chipsec v1.8.4 releases: Platform Security Assessment Framework

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X, and UEFI shell. Instructions for installing and using CHIPSEC can be found in the manual.

NOTE: This software is for security testing purposes. Use at your own risk. Read WARNING.txt before using.

The recent presentation on how to use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants: Exploring Your System Deeper

What is Platform Security?
Hardware Implementation and Configuration
• Available Security Features
• Correct Configuration of HW Components
• Testing/Demonstration of HW Security Mechanisms
Firmware Implementation and Configuration
• Access Controls on Firmware Interfaces
• Correct Settings of Lock Bits
• Testing/Demonstration of FW Security Mechanisms

Feature:
+ System Management Mode
* CPU SMM Cache Poisoning / SMM Range Registers (SMRR)
* SMM memory (SMRAM) Lock
+ BIOS Write Protection
+ Direct HW Access for Manual Testing
+ Forensics
* Live system firmware analysis
* Offline system firmware analysis

Changelog v1.8.4

New or Updated Modules/UtilCmds:

• Add is_supported() comment
  modules.common.bios_smi
• Add usage documentation:
  modules.common.bios_smi
modules.common.cpu.cpu_info
modules.tools.vmm.cpuid_fuzz
modules.common.ia32cfg
modules.common.me_mfg_mode
modules.common.spi_desc
modules.common.spi_fdopss
modules.common.spi_lock
modules.common.secureboot.variables
modules.tools.vmm.vbox.vbox_crash_apicbase
• Add cli options text to pcie_fuzz.py
  modules.tools.vmm.pcie_fuzz
• Handle MSR read error in memlock.py
  modules.common.memlock
• Update is_suported():
  modules.common.bios_ts
modules.common.smm_dma
• Code cleanup modules:
  modules.tools.uefi.s3script_modify
modules.tools.uefi.scan_image
modules.common.cpu.spectre_v2
modules.tools.uefi.uefivar_fuzz

New or Updated Configurations:

• Add config file for AlderLake platforms
  8086/adl
• Update SoC based configs
  8086/apl
8086/avn
8086/byt
8086/cht
8086/dnv

Additional Changes:

• Don’t check for PCH on SoC
  chipset
• Code cleanup in module_common.py
  module_common
• hal/iommu: do not raise exception when an IOMMU BAR is not configured
  hal.iommu
• Fix sphinx warnings and index version overwrite:
  docs.sphinx._scripts.getVersion
docs.sphinx.conf
docs/sphinx/_templates/scover.tmpl
docs/sphinx/_templates/sstylesheet.style
docs/sphinx/_templates/sstylesheet
docs/sphinx/development/Architecture-Overview.rst
• Update sign64_sys.bat
  drivers/win7/sign/sign64_sys.bat

Tutorial

Copyright (C) 2018 chipsecintel

Source: https://github.com/chipsec/