by Oleksandr Bazhaniuk, Yuriy Bulygin, Mikhail Gorobets, Andrew Furtak, John Loucaides, Intel Security
You wanted to explore deep corners of your system but didn't know how? System boot firmware, ROMs on expansion cards, I/O devices and their firmware, microprocessors, embedded controllers, memory devices, low-level hardware interfaces, virtualization and hypervisors. You could discover if any of these have known vulnerabilities, configured insecurely or even discover new vulnerabilities and develop proof-of-concept exploits to test these vulnerabilities. Ultimately, you can verify security state of platform components of your system and how effective are the platform security defenses: hardware or virtualization based TEE, secure or trusted boot, firmware anti-tampering mechanisms, hypervisor based isolation... Or maybe you just want to explore hardware and firmware components your system has.
CHIPSEC framework can help you with all of that. Since releasing it three years ago at CanSecWest 2014 significant improvements have been made in the framework - from making it easy to install and use to adding lots of new security capabilities. We'll go over certain representative examples of what you can do with it such as finding vulnerabilities in SMM firmware, analyzing UEFI firmware vulnerabilities, testing hardware security mechanisms of the hypervisors, finding backdoors in UEFI images and more.