Intel open-sources HBFA app to help with firmware security testing

Intel's new HBFA project will be available in Q2 2019.

Intel releases Xenon W-3175X processor specs If you have a spare $3,000 doing nothing, then you could drop it on Intel's first 28-core unlocked workstation processor.

Intel announced plans today to open-source a new firmware security testing tool named HBFA --or the Host-based Firmware Analyzer.

The new project, a security testing tool for UEFI-based firmware, will be formally introduced at next week's RSA 2019 security conference that will be held in San Francisco.

Intel's upcoming HBFA project will join the ranks of other firmware security testing tools such as CHIPSEC, Intel Intelligent Test System (ITS), Excite, and Simics.

The difference, according to Intel, is that HBFA has been designed to be used for testing the firmware's source code before it's integrated and packed for specific platforms.

Its role is to help firmware coders catch security bugs at the earliest stage of development, rather than let firmware code travel down the development cycle, where bugs are harder and more time-consuming to patch.

"To help reduce issues prior to integration, Intel has developed a new open source tool: Host-based Firmware Analyzer (HBFA)," the company said today in a press release.

"This environment enables advanced testing of UEFI and UEFI PI drivers in the developer's OS environment. The test suite leverages existing open source tools to tests with common fuzzing frameworks, symbolic execution, address sanitization, code coverage reports, and methods for fault injection and trace." Intel said.

"HBFA introduces a stub interface for firmware components based on TianoCore EDK II," the company added. "HBFA extends an interface for tools like AFL, Peach, and KLEE to execute test cases on firmware components prior to system integration."

HBFA interface

Image: Intel
HBFA results

Image: Intel
HBFA design

Image: Intel

Intel said it plans to release HBFA as an open source tool in Q2 of 2019 as a contribution to the TianoCore community.

The chipmaker will also release a whitepaper about HBFA and firmware testing at RSA 2019, named "Using Host-based Firmware Analysis to Improve Platform Resiliency."

Related cyber-security coverage: