Platform Security Assessment Framework: ChipSec

Monday, June 5, 2017

Platform Security Assessment Framework: ChipSec

1:07 PM Leave a Reply

Platform Security Assessment Framework

     CHIPSEC is a framework for analyzing security of PC platforms including hardware, system firmware including BIOS/UEFI and the configuration of platform components. It allows creating security test suite, security assessment tools for various low level components and interfaces as well as forensic capabilities for firmware.

Platform Security Assessment Framework: ChipSecCHIPSEC can run on any of these environments:



Windows (client and server)
Linux
UEFI Shell
NOTE: This software is for security testing purposes. Use at your own risk.








Platform Security Assessment Framework: ChipSec Installation

    CHIPSEC supports Windows, Linux, and UEFI shell. Circumstances surrounding the target platform may change which of these environments is most appropriate. When running as part of a corporate IT management infrastructure, Windows may be preferred. However, sometimes it may be preferable to assess the platform security without interfering with the normal operating system. In these instances, CHIPSEC may be run from a bootable USB thumb drive – either a Live Linux image or a UEFI shell.



Linux Installation

Tested on:

Linux 3.2.6 x32 (Mint/Ubuntu)
Linux 2.6.32 x32 (Ubuntu)
Fedora 20 LXDE 64bit
Creating a Live Linux image with CHIPSEC:

Download things you will need:
Download chipsec
liveusb-creator: https://fedorahosted.org/liveusb-creator/
desired Linux image (e.g. 64bit Fedora 20 LXDE)
Use liveusb-creator to image a USB stick with the desired linux image. Include as much persistent storage as possible.
Reboot to USB
Update and install necessary packageson Fedora: #> yum install kernel kernel-devel python python-devel gcc nasmon Debian-based distros (eg. Ubuntu): #> apt-get isntall linux-headers-*-all python python-devel gcc
Copy chipsec to the USB stick
Installing CHIPSEC:

Build Linux driver for CHIPSEC
#> cd source/drivers/linux
#> make
Load CHIPSEC driver in running system
#> cd source/drivers/linux
#> sudo bash run.sh
Run CHIPSEC
#> cd source/tool
#> sudo python chipsec_main.py (or #> sudo python chipsec_util.py)


Windows Install

Supports the following client versions:

Windows 8 x86 and AMD64
Windows 7 x86 and AMD64
Windows XP (support discontinued)
Supports the following server versions:

Windows Server 2012 x86 and AMD64
Windows Server 2008 x86 and AMD64


Platform Security Assessment Framework: ChipSec windows installation guide



Usage

Open elevated Windows command shell (CMD.EXE) as Administrator

In command shell, run chipsec_main.py > python chipsec_main.py –help
USAGE: chipsec_main.py [options]
OPTIONS:
-m --module             specify module to run (example: -m common.bios)
-a --module_args        additional module arguments, format is 'arg0,arg1..'
-v --verbose            verbose mode
-l --log                output to log file

ADVANCED OPTIONS:
-p --platform           explicitly specify platform code. Should be among the supported platforms:
                        [ SNB | IVB | JKT | BYT | IVT | HSW ]
-n --no_driver          chipsec won't need kernel mode functions so don't load chipsec driver
-i --ignore_platform    run chipsec even if the platform is not recognized
-e --exists             chipsec service has already been manually installed and started (driver loaded).
-x --xml                specify filename for xml output (JUnit style).
-t --moduletype         run tests of a specific type (tag).
   --list_tags          list all the available options for -t,--moduletype
-I --import             specify additional path to load modules from




Components/Structure

Core components

chipsec_main.py                   - main application logic and automation functions
chipsec_util.py                   - utility functions (access to various hardware resources)
chipsec/chipset.py                - chipset detection
chipsec/logger.py                 - logging functions
chipsec/file.py                   - reading from/writing to files
chipsec/module_common.py          - common include file for modules
chipsec/helper/oshelper.py        - OS helper: wrapper around platform specific code that invokes kernel driver
chipsec/helper/xmlout.py          - support for JUnit compatible XML output (-x command-line option)


HW Abstraction Layer (HAL)

chipsec/hal/                      - components responsible for access to hardware (Hardware Abstraction Layer):
chipsec/hal/pci.py                - Access to PCIe config space
chipsec/hal/pcidb.py              - Database of PCIe vendor and device IDs
chipsec/hal/physmem.py            - Access to physical memory
chipsec/hal/msr.py                - Access to CPU resources (for each CPU thread): Model Specific Registers (MSR), IDT/GDT
chipsec/hal/mmio.py               - Access to MMIO (Memory Mapped IO) BARs and Memory-Mapped PCI Configuration Space (MMCFG)
chipsec/hal/spi.py                - Access to SPI Flash parts
chipsec/hal/ucode.py              - Microcode update specific functionality (for each CPU thread)
chipsec/hal/io.py                 - Access to Port I/O Space
chipsec/hal/iobar.py              - Access to I/O Ranges
chipsec/hal/smbus.py              - Access to SMBus Controller in the PCH
chipsec/hal/uefi.py               - Main UEFI component using platform specific and common UEFI functionality
chipsec/hal/uefi_common.py        - Common UEFI functionality (EFI variables, db/dbx decode, etc.)
chipsec/hal/uefi_platform.py      - Platform specific UEFI functionality (parsing platform specific EFI NVRAM, capsules, etc.)
chipsec/hal/interrupts.py         - CPU Interrupts specific functions (SMI, NMI)
chipsec/hal/cmos.py               - CMOS memory specific functions (dump, read/write)
chipsec/hal/cpuid.py              - CPUID information
chipsec/hal/spi_descriptor.py     - SPI Flash Descriptor binary parsing functionality


OS/Environment Helpers

chipsec/helper/win/               - Windows helper
chipsec/helper/linux/             - Linux helper
chipsec/helper/efi/               - UEFI/EFI shell helper


Platform Configuration

chipsec/cfg/                      - platform specific configuration includes:
chipsec/cfg/common.py             - common configuration
chipsec/cfg/<platform>.py         - configuration for a specific <platform>


Utility command-line scripts

chipsec/utilcmd/                  - command-line extensions for chipsec_util.py
chipsec/utilcmd/<command>_cmd.py  - implements "chipsec_util <command>" command-line extension


Modules (security tests, tools)

chipsec/modules/                            - modules including tests or tools (that's where most of the chipsec functionality is)
chipsec/modules/common/                     - modules common to all platforms
chipsec/modules/<platform_code>/            - modules specific to <platform_code> platform

chipsec/modules/tools/                      - security tools based on CHIP SEC framework (fuzzers, etc.)


Auxiliary components

bist.cmd                                    - built-in self test for various basic HW functionality to make sure it's not broken
setup.py                                    - setup script to install CHIP SEC as a package


Executable build scripts

<CHIPSEC_ROOT>/build/build_exe_*.py         - make files to build Windows executables

Download

0 comments :