search

binarly-io / fwhunt-scan

Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules
GNU General Public License v3.0
210 stars 30 forks source link

Allow getting the possible UEFI volume GUIDs from the rule #35

Closed hughsie closed 2 years ago

hughsie commented 2 years ago

The idea here is that the rule can specify an optional hint on which volume GUIDs should be matched. This means we only have to scan one EFI binary per firmware, rather than potentially hundreds. There's no point looking for ThinkPwn on LegacySpeakerDxe for example.

Using this hint means it takes a few seconds to scan each firmware on the LVFS, rather than more than ~2 minutes -- which takes the query time down from 19 hours per new rule [!!!], to ~40 minutes when scanning all public firmware files with a new uefi_r2 rule.

This would be specified like this:

FooBar:
  meta:
    volume guids:
      - dcd13040-23d8-41c6-b8f5-22281a0d64e8
hughsie commented 2 years ago

@yeggor and @matrosov better names welcome for volume guids -- but I really think we need to do something like this whatever we call it. Burning 19h of CPU time (even if we're not paying for it) per query is kinda insane.

yeggor commented 2 years ago

I totally agree, thank you. We will think about the names, but now let it remain as you suggested