Intel Blog: Finding BIOS Vulnerabilities with Symbolic Execution and Virtual Platforms

I have just published a piece about the Intel Excite project on my Software Evangelist blog at the Intel Developer Zone. The Excite project is using a combination of of symbolic execution, fuzzing, and concrete testing to find vulnerabilities in UEFI code, in particular in SMM. By combining symbolic and concrete techniques plus fuzzing, Excite achieves better performance and effect than using either technique alone.

Continue reading “Intel Blog: Finding BIOS Vulnerabilities with Symbolic Execution and Virtual Platforms”

Wind River Blog: UEFI on Simics

150px-Uefi_logo.svgSimics can run and debug UEFI BIOSes, and that is the topic of my latest blog at Wind River. UEFI is actually pretty interesting once you get to know it, and building a good debug experience for UEFI took a bit of work. Still, it was built as just another target for the standard uniform Simics debugger, which is not the way most other UEFI and BIOS debuggers are built. I guess in that in the past, debugging a BIOS required such specialized tools that it made sense to also build a custom specialized frontend for the  purpose. With a simulator as the backend, things do become simpler and more uniform, and Eclipse CDT is a actually a very good basis for a debugger for any kind of C and C++ code.

For more reading on UEFI itself, I can recommend the 2011 Intel Tech Journal on the topic.