pkgs/tools/security/chipsec/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / tools / security / chipsec / default.nix

at netboot-syslinux-multiplatform 80 lines 2.2 kB view raw

 1{ lib
 2, stdenv
 3, fetchFromGitHub
 4, kernel ? null
 5, libelf
 6, nasm
 7, python3
 8, withDriver ? false
 9}:
10
11python3.pkgs.buildPythonApplication rec {
12  pname = "chipsec";
13  version = "1.10.6";
14
15  disabled = !stdenv.isLinux;
16
17  src = fetchFromGitHub {
18    owner = "chipsec";
19    repo = "chipsec";
20    rev = version;
21    hash = "sha256-+pbFG1SmSO/cnt1e+kel7ereC0I1OCJKKsS0KaJDWdc=";
22  };
23
24  patches = lib.optionals withDriver [ ./ko-path.diff ./compile-ko.diff ];
25
26  KSRC = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
27
28  nativeBuildInputs = [
29    libelf
30    nasm
31  ] ++ lib.optionals withDriver kernel.moduleBuildDependencies;
32
33  nativeCheckInputs = with python3.pkgs; [
34    distro
35    pytestCheckHook
36  ];
37
38  preBuild = lib.optionalString withDriver ''
39    export CHIPSEC_BUILD_LIB=$(mktemp -d)
40    mkdir -p $CHIPSEC_BUILD_LIB/chipsec/helper/linux
41  '';
42
43  env.NIX_CFLAGS_COMPILE = toString [
44    # Needed with GCC 12
45    "-Wno-error=dangling-pointer"
46  ];
47
48  preInstall = lib.optionalString withDriver ''
49    mkdir -p $out/${python3.pkgs.python.sitePackages}/drivers/linux
50    mv $CHIPSEC_BUILD_LIB/chipsec/helper/linux/chipsec.ko \
51      $out/${python3.pkgs.python.sitePackages}/drivers/linux/chipsec.ko
52  '';
53
54  setupPyBuildFlags = [
55    "--build-lib=$CHIPSEC_BUILD_LIB"
56  ] ++ lib.optionals (!withDriver) [
57    "--skip-driver"
58  ];
59
60  pythonImportsCheck = [
61    "chipsec"
62  ];
63
64  meta = with lib; {
65    description = "Platform Security Assessment Framework";
66    longDescription = ''
67      CHIPSEC is a framework for analyzing the security of PC platforms
68      including hardware, system firmware (BIOS/UEFI), and platform components.
69      It includes a security test suite, tools for accessing various low level
70      interfaces, and forensic capabilities. It can be run on Windows, Linux,
71      Mac OS X and UEFI shell.
72    '';
73    license = licenses.gpl2Only;
74    homepage = "https://github.com/chipsec/chipsec";
75    maintainers = with maintainers; [ johnazoidberg erdnaxe ];
76    platforms = [ "x86_64-linux" ] ++ lib.optional (!withDriver) "x86_64-darwin";
77    # https://github.com/chipsec/chipsec/issues/1793
78    broken = withDriver && kernel.kernelOlder "5.4" && kernel.isHardened;
79  };
80}