Return code updates to cet, reputation, s3script_modify and cpuid_fuzz

Signed-off-by: Sae86 <[email protected]>
npmitche · Feb 13, 2024 · cabe83d · cabe83d
1 parent dd4175f
commit cabe83d
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 13 deletions.
diff --git a/chipsec/modules/common/cet.py b/chipsec/modules/common/cet.py
@@ -41,14 +41,16 @@
 class cet(BaseModule):
     def __init__(self):
         super(cet, self).__init__()
+        self.rc_res = ModuleResult(0x014b813, 'https://chipsec.github.io/modules/chipsec.modules.common.cet.html')
         self.cpuid_7_0__ecx_val = None
 
     def is_supported(self):
         supported = self.support_shadow()
         if supported:
             return True
         self.logger.log_important('CET is not defined for the platform.  Skipping module.')
-        self.res = ModuleResult.NOTAPPLICABLE
+        self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE)
+        self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE)
         return False
 
     def get_cpuid_value(self) -> None:

diff --git a/chipsec/modules/tools/uefi/reputation.py b/chipsec/modules/tools/uefi/reputation.py
@@ -55,6 +55,7 @@ class reputation(BaseModule):
 
     def __init__(self):
         BaseModule.__init__(self)
+        self.rc_res = ModuleResult(0x556ec74, 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.reputation.html')
         self.uefi = UEFI(self.cs)
         self.image = None
         self.vt_threshold = 10
@@ -66,7 +67,8 @@ def is_supported(self):
         else:
             self.logger.log_important("""Can't import module 'virus_total_apis'.
 Please run 'pip install virustotal-api' and try again.""")
-            self.res = ModuleResult.NOTAPPLICABLE
+            self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE)
+            self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE)
             return False
 
     def reputation_callback(self, efi_module):
@@ -107,6 +109,7 @@ def check_reputation(self):
         if found:
             res = ModuleResult.WARNING
             self.logger.log_warning("Suspicious EFI binary found in the UEFI firmware image")
+            self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE)
         else:
             self.logger.log_passed("Didn't find any suspicious EFI binary")
         return res
@@ -141,4 +144,4 @@ def run(self, module_argv):
         self.image = read_file(image_file)
 
         self.res = self.check_reputation()
-        return self.res
+        return self.rc_res.getReturnCode(self.res)
diff --git a/chipsec/modules/tools/uefi/s3script_modify.py b/chipsec/modules/tools/uefi/s3script_modify.py
@@ -136,6 +136,7 @@ class s3script_modify(BaseModule):
 
     def __init__(self):
         BaseModule.__init__(self)
+        self.rc_res = ModuleResult(0xa33100e, 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.s3script_modify.html')
         self.logger.HAL = True
         self._uefi = UEFI(self.cs)
         self.bootscript_PAs = None
@@ -150,12 +151,14 @@ def is_supported(self):
         supported = self.cs.helper.EFI_supported()
         if not supported:
             self.logger.log("OS does not support UEFI Runtime API.  Skipping module.")
-            self.res = ModuleResult.NOTAPPLICABLE
+            self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE)
+            self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE)
         else:
             _, ps = self.get_bootscript()
             if not ps:
                 self.logger.log("Unable to locate boot script.  Skipping module.")
-                self.res = ModuleResult.NOTAPPLICABLE
+                self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE)
+                self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE)
                 supported = False
         return supported
 
@@ -363,7 +366,8 @@ def run(self, module_argv):
             if scmd in cmd2opcode:
                 if len(module_argv) < 4:
                     self.logger.log_error(f'Expected module options: -a replace_op,{scmd},<reg_address>,<value>')
-                    return ModuleResult.ERROR
+                    self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE)
+                    return self.rc_res.getReturnCode(ModuleResult.ERROR)
                 reg_address = int(module_argv[2], 16)
                 value = int(module_argv[3], 16)
                 sts = self.modify_s3_reg(cmd2opcode[scmd], reg_address, value)
@@ -380,14 +384,16 @@ def run(self, module_argv):
             else:
                 self.logger.log_error(f'Unrecognized module command-line argument: {scmd}')
                 self.logger.log(examples_str)
-                return ModuleResult.ERROR
+                self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE)
+                return self.rc_res.getReturnCode(ModuleResult.ERROR)
         elif op == 'add_op':
             scmd = module_argv[1].lower() if len(module_argv) > 1 else 'dispatch'
             new_opcode = None
             if scmd in cmd2opcode:
                 if len(module_argv) < 5:
                     self.logger.log_error(f'Expected module options: -a add_op,{scmd},<reg_address>,<value>,<width>')
-                    return ModuleResult.ERROR
+                    self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE)
+                    return self.rc_res.getReturnCode(ModuleResult.ERROR)
                 address = int(module_argv[2], 16)
                 value = int(module_argv[3], 16)
                 width = int(module_argv[4], 16)
@@ -399,7 +405,8 @@ def run(self, module_argv):
                 else:
                     self.logger.log_error(f'Unsupported opcode: {scmd}')
                     self.logger.log(examples_str)
-                    return ModuleResult.ERROR
+                    self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE)
+                    return self.rc_res.getReturnCode(ModuleResult.ERROR)
             elif 'dispatch' == scmd:
                 if len(module_argv) < 3:
                     (smram_base, _, _) = self.cs.cpu.get_SMRAM()
@@ -411,16 +418,22 @@ def run(self, module_argv):
             else:
                 self.logger.log_error(f'Unrecognized opcode: {scmd}')
                 self.logger.log(examples_str)
-                return ModuleResult.ERROR
+                self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE)
+                return self.rc_res.getReturnCode(ModuleResult.ERROR)
 
             sts = self.modify_s3_add(new_opcode)
         else:
             self.logger.log_error(f'Unrecognized module command-line argument: {op}')
             self.logger.log(examples_str)
-            return ModuleResult.ERROR
+            self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE)
+            return self.rc_res.getReturnCode(ModuleResult.ERROR)
+
+        self.rc_res.setStatusBit(self.rc_res.status.VERIFY)
 
         if sts:
             self.logger.log_passed('The script has been modified. Go to sleep..')
-            return ModuleResult.PASSED
+            self.res = ModuleResult.PASSED
         else:
-            return ModuleResult.FAILED
+            self.res = ModuleResult.FAILED
+
+        return self.rc_res.getReturnCode(self.res)
diff --git a/chipsec/modules/tools/vmm/cpuid_fuzz.py b/chipsec/modules/tools/vmm/cpuid_fuzz.py
@@ -84,6 +84,9 @@
 
 
 class cpuid_fuzz (BaseModule):
+    def __init__(self):
+        BaseModule.__init__(self)
+        self.rc_res = ModuleResult(0x846024f, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.cpuid_fuzz.html')
 
     def fuzz_CPUID(self, eax_start, random_order = False):
         eax_range = _NO_EAX_TO_FUZZ