From: Holtsclaw, Brent <brent.holtsclaw@intel.com>
To: chipsec@lists.01.org
Subject: Re: chipsec-1.5.0 in EFI Shell
Date: Thu, 28 May 2020 22:24:38 +0000 [thread overview]
Message-ID: <MW3PR11MB474641BA71F016C61E503DC0FB8E0@MW3PR11MB4746.namprd11.prod.outlook.com> (raw)
In-Reply-To: <856ed774-1177-2836-c57d-2abc80201df8@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4013 bytes --]
Did you follow the instructions from https://github.com/chipsec/chipsec/wiki/Creating-a-Bootable-USB-drive-with-UEFI-Shell? They should have enough information to help out. It sounds like UEFI SHELL is not the problem in this case. Can you elaborate on the python that you are using. There is a python.efi module within the chipsec_uefi zipfile. Python has been modified to include some chipsec specific commands with chipsec. There are steps to reproduce the build, however I'm not sure that they work with the latest EDK and you may need to build from an older version. To my knowledge the code within chipsec is still compatible with python2 at this point and you should be able to use 1.5.0. If you can run chipsec with the debug flag and let us know where it is failing that would help.
Thanks,
Brent
-----Original Message-----
From: Blibbet <blibbet@gmail.com>
Sent: Thursday, May 28, 2020 2:55 PM
To: Vorname Nachname <ldevlzero@gmail.com>
Cc: chipsec(a)lists.01.org
Subject: [chipsec] Re: chipsec-1.5.0 in EFI Shell
What UEFI Shell are you using? "EFI Shell" may mean an ancient one. I think I recall some thread where someone was trying to get CHIPSEC running using an old (1.x?) OEM's shell (Apple?), and they had to provide their own instead. There is an older and a newer UEFI Shell.
You should also include info about other Python code you were able to successfully run in this EFI Shell. Maybe CHIPSEC is not the issue, the issue is your EFI Shell and Python.
Instead of building your own UEFI Python, what happens when you use the CHIPSEC instructions and use their supplied python.efi? Wasn't there some special CHIPSEC-centric options needed to build Python with? If so, that should be clarified better in build docs.
(Granted, it sucks having a security tool ship a pre-compiled Python binary in their source tree, built in an unknown manner, with no checksums, and no reproducable builds, and have the tool rely on this for determining platform security. But that's another issue...)
Intel has abandoned CPython V2 for UEFI patch, and is instead is working on MicroPython for UEFI (which has some Python V3 support). Though Python V2 is deprecated and most of world has moved to Python V3, CHIPSEC team is still using/bundling CPython V2, and hasn't switched over to using/relying-on/bundling MicroPython for UEFI.
FWIW, I rarely see replies from the team for support questions on this mailing list nor the Google Groups lists. It I was looking for a reply, I'd file a Github issue (and include more info), or use Twitter.
You might want to clarify that you're trying to run this on an Intel system, not another ISA (like AMD or ARM or RISC-V), as that'd also not work.
HTH,
Lee
On 5/28/20 7:36 AM, Vorname Nachname wrote:
> Hello,
>
> I tried to run chipsec-1.5.0 in EFI Shell without operating system but
> unfortunately it doesn't run in the EFI Shell. I ran these commands:
>
> Shell> fs0:
> FS0:\> python -^# chipsec_main.py -m debugenabled
>
> This results in a traceback with the last file chipsec/defines.py
> called function get_version().
>
> OSError: [Errno 22] Invalud argument: 'FS0:FS0:chipsec'
>
> After that I compiled python 2.7.2 and python 2.7.10 from edk2 package
> version edk2-stable201903. This is the last package version with
> pyhton inside. With this version of pyhton I received another error
> message with the last line:
>
> ImportError: No module named expat; use SimpleXMLTreeBuilder instead.
>
> What is the best way to start the latest version of chipsec in the EFI
> Shell? What version of EFI Shell and pyhton is required?
>
> best wishes
> Philipp
>
>
> _______________________________________________
> chipsec mailing list -- chipsec(a)lists.01.org To unsubscribe send an
> email to chipsec-leave(a)lists.01.org
_______________________________________________
chipsec mailing list -- chipsec(a)lists.01.org To unsubscribe send an email to chipsec-leave(a)lists.01.org
next prev parent reply other threads:[~2020-05-28 22:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-28 14:36 chipsec-1.5.0 in EFI Shell Vorname Nachname
2020-05-28 21:54 ` Blibbet
2020-05-28 22:24 ` Holtsclaw, Brent [this message]
[not found] <CAPwg83iAx0xpQ3kUJ1ELfaEbkaof6yuOc4uhVMhtXjQkEVrNoA@mail.gmail.com>
2020-05-29 15:16 ` Vorname Nachname
2020-06-05 9:14 ` Vorname Nachname
2020-06-05 18:33 ` Holtsclaw, Brent
2020-06-08 14:00 ` Vorname Nachname
2020-12-29 17:59 ` Holtsclaw, Brent
2021-01-04 15:53 ` Abu Cishubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW3PR11MB474641BA71F016C61E503DC0FB8E0@MW3PR11MB4746.namprd11.prod.outlook.com \
--to=brent.holtsclaw@intel.com \
--cc=chipsec@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).