PSPTool 是一个用来显示、提取和操作 UEFI 映像中的 PSP 固件的开源工具。
PSPTool是瑞士军刀,用于处理AMD安全处理器(以前称为平台安全处理器或psp)的固件。它将AMD固件定位在UEFI映像中,作为针对AMD平台的BIOS更新的一部分。
它是基于AMD专有文件系统的逆向工程工作,该文件系统用于将固件块打包到UEFI固件映像中。这些通常是16MB大小,可以方便地由uefitool解析。但是,AMD的所有二进制blob都位于uefitool无法分析的填充卷中。
PSPTool可以很好地处理通过BIOS更新获得的UEFI图像。
安装:
git clone https://github.com/cwerling/psptool
cd psptool
sudo python3 setup.py install
命令行参数:
usage: psptool [-h] [-E | -X | -R | -U] file
Display, extract, and manipulate PSP firmware inside UEFI images
positional arguments:
file Binary file to be parsed for PSP firmware
optional arguments:
-h, --help Show this help message and exit.
-E, --entries Default: Parse and display PSP firmware entries.
[-d idx] [-n] [-i] [-v]
-d idx: specifies directory_index (default: all directories)
-n: hide duplicate entries from listings
-i: display additional entry header info
-v: display even more info (AGESA Version, Entropy, MD5)
-t csvfile: only display entries found in the given SPI trace
(see psptrace for details)
-X, --extract-entry Extract one or more PSP firmware entries.
[-d idx [-e idx]] [-n] [-u] [-k] [-v] [-o outfile]
-d idx: specifies directory_index (default: all directories)
-e idx: specifies entry_index (default: all entries)
-n: skip duplicate entries
-u: uncompress compressed entries
-k: convert _pubkeys into PEM format
-v: increase output verbosity
-o file: specifies outfile/outdir (default: stdout/$PWD)
-R, --replace-directory-entry
Copy a new entry body into the ROM file and update metadata accordingly.
Note: The given address is assumed to be overwritable (e.g. padding).
-d idx -e idx -b addr [-y] [-s subfile] [-o outfile]
-d idx: specifies directory_index
-e idx: specifies entry_index
-b addr: specifies destination address of the new entry
-s file: specifies subfile (i.e. the new entry) (default: stdin)
-o file: specifies outfile (default: stdout)
-U, --update-signatures
Re-sign all signatures in the ROM file with a given private key and export
a new ROM file.
-p private_key [-o outfile]
-p file: specifies a path to the private_key in PEM format for re-signing
-o file: specifies outfile (default: stdout)