Expliot gets SPIflashwrite plugin

Re: https://firmwaresecurity.com/2018/06/13/expliot-exploitation-framework/


SPIDriver: Hardware Adapter for Controlling SPI Devices from Your Computer




CrowdSupply: SPIDriver: A better SPI adapter


SPIDriver is an easy-to-use tool for controlling SPI devices. It works with Windows, Mac and Linux, and has a built in color screen that shows a live logic-analyzer display of all SPI traffic. It uses a standard FTDI USB serial chip to talk to the PC, so no special drivers need to be installed. The board includes 3.3 and 5V supplies with voltage and current monitoring.

INTEL-SA-00087: Unsafe Opcodes exposed in Intel SPI based products

Unsafe Opcodes exposed in Intel SPI based products
Intel ID: INTEL-SA-00087
Product family: Multiple Generations
Impact of vulnerability: Denial of Service
Severity rating: Important
Original release: Apr 03, 2018

Configuration of SPI Flash in platforms based on multiple Intel CPUs allows a local attacker to alter the behavior of the SPI Flash, potentially leading to a Denial of Service. This issue has been root-caused, and the mitigation has been validated and is available. Intel identified this issue internally. Issue is root-caused, and the mitigation is known and available. To Intel’s knowledge, the issue has not been seen externally. Intel recommends that users always check with their system manufacturer’s support sites to make sure they have the latest, security updates installed.


Flashing Minnows

Vincent points out an interesting article about using SPI on Minnowboards using Linux:


Flashing MinnowBoard MAX With the SPI Hook in Linux

If you are doing development on the MinnowBoard MAX board having the ability to read from, write to, and erase the onboard SPI Flash memory is very useful. The SPI Hook tool from TinCanTools provides exactly this functionality. Priced at only $29USD the SPI Hook provides an affordable alternative to much more expensive tools such as the Dediprog SF100 SPI Flash Programmer that retails for $230USD. The SPI Hook is not as fast as more expensive tools but for most development needs it’s fast enough. The SPI Hook also provides a virtual Serial Port for communicating with the MinnowBoard MAX. […]



CHIPSEC v1.2.0 Released

The Intel CHIPSEC team just posted the latest version of CHIPSEC, 1.2.0. Release notes excerpt below, see the full text on the github site, with known issues:

New/updates modules:
* Merged common.secureboot.keys module into common.secureboot.variables module
* Updated tools.secureboot.te module to be able to test PE/TE issue on Linux or UEFI shell
* Updated tools.smm.smm_ptr module

* Added the *controls* abstraction. Modules are encouraged to use “get_control“ and “set_control“ when interacting with platform registers. This permits greater flexibility in case the register that controls a given feature or configuration changes between platform generations. The controls are defined in the platform XML file. At this time, only a small number of controls are defined. We plan to move existing modules over to this new mechanism.
* Added XML Schema for the XML configuration files
* Support for reading, writing, and listing UEFI variables from the UEFI Shell environment has been added.
* Added support for decompression while SPI flash parsing via “decode“ or “uefi decode“ commands in Linux
* Added basic ACPI table parsing to HAL (RSDP, RSDT/XSDT, APIC, DMAR)
* Added UEFI tables searching and parsing to HAL (EFI system table, runtime services table, boot services table, DXE services table, EFI configuration table)
* Added DIMM Serial Presence Detect (SPD) ROM dumping and parsing to HAL
* Added “uefi s3bootscript“ command parsing the S3 boot script to chipsec_util.py
* Added virtual-to-physical address translation function to Linux/EFI/Windows helpers
* Added support of server platforms (Haswell server and Ivy Town) to chipset.py

More Information: