uefi.py

ofrak.core.uefi

Uefi (FilesystemRoot, Pe) dataclass

Filesystem extracted from a UEFI binary.

UefiUnpacker (Unpacker)

Extracts components from UEFI (Unified Extensible Firmware Interface) firmware binaries, which contain multiple nested firmware volumes, files, and sections. Note that current limitations prevent repacking after modification. Use when analyzing UEFI firmware for security research, examining firmware updates, or extracting embedded drivers and applications.

unpack(self, resource, config=None) async

Unpack the given resource.

Users should not call this method directly; rather, they should run Resource.run or Resource.unpack.

Parameters:

Name	Type	Description	Default
resource	Resource	The resource that is being unpacked	required
config		Optional config for unpacking. If an implementation provides a default, this default will always be used when config would otherwise be None. Note that a copy of the default config will be passed, so the default config values cannot be modified persistently by a component run.	None

Source code in ofrak/core/uefi.py

async def unpack(self, resource: Resource, config=None):
    ROM_FILE = "uefi.rom"

    with tempfile.TemporaryDirectory() as temp_flush_dir:
        # uefiextract always outputs to the CWD, so we must run this command from the temp dir to not leave behind artifacts
        os.chdir(temp_flush_dir)
        await resource.flush_data_to_disk(ROM_FILE)
        cmd = [
            "uefiextract",
            ROM_FILE,
        ]
        proc = await asyncio.create_subprocess_exec(
            *cmd,
        )
        returncode = await proc.wait()
        if proc.returncode:
            raise CalledProcessError(returncode=returncode, cmd=cmd)

        uefi_view = await resource.view_as(Uefi)
        await uefi_view.initialize_from_disk(os.path.join(temp_flush_dir, f"{ROM_FILE}.dump"))