Image of Modern Operating Systems (3rd Edition)
Image of Advanced Programming in the UNIX Environment, Second Edition (Addison-Wesley Professional Computing Series)
Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)
Image of Beginning Google Maps API 3

Using the EFI_SHELL_PROTOCOL To Read a File

In this post, I provide the source code for a working UEFI shell application which displays the contents of an ASCII file using functionality provided by the EFI_SHELL_PROTOCOL protocol. The current version of the EFI_SHELL_PROTOCOL is 2.1 and here are the exposed protocol interfaces: typedef struct _EFI_SHELL_PROTOCOL { EFI_SHELL_EXECUTE Execute; EFI_SHELL_GET_ENV GetEnv; EFI_SHELL_SET_ENV SetEnv; EFI_SHELL_GET_ALIAS GetAlias; EFI_SHELL_SET_ALIAS SetAlias; EFI_SHELL_GET_HELP_TEXT GetHelpText; EFI_SHELL_GET_DEVICE_PATH_FROM_MAP GetDevicePathFromMap; EFI_SHELL_GET_MAP_FROM_DEVICE_PATH GetMapFromDevicePath; EFI_SHELL_GET_DEVICE_PATH_FROM_FILE_PATH GetDevicePathFromFilePath; EFI_SHELL_GET_FILE_PATH_FROM_DEVICE_PATH GetFilePathFromDevicePath; EFI_SHELL_SET_MAP SetMap; EFI_SHELL_GET_CUR_DIR GetCurDir; EFI_SHELL_SET_CUR_DIR SetCurDir; EFI_SHELL_OPEN_FILE_LIST OpenFileList; EFI_SHELL_FREE_FILE_LIST FreeFileList; EFI_SHELL_REMOVE_DUP_IN_FILE_LIST RemoveDupInFileList; EFI_SHELL_BATCH_IS_ACTIVE BatchIsActive; EFI_SHELL_IS_ROOT_SHELL IsRootShell; EFI_SHELL_ENABLE_PAGE_BREAK EnablePageBreak; EFI_SHELL_DISABLE_PAGE_BREAK DisablePageBreak; EFI_SHELL_GET_PAGE_BREAK GetPageBreak; EFI_SHELL_GET_DEVICE_NAME GetDeviceName; EFI_SHELL_GET_FILE_INFO GetFileInfo; EFI_SHELL_SET_FILE_INFO SetFileInfo; EFI_SHELL_OPEN_FILE_BY_NAME OpenFileByName; EFI_SHELL_CLOSE_FILE CloseFile;

UEFI Utility to Read TPM 2.0 PCRs

In a previous post, I discussed how to retrieve Platform Configuration Register (PCR) values from a discrete TPM (Trusted Platform Module) 1.2 chip (dTPM 1.2) and provided source code for a UEFI shell utility to display the digests from the first 16 PCRs. In this post, I discuss a number of key TPM 2.0 features and provide the source code for a UEFI shell utility to display the digests from the first 24 PCRs of a TPM 2.0 implementation. What is driving the move to TPM 2.0? Simple, TPM 1.2 ((ISO/IEC 11889) only supports one hash algorithm, i.e. SHA1, and

UEFI Utility to Read TPM 1.2 PCRs

A Trusted Platform Module (TPM) supports many security functions including a number of special registers called Platform Configuration Registers (PCRs) which can hold data in a shielded location in a manner that prevents tampering or spoofing. A PCR is a 20-byte register. which incidentally is the length of a SHA-1 (Secure Hash Algorithm) hash. Most modern TPMs have 24 or even more PCRs; older ones have 16 PCRs. The TPM 1.2 specification, developed by the Trusted Computing Group (TCG) only requires 16 PCRs. Typically PCRs are used to store measurements. Measurements can be of code, data structures, configuration, information, or

Use 010 Editor to Obtain Header Fields From Intel Microcode Binary Files

In my last blog post, I used the well-known 010 text and hex editor (010 Editor) to examine both the documented and the undocumented header of individual Intel microcode binary blobs which I extracted from a Lenovo T450 firmware update file. I decided to see how easy or difficult it was to use the 010 Editor to output a single of header information for a group of Intel microcode blobs, i.e. all five binary blobs extracted from the Lenovo firmware update using UEFItool. This post describes my experience. Originally I hoped to be able to just write a simple 010

Examining Intel Microcode in Lenovo Firmware Updates

Recently, I decided to examine the contents of a Lenovo T450 firmware update before installing the firmware update and noticed that it included a number of Intel processor microcode updates. This blog post explores what information you can glean from these microcode updates and confirms the existence of an additional undocumented header in Intel microcode updates which was initially described by Chen and Ahn in their December 2014 paper Security Analysis of x86 Processor Microcode. Here is the contents of the latest firmware update (as of November 2016) for the Lenovo T450 laptop. It is a self extracting executable named