This repository contains a Bareflank extension that aims to prove-out the concept of using chipsec as an integration testing tool for Bareflank-based VMMs. The chipsec_modules directory contains python modules for the Chipsec framework. Each module represents one integration test that verifies a specific behaviour of a loaded VMM.[…]
by Stephano Cetola, Software Applications Engineer, Intel Corportation
CHIPSEC is a firmware threat assessment tool used to help verify that systems meet basic security best practices. The tool’s threat model is primarily based on Unified Extensible Firmware Interface (UEFI). However, other firmware may have different threat models that will cause failures in different CHIPSEC modules. This session is a brief overview of CHIPSEC, limitations of the tool, failures seen on different types of firmware, and information on developing new test modules.
New or Updated Modules:
Updated memconfig to only check registers that are defined by the platform Updated common.bios_smi to check controls not registers Added me_mfg_mode module Added support for LoJax detection Updated common.spi_lock test support Added sgx_check module and register definitions Updates to DCI support in debugenabled module
New or Updated Functionality: Added ability for is_supported to signal a module is not applicable Added 300 Series PCH support Added support for building Windows driver with VS2017 Added fixed I/O bar support Updated XML and JSON log rewrite Updated logger to use python logging support Added JEDEC ID command Added DAL helper support Added 8th Generation Core Processor support Updated UEFI variable fuzzing code Added C600 and C610 configuration Added C620 PCH configuration Updated ACPI table parsing support Updated UEFI system table support Added Denverton (DNV) support Added result delta functionality Added ability to override PCH from detected version
Lenovo working throug an external pentest firm? Wish I saw more OEMs asking for appropriate job skills.
If you’re thinking about applying, look at some of the reviews for this consulting firm before doing so. Maybe look if Lenovo has a direct position open as well.
Diverse Lynx: Penetration tester […]It is also firmware analysis which according to Lenovo is analyzing anything that may be on disk. […] Chipsec needs to be used for this assessment. It’s for UEFI attacks, but it’s fairly automated.[…]
Yesterday I gave a presentation at Bsides Seattle on defending firmware. This version of the presentation attemped to address DFIR audience, not just SysAdmin/Site Reliablity Engineer audience.
I got some interesting feedback on IR after this presentation, we’ll do a blog on this in the next few days. As well as a few updates to existing IR standards to showcase where firmware is lacking.
Below is copy of slides:
There are 4 sections, Threats, Tech, Tools, and Guidance. The Tech section is probably weakest to read without having an audio. This talk was result of trying to jam a 4-hour training session into a 1-hour talk, the Tech section lost the most from this compression.
I updated the slides from yesterday, the “DIY Homework” section focused on following along with the analysis in the old Intel ATR blog post on the Wikileaked Hacking Team UEFI malware blob. However, that blog URL is no longer around.
This is the best-fit replacement for missing above URL, and it includes some new content (eg, blacklist command) that original blog did not. Save a copy of the blog post, I don’t expect it to be archived:
Nice to see some recent CHIPSEC activity, given all the recent related CVEs…
…But this is not from the CHIPSEC team, it is from ex-CHIPSEC team member Yuriy of Eclypsium.
Added new module checking for Spectre variant 2 The module checks if system is affected by Speculative Execution Side Channel vulnerabilities. Specifically, the module verifies that the system supports hardware mitigations for Branch Target Injection a.k.a. Spectre Variant 2 (CVE-2017-5715)
It is still rare enough to see “CHIPSEC” in a job posting, that I still point them out.
Given job posting is a pentest role, this is also a ‘leading indicator’ that pentesters are starting to attack your firmware. 🙂
Penetration Tester – Product Join Resolvit as a Penetration Tester and be part of a creative, forward-thinking team. Our success at deploying skilled, highly knowledgeable experts has landed us on the Inc. 5000 list of America’s fastest-growing companies four times – and we’re just getting started. As the Penetration Tester, you will configure security test targets such as servers, storage, and networking environments; perform product security assessments; create assessment reports; and work with global product teams to review assessment results.[…] Experience with multiple of these security assessment tools: AppAudit, Arachni, Burp Suite Pro, CHIPSEC, nmap, Nessus, Protecode SC, and Metasploit […]
You must be logged in to post a comment.