rogue_mmio_bar module

Experimental module that may help checking SMM firmware for MMIO BAR hijacking vulnerabilities described in the following presentation:

BARing the System: New vulnerabilities in Coreboot & UEFI based systems by Intel Advanced Threat Research team at RECon Brussels 2017


chipsec_main -m tools.smm.rogue_mmio_bar [-a <smi_start:smi_end>,<b:d.f>]

  • smi_start:smi_end: range of SMI codes (written to IO port 0xB2)

  • b:d.f: PCIe bus/device/function in b:d.f format (in hex)

>>> -m tools.smm.rogue_mmio_bar -a 0x00:0x80
>>> -m tools.smm.rogue_mmio_bar -a 0x00:0xFF,0:1C.0


Look for ‘changes found’ messages for items that should be further investigated.


When running this test, system may freeze, reboot, etc. This is not unexpected behavior and not generally considered a failure.