Intel open-sources HBFA app to help with firmware security testing

Intel's new HBFA project will be available in Q2 2019.
Written by Catalin Cimpanu, Contributor

Intel announced plans today to open-source a new firmware security testing tool named HBFA --or the Host-based Firmware Analyzer.

The new project, a security testing tool for UEFI-based firmware, will be formally introduced at next week's RSA 2019 security conference that will be held in San Francisco.

Intel's upcoming HBFA project will join the ranks of other firmware security testing tools such as CHIPSEC, Intel Intelligent Test System (ITS), Excite, and Simics.

The difference, according to Intel, is that HBFA has been designed to be used for testing the firmware's source code before it's integrated and packed for specific platforms.

Its role is to help firmware coders catch security bugs at the earliest stage of development, rather than let firmware code travel down the development cycle, where bugs are harder and more time-consuming to patch.

"To help reduce issues prior to integration, Intel has developed a new open source tool: Host-based Firmware Analyzer (HBFA)," the company said today in a press release.

"This environment enables advanced testing of UEFI and UEFI PI drivers in the developer's OS environment. The test suite leverages existing open source tools to tests with common fuzzing frameworks, symbolic execution, address sanitization, code coverage reports, and methods for fault injection and trace." Intel said.

"HBFA introduces a stub interface for firmware components based on TianoCore EDK II," the company added. "HBFA extends an interface for tools like AFL, Peach, and KLEE to execute test cases on firmware components prior to system integration."

HBFA interface
Image: Intel
HBFA results
Image: Intel
HBFA design
Image: Intel

Intel said it plans to release HBFA as an open source tool in Q2 of 2019 as a contribution to the TianoCore community.

The chipmaker will also release a whitepaper about HBFA and firmware testing at RSA 2019, named "Using Host-based Firmware Analysis to Improve Platform Resiliency."

MWC: The best and worst of the past five years

Related cyber-security coverage:

Editorial standards