eficheck(8) BSD System Manager's Manual eficheck(8)
NAME
eficheck -- check the integrity of the x86 flash chip firmware.
SYNOPSIS
eficheck --integrity-check [-h EFI-hash-input-file] [-b EFI-binary-input-file] eficheck --show-hashes [-h EFI-hash-input-file] [-b EFI-binary-input-file] eficheck --generate-hashes [-h EFI-hash-output-file] [-p output-path] eficheck --save [-b EFI-binary-output-file] eficheck --cleanup [-b EFI-binary-input-and-output-file>] eficheck --version eficheck --help
DESCRIPTION
eficheck is a tool to check the x86 flash chip firmware. The following commands can be used with eficheck: --integrity-check hashes portion of the firmware and compares against known-good hashes --generate-hashes outputs hashes for a given firmware to be used as known-good hashes --show-hashes shows the hashes for the sub-sections of the firmware which are measured --save saves the full flash chip contents to a binary file. Requires root privileges. --cleanup zeros any privacy-sensitive data (such as nvram), enabling the file to be shared for analysis. --version print out eficheck version number. --help display a short help.
EXAMPLES
'eficheck --save -b firmware.bin' Save this system's EFI firmware as firmware.bin 'eficheck --cleanup -b firmware.bin' Overwrite the EFI variables portion of the firmware.bin, in place 'eficheck --generate-hashes' Analyze the current system's installed EFI firmware, and store the hashes into hash file(s) in current folder File name(s) will be selected according to image's EFI ver- sion(s) 'eficheck --generate-hashes -b firmware.bin' Analyze the firmware.bin, and store the hashes into hash file(s) in current folder. Filename will be based on the detected firmware version. 'eficheck --generate-hashes -p /usr/local/allowlists' Analyze the current system's installed EFI firmware, and store the hashes into hash file(s) in /usr/local/allowlists folder 'eficheck --integrity-check' Attempt to automatically determine which firmware you are run- ning, and integrity check against the appropriate file, and report any differences 'eficheck --integrity-check -h /usr/libexec/firmwarecheck- ers/eficheck/EFIAllowListShipping.bun- dle/allowlists/IM171.88Z.0105.B08.1604111319.0.ealf' Compare the current system's EFI firmware against the Apple- provided expected measurements for an "iMac17,1" at firmware revision B08, and report any differences 'eficheck --integrity-check -h hash.ealf -b firmware.bin' Compare the given hash file against against the given firmware image and report any differences 'eficheck --show-hashes' Print the hashes for the current system's installed EFI firmware to stdout 'eficheck --show-hashes -b firmware.bin' Print the hashes for the given firmware.bin to stdout 'eficheck --show-hashes -h IM171.88Z.0105.B08.1604111319.0.ealf' Print the hashes for the given allowlist to stdout May 25, 2017
Mac OS X 10.12.6 - Generated Sat Nov 4 14:39:51 CDT 2017