The VolInfo will come in handy for the FD analysis. I think you are correct
and I will look for FV signatures to identify and analyze firmware volumes.
Do you know if firmware settings (such as from tianocore setup screens)
will be saved inside the firmware volumes or specific firmware volumes are
they stored elsewhere? I am trying to ignore this data.
On Wed, Jan 23, 2013 at 5:06 PM, Andrew Fish <[email protected]> wrote:
>
> On Jan 23, 2013, at 1:18 PM, cruxpot <[email protected]> wrote:
>
> Since my last email, I was able to write platform-specific code that can
> access the firmware from an X64 platform and extract it. Is there a way to
> extract and/or dissect the FV or FVs that have the SEC and PEI Core for a
> given .FD or .ROM file (assume I have no corresponding .FDF file and do not
> know the structure)? The goal here is to do some integrity checks on key
> files or modules that are consistent and do not change (unless they are
> updated). I want to ignore sections of the ROM that have volatile data that
> changes frequently such as firmware settings changes, the clock, etc..
> Thanks.
>
>
> There is a command line build tool to dump FVs called VolInfo, and you may
> find this useful.
> https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/BaseTools/Source/C/VolInfo/
>
> I think you are stuck searching the FD for FV headers with the _FVH
> signature, and checksums etc. The FV should define how bigt it is.
> https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/MdePkg/Include/Pi/PiFirmwareVolume.h
>
> In terms of code at the reset vector for ARM the reset vector is usually
> in the ZeroVector of the FV that starts at the magic address. For IA32/X64
> there is a magic file name GUID called EFI_FFS_VOLUME_TOP_FILE_GUID that
> implies the last byte of the file is the last byte of the FV. This
> backwards alignment is used to get code at the magic 0xFFFFFFF0 reset
> vector address.
> https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/MdePkg/Include/Guid/FirmwareFileSystem2.h
>
> SEC, PEI Core, etc are file types in the FV.
>
> Thanks,
>
> Andrew Fish
>
>
> On Mon, Dec 3, 2012 at 5:35 PM, Andrew Fish <[email protected]> wrote:
>
>> UEFI is focused on defining the interfaces to option ROMs and OS loaders,
>> and pushing policy decisions, where possible, in the platform firmware.
>> UEFI tends to not define how the construct the platform Firmware. The UEFI
>> PI specs go into more detail of firmware construction, but mostly so
>> modules can interoperate. PI does not focus on things that are higher level
>> platform firmware features.
>>
>> The PI terminology is FD (Flash Device) and there is no way to access the
>> FD programmatically. The platform firmware produces FVs (Firmware Volumes)
>> out of the FD in PEI (memory discovery/S3) and DXE (EFI services) phases.
>> The FV containing the SEC and PEI Core are often executed directly from the
>> FD, but most other FVs are compressed. This is all done via platform
>> specific code.
>>
>> Andrew Fish
>>
>>
>> On Dec 3, 2012, at 2:24 PM, cruxpot wrote:
>>
>> > Hi there,
>> >
>> > I am wondering if there are any calls in edk2 or the UEFI spec to
>> locate the system's BIOS code and dump it to disk or some other medium. I
>> want to implement this in a UEFI driver. I have seen plenty of information
>> regarding option ROMs in the spec and driver guide but not on the BIOS
>> code. If I missed it, please point me to the right resources.
>> >
>> > Thanks
>> >
>> ------------------------------------------------------------------------------
>> > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>> > Remotely access PCs and mobile devices and provide instant support
>> > Improve your efficiency, and focus on delivering more value-add services
>> > Discover what IT Professionals Know. Rescue delivers
>> >
>> http://p.sf.net/sfu/logmein_12329d2d_______________________________________________
>> > edk2-devel mailing list
>> > [email protected]
>> > https://lists.sourceforge.net/lists/listinfo/edk2-devel
>>
>>
>>
>> ------------------------------------------------------------------------------
>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>> Remotely access PCs and mobile devices and provide instant support
>> Improve your efficiency, and focus on delivering more value-add services
>> Discover what IT Professionals Know. Rescue delivers
>> http://p.sf.net/sfu/logmein_12329d2d
>> _______________________________________________
>> edk2-devel mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
>
> http://p.sf.net/sfu/learnnow-d2d_______________________________________________
>
> edk2-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>
>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________
> edk2-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>
>
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-devel
