Advanced Threat Research

Increasingly, people around the world depend on technology for their daily activities. Making this technology trustworthy involves a deep understanding of how attacks work. By researching security vulnerabilities, the Advanced Threat Research (ATR) team in Intel Security discovers opportunities to drive toward more secure technology.

 
Home | Research | Threat Intelligence | CHIPSEC
 

CHIPSEC - Open Source Platform Security Assessment Framework

Last updated: 2016-04-18

CHIPSEC is a framework for platform security assessment, enabling security research, testing, and forensics. We originally created it to help internal teams find and mitigate vulnerabilities in platform firmware and hardware. We have released it as open source so that the external community can benefit from increased confidence in platform security.

You can extend CHIPSEC with modules that test firmware for known vulnerabilities, test that hardware protections are used and configured securely, fuzz firmware/hardware interfaces, extract low-level platform code and configuration to perform forensics and incident response, or just explore your platform capabilities. You can use it to test hypervisors (VMM), system boot firmware (UEFI, BIOS or Coreboot), low-level security technologies such as secure boot, application or graphics processors/SoCs, or any other hardware or firmware component on the platform.

CHIPSEC is available on github. A public email list is also avalable.

It has been presented at Black Hat USA 2014 Arsenal and CanSecWest 2014.


Workshop: Security below the OS with CHIPSEC Framework | 2016-03-16

Researchers from the ATR team gave a 2-day workshop Security below the OS with CHIPSEC Framework in March at TROOPERS 16 security conference in Heidelberg, Germany.

Summary: A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, UEFI secure boot and OS loaders. This workshop provides a hands-on opportunity to learn how to use an open source CHIPSEC framework (https://github.com/chipsec/chipsec) to test systems for vulnerabilities in low-level platform firmware components, problems with firmware security protections as well as develop your own modules in CHIPSEC which test for known issues or implement tools identifying new issues.