CHIPSEC notes

The following is some quick notes on using CHIPSEC to compare the EFI whitelist on your current machine with the BIOS Dell provides

Quick notes.

  1. Install prerequisites (Uses python 2)
  2. Git clone Chipsec
  3. Install (Had to use a -i option, is in the manual)
  4. Run (Use spaces like below)

Extract Bios ROM from Dell EXE
Use the BIOS exe to output a .rom file that you can use in Linux. Run the following command from Windows command prompt, accept the security request. Change the EXE to the BIOS you downloaded.

Alienware_17_R2_1.5.0.EXE /writeromfile

The BIOS rom is named dell.rom in the following commands

Get list of Computer ROM

Should create fw.bin file and efilist.json file from local machine

sudo python chipsec_main.py -m tools.uefi.whitelist

Get list from Dell rom

sudo python chipsec_main.py -m tools.uefi.whitelist -a generate efilist.json dell.rom

Compare the current ROM against the one downloaded from Dell

sudo python chipsec_main.py -m tools.uefi.whitelist -a check efilist.json fw.bin

For some reason Ubuntu was not recognizing the last three options after the -a as individual options unless there was a space in between them.  All the examples online show that they had commas between them.  Which should work, so wonder if it was an environment variable problem or something.

The tell tell sign was the [*] Module arguments Line only shows 1 argument, needs 3.

Other links

Install instructions here.
https://github.com/chipsec/chipsec/wiki/Installing-CHIPSEC-in-Linux

LUV Linux download
https://01.org/linux-uefi-validation

Manual
https://github.com/chipsec/chipsec/blob/master/chipsec-manual.pdf