chipsec v1.7.2 releases: Platform Security Assessment Framework

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X, and UEFI shell. Instructions for installing and using CHIPSEC can be found in the manual.

NOTE: This software is for security testing purposes. Use at your own risk. Read WARNING.txt before using.

The recent presentation on how to use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants: Exploring Your System Deeper

What is Platform Security?
Hardware Implementation and Configuration
• Available Security Features
• Correct Configuration of HW Components
• Testing/Demonstration of HW Security Mechanisms
Firmware Implementation and Configuration
• Access Controls on Firmware Interfaces
• Correct Settings of Lock Bits
• Testing/Demonstration of FW Security Mechanisms

Feature:
+ System Management Mode
* CPU SMM Cache Poisoning / SMM Range Registers (SMRR)
* SMM memory (SMRAM) Lock
+ BIOS Write Protection
+ Direct HW Access for Manual Testing
+ Forensics
* Live system firmware analysis
* Offline system firmware analysis

Changelog v1.7.2

New or Updated Modules/UtilCmds:

• Moved usage information to file docstring for utilcmds
• common.spd_wd – Update docstring and is_supported logic
• tools.smm.rouge_mmio_bar – Expand usage documentation
• utilcmd.lock_check_cmd – Create lock_check_cmd

New or Updated Configurations:

• 8086/apl – Update some register definitions to match datasheet
• 8086/cfl – Update some register definitions to match datasheet
• 8086/icl – Update some register definitions to match datasheet
• 8086/kbl – Update some register definitions to match datasheet
• 8086/pch_1xx – Update some register definitions to match datasheet
• 8086/pch_2xx – Update some register definitions to match datasheet
• 8086/pch_3xx – Update some register definitions to match datasheet
• 8086/pch_3xxop – Update some register definitions to match datasheet
• 8086/pch_495 – Update some register definitions to match datasheet
• 8086/pch_4xxh – Update some register definitions to match datasheet
• 8086/pch_4xxlp – Update some register definitions to match datasheet
• 8086/pch_5xxh – Update some register definitions to match datasheet
• 8086/pch_5xxlp – Update some register definitions to match datasheet
• 8086/skl – Update some register definitions to match datasheet

Removed Modules:

• None

Additional Changes:

• .github/workflows/tests.yml – Update to remove ubuntu 16.04 as it has been deprecated from GitHub actions
• chipsec.chipset
  • Fix exception when loaded config does not have a sku element
  • Fix for MMIO multi-bus support
  • Update to support HAL locks and lock_check_cmd
• chipsec.defines – Update to support HAL locks and lock_check_cmd
• chipsec.hal.iobar – Update to support HAL locks and lock_check_cmd
• chipsec.hal.locks – Create HAL locks
• chipsec.hal.mmio
  • Fix for MMIO multi-bus support
  • Update to support HAL locks and lock_check_cmd
• chipsec.hal.paging – Add docstrings
• chipsec.hal.smbios – Add docstrings
• chipsec.hal.uefi_fv – Add docstrings
• docs/sphinx/Install in Windows – Update to install instructions
• docs/sphinx/Vulnerabilities-and-CHIPSEC-Modules – Update to remove comment to unknown module
• docs/sphinx/removeStrRst – Update to show only main docstring for modules

Additional Notes:

• For Windows, Linux and MacOS: Python2 support has been deprecated as of June 2020. Please use Python3.
• Any modules under the modules.tools directory have not yet been fully validated to work with Python3.

Tutorial

Copyright (C) 2018 chipsecintel

Source: https://github.com/chipsec/