I used chipsec to evaluate my hardware.
And I got following report:
[-] Software has write access to SPI flash descriptor
[-] FAILED: SPI flash permissions allow SW to write flash descriptor
I look at the chipsec source code and find that this is read from frap
register(SPIBAR + 50h).
However I can't find the spec how to read the SPI flash descriptor itself.
I find some code from flashrom:
It reads SPI flash descriptor using MMIO, but also I don't know how to
write it.(it has no effect when write to the same register with read).
Many thanks for the quick answers. I followed the instructions from the
chipsec-manual.pdf of chipsec-1.5.0. In my first test I used python version
from chipsec-1.5.0 (chipsec_uefi_x64.zip) and UEFI-Shell from edk2 release
includes a precompiled UEFI-Shell binary which I used
(edk2-edk2-stable201903/ShellBinPkg/UefiShell/X64). With this setup I got
OSError: [Errno 22] Invalid argument: 'FS0:FS0:chipsec'
Can you tell me your working setup (UEFI-Binary and pyhton version)?
Am Fr., 29. Mai 2020 um 17:13 Uhr schrieb Vorname Nachname <
> Many thanks for the quick answers. I followed the instructions from the
> chipsec-manual.pdf of chipsec-1.5.0. In my first test I used python version
> from chipsec-1.5.0 (chipsec_uefi_x64.zip) and UEFI-Shell from edk2 release
> 2019-03-08 (
> https://github.com/tianocore/edk2/archive/edk2-stable201903.tar.gz). This
> includes a precompiled UEFI-Shell binary which I used
> (edk2-edk2-stable201903/ShellBinPkg/UefiShell/X64). With this setup I got
> this error:
> OSError: [Errno 22] Invalid argument: 'FS0:FS0:chipsec'
> Can you tell me your working setup (UEFI-Binary and pyhton version)?
> Best regards
> Am Fr., 29. Mai 2020 um 00:24 Uhr schrieb Holtsclaw, Brent <
>> Did you follow the instructions from
>> They should have enough information to help out. It sounds like UEFI SHELL
>> is not the problem in this case. Can you elaborate on the python that you
>> are using. There is a python.efi module within the chipsec_uefi zipfile.
>> Python has been modified to include some chipsec specific commands with
>> chipsec. There are steps to reproduce the build, however I'm not sure that
>> they work with the latest EDK and you may need to build from an older
>> version. To my knowledge the code within chipsec is still compatible with
>> python2 at this point and you should be able to use 1.5.0. If you can run
>> chipsec with the debug flag and let us know where it is failing that would
>> -----Original Message-----
>> From: Blibbet <blibbet(a)gmail.com>
>> Sent: Thursday, May 28, 2020 2:55 PM
>> To: Vorname Nachname <ldevlzero(a)gmail.com>
>> Cc: chipsec(a)lists.01.org
>> Subject: [chipsec] Re: chipsec-1.5.0 in EFI Shell
>> What UEFI Shell are you using? "EFI Shell" may mean an ancient one. I
>> think I recall some thread where someone was trying to get CHIPSEC running
>> using an old (1.x?) OEM's shell (Apple?), and they had to provide their own
>> instead. There is an older and a newer UEFI Shell.
>> You should also include info about other Python code you were able to
>> successfully run in this EFI Shell. Maybe CHIPSEC is not the issue, the
>> issue is your EFI Shell and Python.
>> Instead of building your own UEFI Python, what happens when you use the
>> CHIPSEC instructions and use their supplied python.efi? Wasn't there some
>> special CHIPSEC-centric options needed to build Python with? If so, that
>> should be clarified better in build docs.
>> (Granted, it sucks having a security tool ship a pre-compiled Python
>> binary in their source tree, built in an unknown manner, with no checksums,
>> and no reproducable builds, and have the tool rely on this for determining
>> platform security. But that's another issue...)
>> Intel has abandoned CPython V2 for UEFI patch, and is instead is working
>> on MicroPython for UEFI (which has some Python V3 support). Though Python
>> V2 is deprecated and most of world has moved to Python V3, CHIPSEC team is
>> still using/bundling CPython V2, and hasn't switched over to
>> using/relying-on/bundling MicroPython for UEFI.
>> FWIW, I rarely see replies from the team for support questions on this
>> mailing list nor the Google Groups lists. It I was looking for a reply, I'd
>> file a Github issue (and include more info), or use Twitter.
>> You might want to clarify that you're trying to run this on an Intel
>> system, not another ISA (like AMD or ARM or RISC-V), as that'd also not
>> On 5/28/20 7:36 AM, Vorname Nachname wrote:
>> > Hello,
>> > I tried to run chipsec-1.5.0 in EFI Shell without operating system but
>> > unfortunately it doesn't run in the EFI Shell. I ran these commands:
>> > Shell> fs0:
>> > FS0:\> python -^# chipsec_main.py -m debugenabled
>> > This results in a traceback with the last file chipsec/defines.py
>> > called function get_version().
>> > OSError: [Errno 22] Invalud argument: 'FS0:FS0:chipsec'
>> > After that I compiled python 2.7.2 and python 2.7.10 from edk2 package
>> > version edk2-stable201903. This is the last package version with
>> > pyhton inside. With this version of pyhton I received another error
>> > message with the last line:
>> > ImportError: No module named expat; use SimpleXMLTreeBuilder instead.
>> > What is the best way to start the latest version of chipsec in the EFI
>> > Shell? What version of EFI Shell and pyhton is required?
>> > best wishes
>> > Philipp
>> > _______________________________________________
>> > chipsec mailing list -- chipsec(a)lists.01.org To unsubscribe send an
>> > email to chipsec-leave(a)lists.01.org
>> chipsec mailing list -- chipsec(a)lists.01.org To unsubscribe send an
>> email to chipsec-leave(a)lists.01.org
>> chipsec mailing list -- chipsec(a)lists.01.org
>> To unsubscribe send an email to chipsec-leave(a)lists.01.org