chipsec.modules.tools.uefi.scan_image module¶

The module can generate a list of EFI executables from (U)EFI firmware file or extracted from flash ROM, and then later check firmware image in flash ROM or file against this list of expected executables

Usage:

chipsec_main -m tools.uefi.scan_image [-a generate|check,<json>,<fw_image>]

generate Generates a list of EFI executable binaries from the UEFI
firmware image (default)
check Decodes UEFI firmware image and checks all EFI executable
binaries against a specified list
json JSON file with configuration of allowed list EFI
executables (default = efilist.json)
fw_image Full file path to UEFI firmware image. If not specified,
the module will dump firmware image directly from ROM

Examples:

>>> chipsec_main -m tools.uefi.scan_image

Creates a list of EFI executable binaries in efilist.json from the firmware image extracted from ROM

>>> chipsec_main -i -n -m tools.uefi.scan_image -a generate,efilist.json,uefi.rom

Creates a list of EFI executable binaries in efilist.json from uefi.rom firmware binary

>>> chipsec_main -i -n -m tools.uefi.scan_image -a check,efilist.json,uefi.rom

Decodes uefi.rom UEFI firmware image binary and checks all EFI executables in it against a list defined in efilist.json

Note

-i and -n arguments can be used when specifying firmware file because the module doesn’t depend on the platform and doesn’t need kernel driver

chipsec.modules.tools.uefi.scan_image module¶

Table of Contents

Previous topic

Next topic