Add return codes support to ia32cfg, me_mfg_mode, memconfig, memlock,…

… rtclock

Signed-off-by: Sae86 <[email protected]>

chipsec/modules/common/ia32cfg.py

@@ -46,6 +46,7 @@
 class ia32cfg(BaseModule):
     def __init__(self):
         BaseModule.__init__(self)
+        self.rc_res = ModuleResult(0xcc8cd5d, 'https://chipsec.github.io/modules/chipsec.modules.common.ia32cfg.html')
         self.res = ModuleResult.PASSED
 
     def is_supported(self):
@@ -55,7 +56,8 @@ def is_supported(self):
             self.logger.log_important('Ia32FeatureControlLock control not defined for platform.  Skipping module.')
         else:
             self.logger.log_important('IA32_FEATURE_CONTROL register not defined for platform.  Skipping module.')
-        self.res = ModuleResult.NOTAPPLICABLE
+        self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE)
+        self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE)
         return False
 
     def check_ia32feature_control(self):
@@ -70,13 +72,15 @@ def check_ia32feature_control(self):
             self.logger.log("[*] cpu{:d}: IA32_FEATURE_CONTROL Lock = {:d}".format(tid, feature_cntl_lock))
             if 0 == feature_cntl_lock:
                 res = ModuleResult.FAILED
+                self.rc_res.setStatusBit(self.rc_res.status.LOCKS)
+
 
         if res == ModuleResult.PASSED:
             self.logger.log_passed("IA32_FEATURE_CONTROL MSR is locked on all logical CPUs")
         else:
             self.logger.log_failed("IA32_FEATURE_CONTROL MSR is not locked on all logical CPUs")
 
-        return res
+        return self.rc_res.getReturnCode(res)
 
     def run(self, module_argv):
         self.logger.start_test("IA32 Feature Control Lock")

chipsec/modules/common/me_mfg_mode.py

@@ -99,13 +99,15 @@ class me_mfg_mode(BaseModule):
 
     def __init__(self):
         BaseModule.__init__(self)
+        self.rc_res = ModuleResult(0x98e5e8c, 'https://chipsec.github.io/modules/chipsec.modules.common.me_mfg_mode.html')
 
     def is_supported(self):
         if self.cs.is_device_enabled("MEI1"):
             return True
         else:
             self.logger.log_important('MEI1 not enabled.  Skipping module.')
-            self.res = ModuleResult.NOTAPPLICABLE
+            self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE)
+            self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE)
             return False
 
     def check_me_mfg_mode(self):
@@ -118,8 +120,10 @@ def check_me_mfg_mode(self):
             self.logger.log_passed("ME is not in Manufacturing Mode")
         else:
             self.logger.log_failed("ME is in Manufacturing Mode")
+            self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE)
+
+        return self.rc_res.getReturnCode(me_mfg_mode_res)
 
-        return me_mfg_mode_res
 
     def run(self, module_argv):
         self.logger.start_test("ME Manufacturing Mode")

chipsec/modules/common/memconfig.py

@@ -44,6 +44,7 @@ class memconfig(BaseModule):
 
     def __init__(self):
         BaseModule.__init__(self)
+        self.rc_res = ModuleResult(0x9feb705, 'https://chipsec.github.io/modules/chipsec.modules.common.memconfig.html')
         self.memmap_registers = {
             "PCI0.0.0_GGC": 'GGCLOCK',
             "PCI0.0.0_PAVPC": 'PAVPLCK',
@@ -66,7 +67,8 @@ def is_supported(self):
             self.logger.log_important("Not a 'Core' (Desktop) platform.  Skipping test.")
         else:
             self.logger.log_important("Not an Intel platform.  Skipping test.")
-        self.res = ModuleResult.NOTAPPLICABLE
+        self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE)
+        self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE)
         return False
 
     def check_memmap_locks(self):
@@ -115,8 +117,9 @@ def check_memmap_locks(self):
         else:
             res = ModuleResult.FAILED
             self.logger.log_failed("Not all memory map registers are locked down")
+            self.rc_res.setStatusBit(self.rc_res.status.LOCKS)
 
-        return res
+        return self.rc_res.getReturnCode(res)
 
     def run(self, module_argv):
         self.logger.start_test("Host Bridge Memory Map Locks")

chipsec/modules/common/memlock.py

@@ -51,6 +51,7 @@ class memlock(BaseModule):
 
     def __init__(self):
         BaseModule.__init__(self)
+        self.rc_res = ModuleResult(0x4e16e90, 'https://chipsec.github.io/modules/chipsec.modules.common.memlock.html')
         self.is_read_error = False
 
     def is_supported(self):
@@ -63,7 +64,8 @@ def is_supported(self):
                 self.logger.log_important("'MSR_LT_LOCK_MEMORY.LT_LOCK' not defined for platform.  Skipping module.")
         else:
             self.logger.log_important('Found an Atom based platform.  Skipping module.')
-        self.res = ModuleResult.NOTAPPLICABLE
+        self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE)
+        self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE)
         return False
 
     def check_MSR_LT_LOCK_MEMORY(self):
@@ -93,11 +95,14 @@ def run(self, module_argv):
             self.logger.log_error('There was a problem reading MSR_LT_LOCK_MEMORY.')
             self.logger.log_important('Possible the environment or a platform feature is preventing these reads.')
             self.res = ModuleResult.ERROR
+            self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW)
         elif check_MSR_LT_LOCK_MEMORY_test_fail == True:
             self.logger.log_failed("MSR_LT_LOCK_MEMORY.LT_LOCK bit is not configured correctly")
             self.res = ModuleResult.FAILED
+            self.rc_res.setStatusBit(self.rc_res.status.LOCKS)
         else:
             self.logger.log_passed('MSR_LT_LOCK_MEMORY.LT_LOCK bit is set')
             self.res = ModuleResult.PASSED
 
-        return self.res
+        return self.rc_res.getReturnCode(self.res)
+

chipsec/modules/common/rtclock.py

@@ -50,6 +50,7 @@ class rtclock(BaseModule):
     def __init__(self):
         BaseModule.__init__(self)
         self.cmos = CMOS(self.cs)
+        self.rc_res = ModuleResult(0xb305218, 'https://chipsec.github.io/modules/chipsec.modules.common.rtclock.html')
         self.user_request = False
         self.test_offset = 0x38
         self.test_value = 0xAA
@@ -61,7 +62,8 @@ def is_supported(self):
             self.logger.log_important('RC register not defined for platform.  Skipping module.')
         else:
             self.logger.log_important('Not a Core platform.  Skipping check.')
-        self.res = ModuleResult.NOTAPPLICABLE
+        self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE)
+        self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE)
         return False
 
     def check_rtclock(self):
@@ -97,7 +99,8 @@ def check_rtclock(self):
             self.logger.log_important("Unable to test lock bits without attempting to modify CMOS.")
             self.logger.log("[*] Run chipsec_main manually with the following commandline flags.")
             self.logger.log("[*] python chipsec_main -m common.rtclock -a modify")
-            return ModuleResult.WARNING
+            self.rc_res.setStatusBit(self.rc_res.status.VERIFY)
+            return self.rc_res.getReturnCode(ModuleResult.WARNING)
 
         if ll == 1:
             self.logger.log_good("Protected bytes (0x38-0x3F) in low 128-byte bank of RTC memory are locked")
@@ -113,9 +116,10 @@ def check_rtclock(self):
             self.logger.log_passed("Protected locations in RTC memory are locked")
         else:
             res = ModuleResult.WARNING
+            self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE)
             self.logger.log_warning("Protected locations in RTC memory are accessible (BIOS may not be using them)")
 
-        return res
+        return self.rc_res.getReturnCode(res)
 
     def run(self, module_argv):
         self.logger.start_test("Protected RTC memory locations")