rogue_mmio_bar module

Experimental module that may help checking SMM firmware for MMIO BAR hijacking vulnerabilities described in the following presentation:

BARing the System: New vulnerabilities in Coreboot & UEFI based systems by Intel Advanced Threat Research team at RECon Brussels 2017

Usage:

chipsec_main -m tools.smm.rogue_mmio_bar [-a <smi_start:smi_end>,<b:d.f>]

• smi_start:smi_end: range of SMI codes (written to IO port 0xB2)

• b:d.f: PCIe bus/device/function in b:d.f format (in hex)

Example:

>>> chipsec_main.py -m tools.smm.rogue_mmio_bar -a 0x00:0x80
>>> chipsec_main.py -m tools.smm.rogue_mmio_bar -a 0x00:0xFF,0:1C.0

Note

Look for ‘changes found’ messages for items that should be further investigated.

Warning

When running this test, system may freeze, reboot, etc. This is not unexpected behavior and not generally considered a failure.