Intel announced plans today to open-source a new firmware security testing tool named HBFA --or the Host-based Firmware Analyzer.
The new project, a security testing tool for UEFI-based firmware, will be formally introduced at next week's RSA 2019 security conference that will be held in San Francisco.
The difference, according to Intel, is that HBFA has been designed to be used for testing the firmware's source code before it's integrated and packed for specific platforms.
Its role is to help firmware coders catch security bugs at the earliest stage of development, rather than let firmware code travel down the development cycle, where bugs are harder and more time-consuming to patch.
"To help reduce issues prior to integration, Intel has developed a new open source tool: Host-based Firmware Analyzer (HBFA)," the company said today in a press release.
"This environment enables advanced testing of UEFI and UEFI PI drivers in the developer's OS environment. The test suite leverages existing open source tools to tests with common fuzzing frameworks, symbolic execution, address sanitization, code coverage reports, and methods for fault injection and trace." Intel said.
"HBFA introduces a stub interface for firmware components based on TianoCore EDK II," the company added. "HBFA extends an interface for tools like AFL, Peach, and KLEE to execute test cases on firmware components prior to system integration."
Intel said it plans to release HBFA as an open source tool in Q2 of 2019 as a contribution to the TianoCore community.
The chipmaker will also release a whitepaper about HBFA and firmware testing at RSA 2019, named "Using Host-based Firmware Analysis to Improve Platform Resiliency."
Related cyber-security coverage:
- ICANN: There is an ongoing and significant risk to DNS infrastructure
- Intel SGX Card expands SGX security protections to cloud data centers
- Hackers can hijack bare-metal cloud servers by corrupting their BMC firmware
- Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes
- Splunk pulls out of Russia with mysterious statement
- Report: Industrial control systems face uphill security battles in 2019 TechRepublic
- Chinese server hack story doesn't convince chip CEOs CNET