{"id":13798529,"url":"https://github.com/CERTCC/UEFI-Analysis-Resources","last_synced_at":"2025-05-13T05:32:23.229Z","repository":{"id":81807068,"uuid":"424674388","full_name":"CERTCC/UEFI-Analysis-Resources","owner":"CERTCC","description":"Documentation, examples, and other resources regarding analyzing EDK2 based UEFI firmware","archived":true,"fork":false,"pushed_at":"2021-11-04T17:11:17.000Z","size":25,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-18T13:46:07.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CERTCC.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-11-04T17:02:09.000Z","updated_at":"2024-05-15T20:01:48.000Z","dependencies_parsed_at":null,"dependency_job_id":"cc28eadb-fc22-4593-b328-63c4101c3569","html_url":"https://github.com/CERTCC/UEFI-Analysis-Resources","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CERTCC%2FUEFI-Analysis-Resources","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CERTCC%2FUEFI-Analysis-Resources/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CERTCC%2FUEFI-Analysis-Resources/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CERTCC%2FUEFI-Analysis-Resources/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CERTCC","download_url":"https://codeload.github.com/CERTCC/UEFI-Analysis-Resources/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253883137,"owners_count":21978611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T00:00:45.445Z","updated_at":"2025-05-13T05:32:22.865Z","avatar_url":"https://github.com/CERTCC.png","language":"PHP","funding_links":[],"categories":["Vulnerabilities \u0026 Exploits :mag_right:"],"sub_categories":[],"readme":"# CERT/CC UEFI Analysis Resources\n\nThis repo is a collection of documentation notes and code pertaining to analyzing vulnerabilities in UEFI firmware built from the [EDK2 project](https://github.com/tianocore/edk2).\n\n## docs\nThe [docs](./docs) folder contains notes and documentation regarding setting up an analysis environment and reproducing various vulnerabilities in firmware built with EDK2.\n\n## EDK2 Packages\n### SimplePkg\nThe [SimplePkg](./SimplePkg) package is a barebones EDK2 package with an UEFI Application, an UEFI Driver and an UEFI Protocol (used by the driver).\n\n### FirmwarePerformanceVulReproPkg\nThe [FirmwarePerformanceVulReproPkg](./FirmwarePerformanceVulReproPkg) package contains the necessary build files to produce an OVMF firmware which contains [CVE-2021-28216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28216).  \nThis vulnerability was disclosed at BlackHat 2021 in the presentation [Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)](https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Safeguarding-UEFI-Ecosystem-Firmware-Supply-Chain-Is-Hardcoded.pdf)  \nAll the necessary source code is included in the EDK2 repository. These build files specify the correct additional modules and settings to enable the possibility to the vulnerable code.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCERTCC%2FUEFI-Analysis-Resources","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FCERTCC%2FUEFI-Analysis-Resources","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCERTCC%2FUEFI-Analysis-Resources/lists"}