This module checks current contents of UEFI firmware ROM or specified firmware image for blocked EFI binaries which can be EFI firmware volumes, EFI executable binaries (PEI modules, DXE drivers..) or EFI sections. The module can find EFI binaries by their UI names, EFI GUIDs, MD5/SHA-1/SHA-256 hashes or contents matching specified regular expressions.
Important! This module can only detect what it knows about from its config file. If a bad or vulnerable binary is not detected then its ‘signature’ needs to be added to the config.
chipsec_main.py -i -m tools.uefi.scan_blocked [-a <fw_image>,<blockedlist>]
fw_imageFull file path to UEFI firmware image. If not specified, the module will dump firmware image directly from ROM
blockedlistJSON file with configuration of blocked EFI binaries (default =
blockedlist.json). Config file should be located in the same directory as this module
>>> chipsec_main.py -m tools.uefi.scan_blocked
Dumps UEFI firmware image from flash memory device, decodes it and checks for blocked EFI modules defined in the default config
>>> chipsec_main.py -i --no_driver -m tools.uefi.scan_blocked -a uefi.rom,blockedlist.json
uefi.rom binary with UEFI firmware image and checks for blocked EFI modules defined in
--no_driverarguments can be used in this case because the test does not depend on the platform and no kernel driver is required when firmware image is specified