chipsec v1.3.6 release: Platform Security Assessment Framework

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. Instructions for installing and using CHIPSEC can be found in the manual.

NOTE: This software is for security testing purposes. Use at your own risk. Read WARNING.txt before using.

The first version of CHIPSEC was released in March 2014: Announcement at CanSecWest 2014

The recent presentation on how to use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants: Exploring Your System Deeper

What is Platform Security?
Hardware Implementation and Configuration
• Available Security Features
• Correct Configuration of HW Components
• Testing/Demonstration of HW Security Mechanisms
Firmware Implementation and Configuration
• Access Controls on Firmware Interfaces
• Correct Settings of Lock Bits
• Testing/Demonstration of FW Security Mechanisms

Feature:
+ System Management Mode
* CPU SMM Cache Poisoning / SMM Range Registers (SMRR)
* SMM memory (SMRAM) Lock
+ BIOS Write Protection
+ Direct HW Access for Manual Testing
+ Forensics
* Live system firmware analysis
* Offline system firmware analysis

Changelog v1.3.6

New or Updated Modules:

• Updated memconfig to only check registers that are defined by the platform
• Updated common.bios_smi to check controls not registers
• Added me_mfg_mode module
• Added support for LoJax detection
• Updated common.spi_lock test support
• Added sgx_check module and register definitions
• Updates to DCI support in debugenabled module

New or Updated Functionality:

• Added ability for is_supported to signal a module is not applicable
• Added 300 Series PCH support
• Added support for building Windows driver with VS2017
• Added fixed I/O bar support
• Updated XML and JSON log rewrite
• Updated logger to use python logging support
• Added JEDEC ID command
• Added DAL helper support
• Added 8th Generation Core Processor support
• Updated UEFI variable fuzzing code
• Added C600 and C610 configuration
• Added C620 PCH configuration
• Updated ACPI table parsing support
• Updated UEFI system table support
• Added Denverton (DNV) support
• Added result delta functionality
• Added ability to override PCH from detected version

Fixes:

• Updated readme content
• Fixed Atom register names to match common names
• Updated manual source for release
• Fixed HackingTeam rootkit link
• Fixed corner case when disabling logging mid test
• Fixed exception when logging some objects
• Fixed CFL SPI FREG field sizes
• Fixed UEFI decompress when NextFileFw is given an invalid file size
• Fixed 64-bit MMIO accesses in UEFI Shell
• Fixed Windows variable access support
• Fixed extra argument in Linux helper
• Fixed FV decompress buffer overflow
• Fixed P2SB hide functionality
• Fixed is_efi interface definition
• Fixed parsing of secure boot variables
• Fixed flash region support
• Fixed FLMSTR display
• Workaround memlock issue in UEFI shell with Atom
• Fixed get affinity messages
• Fixed VMM EPT util support
• Fixed PREFast issues
• Fixed exception in XML logging
• Fixed Linux build issue with alid_mmap_phys_addr_range
• Fixed code to always detect chipset
• Fixed Debian packaging support
• Removed RWE support due to issues accessing PCI resources

Install

Clone chipsec Git repository and install it as a package:
git clone https://github.com/chipsec/chipsec
python setup.py install
sudo chipsec_main
To use CHIPSEC in place without installing it:
python setup.py build_ext -i
sudo python chipsec_main.py

Clone chipsec Git repository and install it as a package:
# git clone https://github.com/chipsec/chipsec
# python setup.py install
# sudo chipsec_main
To use CHIPSEC in place without installing it:
# python setup.py build_ext -i
# sudo python chipsec_main.py

NOTE: Please read chipsec-manual.pdf For Detail installation and Configuration.

Tutorial

Copyright (C) 2018 chipsecintel

Source: https://github.com/chipsec/