chipsec v1.3.7 release: Platform Security Assessment Framework

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. Instructions for installing and using CHIPSEC can be found in the manual.

NOTE: This software is for security testing purposes. Use at your own risk. Read WARNING.txt before using.

The first version of CHIPSEC was released in March 2014: Announcement at CanSecWest 2014

The recent presentation on how to use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants: Exploring Your System Deeper

What is Platform Security?
Hardware Implementation and Configuration
• Available Security Features
• Correct Configuration of HW Components
• Testing/Demonstration of HW Security Mechanisms
Firmware Implementation and Configuration
• Access Controls on Firmware Interfaces
• Correct Settings of Lock Bits
• Testing/Demonstration of FW Security Mechanisms

Feature:
+ System Management Mode
* CPU SMM Cache Poisoning / SMM Range Registers (SMRR)
* SMM memory (SMRAM) Lock
+ BIOS Write Protection
+ Direct HW Access for Manual Testing
+ Forensics
* Live system firmware analysis
* Offline system firmware analysis

Changelog v1.3.7

New or Updated Modules:

  • Updated output formatting in common.memlock module
  • Updated common.sgx_check to be skipped when not supported by the platform
  • Enabled modules on macOS
    • common.bios_smi
    • common..ia32cfg
    • common.smrr
    • smm_dma
  • Updated common.smm to check earlier if the module should be run
  • Updated handling of STIBP in common.cpu.spectre_v2 module

New or Updated Functionality:

  • Added macOS CI support
  • Switched command line argument parsing module for chipsec_main and chipsec_util
  • Updated chipsec_util to continue to load commands after a failed command load
  • Updated detection of legacy BIOS functionality in Windows 7 and later
  • Added support to allow command line arguments to be passed to all modules

Fixes:

  • Fixed Windows physmem write errors
  • Fixed UEFI Decode crash in CHIPSEC Util
  • Fixed losing last UEFI variable when parsing VSS
  • Fixed typo in C600 PCH description string
  • Fixed LVSCC/UVSCC configuration data
  • Fixed Linux driver build issues with kernel 4.1.12 and 4.14
  • Fixed SPI JEDEC command on older PCH versions
  • Fixed loading of some PCH configuration files
  • Fixed Linux driver build support for legacy and UEFI modes
  • Fixed 32bit CPUID support
  • Fixed IOCTL numbering in Linux driver
  • Fixed native MMIO reads in Linux with less than 4GB
  • Fixed register_has_field exception when register has not fields defined
  • Fixes for PyLint issues
  • Fixed variable issues in UEFI Shell
  • Fixed case where a register is un-defined multiple times by configuration files
  • Fixed incorrect configuration support for FREG6
  • Fixed passing of arguments with -a to modules after parser switch
  • Fixed Linux driver build on kernel 5.0-rc6 as well as new build warnings
  • Documentation updates

Additional Information:

  • Users should rebuild the Windows driver due to fixes in the driver source

Install

Clone chipsec Git repository and install it as a package:
git clone https://github.com/chipsec/chipsec
python setup.py install
sudo chipsec_main
To use CHIPSEC in place without installing it:
python setup.py build_ext -i
sudo python chipsec_main.py

Clone chipsec Git repository and install it as a package:
# git clone https://github.com/chipsec/chipsec
# python setup.py install
# sudo chipsec_main
To use CHIPSEC in place without installing it:
# python setup.py build_ext -i
# sudo python chipsec_main.py

NOTE: Please read chipsec-manual.pdf For Detail installation and Configuration.

 

Tutorial

Copyright (C) 2018 chipsecintel

Source: https://github.com/chipsec/

Share