Releases: ANSSI-FR/chipsec-check
Features and bugfix
This release contains the following changes:
- stop creating EFI boot entries using the fallback mechanism (https://www.rodsbooks.com/efi-bootloaders/fallback.html) and only use Grub with specific boot entries for the Shell and Keytool
- support passing a specific Chipsec repository (either local or remote) in order to be able to incorporate changes not yet merged to Chipsec upstream
- fix build with latest Chipsec
- update partition creation so the data partition is now at the end (which makes it easier to resize it, for example on devices created by burning the .iso provided with releases)
Bugfix release
Removing spurious shell tracing
Bugfix and small improvements release
This relase adds few minor features:
- a vfat partition is added to export data more easily from the machine under test
- debootstrap now uses the
minbase
variant to lower disk usage - some tools (
cpuid
,msr-tools
anddmidecode
) are explicitely added to the installed ones - grub entries have been added for the EFI shell and Keytool utility; those entries might be more practical than the EFI ones (which might be removed in a future release)
The chipsec.ko
is now explicitely built when installing Chipsec, following upstream changes.
Major release merging Secure Boot utils into Chipsec key
This release feature a major modification of the scripts to support a one-USB key setup. The Chipsec key created with create-chipsec.sh
now includes tools to tune the Secure Boot keys (previously only created with create-shell.sh
so only one USB drive is needed.
The updated key bootloader, kernel and chipsec.ko
kernel module are now also signed with the key generated with the gen-keys
script so the Chipsec key can be loaded in a SB-enabled platform.
Other smaller changes can be found by looking at the commits history.
Bugfix and small features release
- Add
pciutils
to the installed packages list - Ask for confirmation before all write operations (especially the
truncate
call when generating an iso) - Add support for installing extra packages on the command line
Small bugfixes and ISO regeneration
This release adds a fix to detect an older version of efitools which can causes problem when inserting the PK
(Platform Key). Some details can be found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920014 and https://forums.lenovo.com/t5/ThinkPad-11e-Windows-13-E-and/Cannot-install-custom-secure-boot-PK-platform-key/td-p/4318378.
The image provided with v1.0 is affected by this bug, so people should rather use v1.1 versions.
Release chipsec and secure boot build tools
This release provide pre-built ISO for the chipsec and secure-boot USB keys