Intel releases Host-based Firmware Analyzer (HBFA)

https://software.intel.com/en-us/blogs/2019/02/25/using-host-based-analysis-to-improve-firmware-resiliency
https://github.com/tianocore/edk2-staging/tree/HBFA
https://firmware.intel.com/sites/default/files/Intel_UsingHBFAtoImprovePlatformResiliency.pdf

Exciting!

[…]Computer platform firmware is a critical element in the root-of-trust. Firmware developers need a robust tool set to analyze and test firmware components, enabling detection of security issues prior to platform integration and helping to reduce validation costs. HBFA allows developers to run open source advanced tools, such as fuzz testing, symbolic execution, and address sanitizers in a system environment. Supported Features:
* GUI and command-line interfaces
* Execute common fuzzing frameworks (AFL, libFuzzer, Peach)
* Supports symbolic execution (KLEE/STP)
* Incorporates Address Sanitizer
* Unit test execution via Cunit/Cmocka/Host directly
* Generate code coverage report (GCOV/LCOV in Linux, DynamoRIO in Windows)
* Instrumentation methods for fault injection and trace
* Database of unit test cases
* Test reports with extended stack trace information
* Windows support

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s