Brian Richardson works for Intel on Firmware Ecosystem Engagement, having spent most of his career as a "BIOS guy" working on the firmware that quietly boots billions of computers. He has focused on the industry transition to the Unified Extensible Firmware Interface (UEFI), demystifying how firmware works, and promoting open source firmware development. Brian has presented at numerous conferences including LinuxCon, openSUSE Summit, Open Source Firmware Conference (OSFC), and Bsides.
Sophisticated attackers are targeting system firmware in search of new exploits. Firmware is normally subjected to rigorous integration testing, but how do developers perform more intensive unit testing to reduce errors prior to system integration?
Host-based Firmware Analyzer was recently contributed to TianoCore, an open source community for UEFI development. This is a tool for firmware component analysis with a focus on fuzzing & symbolic testing of firmware components. Host-based methods isolate firmware components in the developer’s OS environment and leverages existing open source analysis tools (ex: AFL, Peach, KLEE).
This session provides an overview of the Linux-based tool and how it is used to improve efficiency of firmware security test cases.