chipsec v1.11 releases: Platform Security Assessment Framework
CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X, and UEFI shell. Instructions for installing and using CHIPSEC can be found in the manual.
NOTE: This software is for security testing purposes. Use at your own risk. Read WARNING.txt before using.
The recent presentation on how to use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants: Exploring Your System Deeper
What is Platform Security?
Hardware Implementation and Configuration
• Available Security Features
• Correct Configuration of HW Components
• Testing/Demonstration of HW Security Mechanisms
Firmware Implementation and Configuration
• Access Controls on Firmware Interfaces
• Correct Settings of Lock Bits
• Testing/Demonstration of FW Security Mechanisms
Feature:
+ System Management Mode
* CPU SMM Cache Poisoning / SMM Range Registers (SMRR)
* SMM memory (SMRAM) Lock
+ BIOS Write Protection
+ Direct HW Access for Manual Testing
+ Forensics
* Live system firmware analysis
* Offline system firmware analysis
Changelog v1.11
- Add pycryptodome to windows requirements list by @dscott90 in #1778
- adding 2.80 system table revision to fix ‘uefi tables’ from not workin… by @nstarke in #1770
- Fixing broken ‘intelsecurity.com’ link with wayback link by @nstarke in #1769
- Bug fixes for SPI Write. Fixes #1775 by @nstarke in #1776
- Remove Python EFI Shell code by @frinzell in #1734
- Update USBwithUEFIShell.rst manual page for code port by @frinzell in #1737
- Update qemu_efi.py for code port by @frinzell in #1738
- Update flask per vulnerability by @npmitche in #1773
- Fix helpers to return correct value for swsmi util by @npmitche in #1786
- Add did=”0x9D85″ name=”LP-U” code=”PCH_3xxLP” by @jun2zhou in #1784
- Update UEFI Shell Python binary to reflect EDK2 updates by @npmitche in #1780
- Remove filehelper by @npmitche in #1777
- Add Intel TXT register definitions from the SEAM Loader by @fishilico in #1774
- Remove deprecated log_skipped() by @frinzell in #1771
- Add flag and check for efi_var_enhanced_auth_access by @npmitche in #1766
- Add LZMAF86 by @BrentHoltsclaw in #1758
- CHIPSEC_LOADED_AS_EXE support deprecated by @frinzell in #1772
- Remove osx helper and driver by @npmitche in #1792
- Remove 0x3e3x did from cometlake by @jun2zhou in #1789
- Add typehints and fstrings to acpi_cmd.py by @dscott90 in #1787
- drivers/linux: increase the possible length of symbols by @fishilico in #1795
- Intel TXT: fix some misspellings by @fishilico in #1794
- Close file if exception thrown during read by @dscott90 in #1782
- Update ucode upload support in dalhelper.py by @frinzell in #1798
- Remove native api and add linuxnative as separate helper by @npmitche in #1791
- Add .run() commands to chipsec_main.py and chipsec_util.py by @frinzell in #1804
- Update Running-Chipsec.rst to include .run() by @frinzell in #1806
- Remove get_cpuid() from chipsec_main by @BrentHoltsclaw in #1800
- Add typehints and fstrings to config_cmd.py by @dscott90 in #1808
- Remove old logic which attempts to parse Dell PFS proprietary format by @platomav in #1801
- Add cpu.py unit tests by @frinzell in #1797
- Add typehints and fstrings to cmos_cmd.py by @dscott90 in #1799
- Add write_unique_file() by @frinzell in #1807
- Clean up oshelper by @npmitche in #1802
- Clean up HALs and Helpers by @npmitche in #1803
- Fix circular dependency with get_datetime_str() by @frinzell in #1816
- Fix spidesc table of Master Read/Write Access to Flash Regions by @fishilico in #1814
- Make chipsec.init() resilient to platform with unknown VID/DID by @fishilico in #1811
- Fix search_efi_tree() return in spi_uefi.py by @frinzell in #1818
Tutorial
Copyright (C) 2018 chipsecintel
Source: https://github.com/chipsec/