chipsec.modules.common.spi_lock moduleΒΆ

The configuration of the SPI controller, including protected ranges (PR0-PR4), is locked by HSFS[FLOCKDN] until reset. If not locked, the controller configuration may be bypassed by reprogramming these registers.

This vulnerability (not setting FLOCKDN) is also checked by other tools, including flashrom and Copernicus by MITRE.

This module checks that the SPI Flash Controller configuration is locked.


chipsec_main -m common.spi_lock

>>> -m common.spi_lock
Registers used:
  • FlashLockDown (control)

  • SpiWriteStatusDis (control)