Analysis
All the analyses performed by Cosmo during a scan are detailed below.
CVE Check​
The CVE Search Analysis identifies known vulnerabilities in open source components found in your firmware, categorised by severity. For each CVE, Cosmo gives you information about its remediation instructions.
Password Hash​
The Weak Password analysis looks for hard-coded weak passwords in your firmware.
Code Analysis​
The Secure Code Analysis looks for potential buffer overflow or command injection vulnerabilities inside your firmware binary executables.
Security Scan​
The Malware Scan analysis looks for known malicious files (such as malware, trojan, etc.) within the file system.
Kernel Security​
The Kernel Security analysis looks for third-party kernel security modules installed in the firmware. These modules provide additional security directly at kernel level and having even at least one of them in place is considered good practice from a security standpoint.
Binary Analysis​
The Binary Analysis checks that the compiler settings for all executables conform to secure coding practices (i.e. Stack Canaries, etc.).
NVRAM Analysis​
The NVRAM Analyzer looks for the definition and use of NVRAM variables. The results are structured in a table that shows the name of the executable, the NVRAM variable's name, and whether it is "set" or "get".
Config Analysis​
The Config Analyzer looks for path environment variables and retrieves the commands that were launched to create the container.
PEIM/DXE Analysis​
The Config Analyzer looks for path environment variables and retrieves the commands that were launched to create the container.
Secure Boot Analysis​
The UEFI Secure Boot Analysis ensures that the Secure Boot verification mechanism is enabled and - if it is - it reports all the keys found in the firmware that denote trusted sources and vendors for the binaries.
Intel BootGuard Analysis​
The Intel BootGuard Analysis ensures that the Intel BootGuard processor feature is enabled and - if it is - reports the chain of Intel BootGuard keys and their values. Intel Boot Guard is a processor feature that prevents the computer from running firmware images not released by the system manufacturer. Intel BootGuard attempts to protect the system before Secure Boot starts.
Access Right Analysis​
The Intel BootGuard Analysis ensures that the Intel BootGuard processor feature is enabled and - if it is - reports the chain of Intel BootGuard keys and their values. Intel Boot Guard is a processor feature that prevents the computer from running firmware images not released by the system manufacturer. Intel Boot Guard attempts to protect the system before Secure Boot starts.
Attack Surface Analysis​
The Attack Surface Analysis identifies NVRAM variables found in the UEFI and categorises them by their type (they can be either EVSA, VSS or NVAR type). NVRAM variables are ofter exploited by attackers for executing malicious code. By knowing all your NVRAM variables, you can infer your attack surface.
Tasks Analysis​
The Tasks Analysis looks for every task defined in the image.
Functions Analysis​
The Functions Analysis looks for every function defined in the image.
Symbols Analysis​
The Symbols Analysis looks for every function defined in the image.
Capabilities Analysis​
The Capabilities Analysis determines the capabilities for each function defined in the executable.