diff --git a/chipsec/modules/common/ia32cfg.py b/chipsec/modules/common/ia32cfg.py index fdabe7d404..9673b7ee23 100644 --- a/chipsec/modules/common/ia32cfg.py +++ b/chipsec/modules/common/ia32cfg.py @@ -46,6 +46,7 @@ class ia32cfg(BaseModule): def __init__(self): BaseModule.__init__(self) + self.rc_res = ModuleResult(0xcc8cd5d, 'https://chipsec.github.io/modules/chipsec.modules.common.ia32cfg.html') self.res = ModuleResult.PASSED def is_supported(self): @@ -55,7 +56,8 @@ def is_supported(self): self.logger.log_important('Ia32FeatureControlLock control not defined for platform. Skipping module.') else: self.logger.log_important('IA32_FEATURE_CONTROL register not defined for platform. Skipping module.') - self.res = ModuleResult.NOTAPPLICABLE + self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_ia32feature_control(self): @@ -70,13 +72,15 @@ def check_ia32feature_control(self): self.logger.log("[*] cpu{:d}: IA32_FEATURE_CONTROL Lock = {:d}".format(tid, feature_cntl_lock)) if 0 == feature_cntl_lock: res = ModuleResult.FAILED + self.rc_res.setStatusBit(self.rc_res.status.LOCKS) + if res == ModuleResult.PASSED: self.logger.log_passed("IA32_FEATURE_CONTROL MSR is locked on all logical CPUs") else: self.logger.log_failed("IA32_FEATURE_CONTROL MSR is not locked on all logical CPUs") - return res + return self.rc_res.getReturnCode(res) def run(self, module_argv): self.logger.start_test("IA32 Feature Control Lock") diff --git a/chipsec/modules/common/me_mfg_mode.py b/chipsec/modules/common/me_mfg_mode.py index aee55a5e40..916d135116 100755 --- a/chipsec/modules/common/me_mfg_mode.py +++ b/chipsec/modules/common/me_mfg_mode.py @@ -99,13 +99,15 @@ class me_mfg_mode(BaseModule): def __init__(self): BaseModule.__init__(self) + self.rc_res = ModuleResult(0x98e5e8c, 'https://chipsec.github.io/modules/chipsec.modules.common.me_mfg_mode.html') def is_supported(self): if self.cs.is_device_enabled("MEI1"): return True else: self.logger.log_important('MEI1 not enabled. Skipping module.') - self.res = ModuleResult.NOTAPPLICABLE + self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_me_mfg_mode(self): @@ -118,8 +120,10 @@ def check_me_mfg_mode(self): self.logger.log_passed("ME is not in Manufacturing Mode") else: self.logger.log_failed("ME is in Manufacturing Mode") + self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) + + return self.rc_res.getReturnCode(me_mfg_mode_res) - return me_mfg_mode_res def run(self, module_argv): self.logger.start_test("ME Manufacturing Mode") diff --git a/chipsec/modules/common/memconfig.py b/chipsec/modules/common/memconfig.py index 0d20ee55a4..e273e3be3e 100644 --- a/chipsec/modules/common/memconfig.py +++ b/chipsec/modules/common/memconfig.py @@ -44,6 +44,7 @@ class memconfig(BaseModule): def __init__(self): BaseModule.__init__(self) + self.rc_res = ModuleResult(0x9feb705, 'https://chipsec.github.io/modules/chipsec.modules.common.memconfig.html') self.memmap_registers = { "PCI0.0.0_GGC": 'GGCLOCK', "PCI0.0.0_PAVPC": 'PAVPLCK', @@ -66,7 +67,8 @@ def is_supported(self): self.logger.log_important("Not a 'Core' (Desktop) platform. Skipping test.") else: self.logger.log_important("Not an Intel platform. Skipping test.") - self.res = ModuleResult.NOTAPPLICABLE + self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_memmap_locks(self): @@ -115,8 +117,9 @@ def check_memmap_locks(self): else: res = ModuleResult.FAILED self.logger.log_failed("Not all memory map registers are locked down") + self.rc_res.setStatusBit(self.rc_res.status.LOCKS) - return res + return self.rc_res.getReturnCode(res) def run(self, module_argv): self.logger.start_test("Host Bridge Memory Map Locks") diff --git a/chipsec/modules/common/memlock.py b/chipsec/modules/common/memlock.py index 1f841df490..cff7fcca2b 100644 --- a/chipsec/modules/common/memlock.py +++ b/chipsec/modules/common/memlock.py @@ -51,6 +51,7 @@ class memlock(BaseModule): def __init__(self): BaseModule.__init__(self) + self.rc_res = ModuleResult(0x4e16e90, 'https://chipsec.github.io/modules/chipsec.modules.common.memlock.html') self.is_read_error = False def is_supported(self): @@ -63,7 +64,8 @@ def is_supported(self): self.logger.log_important("'MSR_LT_LOCK_MEMORY.LT_LOCK' not defined for platform. Skipping module.") else: self.logger.log_important('Found an Atom based platform. Skipping module.') - self.res = ModuleResult.NOTAPPLICABLE + self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_MSR_LT_LOCK_MEMORY(self): @@ -93,11 +95,14 @@ def run(self, module_argv): self.logger.log_error('There was a problem reading MSR_LT_LOCK_MEMORY.') self.logger.log_important('Possible the environment or a platform feature is preventing these reads.') self.res = ModuleResult.ERROR + self.rc_res.setStatusBit(self.rc_res.status.ACCESS_RW) elif check_MSR_LT_LOCK_MEMORY_test_fail == True: self.logger.log_failed("MSR_LT_LOCK_MEMORY.LT_LOCK bit is not configured correctly") self.res = ModuleResult.FAILED + self.rc_res.setStatusBit(self.rc_res.status.LOCKS) else: self.logger.log_passed('MSR_LT_LOCK_MEMORY.LT_LOCK bit is set') self.res = ModuleResult.PASSED - return self.res + return self.rc_res.getReturnCode(self.res) + diff --git a/chipsec/modules/common/rtclock.py b/chipsec/modules/common/rtclock.py index e858df3559..6eb32e148d 100644 --- a/chipsec/modules/common/rtclock.py +++ b/chipsec/modules/common/rtclock.py @@ -50,6 +50,7 @@ class rtclock(BaseModule): def __init__(self): BaseModule.__init__(self) self.cmos = CMOS(self.cs) + self.rc_res = ModuleResult(0xb305218, 'https://chipsec.github.io/modules/chipsec.modules.common.rtclock.html') self.user_request = False self.test_offset = 0x38 self.test_value = 0xAA @@ -61,7 +62,8 @@ def is_supported(self): self.logger.log_important('RC register not defined for platform. Skipping module.') else: self.logger.log_important('Not a Core platform. Skipping check.') - self.res = ModuleResult.NOTAPPLICABLE + self.rc_res.setStatusBit(self.rc_res.status.NOT_APPLICABLE) + self.res = self.rc_res.getReturnCode(ModuleResult.NOTAPPLICABLE) return False def check_rtclock(self): @@ -97,7 +99,8 @@ def check_rtclock(self): self.logger.log_important("Unable to test lock bits without attempting to modify CMOS.") self.logger.log("[*] Run chipsec_main manually with the following commandline flags.") self.logger.log("[*] python chipsec_main -m common.rtclock -a modify") - return ModuleResult.WARNING + self.rc_res.setStatusBit(self.rc_res.status.VERIFY) + return self.rc_res.getReturnCode(ModuleResult.WARNING) if ll == 1: self.logger.log_good("Protected bytes (0x38-0x3F) in low 128-byte bank of RTC memory are locked") @@ -113,9 +116,10 @@ def check_rtclock(self): self.logger.log_passed("Protected locations in RTC memory are locked") else: res = ModuleResult.WARNING + self.rc_res.setStatusBit(self.rc_res.status.POTENTIALLY_VULNERABLE) self.logger.log_warning("Protected locations in RTC memory are accessible (BIOS may not be using them)") - return res + return self.rc_res.getReturnCode(res) def run(self, module_argv): self.logger.start_test("Protected RTC memory locations")