CHIPSEC 1.2.2 released!

After nearly a quarter without an update, CHIPSEC 1.2.2 has been released!!

This release includes multiple new VMM tests — including new fuzzers — hinted at DEF CON and elsewhere, a VENOM test, some S3 tests, support for more Intel CPUs,  as well as a bunch of new/updated features:

NEW modules:
 * tools.vmm.cpuid_fuzz to test CPUID instruction emulation by VMMs
 * tools.vmm.iofuzz to test port I/O emulation by VMMs
 * tools.vmm.msr_fuzz to test CPU Model Specific Registers (MSR) emulation by VMMs
 * tools.vmm.pcie_fuzz to test PCIe device memory-mapped I/O (MMIO) and I/O ranges emulation by VMMs
 * tools.vmm.pcie_overlap_fuzz to test handling of overlapping PCIe device MMIO ranges by VMMs
 * tools.vmm.venom to test for VENOM vulnerability

Updated modules:
 * tools.smm.smm_ptr to perform exhaustive fuzzing of SMI handler for insufficient input validation pointer vulnerabilities
 * smm_dma to remove TSEGMB 8MB alignment check and to use XML “controls”. Please recheck failures in smm_dma.py with the new version.
 * common.bios_smi, common.spi_lock, and common.bios_wp to use XML “controls”
 * common.uefi.s3bootscript which automatically tests protections of UEFI S3 Resume Boot Script table
 * tools.uefi.s3script_modify which allows further manual testing of protections of UEFI S3 Resume Boot Script table

NEW functionality:
 * hal.cpu component to access x86 CPU functionality. Removed hal.cr which merged to hal.cpu
 * hipsec_util cpu utility, removed chipsec_util cr
 * S3 boot script opcodes encoding functionality in hal.uefi_platform
 * hal.iommu, cfg/iommu.xml and chipsec_util iommu to access IOMMU/VT-d hardware
 * chipsec_util io list to list predefined I/O BARs
 * support for Broadwell, Skylake, IvyTown, Jaketown and Haswell Server CPU families
 * ability to define I/O BARs in XML configuration using register attriute similarly to MMIO BARs
 * UEFI firmware volume assembling functionality in hal.uefi
 * Implemented alloc_phys_mem in EFI helper

See the full readme on the github page, which also includes short lists of bugfixes and known-issues:

https://github.com/chipsec/chipsec

If you haven’t been following current security research by Intel’s ATR team, who produces CHIPSEC, watch this video to see why you need to run this new version of CHIPSEC on any machine — after reading CHIPSEC’s warning.txt first — that runs a VMM:

[Hopefully we’ll see Intel LUV team add this release to their project, including LUV-live, soon. There has been a recent patch to LUV that may fix CHIPSEC’s usage in LUV-live, a second important reason to update your LUV-live images.]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s