Platform Security Assessment Framework: ChipSec

ID N0WHERE:26282
Type n0where
Reporter N0where
Modified 2017-03-13T04:15:08


Platform Security Assessment Framework

CHIPSEC is a framework for analyzing security of PC platforms including hardware, system firmware including BIOS/UEFI and the configuration of platform components. It allows creating security test suite, security assessment tools for various low level components and interfaces as well as forensic capabilities for firmware.

Platform Security Assessment Framework: ChipSec CHIPSEC can run on any of these environments:

  1. Windows (client and server)
  2. Linux
  3. UEFI Shell

NOTE: This software is for security testing purposes. Use at your own risk.

Platform Security Assessment Framework: ChipSec Installation

CHIPSEC supports Windows, Linux, and UEFI shell. Circumstances surrounding the target platform may change which of these environments is most appropriate. When running as part of a corporate IT management infrastructure, Windows may be preferred. However, sometimes it may be preferable to assess the platform security without interfering with the normal operating system. In these instances, CHIPSEC may be run from a bootable USB thumb drive – either a Live Linux image or a UEFI shell.

Linux Installation

Tested on:

  • Linux 3.2.6 x32 (Mint/Ubuntu)
  • Linux 2.6.32 x32 (Ubuntu)
  • Fedora 20 LXDE 64bit

Creating a Live Linux image with CHIPSEC:

  1. Download things you will need:
  2. Use liveusb-creator to image a USB stick with the desired linux image. Include as much persistent storage as possible.
  3. Reboot to USB
  4. Update and install necessary packageson Fedora: #> yum install kernel kernel-devel python python-devel gcc nasm on Debian-based distros (eg. Ubuntu): #> apt-get isntall linux-headers-*-all python python-devel gcc
  5. Copy chipsec to the USB stick

Installing CHIPSEC:

  1. Build Linux driver for CHIPSEC
    • #> cd source/drivers/linux
    • #> make
  2. Load CHIPSEC driver in running system
    • #> cd source/drivers/linux
    • #> sudo bash
  3. Run CHIPSEC
    • #> cd source/tool
    • #> sudo python (or #> sudo python )

Windows Install

Supports the following client versions:

  • Windows 8 x86 and AMD64
  • Windows 7 x86 and AMD64
  • Windows XP (support discontinued)

Supports the following server versions:

  • Windows Server 2012 x86 and AMD64
  • Windows Server 2008 x86 and AMD64

Platform Security Assessment Framework: ChipSec windows installation guide


Open elevated Windows command shell (CMD.EXE) as Administrator

  • In command shell, run > python –help

    USAGE: [options] OPTIONS: -m --module specify module to run (example: -m common.bios) -a --module_args additional module arguments, format is 'arg0,arg1..' -v --verbose verbose mode -l --log output to log file

    ADVANCED OPTIONS: -p --platform explicitly specify platform code. Should be among the supported platforms: [ SNB | IVB | JKT | BYT | IVT | HSW ] -n --no_driver chipsec won't need kernel mode functions so don't load chipsec driver -i --ignore_platform run chipsec even if the platform is not recognized -e --exists chipsec service has already been manually installed and started (driver loaded). -x --xml specify filename for xml output (JUnit style). -t --moduletype run tests of a specific type (tag). --list_tags list all the available options for -t,--moduletype -I --import specify additional path to load modules from


Core components                   - main application logic and automation functions                   - utility functions (access to various hardware resources)
chipsec/                - chipset detection
chipsec/                 - logging functions
chipsec/                   - reading from/writing to files 
chipsec/          - common include file for modules 
chipsec/helper/        - OS helper: wrapper around platform specific code that invokes kernel driver
chipsec/helper/          - support for JUnit compatible XML output (-x command-line option)

HW Abstraction Layer (HAL)

chipsec/hal/                      - components responsible for access to hardware (Hardware Abstraction Layer):
chipsec/hal/                - Access to PCIe config space
chipsec/hal/              - Database of PCIe vendor and device IDs
chipsec/hal/            - Access to physical memory
chipsec/hal/                - Access to CPU resources (for each CPU thread): Model Specific Registers (MSR), IDT/GDT
chipsec/hal/               - Access to MMIO (Memory Mapped IO) BARs and Memory-Mapped PCI Configuration Space (MMCFG)
chipsec/hal/                - Access to SPI Flash parts
chipsec/hal/              - Microcode update specific functionality (for each CPU thread)
chipsec/hal/                 - Access to Port I/O Space
chipsec/hal/              - Access to I/O Ranges
chipsec/hal/              - Access to SMBus Controller in the PCH
chipsec/hal/               - Main UEFI component using platform specific and common UEFI functionality
chipsec/hal/        - Common UEFI functionality (EFI variables, db/dbx decode, etc.)
chipsec/hal/      - Platform specific UEFI functionality (parsing platform specific EFI NVRAM, capsules, etc.)
chipsec/hal/         - CPU Interrupts specific functions (SMI, NMI)
chipsec/hal/               - CMOS memory specific functions (dump, read/write)
chipsec/hal/              - CPUID information
chipsec/hal/     - SPI Flash Descriptor binary parsing functionality

OS/Environment Helpers

chipsec/helper/win/               - Windows helper
chipsec/helper/linux/             - Linux helper
chipsec/helper/efi/               - UEFI/EFI shell helper

Platform Configuration

chipsec/cfg/                      - platform specific configuration includes:
chipsec/cfg/             - common configuration 
chipsec/cfg/<platform>.py         - configuration for a specific <platform>

Utility command-line scripts

chipsec/utilcmd/                  - command-line extensions for
chipsec/utilcmd/<command>  - implements "chipsec_util <command>" command-line extension

Modules (security tests, tools)

chipsec/modules/                            - modules including tests or tools (that's where most of the chipsec functionality is)
chipsec/modules/common/                     - modules common to all platforms
chipsec/modules/<platform_code>/            - modules specific to <platform_code> platform

chipsec/modules/tools/                      - security tools based on CHIP SEC framework (fuzzers, etc.)

Auxiliary components

bist.cmd                                    - built-in self test for various basic HW functionality to make sure it's not broken                                    - setup script to install CHIP SEC as a package

Executable build scripts

<CHIPSEC_ROOT>/build/build_exe_*.py         - make files to build Windows executables

Platform Security Assessment Framework: ChipSec Documentation

Platform Security Assessment Framework: ChipSec presentation

Platform Security Assessment Framework: ChipSec Download