awesome-firmware-security

The ACPI Component Architecture Project (ACPICA) provides a reference implementation, and a collection of cross-platform ACPI tools, such as acpidump.

The ACPI Component Architecture Project (ACPICA) provides a reference implementation, and a collection of cross-platform ACPI tools, such as acpidump.

The AMD PSP (Platform Security Processor) is a security processor on AMD systems, which runs firmware applications such as fTPM.

Android version of Verified Boot

System management controller, image signal processor, SSD controller and secure enclave for encrypted storage and secure boot for the imac pro.

provides tools and a reference implementation of ACPI.

Cross-platform OS-present tool from ACPICA to dump and diagnose ACPI tables.

The Intel BIOS Implementation Test Suite (BITS) provides a bootable pre-OS environment for testing BIOSes and in particular their initialization of Intel processors, hardware, and technologies. It includes a CPython compiled as a raw BIOS application.

CHIPSEC is a security tool created by Intel, to test the security posture of Intel BIOS / UEFI. Currently the only tool that can check for multiple public firmware security vulnerabilities.

DarwinDumper is an open source project which is a collection of scripts and tools to provide a convenient method to quickly gather a system overview of your OS X System.

This Eclipse plugin helps EDK2 developers use the Eclipse IDE with CDT for doing UEFI development.

BadBIOS is the alleged firmware malware reported by Dragos.

The Evil Maid attack is perhaps the most well-known firmware attack, where the victim leaves their sstem unattended and an attacker has some period of time with physical access to the system, for them to install firmware-level malware. For example, person leaves their laptop in their hotel room while out for dinner, and the attacker is posing as hotel room service.

a compilation of information about poor and/or insecure IPMI implementations.

Hacking Team is a company that sells exploits to governments and others. Amongst their offerings is a UEFI-based firmware attack for Windows PCs. The Hacking Team malware is one of the few existing known public UEFI blacklisted by

PCILeech is PCI-based rogue hardware used to attack PCI interfaces of systems. Defense is

Rowhammer is a new form of memory-based security attacks against systems. Defense is ECC memory.

Beyond BIOS: Developing with the Unified Extensible Firmware Interface, Third Edition. Book on UEFI by Intel and other UEFI Forum members. Originally published by Intel Press.

This article, which has input from the Intel CHIPSEC team, gives basic high-level guidance for firmware security. Start with this, before digging into the NIST documents.

Source of firmware security and development news and information, with a focus on UEFI-centric platform firmware. (DISCLAIMER: One of the awesome-firmware authors, and PreOS employee is the Firmware Security blogger.)

Jacob Torrey hosts this list on Twitter, which contains many of the core firmware security researchers.

The Hardware Security Training company is a collection of multiple hardware/firmware security trainers.

Harnessing the UEFI Shell: Moving the Platform Beyond DOS, Second Edition. Book on UEFI by Intel and other UEFI Forum members. Originally published by Intel Press.