CHIPSEC - Open Source Platform Security Assessment Framework

Last updated: 2016-04-18

CHIPSEC is a framework for platform security assessment, enabling security research, testing, and forensics. We originally created it to help internal teams find and mitigate vulnerabilities in platform firmware and hardware. We have released it as open source so that the external community can benefit from increased confidence in platform security.

You can extend CHIPSEC with modules that test firmware for known vulnerabilities, ensure hardware protections are used and configured securely, fuzz firmware/hardware interfaces, extract low-level platform code and configuration to perform forensics and incident response, or just explore your platform capabilities. You can use it to test hypervisors (VMM), system boot firmware (UEFI, BIOS, or Coreboot), low-level security technologies such as secure boot, application or graphics processors/SoCs, or any other hardware or firmware component on the platform.

CHIPSEC is available on github. A public email list is also available.

It has been presented at Black Hat USA 2014 Arsenal and CanSecWest 2014.

Workshop: Security Below the OS with CHIPSEC Framework | 2016-03-16
Researchers from the ATR team gave a two-day workshop Security below the OS with CHIPSEC Framework in March at TROOPERS 16 security conference in Heidelberg, Germany.
Summary: A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, UEFI secure boot, and OS loaders. This workshop provided a hands-on opportunity to learn how to use an open source CHIPSEC framework (https://github.com/chipsec/chipsec) to test systems for vulnerabilities in low-level platform firmware components, uncover problems with firmware security protections as well as develop your own modules in CHIPSEC which test for known issues or implement tools identifying new issues.