openbmc-specific dynamic security scanner

Lee Fisher lee at
Wed Mar 18 05:20:11 AEDT 2020

On 3/17/20 8:01 AM, Joseph Reynolds wrote:
> [...] And I am looking for your feedback.

Perhaps, instead of creating a new OpenBMC-centric security tool, add
OpenBMC-centric tests to an existing firmware security testing tool.
IMO, there are basically two existing firmware security tools, FWTS and

FirmWare Test Suite (FWTS) is from Canonical to run diagnostics (not
necessarily security-centric) to see if a system (HW/FW) is capable of
running an OS. Runs on multiple ISAs. Has security tests, but not
security-centric. Probably has the best set of ACPI tests available,
recommended by UEFI Forum for PC vendors doing ACPI testing. GPL C codebase.

CHIPSEC is a firmware security-centric tool from Intel. It has existing
security checks that OpenBMC could use. Main downside -- IMO -- is that
it only works on Intel hardware, no support for
AMD/ARM/RISC-V/POWER/etc. GPL Python codebase with a bit of asm.


More information about the openbmc mailing list