Embedi: UEFI BIOS holes. So much magic. Don’t come inside.

24 October, 2017
UEFI BIOS holes. So Much Magic. Don’t Come Inside.
In recent years, embedded software security has become a red-hot topic, attracting the attention of high profile security researchers from all around the globe. However, the quality of code is still far from perfect as long as its security is considered. For instance, the CVE-2017-5721 SMM Privilege Elevation vulnerability in the firmware could affect such scope of vendors like Acer, ASRock, ASUS, Dell, HP, GIGABYTE, Lenovo, MSI, Intel, and Fujitsu. This white paper is intended to describe how to detect a vulnerability in a motherboard firmware with the help of the following tools: Intel DAL, UEFITool, CHIPSEC, RWEverything, and how to bypass the patch that fixes this vulnerability.[…]



Alex blogs and updates UEFITool!

Double entry for Alex: he’s got a new blog post on Intel Boot Guard, plus he’s updated UEFITool!

“[…]Today I released a new build of UEFITool with visual validation of Intel Boot Guard coverage. The code pushed to the github repository. A standalone binary of UEFITool can be downloaded here.[…]”


View story at Medium.com



UEFITool updated to A40

I missed this. In mid-February, the ‘new engine’ branch of  UEFITool (and the other command line tools) were updated from A32 to A40.

*  Decoding of JEDEC chip IDs and LZMAF86 sections support added in A33
*  GoToOffset dialog (Ctrl+G) and CPU microcode info added in A35
*  Internal GUID database (override in runtime also possible) added in A40
*  Various bugfixes






Nikolaj joins Apple!!

WOW!!, Nikolaj joins Apple!! First they hired Legbacore, now Nikolaj!

As well, UEFITool has new maintainers, Alex and Dmytro!!


Reversing DXE drivers

Bruno Pujos has a presentation entitled  “Introduction to Reversing DXE drivers” from February of this year.


If anyone knows where to find Audio or Video of this presentation, PLEASE leave a comment with an URL! Thanks.