The whitelisting looks very helpful. My original plan was to dump the complete firmware
image for integrity checking but I was unable to get a good read due to some read locked
areas even an external programmer couldn't read. So this makes for a good
Retesting after a reboot is also a good idea. I will try that and compare results. I
didn't realize so much of the firmware was dynamic. I thought taking a single known
good image would be enough.
The ACPI information also looks quite useful. I have played with fwts some but it is very
complicated. Since the ACPI tables change frequently perhaps I should drop them from the
To answer some of your questions, the test results were generated with version 1.3.0. I
have built chipsec on a usb drive running centos 7. Because of this, yes, I boot from
different media between tests, hdd and usb.
The only changes between tests was normal use, ie reboots, os updates, software use. No
suspect software has been installed, though finding out the python pypi repository had
been compromised did give me a few worries. The reason for the test was a bios info screen
popped up on boot which I found unusual because it normally only does that following a
firmware update and I had not done one.
A few things stand out. You mention MMIO and IOMMU. There are certainly a lot of changes
there including some flags that are switched between 0 and 1 so it appears the
configuration has changed. I leave the BIOS in a static "secure" configuration.
It was in this configuration for both runs, though I do have to enter the bios to enable
usb boot to run chipsec, then after the run I disable it again. It seems that
shouldn't matter but I can't be certain. You mention some devices were
reinitialized. Is this expected behavior? No firmware updates have taken place.
Also I note pci dump has changed. There have been no hardware changes other than usb
devices plugged and unplugged.
You mention the cmos changes are related to real time clock but what about ec dump
Some of the efi variables stand out as well.
Thanks greatly for your help and references. To a non specialist the complexity can seem
Show replies by date