Uncategorized

CHIPSEC 1.3.3 released

ErikBjorge released this 2 days ago:

New or Updated Modules:
* Added common.spi_access to verify the host processor access rights for different SPI regions

New or Updated Functionality:
* Added ability to search a memory region of a string
* Updated support for the RWE driver

Fixes:
* Added error handling if a register type is not supported

https://github.com/chipsec/chipsec/releases/tag/v1.3.3

https://github.com/chipsec/chipsec/commits/master

 

Standard
Uncategorized

CHIPSEC adds RWEverything support on Windows

https://github.com/chipsec/chipsec/commit/60504da1bc06288ea632378f17e60a0d7df99471

“Use RWE/windows helpers when the corresponding driver is present.”

So, for any defending Windows systems, all of the CHIPSEC caution in WARNING.txt against the CHIPSEC HAL driver should also be applied to the RWEverything driver, “C:\Windows\System32\drivers\RwDrv.sys”.

https://github.com/chipsec/chipsec/blob/master/drivers/win7/readme

RWEverything license excerpt:

This utility comes with ABSOLUTELY NO WARRANTY, it allows you to modify hardware settings, this may damage your system if something goes wrong. Author will not take any responsibility about that, you are on your own risk. This utility should not be used in commercial or consumer products.

http://rweverything.com/

Standard
Uncategorized

McAfee releases CHIPSEC 1.3.2

New or Updated Modules:
* Updated X64 Python for UEFI Shell

New or Updated Functionality:
* Updated FREG definitions
* Added mmap support to kernel module and chipsec device

Fixes:
* Fixed memory reads with kernel 4.8+
* Fixed version display in chipsec_util
* Fixed UEFI Shell X64 calling convention for SW SMI generation
* Fixed range check in bios_wp
* Fixed P2SB register accesses
* Fixed IOCTL_WRMMIO for x86_64 in Linux driver

Above relnotes aside, there are some other smaller features not listed above, in the changelog:
https://github.com/chipsec/chipsec/commits/master

I wish the CHIPSEC team signed their binary-only release of CPython 2.7x for UEFI, and/or included their build tree of the EDK2 that generates this, so we can build our own, hopefully ‘reproducably’.

I don’t see any ARM support[1]. Obviously, the title of below blog post was wrong, it was not released at Black Hat, AFAICT. Was this patch lost in Las Vegas? Is the ARM code a non-McAfee patch by Eclypsium that won’t be upstreamed into the GPL’ed CHIPSEC codebase? I wish I knew…

[1] https://firmwaresecurity.com/2017/07/25/chipsec-for-arm-to-be-released-at-black-hat/

Standard
Uncategorized

Alex and Yuriy form Eclypsium, Inc.

WOW! I just heard that Alex and Yuriy have left Intel Advanced Threat Research (McAfee) and have started Eclypsium, Inc.

Alex Bazhaniuk is the “Founder and VP of Technology at Eclypsium, Inc.”

Yuriy Bulygin is the “Founder and CEO at Eclypsium, Inc.”

http://www.eclypsium.com/
Twitter: @ABazhaniuk
Twitter: @c7zero/
https://github.com/chipsec/chipsec/blob/master/AUTHORS

Standard
Uncategorized

PreOS Security releases CHIPSEC quickref for SysAdmins

[Disclaimer: I work for PreOS Security.]

CHIPSEC is a suite of dozens of tests/tools/utilities, many of which are strictly for security researchers. Timed with SysAdmin Appreciation Day, PreOS Security has created a 1-page quick reference for CHIPSEC for sysadmins. The below message also mentions an upcoming short ebook for sysadmins:

Currently this quickref is only availble by filling out a form:

https://preossec.com/free+ebook/

on the PreOS Security site, with some opt-in stuff to help the new startup.

PS: PreOS Security has joined the Twitosphere(sp), first post above. And we have a LinkedIn page. Please ‘Follow us’. Thanks!

https://twitter.com/PreOS_Security/
https://www.linkedin.com/company/preos-security

Standard
Uncategorized

CHIPSEC for ARM: to be released at Black Hat

I nearly missed this CHIPSEC announcement in the below Black Hat abstract. Exciting.

Blue Pill for Your Phone
By Oleksandr Bazhaniuk & Yuriy Bulygin

In this research, we’ve explored attack surface of hypervisors and TrustZone monitor in modern ARM based phones, using Google Nexus 5X, Nexus 6P, and Pixel as primary targets. We will explain different attack scenarios using SMC and other interfaces, as well as interaction methods between TrustZone and hypervisor privilege levels. We will explore attack vectors which could allow malicious operating system (EL1) level to escalate privileges to hypervisor (EL2) level and potentially install virtualization rootkit in the hypervisor. We will also explore attack vectors through SMC and other low level interfaces, interactions between TrustZone and hypervisor (EL2) privilege levels. To help with further low level ARM security research, we will release ARM support for CHIPSEC framework and new modules to test issues in ARM based hypervisors and TrustZone implementations, including SMC fuzzer.

https://www.blackhat.com/us-17/briefings.html#blue-pill-for-your-phone

Standard