Skip to content

CERTCC/cert-uefi-parser

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
stubs
stubs
 
 
uefi_parser
uefi_parser
 
 
.flake8
.flake8
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
mypy.ini
mypy.ini
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

CERT UEFI Parser

The CERT UEFI Parser is a Python-based tool for inspecting firmware ROM images, installers, and related files, especially those associated with UEFI. It combines information from the UEFI specifications with insights from independent firmware research (for example, Igor Skochinsky’s Intel ME work).

Written for Python 3 and built on the Construct parsing framework, the parser is more flexible than the EDK2 reference implementation and is easier to extend to proprietary or experimental data structures. CERT UEFI Parser aims to support all data formats commonly found inside UEFI ROMs, including Portable Executables (PEs) and image structures. The project is free of NDAs or other restrictions; all proprietary formats have been reverse engineered from public information and original analysis.

Installation

The parser depends on the cert-uefi-support package, which provides lower-level decompression and binary utilities. Both packages are now available on PyPI.

Basic installation:

  $ python3 -m venv cert-venv
  $ ./cert-venv/bin/pip install cert-uefi-support cert-uefi-parser

Optional GUI Support (Qt)

GUI support is optional and provided via the PySide6 package. It is a large dependency, so it is not installed by default. To install with the GUI extras:

  $ python3 -m venv cert-venv
  $ ./cert-venv/bin/pip install cert-uefi-support cert-uefi-parser[qt]

Installing from the Official Git Repositories

  $ python3 -m venv cert-venv
  $ ./cert-venv/bin/pip install \
    git+https://github.com/cmu-sei/cert-uefi-support \
    "cert-uefi-parser[qt] @ git+https://github.com/cmu-sei/cert-uefi-parser.git"

Usage

CERT UEFI Parser provides four primary output modes: a graphical interface, an ASCII text display (with ANSI color output enabled by default), a full JSON representation, and a filtered JSON representation containing fields that are useful for generating a Software Bill of Materials (SBOM).

  $ ./cert-venv/bin/cert-uefi-parser --gui {firmware-related-file}
  $ ./cert-venv/bin/cert-uefi-parser --text {firmware-related-file} | less
  $ ./cert-venv/bin/cert-uefi-parser --json {firmware-related-file} >output.json
  $ ./cert-venv/bin/cert-uefi-parser --sbom {firmware-related-file} >output.json

Sample firmware files can typically be obtained by downloading the BIOS or UEFI update tools from your system vendor’s support site. While not all models are guaranteed to be fully supported, many common vendor formats parse successfully, and examining these update files is a good way to begin exploring the parser’s capabilities.

About

CERT UEFI Parser for pypi

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

7 tags

Packages

No packages published

Languages

  • Python 100.0%