View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0003940Kali LinuxNew Tool Requestspublic2017-03-30 16:552020-03-18 18:05
Reporterobazhaniuk Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionsuspended 
Summary0003940: CHIPSEC Framework
Description

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities.
Github: https://github.com/chipsec/chipsec/
Debian packaging: https://github.com/chipsec/chipsec/tree/master/debian

CHIPSEC has a lot of functionality for check vulnerability in UEFI/BIOS firmware, forensic of UEFI/BIOS firmware and other useful functionality related to firmware/hardware.

CHIPSEC has two components: CHIPSEC tools and CHIPSEC DKMS driver.
CHIPSEC tools supports Python 2.7 and has two command line utilities: /usr/bin/chipsec_util
/usr/bin/chipsec_main

Chipsec will be installed in /usr/lib/python2.7/dist-packages/chipsec/ with docs in /usr/share/doc/chipsec
Chipsec driver will be in /usr/src/chipsec-1.3.0 and chipsec.ko into DKMS storage in /var/lib/dkms/chipsec/1.3.0/4.6.0-kali1-amd64/amd64/module/

Steps To Reproduce

How to build two packages: chipsec tools and chipsec DKMS driver:

$ git clone https://github.com/abazhaniuk/chipsec
$ tar -zcf chipsec_1.3.0.orig.tar.gz chipsec
$ cd chipsec
$ dpkg-buildpackage -rfakeroot -D -us -uc

Result we have: chipsec_1.2.5-2.1_amd64.deb chipsec-dkms_1.2.5-2.1_amd64.deb

Additional Information

Quick intro to CHIPSEC:
CHIPSEC has tool main tools: chipsec_main and chipsec_util.

1) chipsec_main – run CHIPSEC modules.

Modules encapsulate the main functionality of CHIPSEC:
1.Tests for known vulnerabilities in firmware
2.Tests for insufficient or incorrectly configured hardware protections
3.Hardware/firmware-level security tools
Fuzzing tools for firmware interfaces/formats
Manual security checkers (e.g. TE checker, DMA dumper)

2) chipsec_util – provide access to different hardware resources like:

Access to PCIe configuration space
Access to physical memory
Access to CPU resources (for each CPU thread): Model Specific Registers (MSR), IDT/GDT
Access to MMIO (Memory Mapped IO)
BARs and Memory-Mapped PCI Configuration Space (MMCFG)
Access to SPI Flash parts
Microcode update specific functionality
Access to Port I/O Space
Access to SMBus Controller in the PCH
Main UEFI component using platform specific and common UEFI functionality
Common UEFI functionality (EFI variables, db/dbxdecode, etc.)
Platform specific UEFI functionality (parsing platform specific EFI NVRAM, capsules, etc.)
CPU Interrupts specific functions (SMI, NMI)
CMOS memory specific functions (dump, read/write)
CPUID information
SPI Flash Descriptor binary parsing functionality

To check all options, just run: $python chipsec_util.py

[sudo] password for user:

################################################################

CHIPSEC: Platform Hardware Security Assessment Framework

################################################################
[CHIPSEC] Version 1.2.3
ERROR: Not enough parameters
[CHIPSEC] chipsec_util command-line extensions should be one of the following:
acpi
cmos
cpu
decode
ec
gdt
help
idt
io
iommu
mem
mmcfg
mmio
msgbus
msr
nmi
pci
platform
smbus
smi
spd
spi
spidesc
ucode
uefi
vmm
[CHIPSEC] You can use the option -n to not load the Chipsec driver.

Activities

g0tmi1k

g0tmi1k

2018-01-29 14:45

administrator   ~0008366

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2020-03-18 18:05

administrator   ~0012484

No response... Closing.

Please reopen if the information can be provided.

Issue History

Date Modified Username Field Change
2017-03-30 16:55 obazhaniuk New Issue
2018-01-29 14:45 g0tmi1k Note Added: 0008366
2020-03-18 18:05 g0tmi1k Status new => closed
2020-03-18 18:05 g0tmi1k Resolution open => suspended
2020-03-18 18:05 g0tmi1k Note Added: 0012484