_found)]]) @@ -7884,7 +7886,7 @@ def mass_scan(f_path) : if fpt_num_fail : gen_msg(warn_stor, col_m + 'Warning: Wrong $FPT entry count %s, expected %s!' % (fpt_num_file,fpt_num_calc) + col_e, True) - if pmc_not_comp : gen_msg(warn_stor, col_m + 'Warning: Incompatible PMC %s firmware detected!' % pmc_platform + col_e, True) + if pmc_not_comp : gen_msg(warn_stor, col_m + 'Warning: Incompatible PMC %s firmware detected!' % pmc_platform + col_e, False) if fuj_rgn_exist : gen_msg(warn_stor, col_m + 'Warning: Fujitsu Intel Engine firmware detected!' + col_e, False)