spi_lock module

The configuration of the SPI controller, including protected ranges (PR0-PR4), is locked by HSFS[FLOCKDN] until reset. If not locked, the controller configuration may be bypassed by reprogramming these registers.

This vulnerability (not setting FLOCKDN) is also checked by other tools, including flashrom and Copernicus by MITRE.

This module checks that the SPI Flash Controller configuration is locked.

Reference:

• flashrom

• Copernicus: Question Your Assumptions about BIOS Security

Usage:

chipsec_main -m common.spi_lock

Examples:

>>> chipsec_main.py -m common.spi_lock

Registers used:

• FlashLockDown (control)

• SpiWriteStatusDis (control)