Increasingly, people around the world depend on technology for their daily activities. Making this technology trustworthy involves a deep understanding of how attacks work. By researching security vulnerabilities, the Advanced Threat Research (ATR) team in Intel Security discovers opportunities to drive toward more secure technology.
Last updated: 2016-04-18
CHIPSEC is a framework for platform security assessment, enabling security research, testing, and forensics. We originally created it to help internal teams find and mitigate vulnerabilities in platform firmware and hardware. We have released it as open source so that the external community can benefit from increased confidence in platform security.
You can extend CHIPSEC with modules that test firmware for known vulnerabilities, test that hardware protections are used and configured securely, fuzz firmware/hardware interfaces, extract low-level platform code and configuration to perform forensics and incident response, or just explore your platform capabilities. You can use it to test hypervisors (VMM), system boot firmware (UEFI, BIOS or Coreboot), low-level security technologies such as secure boot, application or graphics processors/SoCs, or any other hardware or firmware component on the platform.
Workshop: Security below the OS with CHIPSEC Framework | 2016-03-16
Summary: A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, UEFI secure boot and OS loaders. This workshop provides a hands-on opportunity to learn how to use an open source CHIPSEC framework (https://github.com/chipsec/chipsec) to test systems for vulnerabilities in low-level platform firmware components, problems with firmware security protections as well as develop your own modules in CHIPSEC which test for known issues or implement tools identifying new issues.