################################################################ ## ## ## CHIPSEC: Platform Hardware Security Assessment Framework ## ## ## ################################################################ [CHIPSEC] Version 1.5.1 [CHIPSEC] Arguments:   ****** Chipsec Linux Kernel module is licensed under GPL 2.0 [CHIPSEC] API mode: using CHIPSEC kernel module API [CHIPSEC] OS : Linux 5.6.0-2-amd64 #1 SMP Debian 5.6.14-1 (2020-05-23) x86_64 [CHIPSEC] Python : 3.8.3 (64-bit) [CHIPSEC] Helper : LinuxHelper (/home/user/Downloads/chipsec-1.5.1/chipsec/helper/linux/chipsec.ko) [CHIPSEC] Platform: Mobile 3rd Generation Core Processor (Ivy Bridge CPU / Panther Point PCH) [CHIPSEC] VID: 8086 [CHIPSEC] DID: 0154 [CHIPSEC] RID: 09 [CHIPSEC] PCH : Default PCH [CHIPSEC] VID: FFFF [CHIPSEC] DID: FFFF [CHIPSEC] RID: FF   [*] loading common modules from "./chipsec/modules/common" .. [+] loaded chipsec.modules.common.bios_kbrd_buffer [+] loaded chipsec.modules.common.bios_smi [+] loaded chipsec.modules.common.bios_ts [+] loaded chipsec.modules.common.bios_wp [+] loaded chipsec.modules.common.cpu.cpu_info [+] loaded chipsec.modules.common.cpu.ia_untrusted [+] loaded chipsec.modules.common.cpu.spectre_v2 [+] loaded chipsec.modules.common.ia32cfg [+] loaded chipsec.modules.common.me_mfg_mode [+] loaded chipsec.modules.common.memlock [+] loaded chipsec.modules.common.rtclock [+] loaded chipsec.modules.common.secureboot.variables [+] loaded chipsec.modules.common.sgx_check [+] loaded chipsec.modules.common.smm [+] loaded chipsec.modules.common.smrr [+] loaded chipsec.modules.common.spd_wd [+] loaded chipsec.modules.common.spi_access [+] loaded chipsec.modules.common.spi_desc [+] loaded chipsec.modules.common.spi_fdopss [+] loaded chipsec.modules.common.spi_lock [+] loaded chipsec.modules.common.uefi.access_uefispec [+] loaded chipsec.modules.common.uefi.s3bootscript [*] loading platform specific modules from "./chipsec/modules/ivb" .. [+] loaded chipsec.modules.common.bios_kbrd_buffer [+] loaded chipsec.modules.common.bios_smi [+] loaded chipsec.modules.common.bios_ts [+] loaded chipsec.modules.common.bios_wp [+] loaded chipsec.modules.common.cpu.cpu_info [+] loaded chipsec.modules.common.cpu.ia_untrusted [+] loaded chipsec.modules.common.cpu.spectre_v2 [+] loaded chipsec.modules.common.ia32cfg [+] loaded chipsec.modules.common.me_mfg_mode [+] loaded chipsec.modules.common.memlock [+] loaded chipsec.modules.common.rtclock [+] loaded chipsec.modules.common.secureboot.variables [+] loaded chipsec.modules.common.sgx_check [+] loaded chipsec.modules.common.smm [+] loaded chipsec.modules.common.smrr [+] loaded chipsec.modules.common.spd_wd [+] loaded chipsec.modules.common.spi_access [+] loaded chipsec.modules.common.spi_desc [+] loaded chipsec.modules.common.spi_fdopss [+] loaded chipsec.modules.common.spi_lock [+] loaded chipsec.modules.common.uefi.access_uefispec [+] loaded chipsec.modules.common.uefi.s3bootscript [*] loading modules from "./chipsec/modules" .. [+] loaded chipsec.modules.common.bios_kbrd_buffer [+] loaded chipsec.modules.common.bios_smi [+] loaded chipsec.modules.common.bios_ts [+] loaded chipsec.modules.common.bios_wp [+] loaded chipsec.modules.common.cpu.cpu_info [+] loaded chipsec.modules.common.cpu.ia_untrusted [+] loaded chipsec.modules.common.cpu.spectre_v2 [+] loaded chipsec.modules.common.ia32cfg [+] loaded chipsec.modules.common.me_mfg_mode [+] loaded chipsec.modules.common.memlock [+] loaded chipsec.modules.common.rtclock [+] loaded chipsec.modules.common.secureboot.variables [+] loaded chipsec.modules.common.sgx_check [+] loaded chipsec.modules.common.smm [+] loaded chipsec.modules.common.smrr [+] loaded chipsec.modules.common.spd_wd [+] loaded chipsec.modules.common.spi_access [+] loaded chipsec.modules.common.spi_desc [+] loaded chipsec.modules.common.spi_fdopss [+] loaded chipsec.modules.common.spi_lock [+] loaded chipsec.modules.common.uefi.access_uefispec [+] loaded chipsec.modules.common.uefi.s3bootscript [+] loaded chipsec.modules.debugenabled [+] loaded chipsec.modules.memconfig [+] loaded chipsec.modules.remap [+] loaded chipsec.modules.smm_dma [*] running loaded modules ..  [*] running module: chipsec.modules.common.bios_kbrd_buffer [x][ ======================================================================= [x][ Module: Pre-boot Passwords in the BIOS Keyboard Buffer [x][ ======================================================================= [*] Keyboard buffer head pointer = 0x24 (at 0x41A), tail pointer = 0x24 (at 0x41C) [*] Keyboard buffer contents (at 0x41E): 1B 01 32 03 0D 1C 00 00 00 00 00 00 00 00 00 00 | 2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |  [-] Keyboard buffer tail points inside the buffer (= 0x24) ERROR: Exception occurred during chipsec.modules.common.bios_kbrd_buffer.run(): 'Unknown format code 'd' for object of type 'float''  [*] running module: chipsec.modules.common.bios_smi [x][ ======================================================================= [x][ Module: SMI Events Configuration [x][ ======================================================================= [-] SMM BIOS region write protection has not been enabled (SMM_BWP is not used)  [*] Checking SMI enables..  Global SMI enable: 1  TCO SMI enable : 1 [+] All required SMI events are enabled  [*] Checking SMI configuration locks.. [+] TCO SMI configuration is locked (TCO SMI Lock) [+] SMI events global configuration is locked (SMI Lock)  [+] PASSED: All required SMI sources seem to be enabled and locked  [*] running module: chipsec.modules.common.bios_ts [x][ ======================================================================= [x][ Module: BIOS Interface Lock (including Top Swap Mode) [x][ ======================================================================= [*] BiosInterfaceLockDown (BILD) control = 1 [*] BIOS Top Swap mode is disabled (TSS = 0) [*] RTC TopSwap control (TS) = 0 [+] PASSED: BIOS Interface is locked (including Top Swap Mode)  [*] running module: chipsec.modules.common.bios_wp [x][ ======================================================================= [x][ Module: BIOS Region Write Protection [x][ ======================================================================= [*] BC = 0x09 << BIOS Control (b:d.f 00:31.0 + 0xDC) [00] BIOSWE = 1 << BIOS Write Enable [01] BLE = 0 << BIOS Lock Enable [02] SRC = 2 << SPI Read Configuration [04] TSS = 0 << Top Swap Status [05] SMM_BWP = 0 << SMM BIOS Write Protection  [-] BIOS region write protection is disabled!  [*] BIOS Region: Base = 0x00500000, Limit = 0x00BFFFFF SPI Protected Ranges ------------------------------------------------------------ PRx (offset) | Value | Base | Limit | WP? | RP? ------------------------------------------------------------ PR0 (74) | 8BFF8000 | 00000000 | 00BFFFFF | 1 | 1  PR1 (78) | 00000000 | 00000000 | 00000000 | 0 | 0  PR2 (7C) | 00000000 | 00000000 | 00000000 | 0 | 0  PR3 (80) | 00000000 | 00000000 | 00000000 | 0 | 0  PR4 (84) | 00000000 | 00000000 | 00000000 | 0 | 0   [+] PASSED: SPI Protected Ranges are configured to write protect BIOS  [*] running module: chipsec.modules.common.cpu.cpu_info [x][ ======================================================================= [x][ Module: Current Processor Information: [x][ ======================================================================= [*] Thread 0000 [*] Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz [*] Family: 06 Model: 3A Stepping: 9 [*] Microcode: 00000021 [*] [*] Thread 0001 [*] Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz [*] Family: 06 Model: 3A Stepping: 9 [*] Microcode: 00000021 [*] [*] Thread 0002 [*] Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz [*] Family: 06 Model: 3A Stepping: 9 [*] Microcode: 00000021 [*] [*] Thread 0003 [*] Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz [*] Family: 06 Model: 3A Stepping: 9 [*] Microcode: 00000021 [*] [#] INFORMATION: Processor information displayed  [*] running module: chipsec.modules.common.cpu.ia_untrusted Skipping module chipsec.modules.common.cpu.ia_untrusted since it is not supported in this platform  [*] running module: chipsec.modules.common.cpu.spectre_v2 [x][ ======================================================================= [x][ Module: Checks for Branch Target Injection / Spectre v2 (CVE-2017-5715) [x][ ======================================================================= [*] CPUID.7H:EDX[26] = 1 Indirect Branch Restricted Speculation (IBRS) & Predictor Barrier (IBPB) [*] CPUID.7H:EDX[27] = 1 Single Thread Indirect Branch Predictors (STIBP) [*] CPUID.7H:EDX[29] = 0 IA32_ARCH_CAPABILITIES [+] CPU supports IBRS and IBPB [+] CPU supports STIBP [-] CPU doesn't support enhanced IBRS [!] WARNING: CPU supports mitigation (IBRS) but doesn't support enhanced IBRS [!] OS may be using software based mitigation (eg. retpoline)  [*] running module: chipsec.modules.common.ia32cfg [x][ ======================================================================= [x][ Module: IA32 Feature Control Lock [x][ ======================================================================= [*] Verifying IA32_Feature_Control MSR is locked on all logical CPUs.. [*] cpu0: IA32_Feature_Control Lock = 1 [*] cpu1: IA32_Feature_Control Lock = 1 [*] cpu2: IA32_Feature_Control Lock = 1 [*] cpu3: IA32_Feature_Control Lock = 1 [+] PASSED: IA32_FEATURE_CONTROL MSR is locked on all logical CPUs  [*] running module: chipsec.modules.common.me_mfg_mode [x][ ======================================================================= [x][ Module: ME Manufacturing Mode [x][ ======================================================================= [-] FAILED: ME is in Manufacturing Mode  [*] running module: chipsec.modules.common.memlock [x][ ======================================================================= [x][ Module: Check MSR_LT_LOCK_MEMORY [x][ ======================================================================= [X] Checking MSR_LT_LOCK_MEMORY status [*] cpu0: MSR_LT_LOCK_MEMORY[LT_LOCK] = 1 [*] cpu1: MSR_LT_LOCK_MEMORY[LT_LOCK] = 1 [*] cpu2: MSR_LT_LOCK_MEMORY[LT_LOCK] = 1 [*] cpu3: MSR_LT_LOCK_MEMORY[LT_LOCK] = 1 [+] PASSED: Check have successfully passed  [*] running module: chipsec.modules.common.rtclock [x][ ======================================================================= [x][ Module: Protected RTC memory locations [x][ ======================================================================= [*] RC = 0x00000004 << RTC Configuration (RCBA + 0x3400) [02] UE = 1 << Upper 128 Byte Enable [03] LL = 0 << Lower 128 Byte Lock [04] UL = 0 << Upper 128 Byte Lock  [-] Protected bytes (0x38-0x3F) in low 128-byte bank of RTC memory are not locked [-] Protected bytes (0x38-0x3F) in high 128-byte bank of RTC memory are not locked [!] WARNING: Protected locations in RTC memory are accessible (BIOS may not be using them)  [*] running module: chipsec.modules.common.secureboot.variables [*] NOT IMPLEMENTED: OS does not support UEFI Runtime API Skipping module chipsec.modules.common.secureboot.variables since it is not supported in this platform  [*] running module: chipsec.modules.common.sgx_check Skipping module chipsec.modules.common.sgx_check since it is not supported in this platform  [*] running module: chipsec.modules.common.smm [x][ ======================================================================= [x][ Module: Compatible SMM memory (SMRAM) Protection [x][ ======================================================================= [*] PCI0.0.0_SMRAMC = 0x1A << System Management RAM Control (b:d.f 00:00.0 + 0x88) [00] C_BASE_SEG = 2 << SMRAM Base Segment = 010b [03] G_SMRAME = 1 << SMRAM Enabled [04] D_LCK = 1 << SMRAM Locked [05] D_CLS = 0 << SMRAM Closed [06] D_OPEN = 0 << SMRAM Open  [*] Compatible SMRAM is enabled [+] PASSED: Compatible SMRAM is locked down  [*] running module: chipsec.modules.common.smrr [x][ ======================================================================= [x][ Module: CPU SMM Cache Poisoning / System Management Range Registers [x][ ======================================================================= [+] OK. SMRR range protection is supported  [*] Checking SMRR range base programming.. [*] IA32_SMRR_PHYSBASE = 0xC0000006 << SMRR Base Address MSR (MSR 0x1F2) [00] Type = 6 << SMRR memory type [12] PhysBase = C0000 << SMRR physical base address  [*] SMRR range base: 0x00000000C0000000 [*] SMRR range memory type is Writeback (WB) [+] OK so far. SMRR range base is programmed  [*] Checking SMRR range mask programming.. [*] IA32_SMRR_PHYSMASK = 0xFF800800 << SMRR Range Mask MSR (MSR 0x1F3) [11] Valid = 1 << SMRR valid [12] PhysMask = FF800 << SMRR address range mask  [*] SMRR range mask: 0x00000000FF800000 [+] OK so far. SMRR range is enabled  [*] Verifying that SMRR range base & mask are the same on all logical CPUs.. [CPU0] SMRR_PHYSBASE = 00000000C0000006, SMRR_PHYSMASK = 00000000FF800800 [CPU1] SMRR_PHYSBASE = 00000000C0000006, SMRR_PHYSMASK = 00000000FF800800 [CPU2] SMRR_PHYSBASE = 00000000C0000006, SMRR_PHYSMASK = 00000000FF800800 [CPU3] SMRR_PHYSBASE = 00000000C0000006, SMRR_PHYSMASK = 00000000FF800800 [+] OK so far. SMRR range base/mask match on all logical CPUs [*] Trying to read memory at SMRR base 0xC0000000.. [+] PASSED: SMRR reads are blocked in non-SMM mode  [+] PASSED: SMRR protection against cache attack is properly configured  [*] running module: chipsec.modules.common.spd_wd [x][ ======================================================================= [x][ Module: SPD Write Disable [x][ ======================================================================= [-] FAILED: SPD Write Disable is not set and SPDs were detected  [*] running module: chipsec.modules.common.spi_access [x][ ======================================================================= [x][ Module: SPI Flash Region Access Control [x][ ======================================================================= SPI Flash Region Access Permissions ------------------------------------------------------------  BIOS Region Write Access Grant (00):  FREG0_FLASHD: 0  FREG1_BIOS : 0  FREG2_ME : 0  FREG3_GBE : 0  FREG4_PD : 0  FREG5 : 0  FREG6 : 0 BIOS Region Read Access Grant (00):  FREG0_FLASHD: 0  FREG1_BIOS : 0  FREG2_ME : 0  FREG3_GBE : 0  FREG4_PD : 0  FREG5 : 0  FREG6 : 0 BIOS Region Write Access (AA):  FREG0_FLASHD: 0  FREG1_BIOS : 1  FREG2_ME : 0  FREG3_GBE : 1  FREG4_PD : 0  FREG5 : 1  FREG6 : 0 BIOS Region Read Access (B0B):  FREG0_FLASHD: 1  FREG1_BIOS : 1  FREG2_ME : 0  FREG3_GBE : 1  FREG4_PD : 0  FREG5 : 0  FREG6 : 0 [!] WARNING: Software has write access to GBe region in SPI flash [!] WARNING: Certain SPI flash regions are writeable by software  [*] running module: chipsec.modules.common.spi_desc [x][ ======================================================================= [x][ Module: SPI Flash Region Access Control [x][ ======================================================================= [*] FRAP = 0x00000A0B << SPI Flash Regions Access Permissions Register (SPIBAR + 0x50) [00] BRRA = B << BIOS Region Read Access [08] BRWA = A << BIOS Region Write Access [16] BMRAG = 0 << BIOS Master Read Access Grant [24] BMWAG = 0 << BIOS Master Write Access Grant  [*] Software access to SPI flash regions: read = 0x0B, write = 0x0A  [+] PASSED: SPI flash permissions prevent SW from writing to flash descriptor  [*] running module: chipsec.modules.common.spi_fdopss [x][ ======================================================================= [x][ Module: SPI Flash Descriptor Security Override Pin-Strap [x][ ======================================================================= [*] HSFS = 0xE008 << Hardware Sequencing Flash Status Register (SPIBAR + 0x4) [00] FDONE = 0 << Flash Cycle Done [01] FCERR = 0 << Flash Cycle Error [02] AEL = 0 << Access Error Log [03] BERASE = 1 << Block/Sector Erase Size [05] SCIP = 0 << SPI cycle in progress [13] FDOPSS = 1 << Flash Descriptor Override Pin-Strap Status [14] FDV = 1 << Flash Descriptor Valid [15] FLOCKDN = 1 << Flash Configuration Lock-Down  [+] PASSED: SPI Flash Descriptor Security Override is disabled  [*] running module: chipsec.modules.common.spi_lock [x][ ======================================================================= [x][ Module: SPI Flash Controller Configuration Locks [x][ ======================================================================= [*] HSFS = 0xE008 << Hardware Sequencing Flash Status Register (SPIBAR + 0x4) [00] FDONE = 0 << Flash Cycle Done [01] FCERR = 0 << Flash Cycle Error [02] AEL = 0 << Access Error Log [03] BERASE = 1 << Block/Sector Erase Size [05] SCIP = 0 << SPI cycle in progress [13] FDOPSS = 1 << Flash Descriptor Override Pin-Strap Status [14] FDV = 1 << Flash Descriptor Valid [15] FLOCKDN = 1 << Flash Configuration Lock-Down  [+] SPI Flash Controller configuration is locked [+] PASSED: SPI Flash Controller locked correctly.  [*] running module: chipsec.modules.common.uefi.access_uefispec [*] NOT IMPLEMENTED: OS does not support UEFI Runtime API Skipping module chipsec.modules.common.uefi.access_uefispec since it is not supported in this platform  [*] running module: chipsec.modules.common.uefi.s3bootscript [*] NOT IMPLEMENTED: OS does not support UEFI Runtime API Skipping module chipsec.modules.common.uefi.s3bootscript since it is not supported in this platform  [*] running module: chipsec.modules.debugenabled [*] NOT IMPLEMENTED: CPU Debug features are not supported on this platform Skipping module chipsec.modules.debugenabled since it is not supported in this platform  [*] running module: chipsec.modules.memconfig [x][ ======================================================================= [x][ Module: Host Bridge Memory Map Locks [x][ ======================================================================= [*] [*] Checking register lock state: [+] PCI0.0.0_BDSM = 0x C0A00001 - LOCKED - Base of Graphics Stolen Memory [+] PCI0.0.0_BGSM = 0x C0800001 - LOCKED - Base of GTT Stolen Memory [+] PCI0.0.0_DPR = 0x C0000001 - LOCKED - DMA Protected Range [+] PCI0.0.0_GGC = 0x 209 - LOCKED - Graphics Control [+] PCI0.0.0_MESEG_MASK = 0x 400 - LOCKED - Manageability Engine Limit Address Register [+] PCI0.0.0_PAVPC = 0x 4 - LOCKED - PAVP Configuration [+] PCI0.0.0_REMAPBASE = 0x 100000001 - LOCKED - Memory Remap Base Address [+] PCI0.0.0_REMAPLIMIT = 0x 13D500001 - LOCKED - Memory Remap Limit Address [+] PCI0.0.0_TOLUD = 0x C2A00001 - LOCKED - Top of Low Usable DRAM [+] PCI0.0.0_TOM = 0x 100000001 - LOCKED - Top of Memory [+] PCI0.0.0_TOUUD = 0x 13D600001 - LOCKED - Top of Upper Usable DRAM [+] PCI0.0.0_TSEGMB = 0x C0000001 - LOCKED - TSEG Memory Base [*] [+] PASSED: All memory map registers seem to be locked down  [*] running module: chipsec.modules.remap [x][ ======================================================================= [x][ Module: Memory Remapping Configuration [x][ ======================================================================= [*] Registers: [*] TOUUD : 0x000000013D600001 [*] REMAPLIMIT: 0x000000013D500001 [*] REMAPBASE : 0x0000000100000001 [*] TOLUD : 0xC2A00001 [*] TSEGMB : 0xC0000001  [*] Memory Map: [*] Top Of Upper Memory: 0x000000013D600000 [*] Remap Limit Address: 0x000000013D5FFFFF [*] Remap Base Address : 0x0000000100000000 [*] 4GB : 0x0000000100000000 [*] Top Of Low Memory : 0x00000000C2A00000 [*] TSEG (SMRAM) Base : 0x00000000C0000000  [*] checking memory remap configuration.. [*] Memory Remap is enabled [+] Remap window configuration is correct: REMAPBASE <= REMAPLIMIT < TOUUD [+] All addresses are 1MB aligned [*] checking if memory remap configuration is locked.. [+] TOUUD is locked [+] TOLUD is locked [+] REMAPBASE and REMAPLIMIT are locked [+] PASSED: Memory Remap is configured correctly and locked  [*] running module: chipsec.modules.smm_dma [x][ ======================================================================= [x][ Module: SMM TSEG Range Configuration Check [x][ ======================================================================= [*] TSEG : 0x00000000C0000000 - 0x00000000C07FFFFF (size = 0x00800000) [*] SMRR range: 0x00000000C0000000 - 0x00000000C07FFFFF (size = 0x00800000)  [*] checking TSEG range configuration.. [+] TSEG range covers entire SMRAM [+] TSEG range is locked [+] PASSED: TSEG is properly configured. SMRAM is protected from DMA attacks  [CHIPSEC] *************************** SUMMARY *************************** [CHIPSEC] Time elapsed 0.059 [CHIPSEC] Modules total 26 [CHIPSEC] Modules failed to run 1: ERROR: chipsec.modules.common.bios_kbrd_buffer [CHIPSEC] Modules passed 13: [+] PASSED: chipsec.modules.common.bios_smi [+] PASSED: chipsec.modules.common.bios_ts [+] PASSED: chipsec.modules.common.bios_wp [+] PASSED: chipsec.modules.common.ia32cfg [+] PASSED: chipsec.modules.common.memlock [+] PASSED: chipsec.modules.common.smm [+] PASSED: chipsec.modules.common.smrr [+] PASSED: chipsec.modules.common.spi_desc [+] PASSED: chipsec.modules.common.spi_fdopss [+] PASSED: chipsec.modules.common.spi_lock [+] PASSED: chipsec.modules.memconfig [+] PASSED: chipsec.modules.remap [+] PASSED: chipsec.modules.smm_dma [CHIPSEC] Modules information 1: [#] INFORMATION: chipsec.modules.common.cpu.cpu_info [CHIPSEC] Modules failed 2: [-] FAILED: chipsec.modules.common.me_mfg_mode [-] FAILED: chipsec.modules.common.spd_wd [CHIPSEC] Modules with warnings 3: [!] WARNING: chipsec.modules.common.cpu.spectre_v2 [!] WARNING: chipsec.modules.common.rtclock [!] WARNING: chipsec.modules.common.spi_access [CHIPSEC] Modules not implemented 3: [*] NOT IMPLEMENTED: chipsec.modules.common.secureboot.variables [*] NOT IMPLEMENTED: chipsec.modules.common.uefi.access_uefispec [*] NOT IMPLEMENTED: chipsec.modules.common.uefi.s3bootscript [CHIPSEC] Modules not applicable 3: [*] NOT APPLICABLE: chipsec.modules.common.cpu.ia_untrusted [*] NOT APPLICABLE: chipsec.modules.common.sgx_check [*] NOT APPLICABLE: chipsec.modules.debugenabled [CHIPSEC] Modules with exceptions 1: ERROR: chipsec.modules.common.bios_kbrd_buffer [CHIPSEC] *****************************************************************