chipsec.modules.common.uefi.access_platform module¶
UEFI Variables Access Control Test for Platform Specific Variables
Checks protection of UEFI variables of concern. This test module checks against a list of variable names that have previously required protection on some platforms. When using this test, BIOS developers can add/substitute their own list of “variables of concern”
Returns WARNING when it finds a UEFI variables which can contain sensitive data but does not have protections.
- Reference:
UEFI Specification, Ver 2.8 - Section 3.3
Platform specific threat model
- Usage:
chipsec_main -m common.uefi.access_platform [-a modify]
-a modify
: Attempt to modify each variable in addition to checking protection attributes
- Where:
[]
: optional line
- Examples:
>>> chipsec_main.py -m common.uefi.access_platform >>> chipsec_main.py -m common.uefi.access_platform -a modify
Note
There may be other protections not inspected by the module in the default configuration.
Requires an OS with UEFI Runtime API support.