So, there are a handful of tools for checking for hardware/firmware security issues. Each tool has a separate list of security checks, half of which are publicly-viewable. With gaps from some hardware and OS vendors. I’m wondering how much overlap there is between these security lists, that might be useful to port and find additional security issues.
* Intel has CHIPSEC, for testing the hardware and firmware for security issues. It works on Intel x86 and Intel x64, not AMD AMD64. It works on Mac, Windows, and Linux, and UEFI. Public can run this on their own device.
https://github.com/chipsec/chipsec/wiki/Vulnerabilities-and-CHIPSEC-Modules
* ARM has SBSA-ACS, for testing hardware and firmware security issues.It works on ARM AArch64 ‘enterprise’ devices. Unclear if there is a technical distinction for non-enterprise AArch64 device use. Not AArch32. It works on UEFI. Intended for vendor use on development machines, not consumer devices (“To prevent the leakage of secure information, it is strongly recommended that the ACS test suite is run only on development platforms. If it is run on production systems, the system should be scrubbed after running the test suite.”).
https://github.com/ARM-software/sbsa-acs/blob/master/docs/testcase-checklist.md
* Apple has eficheck for macOS. It works on Intel x64, and I am guessing that it’ll also work on future ARM processors. The list of security tests it makes is unknnown, the documentation is lacking.
* Microsoft has Defender AV (which has UEFI support) for Windows. I presume (but do not know) it works on all ISAs that Windows does, so maybe coverage on Intel, AMD, and ARM. The list of security tests it makes is unknnown, the documentation is lacking.
* AMD has nothing. Except for Microsoft Defender (for Windows users only).
* Linux has nothing. Except for Intel CHIPSEC on Intel systems.
I wonder about the delta between these 4 security lists. I wish there was more information from Microsoft and Apple on the specific tests their tools make. Are there any from one list that should also be tested on the other lists, and vice versa? Obviously, some entries are platform-centric, but there are others that might not be.
Any professors out there: please suggest a grad student do some research on the Intel and ARM security lists. Thanks.
You must be logged in to post a comment.