Up until a few months ago, the primary focus of cybersecurity was on software and vulnerabilities within the software. Researchers had looked at the possibility of chip-level vulnerabilities and then came Spectre and Meltdown. These two chip-level vulnerabilities exposed the reality that our cybersecurity practices should focus on hardware related issues as well.
Although these vulnerabilities exploit problems with the actual processor, it brings to light possibilities of vulnerabilities in the BIOS and UEFI as well. There are several different tools available to help in the assessment of a BIOS or UEFI chip to determine if the flash memory was written correctly. Today we will be looking specifically at a tool called CHIPSEC. CHIPSEC is a tool produced by Intel. According to Intel (2017), CHIPSEC is an open source framework capable of analyzing low-level protection measures, and potential misconfigurations of hardware, firmware, and other platform components.
Depending on the amount of risk one is willing to assume will determine what type of installation of CHIPSEC will be chosen. It is possible to install it directly into the operating system, but it increases risks because of the requirement to modify other system settings that impact security. The best way to go, in my opinion, is to create a bootable flash drive with a UEFI shell and the CHIPSEC scripts on the flash drive. This allows for easier assessment of systems because you are not tied to just one platform. The instructions presented on Github provide step by step guidance that increases the ease of installation or flash drive development. If you are like me and are curious about the possible vulnerabilities in the lower levels of my computer I recommend giving CHIPSEC a try and see what you might discover about your system’s configuration. If you would like to check out the source code, it is available at https://github.com/chipsec/chipsec .