From cabe83d87fb146978eb5f11fc7ada92b573955fe Mon Sep 17 00:00:00 2001 From: Sae86 Date: Mon, 12 Feb 2024 13:24:28 -0800 Subject: [PATCH] Return code updates to cet, reputation, s3script_modify and cpuid_fuzz Signed-off-by: Sae86 --- chipsec/modules/common/cet.py | 4 ++- chipsec/modules/tools/uefi/reputation.py | 7 ++-- chipsec/modules/tools/uefi/s3script_modify.py | 33 +++++++++++++------ chipsec/modules/tools/vmm/cpuid_fuzz.py | 3 ++ 4 files changed, 34 insertions(+), 13 deletions(-) diff --git a/chipsec/modules/common/cet.py b/chipsec/modules/common/cet.py index ec78c2a8dd..aea8cbf667 100644 --- a/chipsec/modules/common/cet.py +++ b/chipsec/modules/common/cet.py @@ -41,6 +41,7 @@ class cet(BaseModule): def __init__(self): super(cet, self).__init__() + self.rc_res = ModuleResult(0x014b813, 'https://chipsec.github.io/modules/chipsec.modules.common.cet.html') self.cpuid_7_0__ecx_val = None def is_supported(self): @@ -48,7 +49,8 @@ def is_supported(self): if supported: return True self.logger.log_important('CET is not defined for the platform. Skipping module.') - self.res = ModuleResult.NOTAPPLICABLE + self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def get_cpuid_value(self) -> None: diff --git a/chipsec/modules/tools/uefi/reputation.py b/chipsec/modules/tools/uefi/reputation.py index d95f3a996f..691cd494d5 100644 --- a/chipsec/modules/tools/uefi/reputation.py +++ b/chipsec/modules/tools/uefi/reputation.py @@ -55,6 +55,7 @@ class reputation(BaseModule): def __init__(self): BaseModule.__init__(self) + self.rc_res = ModuleResult(0x556ec74, 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.reputation.html') self.uefi = UEFI(self.cs) self.image = None self.vt_threshold = 10 @@ -66,7 +67,8 @@ def is_supported(self): else: self.logger.log_important("""Can't import module 'virus_total_apis'. Please run 'pip install virustotal-api' and try again.""") - self.res = ModuleResult.NOTAPPLICABLE + self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def reputation_callback(self, efi_module): @@ -107,6 +109,7 @@ def check_reputation(self): if found: res = ModuleResult.WARNING self.logger.log_warning("Suspicious EFI binary found in the UEFI firmware image") + self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) else: self.logger.log_passed("Didn't find any suspicious EFI binary") return res @@ -141,4 +144,4 @@ def run(self, module_argv): self.image = read_file(image_file) self.res = self.check_reputation() - return self.res + return self.rc_res.getReturnCode(self.res) diff --git a/chipsec/modules/tools/uefi/s3script_modify.py b/chipsec/modules/tools/uefi/s3script_modify.py index 0e227202ce..c4d2c08d57 100644 --- a/chipsec/modules/tools/uefi/s3script_modify.py +++ b/chipsec/modules/tools/uefi/s3script_modify.py @@ -136,6 +136,7 @@ class s3script_modify(BaseModule): def __init__(self): BaseModule.__init__(self) + self.rc_res = ModuleResult(0xa33100e, 'https://chipsec.github.io/modules/chipsec.modules.tools.uefi.s3script_modify.html') self.logger.HAL = True self._uefi = UEFI(self.cs) self.bootscript_PAs = None @@ -150,12 +151,14 @@ def is_supported(self): supported = self.cs.helper.EFI_supported() if not supported: self.logger.log("OS does not support UEFI Runtime API. Skipping module.") - self.res = ModuleResult.NOTAPPLICABLE + self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) else: _, ps = self.get_bootscript() if not ps: self.logger.log("Unable to locate boot script. Skipping module.") - self.res = ModuleResult.NOTAPPLICABLE + self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) supported = False return supported @@ -363,7 +366,8 @@ def run(self, module_argv): if scmd in cmd2opcode: if len(module_argv) < 4: self.logger.log_error(f'Expected module options: -a replace_op,{scmd},,') - return ModuleResult.ERROR + self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) + return self.rc_res.getReturnCode(ModuleResult.ERROR) reg_address = int(module_argv[2], 16) value = int(module_argv[3], 16) sts = self.modify_s3_reg(cmd2opcode[scmd], reg_address, value) @@ -380,14 +384,16 @@ def run(self, module_argv): else: self.logger.log_error(f'Unrecognized module command-line argument: {scmd}') self.logger.log(examples_str) - return ModuleResult.ERROR + self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) + return self.rc_res.getReturnCode(ModuleResult.ERROR) elif op == 'add_op': scmd = module_argv[1].lower() if len(module_argv) > 1 else 'dispatch' new_opcode = None if scmd in cmd2opcode: if len(module_argv) < 5: self.logger.log_error(f'Expected module options: -a add_op,{scmd},,,') - return ModuleResult.ERROR + self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) + return self.rc_res.getReturnCode(ModuleResult.ERROR) address = int(module_argv[2], 16) value = int(module_argv[3], 16) width = int(module_argv[4], 16) @@ -399,7 +405,8 @@ def run(self, module_argv): else: self.logger.log_error(f'Unsupported opcode: {scmd}') self.logger.log(examples_str) - return ModuleResult.ERROR + self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) + return self.rc_res.getReturnCode(ModuleResult.ERROR) elif 'dispatch' == scmd: if len(module_argv) < 3: (smram_base, _, _) = self.cs.cpu.get_SMRAM() @@ -411,16 +418,22 @@ def run(self, module_argv): else: self.logger.log_error(f'Unrecognized opcode: {scmd}') self.logger.log(examples_str) - return ModuleResult.ERROR + self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) + return self.rc_res.getReturnCode(ModuleResult.ERROR) sts = self.modify_s3_add(new_opcode) else: self.logger.log_error(f'Unrecognized module command-line argument: {op}') self.logger.log(examples_str) - return ModuleResult.ERROR + self.rc_res.setStatusBit(self.rc_res.status.UNSUPPORTED_FEATURE) + return self.rc_res.getReturnCode(ModuleResult.ERROR) + + self.rc_res.setStatusBit(self.rc_res.status.VERIFY) if sts: self.logger.log_passed('The script has been modified. Go to sleep..') - return ModuleResult.PASSED + self.res = ModuleResult.PASSED else: - return ModuleResult.FAILED + self.res = ModuleResult.FAILED + + return self.rc_res.getReturnCode(self.res) diff --git a/chipsec/modules/tools/vmm/cpuid_fuzz.py b/chipsec/modules/tools/vmm/cpuid_fuzz.py index 42193bcce6..7d8f3661dc 100644 --- a/chipsec/modules/tools/vmm/cpuid_fuzz.py +++ b/chipsec/modules/tools/vmm/cpuid_fuzz.py @@ -84,6 +84,9 @@ class cpuid_fuzz (BaseModule): + def __init__(self): + BaseModule.__init__(self) + self.rc_res = ModuleResult(0x846024f, 'https://chipsec.github.io/modules/chipsec.modules.tools.vmm.cpuid_fuzz.html') def fuzz_CPUID(self, eax_start, random_order = False): eax_range = _NO_EAX_TO_FUZZ