eficheck does not work on Macs with T2 chips

Originator:0xmachos
Number:rdar://42910459 Date Originated:03/08/2018
Status:Closed Resolved:
Product:macOS + SDK Product Version:10.13.6
Classification: Reproducible:Yes
 
Area:
Something not on this list

Summary:
The eficheck utility does not work on Macs equipped with T2 chips. 


Steps to Reproduce:
1. /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check


Expected Results:
eficheck reports the EFI firmware version and whether or not the version is on the allowlist and if the hashes have changed or not.  


Actual Results:
$ /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check
ReadBinaryFromKernel: No matching services found. Either this system is not supported by eficheck, or you need to re-load the kext
IntegrityCheck: couldn't get EFI contents from kext


Version/Build:
System Software Overview:
      System Version: macOS 10.13.6 (17G2208)
      Kernel Version: Darwin 17.7.0
      Boot Volume: ***
      Boot Mode: Normal
      Computer Name: ***
      User Name: ***
      Secure Virtual Memory: Enabled
      System Integrity Protection: Enabled
      Time since boot: ***


Configuration:
Model Name: MacBook Pro
      Model Identifier: MacBookPro15,2
      Processor Name: Intel Core i7
      Processor Speed: 2.7 GHz
      Number of Processors: 1
      Total Number of Cores: 4
      L2 Cache (per Core): 256 KB
      L3 Cache: 8 MB
      Memory: 16 GB
      Boot ROM Version: 15.16.6703.0.0,0
      Serial Number (system): ***
      Hardware UUID: ***

Comments

Consider Reopening

With the recent attacks against the T2 chip (using Checkm8 via Checkra1n to shell the T2), it would be nice if Apple reconsidered a userland option for verifying the integrity of these components.

By sanitybit at Oct. 28, 2020, 5:28 p.m. (reply...)

Closed with the following comment

Regarding this: said “My request is that there should be some way to verify the integrity of EFI from userland on Macs with T2 chips.”

The architecture for T2 systems is such that there is much less value in attempting to make eficheck work with it, and thus enhancements are not currently on our plans.

We are closing this bug report.

By 0xmachos at Aug. 21, 2018, 9:48 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!