

Exploiting UEFI boot script table vulnerability - 2510c39011c5
http://blog.cr4.sh/2015/02/exploiting-uefi-boot-script-table.html

======
concernedctzn
A good writeup and worth it for the links alone. Does a good job of mentioning
existing tools and previous talks on the topic.

The chipsec tool looks pretty useful for evaluating your setup:
[https://github.com/chipsec/chipsec](https://github.com/chipsec/chipsec)

Also the UEFI parser [https://github.com/theopolis/uefi-firmware-
parser](https://github.com/theopolis/uefi-firmware-parser) looks to be really
useful if you want to dig deeper.

~~~
tryp
By mundane coincidence, I discovered uefi-firmware-parser yesterday. Along
with a radare2 session, it made it much easier to find a null-pointer
dereference in an Intel FSP binary blob.

------
vanzard
It is very strange his motherboard splits the BIOS on 2 SPI chips of 2
different sizes. I have never seen a vendor do this. Why?

~~~
tryp
The most likely explanation is that 64Mb (8MB) was the highest density part
available in the footprint (SOIC-8?) at the time of manufacture and was priced
at a significant premium to the 32Mb part.

