CODEWITHSUNDEEP
linuxbios
Dark Templer
Dark Templer

Reputation: 277

Best way to read contents of a bios in linux

An odd question really. Is it possible to read the entire contents of the bios chip in. We have a problem where we need to verify the contents of the bios chip?

Cheers James

Upvotes: 5

Views: 5445

Answers (3)

Dmitrii Okunev
Dmitrii Okunev

Reputation: 17

How to read BIOS region

Is it possible to read the entire contents of the bios chip in. We have a problem where we need to verify the contents of the bios chip?

I assume you mean to read specifically "BIOS region", because the same chip may contain multiple different regions:

To read the BIOS region:

  • The easiest way is to read from /dev/mem 0xffffffff downwards. You can find the range in /proc/iomem (try command: sudo grep -- '-ffffffff ' /proc/iomem). Then you can use dd to dump the region.
  • Another way is to use flashrom, if you motherboard is supported by this tool (something like sudo flashrom -p internal --ifd -i bios -r /tmp/bios_region.img).
  • Another way would be to use vendor-specific tool, like AFULNX. This way highly depends on specific motherboard and BIOS vendors.
  • One more way is to use the MTD driver of Linux. Sometimes the SPI storage chip with BIOS region is available as /dev/mtd*.
  • Also given a server motherboard the BIOS is often available via BMC.

How to verify the content (for security purposes)

You can actually just use PCR0 value from TPM, which supposed to measure the content of BIOS. It has a lot of caveats, but they are so-so investigated and solved (feel free to ask a question, I'll try to help).

But if you need to compare the content directly, keep in mind:

  • There are placeholders in the original image, which could be replaced with real data, so you may get non-matching image, and it is how it is supposed to be.
  • There is NVRAM (and possibly other places) where BIOS may write some data. For example, on some BIOSes you may see that on each reboot the BIOS region dump does not match. This is also fine.

The easiest way to avoid both problems is to just use the PCR0 value.

How to verify the content (for operational purposes)

See also the "security purposes" section above, but on top of that BIOS volumes and files has checksums. You may just want to check them in some cases.

P.S.

Other answers suggests to use things like dmidecode. They won't dump the BIOS image, but just will print the SMBIOS info and things like that.

Upvotes: 1

ghostdog74
ghostdog74

Reputation: 343211

you can try dmidecode or biosdecode if you have them.

Upvotes: 3

jldupont
jldupont

Reputation: 96884

Have you read this ?

Is there any easy way to read the contents of a system BIOS from userland?

No. Most modern BIOS code is paged, compressed and in some cases encrypted.

Upvotes: 0

Related Questions