scan_image module

The module can generate a list of EFI executables from (U)EFI firmware file or extracted from flash ROM, and then later check firmware image in flash ROM or file against this list of expected executables

chipsec_main -m tools.uefi.scan_image [-a generate|check,<json>,<fw_image>]
  • generate Generates a list of EFI executable binaries from the UEFI

    firmware image (default)

  • check Decodes UEFI firmware image and checks all EFI executable

    binaries against a specified list

  • json JSON file with configuration of allowed list EFI

    executables (default = efilist.json)

  • fw_image Full file path to UEFI firmware image. If not specified,

    the module will dump firmware image directly from ROM


>>> chipsec_main -m tools.uefi.scan_image

Creates a list of EFI executable binaries in efilist.json from the firmware image extracted from ROM

>>> chipsec_main -i -n -m tools.uefi.scan_image -a generate,efilist.json,uefi.rom

Creates a list of EFI executable binaries in efilist.json from uefi.rom firmware binary

>>> chipsec_main -i -n -m tools.uefi.scan_image -a check,efilist.json,uefi.rom

Decodes uefi.rom UEFI firmware image binary and checks all EFI executables in it against a list defined in efilist.json


  • -i and -n arguments can be used when specifying firmware file because the module doesn’t depend on the platform and doesn’t need kernel driver