From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: multipart/mixed; boundary="===============8283325315543763033==" MIME-Version: 1.0 From: Blibbet Subject: SCAP reporting support for CHIPSEC Date: Mon, 27 Jul 2015 10:37:35 -0700 Message-ID: <55B66C5F.6060809@gmail.com> List-Id: To: chipsec@lists.01.org --===============8283325315543763033== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hijacking one of John's comments on Debian packaging: > [...] we should probably print some shorter and more friendly output. Perhaps > something more like "Protection Found"/"Possible Vulnerability"/"Manual Assessment > Needed"? > > BIOS Write Protection: Possible Vulnerability > SMI Suppression: Possible Vulnerability > Compatibility SMRAM Lock: Protection Found > SMM Cache Poisoning: Protection Found > UEFI Variables: Manual Assessment Needed > > How would others like to view/use this sort of information? I'd like to use this sort of information as machine-readable SCAP XML, so CHIPSEC output can be fed into current enterprise CM/SIEM solutions. Then, the question of what format is more of needing SCAP OVAL definitions for Intel HW/FW assets, and then SCAP ARF-based report plugin for CHIPSEC. SCAP isn't needed for security researcher usage of CHIPSEC. BUT IMO, SCAP would be very useful for system administrator's use of CHIPSEC, but I'm not sure anyone is asking yet. Currently, SCAP is not too useful for searching for firmware. Today, if you want to look for BIOS or UEFI (or EFI 1.x) vulnerabilities in NVD, it's only via full-text search, and hoping reporting of error happens to include UEFI. Thus the need for SCAP OVAL definitions. (Then UEFI Forum could not only report vulnerabilities as PDFs -- hosted on SourceForge's reliable CDN :-) -- but also as CVEs in the NVD (which has also gone down like SF, but XML content is mirrored by multiple orgs. CHIPSEC -- or Copernicus, if MITRE is maintaining it -- would be needed to fix SCAP, as there aren't any other vulnerability reporting tools to generate the needed ARF reports. Maybe -- I've not studied it closely yet -- the BIOS profile by DMTF's SMASH-and-DASH team might be helpful for SCAP OVAL starting point? I presume Intel could make good marketing use of this improved enterprise security feature. If/when Linaro ports CHIPSEC to AArch64, I presume some of the anticipated green Linux server market will also like to have this feature. :-) Thanks, Lee RSS: http://firmwaresecurity.com/feed --===============8283325315543763033==--