chipsec.modules.tools.uefi.scan_blocked module¶
This module checks current contents of UEFI firmware ROM or specified firmware image for blocked EFI binaries which can be EFI firmware volumes, EFI executable binaries (PEI modules, DXE drivers..) or EFI sections. The module can find EFI binaries by their UI names, EFI GUIDs, MD5/SHA-1/SHA-256 hashes or contents matching specified regular expressions.
Important! This module can only detect what it knows about from its config file. If a bad or vulnerable binary is not detected then its ‘signature’ needs to be added to the config.
- Usage:
chipsec_main.py -i -m tools.uefi.scan_blocked [-a <fw_image>,<blockedlist>]
fw_image
Full file path to UEFI firmware image. If not specified, the module will dump firmware image directly from ROMblockedlist
JSON file with configuration of blocked EFI binaries (default =blockedlist.json
). Config file should be located in the same directory as this module
Examples:
>>> chipsec_main.py -m tools.uefi.scan_blocked
Dumps UEFI firmware image from flash memory device, decodes it and checks for blocked EFI modules defined in the default config blockedlist.json
>>> chipsec_main.py -i --no_driver -m tools.uefi.scan_blocked -a uefi.rom,blockedlist.json
Decodes uefi.rom
binary with UEFI firmware image and checks for blocked EFI modules defined in blockedlist.json
config
Note
-i
and--no_driver
arguments can be used in this case because the test does not depend on the platform and no kernel driver is required when firmware image is specified