SHARE
TWEET

mbair-lojax-chipsec240419-log.txt

a guest Apr 23rd, 2019 99 in 336 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ################################################################
  2. ##                                                            ##
  3. ##  CHIPSEC: Platform Hardware Security Assessment Framework  ##
  4. ##                                                            ##
  5. ################################################################
  6. [CHIPSEC] Version 1.3.7
  7. [CHIPSEC] Arguments: -l /home/liveuser/Desktop/chipsec_iout.txt
  8. ****** Chipsec Linux Kernel module is licensed under GPL 2.0
  9. [CHIPSEC] API mode: using CHIPSEC kernel module API
  10. [CHIPSEC] OS      : Linux 4.18.16-300.fc29.x86_64 #1 SMP Sat Oct 20 23:24:08 UTC 2018 x86_64
  11. [CHIPSEC] Platform: Mobile 5th Generation Core Processor (Broadwell M/H / Wildcat Point PCH)
  12. [CHIPSEC]      VID: 8086
  13. [CHIPSEC]      DID: 1604
  14. [CHIPSEC] PCH     : Default PCH
  15. [CHIPSEC]      VID: 8086
  16. [CHIPSEC]      DID: 9CC3
  17.  
  18. [*] loading common modules from "./chipsec/modules/common" ..
  19. [+] loaded chipsec.modules.common.memlock
  20. [+] loaded chipsec.modules.common.rtclock
  21. [+] loaded chipsec.modules.common.bios_wp
  22. [+] loaded chipsec.modules.common.bios_smi
  23. [+] loaded chipsec.modules.common.ia32cfg
  24. [+] loaded chipsec.modules.common.me_mfg_mode
  25. [+] loaded chipsec.modules.common.spi_access
  26. [+] loaded chipsec.modules.common.smrr
  27. [+] loaded chipsec.modules.common.spi_lock
  28. [+] loaded chipsec.modules.common.sgx_check
  29. [+] loaded chipsec.modules.common.smm
  30. [+] loaded chipsec.modules.common.spi_fdopss
  31. [+] loaded chipsec.modules.common.bios_ts
  32. [+] loaded chipsec.modules.common.spi_desc
  33. [+] loaded chipsec.modules.common.bios_kbrd_buffer
  34. [+] loaded chipsec.modules.common.cpu.spectre_v2
  35. [+] loaded chipsec.modules.common.uefi.access_uefispec
  36. [+] loaded chipsec.modules.common.uefi.s3bootscript
  37. [+] loaded chipsec.modules.common.secureboot.variables
  38. [*] loading platform specific modules from "./chipsec/modules/bdw" ..
  39. [*] loading modules from "./chipsec/modules" ..
  40. [+] loaded chipsec.modules.memconfig
  41. [+] loaded chipsec.modules.remap
  42. [+] loaded chipsec.modules.debugenabled
  43. [+] loaded chipsec.modules.smm_dma
  44. [*] running loaded modules ..
  45.  
  46. [*] running module: chipsec.modules.common.memlock
  47. [x][ =======================================================================
  48. [x][ Module: Check MSR_LT_LOCK_MEMORY
  49. [x][ =======================================================================
  50. [X] Checking MSR_LT_LOCK_MEMORY status
  51. [*]   cpu0: MSR_LT_LOCK_MEMORY[LT_LOCK] = 1
  52. [*]   cpu1: MSR_LT_LOCK_MEMORY[LT_LOCK] = 1
  53. [*]   cpu2: MSR_LT_LOCK_MEMORY[LT_LOCK] = 1
  54. [*]   cpu3: MSR_LT_LOCK_MEMORY[LT_LOCK] = 1
  55. [+] PASSED: Check have successfully passed
  56.  
  57. [*] running module: chipsec.modules.common.rtclock
  58. [x][ =======================================================================
  59. [x][ Module: Protected RTC memory locations
  60. [x][ =======================================================================
  61. [*] RC = 0x00000004 << RTC Configuration (RCBA + 0x3400)
  62.     [02] UE               = 1 << Upper 128 Byte Enable
  63.     [03] LL               = 0 << Lower 128 Byte Lock
  64.     [04] UL               = 0 << Upper 128 Byte Lock
  65. [-] Protected bytes (0x38-0x3F) in low 128-byte bank of RTC memory are not locked
  66. [-] Protected bytes (0x38-0x3F) in high 128-byte bank of RTC memory are not locked
  67. [!] WARNING: Protected locations in RTC memory are accessible (BIOS may not be using them)
  68.  
  69. [*] running module: chipsec.modules.common.bios_wp
  70. [x][ =======================================================================
  71. [x][ Module: BIOS Region Write Protection
  72. [x][ =======================================================================
  73. [*] BC = 0x18 << BIOS Control (b:d.f 00:31.0 + 0xDC)
  74.     [00] BIOSWE           = 0 << BIOS Write Enable
  75.     [01] BLE              = 0 << BIOS Lock Enable
  76.     [02] SRC              = 2 << SPI Read Configuration
  77.     [04] TSS              = 1 << Top Swap Status
  78.     [05] SMM_BWP          = 0 << SMM BIOS Write Protection
  79. [-] BIOS region write protection is disabled!
  80.  
  81. [*] BIOS Region: Base = 0x0018E000, Limit = 0x007FFFFF
  82. SPI Protected Ranges
  83. ------------------------------------------------------------
  84. PRx (offset) | Value    | Base     | Limit    | WP? | RP?
  85. ------------------------------------------------------------
  86. PR0 (74)     | 80010000 | 00000000 | 00001FFF | 1   | 0
  87. PR1 (78)     | 856F018E | 0018E000 | 0056FFFF | 1   | 0
  88. PR2 (7C)     | FFFF0592 | 00592000 | 01FFFFFF | 1   | 0
  89. PR3 (80)     | 00000000 | 00000000 | 00000000 | 0   | 0
  90. PR4 (84)     | 00000000 | 00000000 | 00000000 | 0   | 0
  91.  
  92. [!] SPI protected ranges write-protect parts of BIOS region (other parts of BIOS can be modified)
  93.  
  94. [!] BIOS should enable all available SMM based write protection mechanisms or configure SPI protected ranges to protect the entire BIOS region
  95. [-] FAILED: BIOS is NOT protected completely
  96.  
  97. [*] running module: chipsec.modules.common.bios_smi
  98. [x][ =======================================================================
  99. [x][ Module: SMI Events Configuration
  100. [x][ =======================================================================
  101. [-] SMM BIOS region write protection has not been enabled (SMM_BWP is not used)
  102.  
  103. [*] Checking SMI enables..
  104.     Global SMI enable: 1
  105.     TCO SMI enable   : 0
  106. WARNING: TCO SMI is not enabled. BIOS may not be using it
  107.  
  108. [*] Checking SMI configuration locks..
  109. [+] TCO SMI configuration is locked (TCO SMI Lock)
  110. [-] SMI events global configuration is not locked. SMI events can be disabled
  111.  
  112. [-] FAILED: Not all required SMI sources are enabled and locked
  113.  
  114. [*] running module: chipsec.modules.common.ia32cfg
  115. [x][ =======================================================================
  116. [x][ Module: IA32 Feature Control Lock
  117. [x][ =======================================================================
  118. [*] Verifying IA32_Feature_Control MSR is locked on all logical CPUs..
  119. [*] cpu0: IA32_Feature_Control Lock = 1
  120. [*] cpu1: IA32_Feature_Control Lock = 1
  121. [*] cpu2: IA32_Feature_Control Lock = 1
  122. [*] cpu3: IA32_Feature_Control Lock = 1
  123. [+] PASSED: IA32_FEATURE_CONTROL MSR is locked on all logical CPUs
  124.  
  125. [*] running module: chipsec.modules.common.me_mfg_mode
  126. [x][ =======================================================================
  127. [x][ Module: ME Manufacturing Mode
  128. [x][ =======================================================================
  129. [-] FAILED: ME is in Manufacturing Mode
  130.  
  131. [*] running module: chipsec.modules.common.spi_access
  132. [x][ =======================================================================
  133. [x][ Module: SPI Flash Region Access Control
  134. [x][ =======================================================================
  135. SPI Flash Region Access Permissions
  136. ------------------------------------------------------------
  137. [*] FRAP = 0x00004AFF << SPI Flash Regions Access Permissions Register (SPIBAR + 0x50)
  138.     [00] BRRA             = FF << BIOS Region Read Access
  139.     [08] BRWA             = 4A << BIOS Region Write Access
  140.     [16] BMRAG            = 0 << BIOS Master Read Access Grant
  141.     [24] BMWAG            = 0 << BIOS Master Write Access Grant
  142.  
  143. BIOS Region Write Access Grant (00):
  144.   FREG0_FLASHD: 0
  145.   FREG1_BIOS  : 0
  146.   FREG2_ME    : 0
  147.   FREG3_GBE   : 0
  148.   FREG4_PD    : 0
  149.   FREG5       : 0
  150.   FREG6       : 0
  151. BIOS Region Read Access Grant (00):
  152.   FREG0_FLASHD: 0
  153.   FREG1_BIOS  : 0
  154.   FREG2_ME    : 0
  155.   FREG3_GBE   : 0
  156.   FREG4_PD    : 0
  157.   FREG5       : 0
  158.   FREG6       : 0
  159. BIOS Region Write Access (4A):
  160.   FREG0_FLASHD: 0
  161.   FREG1_BIOS  : 1
  162.   FREG2_ME    : 0
  163.   FREG3_GBE   : 1
  164.   FREG4_PD    : 0
  165.   FREG5       : 0
  166.   FREG6       : 1
  167. BIOS Region Read Access (FF):
  168.   FREG0_FLASHD: 1
  169.   FREG1_BIOS  : 1
  170.   FREG2_ME    : 1
  171.   FREG3_GBE   : 1
  172.   FREG4_PD    : 1
  173.   FREG5       : 1
  174.   FREG6       : 1
  175. [!] WARNING: Software has write access to GBe region in SPI flash
  176. [!] WARNING: Certain SPI flash regions are writeable by software
  177.  
  178. [*] running module: chipsec.modules.common.smrr
  179. [x][ =======================================================================
  180. [x][ Module: CPU SMM Cache Poisoning / System Management Range Registers
  181. [x][ =======================================================================
  182. [+] OK. SMRR range protection is supported
  183.  
  184. [*] Checking SMRR range base programming..
  185. [*] IA32_SMRR_PHYSBASE = 0x8B000006 << SMRR Base Address MSR (MSR 0x1F2)
  186.     [00] Type             = 6 << SMRR memory type
  187.     [12] PhysBase         = 8B000 << SMRR physical base address
  188. [*] SMRR range base: 0x000000008B000000
  189. [*] SMRR range memory type is Writeback (WB)
  190. [+] OK so far. SMRR range base is programmed
  191.  
  192. [*] Checking SMRR range mask programming..
  193. [*] IA32_SMRR_PHYSMASK = 0xFF800800 << SMRR Range Mask MSR (MSR 0x1F3)
  194.     [11] Valid            = 1 << SMRR valid
  195.     [12] PhysMask         = FF800 << SMRR address range mask
  196. [*] SMRR range mask: 0x00000000FF800000
  197. [+] OK so far. SMRR range is enabled
  198.  
  199. [*] Verifying that SMRR range base & mask are the same on all logical CPUs..
  200. [CPU0] SMRR_PHYSBASE = 000000008B000006, SMRR_PHYSMASK = 00000000FF800800
  201. [CPU1] SMRR_PHYSBASE = 000000008B000006, SMRR_PHYSMASK = 00000000FF800800
  202. [CPU2] SMRR_PHYSBASE = 000000008B000006, SMRR_PHYSMASK = 00000000FF800800
  203. [CPU3] SMRR_PHYSBASE = 000000008B000006, SMRR_PHYSMASK = 00000000FF800800
  204. [+] OK so far. SMRR range base/mask match on all logical CPUs
  205. [*] Trying to read memory at SMRR base 0x8B000000..
  206. [+] PASSED: SMRR reads are blocked in non-SMM mode
  207.  
  208. [+] PASSED: SMRR protection against cache attack is properly configured
  209.  
  210. [*] running module: chipsec.modules.common.spi_lock
  211. [x][ =======================================================================
  212. [x][ Module: SPI Flash Controller Configuration Locks
  213. [x][ =======================================================================
  214. [*] HSFS = 0xE008 << Hardware Sequencing Flash Status Register (SPIBAR + 0x4)
  215.     [00] FDONE            = 0 << Flash Cycle Done
  216.     [01] FCERR            = 0 << Flash Cycle Error
  217.     [02] AEL              = 0 << Access Error Log
  218.     [03] BERASE           = 1 << Block/Sector Erase Size
  219.     [05] SCIP             = 0 << SPI cycle in progress
  220.     [13] FDOPSS           = 1 << Flash Descriptor Override Pin-Strap Status
  221.     [14] FDV              = 1 << Flash Descriptor Valid
  222.     [15] FLOCKDN          = 1 << Flash Configuration Lock-Down
  223. [+] SPI Flash Controller configuration is locked
  224. [+] PASSED: SPI Flash Controller locked correctly.
  225.  
  226. [*] running module: chipsec.modules.common.sgx_check
  227. [x][ =======================================================================
  228. [x][ Module: Check SGX feature support
  229. [x][ =======================================================================
  230. [*] Test if CPU has support for SGX
  231. [#] INFORMATION: SGX is not supported on CPU
  232. [*] NOT APPLICABLE: SGX test is being skipped
  233.  
  234. [*] running module: chipsec.modules.common.smm
  235. [x][ =======================================================================
  236. [x][ Module: Compatible SMM memory (SMRAM) Protection
  237. [x][ =======================================================================
  238. [*] PCI0.0.0_SMRAMC = 0x1A << System Management RAM Control (b:d.f 00:00.0 + 0x88)
  239.     [00] C_BASE_SEG       = 2 << SMRAM Base Segment = 010b
  240.     [03] G_SMRAME         = 1 << SMRAM Enabled
  241.     [04] D_LCK            = 1 << SMRAM Locked
  242.     [05] D_CLS            = 0 << SMRAM Closed
  243.     [06] D_OPEN           = 0 << SMRAM Open
  244. [*] Compatible SMRAM is enabled
  245. [+] PASSED: Compatible SMRAM is locked down
  246.  
  247. [*] running module: chipsec.modules.common.spi_fdopss
  248. [x][ =======================================================================
  249. [x][ Module: SPI Flash Descriptor Security Override Pin-Strap
  250. [x][ =======================================================================
  251. [*] HSFS = 0xE008 << Hardware Sequencing Flash Status Register (SPIBAR + 0x4)
  252.     [00] FDONE            = 0 << Flash Cycle Done
  253.     [01] FCERR            = 0 << Flash Cycle Error
  254.     [02] AEL              = 0 << Access Error Log
  255.     [03] BERASE           = 1 << Block/Sector Erase Size
  256.     [05] SCIP             = 0 << SPI cycle in progress
  257.     [13] FDOPSS           = 1 << Flash Descriptor Override Pin-Strap Status
  258.     [14] FDV              = 1 << Flash Descriptor Valid
  259.     [15] FLOCKDN          = 1 << Flash Configuration Lock-Down
  260. [+] PASSED: SPI Flash Descriptor Security Override is disabled
  261.  
  262. [*] running module: chipsec.modules.common.bios_ts
  263. [x][ =======================================================================
  264. [x][ Module: BIOS Interface Lock (including Top Swap Mode)
  265. [x][ =======================================================================
  266. [*] BiosInterfaceLockDown (BILD) control = 1
  267. [*] BIOS Top Swap mode is enabled (TSS = 1)
  268. [*] RTC TopSwap control (TS) = 1
  269. [+] PASSED: BIOS Interface is locked (including Top Swap Mode)
  270.  
  271. [*] running module: chipsec.modules.common.spi_desc
  272. [x][ =======================================================================
  273. [x][ Module: SPI Flash Region Access Control
  274. [x][ =======================================================================
  275. [*] FRAP = 0x00004AFF << SPI Flash Regions Access Permissions Register (SPIBAR + 0x50)
  276.     [00] BRRA             = FF << BIOS Region Read Access
  277.     [08] BRWA             = 4A << BIOS Region Write Access
  278.     [16] BMRAG            = 0 << BIOS Master Read Access Grant
  279.     [24] BMWAG            = 0 << BIOS Master Write Access Grant
  280. [*] Software access to SPI flash regions: read = 0xFF, write = 0x4A
  281.  
  282. [+] PASSED: SPI flash permissions prevent SW from writing to flash descriptor
  283.  
  284. [*] running module: chipsec.modules.common.bios_kbrd_buffer
  285. [x][ =======================================================================
  286. [x][ Module: Pre-boot Passwords in the BIOS Keyboard Buffer
  287. [x][ =======================================================================
  288. [*] Keyboard buffer head pointer = 0x1A (at 0x41A), tail pointer = 0x1C (at 0x41C)
  289. [*] Keyboard buffer contents (at 0x41E):
  290. 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d |    !"#$%&'()*+,-
  291. 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d | ./0123456789:;<=
  292. [+] PASSED: Keyboard buffer is filled with common fill pattern
  293.  
  294. [*] running module: chipsec.modules.common.cpu.spectre_v2
  295. [x][ =======================================================================
  296. [x][ Module: Checks for Branch Target Injection / Spectre v2 (CVE-2017-5715)
  297. [x][ =======================================================================
  298. [*] CPUID.7H:EDX[26] = 1 Indirect Branch Restricted Speculation (IBRS) & Predictor Barrier (IBPB)
  299. [*] CPUID.7H:EDX[27] = 1 Single Thread Indirect Branch Predictors (STIBP)
  300. [*] CPUID.7H:EDX[29] = 0 IA32_ARCH_CAPABILITIES
  301. [+] CPU supports IBRS and IBPB
  302. [+] CPU supports STIBP
  303. [-] CPU doesn't support enhanced IBRS
  304. [!] WARNING: CPU supports mitigation (IBRS) but doesn't support enhanced IBRS
  305. [!] OS may be using software based mitigation (eg. retpoline)
  306.  
  307. [*] running module: chipsec.modules.common.uefi.access_uefispec
  308. [x][ =======================================================================
  309. [x][ Module: Access Control of EFI Variables
  310. [x][ =======================================================================
  311. [*] Testing UEFI variables ..
  312. [*] Variable Boot0000 (NV+BS+RT)
  313. [*] Variable ErrOutDev (BS+RT)
  314. [!]   Extra attributes:
  315. [*] Variable HW_ROM (BS+RT)
  316. [*] Variable efi-backup-boot-device-data (NV+BS+RT)
  317. [*] Variable HW_ICT (BS+RT)
  318. [*] Variable BootOrder (NV+BS+RT)
  319. [!]   Extra attributes:
  320. [*] Variable BootCampProcessorPstates (BS+RT)
  321. [*] Variable GR_CAUSE (BS+RT)
  322. [*] Variable prev-lang:kbd (NV+BS+RT)
  323. [*] Variable SystemAudioVolume (NV+BS+RT)
  324. [*] Variable gfx-saved-config-restore-status (BS+RT)
  325. [*] Variable Boot0080 (NV+BS+RT)
  326. [*] Variable previous-system-uuid (NV+BS+RT)
  327. [*] Variable Boot0082 (NV+BS+RT)
  328. [*] Variable fmm-computer-name (NV+BS+RT)
  329. [*] Variable fpf_provisioned (NV+BS+RT)
  330. [*] Variable HW_BID (BS+RT)
  331. [*] Variable ConOut (NV+BS+RT)
  332. [!]   Extra attributes:
  333. [*] Variable HardwareBootMode (BS+RT)
  334. [*] Variable ROM (BS+RT)
  335. [*] Variable boot-gamma (NV+BS+RT)
  336. [*] Variable efi-backup-boot-device (NV+BS+RT)
  337. [*] Variable last-oslogin-ident (NV+BS+RT)
  338. [*] Variable AAPL,PathProperties0000 (NV+BS+RT)
  339. [*] Variable SystemAudioVolumeDB (NV+BS+RT)
  340. [*] Variable SSN (BS+RT)
  341. [*] Variable AAPL,PanicInfo0001 (NV+BS+RT)
  342. [*] Variable BootFFFF (NV+BS+RT)
  343. [*] Variable Setup (NV+BS+RT)
  344. [*] Variable MLB (BS+RT)
  345. [*] Variable AAPL,PanicInfo0000 (NV+BS+RT)
  346. [*] Variable AAPL,PanicInfo0003 (NV+BS+RT)
  347. [*] Variable AAPL,PanicInfo0002 (NV+BS+RT)
  348. [*] Variable current-network (NV+BS+RT)
  349. [*] Variable efi-backup-boot-device-data-data (NV+BS+RT)
  350. [*] Variable BBIF (BS+RT)
  351. [*] Variable Lang (NV+BS+RT)
  352. [!]   Extra attributes:
  353. [*] Variable csr-active-config (NV+BS+RT)
  354. [*] Variable FirmwareFeatures (BS+RT)
  355. [*] Variable HW_MLB (BS+RT)
  356. [*] Variable BootCurrent (BS+RT)
  357. [!]   Extra attributes:
  358. [*] Variable backlight-level (NV+BS+RT)
  359. [*] Variable Timeout (NV+BS+RT)
  360. [!]   Extra attributes:
  361. [*] Variable panicmedic (NV+BS+RT)
  362. [*] Variable SetupDefaults (NV+BS+RT)
  363. [*] Variable MTC (NV+BS+RT)
  364. [*] Variable efi-boot-device-data (NV+BS+RT)
  365. [*] Variable preferred-networks (NV+BS+RT)
  366. [*] Variable preferred-count (NV+BS+RT)
  367. [*] Variable bluetoothActiveControllerInfo (NV+BS+RT)
  368. [*] Variable FirmwareFeaturesMask (BS+RT)
  369. [*] Variable SystemAudioVolumeSaved (NV+BS+RT)
  370. [*] Variable bluetoothInternalControllerInfo (NV+BS+RT)
  371. [*] Variable efi-boot-device (NV+BS+RT)
  372. [*] Variable EfiNicIp4ConfigVariable (NV+BS+RT)
  373. [*] Variable AcpiGlobalVariable (NV+BS+RT)
  374. [*] Variable LangCodes (BS+RT)
  375. [!]   Extra attributes:
  376. [*] Variable MemoryConfig (NV+BS+RT)
  377. [*] Variable MemoryConfih (NV+BS+RT)
  378. [*] Variable epid_provisioned (NV+BS+RT)
  379. [*] Variable ConOutDev (BS+RT)
  380. [!]   Extra attributes:
  381. [*] Variable ALS_Data (NV+BS+RT)
  382.  
  383. [-] Variables with attributes that differ from UEFI spec:
  384.     ErrOutDev
  385.     BootOrder
  386.     ConOut
  387.     Lang
  388.     BootCurrent
  389.     Timeout
  390.     LangCodes
  391.     ConOutDev
  392.  
  393. [-] FAILED: Some EFI variables were not protected according to spec.
  394.  
  395. [*] running module: chipsec.modules.common.uefi.s3bootscript
  396. [x][ =======================================================================
  397. [x][ Module: S3 Resume Boot-Script Protections
  398. [x][ =======================================================================
  399. [*] SMRAM: Base = 0x000000008B000000, Limit = 0x000000008B7FFFFF, Size = 0x00800000
  400. [!] Found 1 S3 boot-script(s) in EFI variables
  401. [*] Checking S3 boot-script at 0x000000008AD2B000
  402. [-] S3 boot-script is not in SMRAM
  403. [*] Reading S3 boot-script from memory..
  404. [*] Decoding S3 boot-script opcodes..
  405. [*] Checking entry-points of Dispatch opcodes..
  406. [+] Dispatch opcode (off 0x7467) with entry-point 0x00000000FFE29F2D > PROTECTED
  407. [*] Found 1 Dispatch opcodes
  408. [!] S3 boot-script is not in protected memory but didn't find unprotected Dispatch entry-points
  409.  
  410. [!] WARNING: S3 Boot-Script is not in SMRAM but Dispatch entry-points appear to be protected. Recommend further testing
  411. [!] Additional testing of the S3 boot-script can be done using tools.uefi.s3script_modify
  412.  
  413. [*] running module: chipsec.modules.common.secureboot.variables
  414. [x][ =======================================================================
  415. [x][ Module: Attributes of Secure Boot EFI Variables
  416. [x][ =======================================================================
  417. [!] Secure Boot variable SecureBoot is not found
  418. [!] Secure Boot variable SetupMode is not found
  419. [!] Secure Boot variable PK is not found
  420. [!] Secure Boot variable KEK is not found
  421. [!] Secure Boot variable db is not found
  422. [!] Secure Boot variable dbx is not found
  423.  
  424. [*] Secure Boot appears to be disabled
  425. [*] NOT IMPLEMENTED: None of required Secure Boot variables found. Secure Boot is not enabled
  426.  
  427. [*] running module: chipsec.modules.memconfig
  428. [x][ =======================================================================
  429. [x][ Module: Host Bridge Memory Map Locks
  430. [x][ =======================================================================
  431. [+] PCI0.0.0_BDSM        = 0x000000008C000001 - LOCKED   - Base of Graphics Stolen Memory
  432. [+] PCI0.0.0_BGSM        = 0x000000008B800001 - LOCKED   - Base of GTT Stolen Memory
  433. [+] PCI0.0.0_DPR         = 0x000000008B000001 - LOCKED   - DMA Protected Range
  434. [+] PCI0.0.0_GGC         = 0x00000000000002C1 - LOCKED   - Graphics Control
  435. [+] PCI0.0.0_MESEG_MASK  = 0x0000007FFF000C00 - LOCKED   - Manageability Engine Limit Address Register
  436. [+] PCI0.0.0_PAVPC       = 0x000000008FF00007 - LOCKED   - PAVP Configuration
  437. [+] PCI0.0.0_REMAPBASE   = 0x0000000100000001 - LOCKED   - Memory Remap Base Address
  438. [+] PCI0.0.0_REMAPLIMIT  = 0x000000016EF00001 - LOCKED   - Memory Remap Limit Address
  439. [+] PCI0.0.0_TOLUD       = 0x0000000090000001 - LOCKED   - Top of Low Usable DRAM
  440. [+] PCI0.0.0_TOM         = 0x0000000100000001 - LOCKED   - Top of Memory
  441. [+] PCI0.0.0_TOUUD       = 0x000000016F000001 - LOCKED   - Top of Upper Usable DRAM
  442. [+] PCI0.0.0_TSEGMB      = 0x000000008B000001 - LOCKED   - TSEG Memory Base
  443. [+] PASSED: All memory map registers seem to be locked down
  444.  
  445. [*] running module: chipsec.modules.remap
  446. [x][ =======================================================================
  447. [x][ Module: Memory Remapping Configuration
  448. [x][ =======================================================================
  449. [*] Registers:
  450. [*]   TOUUD     : 0x000000016F000001
  451. [*]   REMAPLIMIT: 0x000000016EF00001
  452. [*]   REMAPBASE : 0x0000000100000001
  453. [*]   TOLUD     : 0x90000001
  454. [*]   TSEGMB    : 0x8B000001
  455.  
  456. [*] Memory Map:
  457. [*]   Top Of Upper Memory: 0x000000016F000000
  458. [*]   Remap Limit Address: 0x000000016EFFFFFF
  459. [*]   Remap Base Address : 0x0000000100000000
  460. [*]   4GB                : 0x0000000100000000
  461. [*]   Top Of Low Memory  : 0x0000000090000000
  462. [*]   TSEG (SMRAM) Base  : 0x000000008B000000
  463.  
  464. [*] checking memory remap configuration..
  465. [*]   Memory Remap is enabled
  466. [+]   Remap window configuration is correct: REMAPBASE <= REMAPLIMIT < TOUUD
  467. [+]   All addresses are 1MB aligned
  468. [*] checking if memory remap configuration is locked..
  469. [+]   TOUUD is locked
  470. [+]   TOLUD is locked
  471. [+]   REMAPBASE and REMAPLIMIT are locked
  472. [+] PASSED: Memory Remap is configured correctly and locked
  473.  
  474. [*] running module: chipsec.modules.debugenabled
  475. [x][ =======================================================================
  476. [x][ Module: Debug features test
  477. [x][ =======================================================================
  478. [X] Checking IA32_DEBUG_INTERFACE msr status
  479. [+] CPU IA32_DEBUG_INTERFACE is disabled
  480. [+] PASSED: All checks have successfully passed
  481.  
  482. [*] running module: chipsec.modules.smm_dma
  483. [x][ =======================================================================
  484. [x][ Module: SMM TSEG Range Configuration Check
  485. [x][ =======================================================================
  486. [*] TSEG      : 0x000000008B000000 - 0x000000008B7FFFFF (size = 0x00800000)
  487. [*] SMRR range: 0x000000008B000000 - 0x000000008B7FFFFF (size = 0x00800000)
  488.  
  489. [*] checking TSEG range configuration..
  490. [+] TSEG range covers entire SMRAM
  491. [+] TSEG range is locked
  492. [+] PASSED: TSEG is properly configured. SMRAM is protected from DMA attacks
  493.  
  494. [CHIPSEC] ***************************  SUMMARY  ***************************
  495. [CHIPSEC] Time elapsed            0.441
  496. [CHIPSEC] Modules total           23
  497. [CHIPSEC] Modules failed to run   0:
  498. [CHIPSEC] Modules passed          13:
  499. [+] PASSED: chipsec.modules.common.memlock
  500. [+] PASSED: chipsec.modules.common.ia32cfg
  501. [+] PASSED: chipsec.modules.common.smrr
  502. [+] PASSED: chipsec.modules.common.spi_lock
  503. [+] PASSED: chipsec.modules.common.smm
  504. [+] PASSED: chipsec.modules.common.spi_fdopss
  505. [+] PASSED: chipsec.modules.common.bios_ts
  506. [+] PASSED: chipsec.modules.common.spi_desc
  507. [+] PASSED: chipsec.modules.common.bios_kbrd_buffer
  508. [+] PASSED: chipsec.modules.memconfig
  509. [+] PASSED: chipsec.modules.remap
  510. [+] PASSED: chipsec.modules.debugenabled
  511. [+] PASSED: chipsec.modules.smm_dma
  512. [CHIPSEC] Modules information     0:
  513. [CHIPSEC] Modules failed          4:
  514. [-] FAILED: chipsec.modules.common.bios_wp
  515. [-] FAILED: chipsec.modules.common.bios_smi
  516. [-] FAILED: chipsec.modules.common.me_mfg_mode
  517. [-] FAILED: chipsec.modules.common.uefi.access_uefispec
  518. [CHIPSEC] Modules with warnings   4:
  519. [!] WARNING: chipsec.modules.common.rtclock
  520. [!] WARNING: chipsec.modules.common.spi_access
  521. [!] WARNING: chipsec.modules.common.cpu.spectre_v2
  522. [!] WARNING: chipsec.modules.common.uefi.s3bootscript
  523. [CHIPSEC] Modules not implemented 1:
  524. [*] NOT IMPLEMENTED: chipsec.modules.common.secureboot.variables
  525. [CHIPSEC] Modules not applicable  1:
  526. [*] NOT APPLICABLE: chipsec.modules.common.sgx_check
  527. [CHIPSEC] *****************************************************************
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top