chipsec.modules.common.uefi.access_platform module¶

UEFI Variables Access Control Test for Platform Specific Variables

Checks protection of UEFI variables of concern. This test module checks against a list of variable names that have previously required protection on some platforms. When using this test, BIOS developers can add/substitute their own list of “variables of concern”

Returns WARNING when it finds a UEFI variables which can contain sensitive data but does not have protections.

Reference:

UEFI Specification, Ver 2.8 - Section 3.3
Platform specific threat model

Usage:

chipsec_main -m common.uefi.access_platform [-a modify]

-a modify: Attempt to modify each variable in addition to checking protection attributes

Where:

[]: optional line

Examples:

>>> chipsec_main.py -m common.uefi.access_platform
>>> chipsec_main.py -m common.uefi.access_platform -a modify

Note

There may be other protections not inspected by the module in the default configuration.
Requires an OS with UEFI Runtime API support.

chipsec.modules.common.uefi.access_platform module¶

Table of Contents

Previous topic

Next topic