

CHIPSEC, by Intel – Platform Security Assessment Framework - getdavidhiggins
https://github.com/chipsec/chipsec

======
geofft
I've never really understood what this is supposed to do. What does it check,
and why can't malware fake it out? What are the use cases for running it?

In particular it's pretty easy to build a malicious bootloader that interposes
on EFI variables (like secure boot config) and reports that they contain
things that they don't contain.

~~~
csears
Their goal seems to be providing a more convenient way to talk to the lower-
level hardware interfaces that are normally not reachable from a running OS.
The project includes a generic kernel driver and a python framework for
interacting with that driver.

They mention that this should only be installed on test systems, not end-user
production systems. I think it's designed for use in forensics and
development.

Malware probably could still fake out the interface the driver talks to. Even
good OS-level rootkits leave indications of compromise that can be detected
from the OS. I suspect it's similar with compromised firmware.

Having some visibility is better than no visibility.

