BaseTools/Capsule: Add max value checks to Capsule Generation tools
[mirror_edk2.git] / BaseTools / Source / Python / Capsule / GenerateCapsule.py
1 ## @file
2 # Generate a capsule.
3 #
4 # Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
5 # This program and the accompanying materials
6 # are licensed and made available under the terms and conditions of the BSD License
7 # which accompanies this distribution. The full text of the license may be found at
8 # http://opensource.org/licenses/bsd-license.php
9 #
10 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12 #
13
14 '''
15 GenerateCapsule
16 '''
17
18 import sys
19 import argparse
20 import uuid
21 import struct
22 import subprocess
23 import os
24 import tempfile
25 import shutil
26 import platform
27 from Common.Uefi.Capsule.UefiCapsuleHeader import UefiCapsuleHeaderClass
28 from Common.Uefi.Capsule.FmpCapsuleHeader import FmpCapsuleHeaderClass
29 from Common.Uefi.Capsule.FmpAuthHeader import FmpAuthHeaderClass
30 from Common.Edk2.Capsule.FmpPayloadHeader import FmpPayloadHeaderClass
31
32 #
33 # Globals for help information
34 #
35 __prog__ = 'GenerateCapsule'
36 __version__ = '0.9'
37 __copyright__ = 'Copyright (c) 2018, Intel Corporation. All rights reserved.'
38 __description__ = 'Generate a capsule.\n'
39
40 def SignPayloadSignTool (Payload, ToolPath, PfxFile):
41 #
42 # Create a temporary directory
43 #
44 TempDirectoryName = tempfile.mkdtemp()
45
46 #
47 # Generate temp file name for the payload contents
48 #
49 TempFileName = os.path.join (TempDirectoryName, 'Payload.bin')
50
51 #
52 # Create temporary payload file for signing
53 #
54 try:
55 File = open (TempFileName, mode='wb')
56 File.write (Payload)
57 File.close ()
58 except:
59 shutil.rmtree (TempDirectoryName)
60 raise ValueError ('GenerateCapsule: error: can not write temporary payload file.')
61
62 #
63 # Build signtool command
64 #
65 if ToolPath is None:
66 ToolPath = ''
67 Command = ''
68 Command = Command + '"{Path}" '.format (Path = os.path.join (ToolPath, 'signtool.exe'))
69 Command = Command + 'sign /fd sha256 /p7ce DetachedSignedData /p7co 1.2.840.113549.1.7.2 '
70 Command = Command + '/p7 {TempDir} '.format (TempDir = TempDirectoryName)
71 Command = Command + '/f {PfxFile} '.format (PfxFile = PfxFile)
72 Command = Command + TempFileName
73
74 #
75 # Sign the input file using the specified private key
76 #
77 try:
78 Process = subprocess.Popen (Command, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, shell = True)
79 Result = Process.communicate('')
80 except:
81 shutil.rmtree (TempDirectoryName)
82 raise ValueError ('GenerateCapsule: error: can not run signtool.')
83
84 if Process.returncode != 0:
85 shutil.rmtree (TempDirectoryName)
86 print (Result[1].decode())
87 raise ValueError ('GenerateCapsule: error: signtool failed.')
88
89 #
90 # Read the signature from the generated output file
91 #
92 try:
93 File = open (TempFileName + '.p7', mode='rb')
94 Signature = File.read ()
95 File.close ()
96 except:
97 shutil.rmtree (TempDirectoryName)
98 raise ValueError ('GenerateCapsule: error: can not read signature file.')
99
100 shutil.rmtree (TempDirectoryName)
101 return Signature
102
103 def VerifyPayloadSignTool (Payload, CertData, ToolPath, PfxFile):
104 print ('signtool verify is not supported.')
105 raise ValueError ('GenerateCapsule: error: signtool verify is not supported.')
106
107 def SignPayloadOpenSsl (Payload, ToolPath, SignerPrivateCertFile, OtherPublicCertFile, TrustedPublicCertFile):
108 #
109 # Build openssl command
110 #
111 if ToolPath is None:
112 ToolPath = ''
113 Command = ''
114 Command = Command + '"{Path}" '.format (Path = os.path.join (ToolPath, 'openssl'))
115 Command = Command + 'smime -sign -binary -outform DER -md sha256 '
116 Command = Command + '-signer "{Private}" -certfile "{Public}"'.format (Private = SignerPrivateCertFile, Public = OtherPublicCertFile)
117
118 #
119 # Sign the input file using the specified private key and capture signature from STDOUT
120 #
121 try:
122 Process = subprocess.Popen (Command, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, shell = True)
123 Result = Process.communicate(input = Payload)
124 Signature = Result[0]
125 except:
126 raise ValueError ('GenerateCapsule: error: can not run openssl.')
127
128 if Process.returncode != 0:
129 print (Result[1].decode())
130 raise ValueError ('GenerateCapsule: error: openssl failed.')
131
132 return Signature
133
134 def VerifyPayloadOpenSsl (Payload, CertData, ToolPath, SignerPrivateCertFile, OtherPublicCertFile, TrustedPublicCertFile):
135 #
136 # Create a temporary directory
137 #
138 TempDirectoryName = tempfile.mkdtemp()
139
140 #
141 # Generate temp file name for the payload contents
142 #
143 TempFileName = os.path.join (TempDirectoryName, 'Payload.bin')
144
145 #
146 # Create temporary payload file for verification
147 #
148 try:
149 File = open (TempFileName, mode='wb')
150 File.write (Payload)
151 File.close ()
152 except:
153 shutil.rmtree (TempDirectoryName)
154 raise ValueError ('GenerateCapsule: error: can not write temporary payload file.')
155
156 #
157 # Build openssl command
158 #
159 if ToolPath is None:
160 ToolPath = ''
161 Command = ''
162 Command = Command + '"{Path}" '.format (Path = os.path.join (ToolPath, 'openssl'))
163 Command = Command + 'smime -verify -inform DER '
164 Command = Command + '-content {Content} -CAfile "{Public}"'.format (Content = TempFileName, Public = TrustedPublicCertFile)
165
166 #
167 # Verify signature
168 #
169 try:
170 Process = subprocess.Popen (Command, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, shell = True)
171 Result = Process.communicate(input = CertData)
172 except:
173 shutil.rmtree (TempDirectoryName)
174 raise ValueError ('GenerateCapsule: error: can not run openssl.')
175
176 if Process.returncode != 0:
177 shutil.rmtree (TempDirectoryName)
178 print (Result[1].decode())
179 raise ValueError ('GenerateCapsule: error: openssl failed.')
180
181 shutil.rmtree (TempDirectoryName)
182 return Payload
183
184 if __name__ == '__main__':
185 def convert_arg_line_to_args(arg_line):
186 for arg in arg_line.split():
187 if not arg.strip():
188 continue
189 yield arg
190
191 def ValidateUnsignedInteger (Argument):
192 try:
193 Value = int (Argument, 0)
194 except:
195 Message = '{Argument} is not a valid integer value.'.format (Argument = Argument)
196 raise argparse.ArgumentTypeError (Message)
197 if Value < 0:
198 Message = '{Argument} is a negative value.'.format (Argument = Argument)
199 raise argparse.ArgumentTypeError (Message)
200 return Value
201
202 def ValidateRegistryFormatGuid (Argument):
203 try:
204 Value = uuid.UUID (Argument)
205 except:
206 Message = '{Argument} is not a valid registry format GUID value.'.format (Argument = Argument)
207 raise argparse.ArgumentTypeError (Message)
208 return Value
209
210 #
211 # Create command line argument parser object
212 #
213 parser = argparse.ArgumentParser (
214 prog = __prog__,
215 description = __description__ + __copyright__,
216 conflict_handler = 'resolve',
217 fromfile_prefix_chars = '@'
218 )
219 parser.convert_arg_line_to_args = convert_arg_line_to_args
220
221 #
222 # Add input and output file arguments
223 #
224 parser.add_argument("InputFile", type = argparse.FileType('rb'),
225 help = "Input binary payload filename.")
226 parser.add_argument("-o", "--output", dest = 'OutputFile', type = argparse.FileType('wb'),
227 help = "Output filename.")
228 #
229 # Add group for -e and -d flags that are mutually exclusive and required
230 #
231 group = parser.add_mutually_exclusive_group (required = True)
232 group.add_argument ("-e", "--encode", dest = 'Encode', action = "store_true",
233 help = "Encode file")
234 group.add_argument ("-d", "--decode", dest = 'Decode', action = "store_true",
235 help = "Decode file")
236 group.add_argument ("--dump-info", dest = 'DumpInfo', action = "store_true",
237 help = "Display FMP Payload Header information")
238 #
239 # Add optional arguments for this command
240 #
241 parser.add_argument ("--capflag", dest = 'CapsuleFlag', action='append', default = [],
242 choices=['PersistAcrossReset', 'PopulateSystemTable', 'InitiateReset'],
243 help = "Capsule flag can be PersistAcrossReset, or PopulateSystemTable or InitiateReset or not set")
244 parser.add_argument ("--capoemflag", dest = 'CapsuleOemFlag', type = ValidateUnsignedInteger, default = 0x0000,
245 help = "Capsule OEM Flag is an integer between 0x0000 and 0xffff.")
246
247 parser.add_argument ("--guid", dest = 'Guid', type = ValidateRegistryFormatGuid,
248 help = "The FMP/ESRT GUID in registry format. Required for encode operations.")
249 parser.add_argument ("--hardware-instance", dest = 'HardwareInstance', type = ValidateUnsignedInteger, default = 0x0000000000000000,
250 help = "The 64-bit hardware instance. The default is 0x0000000000000000")
251
252
253 parser.add_argument ("--monotonic-count", dest = 'MonotonicCount', type = ValidateUnsignedInteger, default = 0x0000000000000000,
254 help = "64-bit monotonic count value in header. Default is 0x0000000000000000.")
255
256 parser.add_argument ("--fw-version", dest = 'FwVersion', type = ValidateUnsignedInteger,
257 help = "The 32-bit version of the binary payload (e.g. 0x11223344 or 5678).")
258 parser.add_argument ("--lsv", dest = 'LowestSupportedVersion', type = ValidateUnsignedInteger,
259 help = "The 32-bit lowest supported version of the binary payload (e.g. 0x11223344 or 5678).")
260
261 parser.add_argument ("--pfx-file", dest='SignToolPfxFile', type=argparse.FileType('rb'),
262 help="signtool PFX certificate filename.")
263
264 parser.add_argument ("--signer-private-cert", dest='OpenSslSignerPrivateCertFile', type=argparse.FileType('rb'),
265 help="OpenSSL signer private certificate filename.")
266 parser.add_argument ("--other-public-cert", dest='OpenSslOtherPublicCertFile', type=argparse.FileType('rb'),
267 help="OpenSSL other public certificate filename.")
268 parser.add_argument ("--trusted-public-cert", dest='OpenSslTrustedPublicCertFile', type=argparse.FileType('rb'),
269 help="OpenSSL trusted public certificate filename.")
270
271 parser.add_argument ("--signing-tool-path", dest = 'SigningToolPath',
272 help = "Path to signtool or OpenSSL tool. Optional if path to tools are already in PATH.")
273
274 #
275 # Add optional arguments common to all operations
276 #
277 parser.add_argument ('--version', action='version', version='%(prog)s ' + __version__)
278 parser.add_argument ("-v", "--verbose", dest = 'Verbose', action = "store_true",
279 help = "Turn on verbose output with informational messages printed, including capsule headers and warning messages.")
280 parser.add_argument ("-q", "--quiet", dest = 'Quiet', action = "store_true",
281 help = "Disable all messages except fatal errors.")
282 parser.add_argument ("--debug", dest = 'Debug', type = int, metavar = '[0-9]', choices = range (0, 10), default = 0,
283 help = "Set debug level")
284
285 #
286 # Parse command line arguments
287 #
288 args = parser.parse_args()
289
290 #
291 # Perform additional argument verification
292 #
293 if args.Encode:
294 if args.Guid is None:
295 parser.error ('the following option is required: --guid')
296 if 'PersistAcrossReset' not in args.CapsuleFlag:
297 if 'PopulateSystemTable' in args.CapsuleFlag:
298 parser.error ('--capflag PopulateSystemTable also requires --capflag PersistAcrossReset')
299 if 'InitiateReset' in args.CapsuleFlag:
300 parser.error ('--capflag InitiateReset also requires --capflag PersistAcrossReset')
301 if args.CapsuleOemFlag > 0xFFFF:
302 parser.error ('--capoemflag must be an integer between 0x0000 and 0xffff')
303 if args.HardwareInstance > 0xFFFFFFFFFFFFFFFF:
304 parser.error ('--hardware-instance must be an integer in range 0x0..0xffffffffffffffff')
305 if args.MonotonicCount > 0xFFFFFFFFFFFFFFFF:
306 parser.error ('--monotonic-count must be an integer in range 0x0..0xffffffffffffffff')
307
308 UseSignTool = args.SignToolPfxFile is not None
309 UseOpenSsl = (args.OpenSslSignerPrivateCertFile is not None and
310 args.OpenSslOtherPublicCertFile is not None and
311 args.OpenSslTrustedPublicCertFile is not None)
312 AnyOpenSsl = (args.OpenSslSignerPrivateCertFile is not None or
313 args.OpenSslOtherPublicCertFile is not None or
314 args.OpenSslTrustedPublicCertFile is not None)
315 if args.Encode or args.Decode:
316 if args.OutputFile is None:
317 parser.error ('the following option is required for all encode and decode operations: --output')
318
319 if UseSignTool and AnyOpenSsl:
320 parser.error ('Providing both signtool and OpenSSL options is not supported')
321 if not UseSignTool and not UseOpenSsl and AnyOpenSsl:
322 parser.error ('all the following options are required for OpenSSL: --signer-private-cert, --other-public-cert, --trusted-public-cert')
323 if UseSignTool and platform.system() != 'Windows':
324 parser.error ('Use of signtool is not supported on this operating system.')
325 if args.Encode and (UseSignTool or UseOpenSsl):
326 if args.FwVersion is None or args.LowestSupportedVersion is None:
327 parser.error ('the following options are required: --fw-version, --lsv')
328 if args.FwVersion > 0xFFFFFFFF:
329 parser.error ('--fw-version must be an integer in range 0x0..0xffffffff')
330 if args.LowestSupportedVersion > 0xFFFFFFFF:
331 parser.error ('--lsv must be an integer in range 0x0..0xffffffff')
332
333 if UseSignTool:
334 args.SignToolPfxFile.close()
335 args.SignToolPfxFile = args.SignToolPfxFile.name
336 if UseOpenSsl:
337 args.OpenSslSignerPrivateCertFile.close()
338 args.OpenSslOtherPublicCertFile.close()
339 args.OpenSslTrustedPublicCertFile.close()
340 args.OpenSslSignerPrivateCertFile = args.OpenSslSignerPrivateCertFile.name
341 args.OpenSslOtherPublicCertFile = args.OpenSslOtherPublicCertFile.name
342 args.OpenSslTrustedPublicCertFile = args.OpenSslTrustedPublicCertFile.name
343
344 #
345 # Read binary input file
346 #
347 try:
348 if args.Verbose:
349 print ('Read binary input file {File}'.format (File = args.InputFile.name))
350 Buffer = args.InputFile.read ()
351 args.InputFile.close ()
352 except:
353 print ('GenerateCapsule: error: can not read binary input file {File}'.format (File = args.InputFile.name))
354 sys.exit (1)
355
356 #
357 # Create objects
358 #
359 UefiCapsuleHeader = UefiCapsuleHeaderClass ()
360 FmpCapsuleHeader = FmpCapsuleHeaderClass ()
361 FmpAuthHeader = FmpAuthHeaderClass ()
362 FmpPayloadHeader = FmpPayloadHeaderClass ()
363
364 if args.Encode:
365 Result = Buffer
366 if UseSignTool or UseOpenSsl:
367 try:
368 FmpPayloadHeader.FwVersion = args.FwVersion
369 FmpPayloadHeader.LowestSupportedVersion = args.LowestSupportedVersion
370 FmpPayloadHeader.Payload = Result
371 Result = FmpPayloadHeader.Encode ()
372 if args.Verbose:
373 FmpPayloadHeader.DumpInfo ()
374 except:
375 print ('GenerateCapsule: error: can not encode FMP Payload Header')
376 sys.exit (1)
377
378 #
379 # Sign image with 64-bit MonotonicCount appended to end of image
380 #
381 try:
382 if UseSignTool:
383 CertData = SignPayloadSignTool (
384 Result + struct.pack ('<Q', args.MonotonicCount),
385 args.SigningToolPath,
386 args.SignToolPfxFile
387 )
388 else:
389 CertData = SignPayloadOpenSsl (
390 Result + struct.pack ('<Q', args.MonotonicCount),
391 args.SigningToolPath,
392 args.OpenSslSignerPrivateCertFile,
393 args.OpenSslOtherPublicCertFile,
394 args.OpenSslTrustedPublicCertFile
395 )
396 except:
397 print ('GenerateCapsule: error: can not sign payload')
398 raise
399 sys.exit (1)
400
401 try:
402 FmpAuthHeader.MonotonicCount = args.MonotonicCount
403 FmpAuthHeader.CertData = CertData
404 FmpAuthHeader.Payload = Result
405 Result = FmpAuthHeader.Encode ()
406 if args.Verbose:
407 FmpAuthHeader.DumpInfo ()
408 except:
409 print ('GenerateCapsule: error: can not encode FMP Auth Header')
410 sys.exit (1)
411
412 try:
413 FmpCapsuleHeader.AddPayload (args.Guid, Result, HardwareInstance = args.HardwareInstance)
414 Result = FmpCapsuleHeader.Encode ()
415 if args.Verbose:
416 FmpCapsuleHeader.DumpInfo ()
417 except:
418 print ('GenerateCapsule: error: can not encode FMP Capsule Header')
419 sys.exit (1)
420
421 try:
422 UefiCapsuleHeader.OemFlags = args.CapsuleOemFlag
423 UefiCapsuleHeader.PersistAcrossReset = 'PersistAcrossReset' in args.CapsuleFlag
424 UefiCapsuleHeader.PopulateSystemTable = 'PopulateSystemTable' in args.CapsuleFlag
425 UefiCapsuleHeader.InitiateReset = 'InitiateReset' in args.CapsuleFlag
426 UefiCapsuleHeader.Payload = Result
427 Result = UefiCapsuleHeader.Encode ()
428 if args.Verbose:
429 UefiCapsuleHeader.DumpInfo ()
430 except:
431 print ('GenerateCapsule: error: can not encode UEFI Capsule Header')
432 sys.exit (1)
433
434 elif args.Decode:
435 try:
436 Result = UefiCapsuleHeader.Decode (Buffer)
437 FmpCapsuleHeader.Decode (Result)
438 Result = FmpCapsuleHeader.GetFmpCapsuleImageHeader (0).Payload
439 if args.Verbose:
440 print ('========')
441 UefiCapsuleHeader.DumpInfo ()
442 print ('--------')
443 FmpCapsuleHeader.DumpInfo ()
444 if UseSignTool or UseOpenSsl:
445 Result = FmpAuthHeader.Decode (Result)
446
447 #
448 # Verify Image with 64-bit MonotonicCount appended to end of image
449 #
450 try:
451 if UseSignTool:
452 CertData = VerifyPayloadSignTool (
453 FmpAuthHeader.Payload + struct.pack ('<Q', FmpAuthHeader.MonotonicCount),
454 FmpAuthHeader.CertData,
455 args.SigningToolPath,
456 args.SignToolPfxFile
457 )
458 else:
459 CertData = VerifyPayloadOpenSsl (
460 FmpAuthHeader.Payload + struct.pack ('<Q', FmpAuthHeader.MonotonicCount),
461 FmpAuthHeader.CertData,
462 args.SigningToolPath,
463 args.OpenSslSignerPrivateCertFile,
464 args.OpenSslOtherPublicCertFile,
465 args.OpenSslTrustedPublicCertFile
466 )
467 except ValueError:
468 print ('GenerateCapsule: warning: can not verify payload.')
469
470 Result = FmpPayloadHeader.Decode (Result)
471 if args.Verbose:
472 print ('--------')
473 FmpAuthHeader.DumpInfo ()
474 print ('--------')
475 FmpPayloadHeader.DumpInfo ()
476 else:
477 if args.Verbose:
478 print ('--------')
479 print ('No EFI_FIRMWARE_IMAGE_AUTHENTICATION')
480 print ('--------')
481 print ('No FMP_PAYLOAD_HEADER')
482 if args.Verbose:
483 print ('========')
484 except:
485 print ('GenerateCapsule: error: can not decode capsule')
486 raise
487 sys.exit (1)
488
489 elif args.DumpInfo:
490 try:
491 Result = UefiCapsuleHeader.Decode (Buffer)
492 FmpCapsuleHeader.Decode (Result)
493 Result = FmpCapsuleHeader.GetFmpCapsuleImageHeader (0).Payload
494 print ('========')
495 UefiCapsuleHeader.DumpInfo ()
496 print ('--------')
497 FmpCapsuleHeader.DumpInfo ()
498 try:
499 Result = FmpAuthHeader.Decode (Result)
500 Result = FmpPayloadHeader.Decode (Result)
501 print ('--------')
502 FmpAuthHeader.DumpInfo ()
503 print ('--------')
504 FmpPayloadHeader.DumpInfo ()
505 except:
506 print ('--------')
507 print ('No EFI_FIRMWARE_IMAGE_AUTHENTICATION')
508 print ('--------')
509 print ('No FMP_PAYLOAD_HEADER')
510 print ('========')
511 except:
512 print ('GenerateCapsule: error: can not decode capsule')
513 sys.exit (1)
514 else:
515 print('GenerateCapsule: error: invalid options')
516 sys.exit (1)
517
518 #
519 # Write binary output file
520 #
521 if args.OutputFile is not None:
522 try:
523 if args.Verbose:
524 print ('Write binary output file {File}'.format (File = args.OutputFile.name))
525 args.OutputFile.write (Result)
526 args.OutputFile.close ()
527 except:
528 print ('GenerateCapsule: error: can not write binary output file {File}'.format (File = args.OutputFile.name))
529 sys.exit (1)
530
531 if args.Verbose:
532 print('Success')