AFAIK, Copernicus was the first firmware vulnerability analysis tool. MITRE’s research in this area is required reading for anyone learning x86 firmware security. But then, half of the 4-person team left MITRE to create LegbaCore, and have since both joined Apple. These days, AFAIK, Copernicus is not actively maintained. I was not sure of status of MITRE Copernicus (or Copernicus2), so I asked MITRE, and K. Wright, their Public Affairs Lead gave me the current status of Copernicus:
“MITRE continues to research security risks associated with UEFI and firmware. However, development and feature enhancements on the proof-of-concept known as Copernicus is no longer active. Many of the emerging commercial offerings coming to the market show promise similar to what had been demonstrated in Copernicus as an off-the-shelf option.”
More information:
http://www.mitre.org/research/technology-transfer/technology-licensing/copernicus
Without fresh builds of Copernicus, Intel CHIPSEC is probably the main (only?) firmware vulnerability analysis tool actively maintained. It would be nice if there were a few other tools, ESPECIALY for non-Intel systems: ARM, AMD, MIPS, OpenPOWER, etc. I wish MITRE would open source their PoC so the open source community could help maintain/extend it (eg., port it to Linux).
