defence presentation 331016
TRANSCRIPT
Fakultät für InformatikProfessur Technische Informatik
www.tu-chemnitz.de
Professur Technische InformatikProf. Dr. Wolfram Hardt
Master Thesis DefenceDesign and development of an automated
regression test suite for UEFI
Efforts
University Supervisor: Prof. Wolfram Hardt
Managerial Supervisor: Mr. Bertram Metz
Technical Supervisor: Mr. Robert Fendt
Coordinator: Dr. Ariane Heller
Master Thesis Student: Huzaifa Saadat
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Agenda
• Introduction to UEFI
• Motivation
• State of the art
Phase 1
• UEFI test tools
• Results
• Further options
• Conclusion
Phase 2
• Test driven development
Phase 3
• Code Analysis- Static analysis- Dynamic analysis
15.04.2023 Huzaifa Saadat 2
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Introduction to UEFIThe future of BIOS
BIOS
• Poll driven
• Lack of extensibility
• Assembly language implementation
UEFI
• Partially interrupt driven (TPLs)
• Modular and extensible (GUIDs)
• C language implementation
15.04.2023 Huzaifa Saadat 3
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
UEFI/BIOS [9]
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Motivation
Matthew Garrett
Criticism: “The only people to enable UEFI are enthusiasts.”
Future: “After a few years of iterative improvements it stands a good chance of being more reliable and useful than BIOS.”
15.04.2023 Huzaifa Saadat 4
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
State of the art
Issues with UEFI testing
• Debugging
• Manual testing
• Hardware diagnostics
15.04.2023 Huzaifa Saadat 5
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
Debugging [7]
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
UEFI test tools
15.04.2023 Huzaifa Saadat 6
Chipsec PI SCT (PI Specification) fwts (UEFI Specification)
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
UEFI Boot Sequence [4]
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
UEFI test tools (cont.)
Chipsec
• Security features
• Python scripts
• Shell, Linux and Windows
• e.g. BIOS protection
15.04.2023 Huzaifa Saadat 7
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
Chipsec [6]
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
UEFI test tools (cont.)
Platform Initialization Self-Certification Test (PI SCT)
• PI specification
• Shell application
• Verifies functions
• e.g. ResetSystem()
15.04.2023 Huzaifa Saadat 8
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
PI SCT [8]
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
UEFI test tools (cont.)
firmware test suite (fwts)
• UEFI specification
• OS perspective
• Live version
• Non-live version
• 6 test classes
• e.g. Power management
15.04.2023 Huzaifa Saadat 9
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
fwts [5]
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
UEFI test tools (cont.)
Automated regression test suite
• fwts
• Chipsec
• PI SCT
• STAF/STAX integration
15.04.2023 Huzaifa Saadat 10
Enter UEFI Shell
Run Chipsec
Run PI SCT
Boots fwts live
Exit UEFI Shell
Regression tests work flow
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Test driven development
AMI (Aptio V)
• Visual eBIOS
• Standard C lib. absent
• Metadata files
15.04.2023 Huzaifa Saadat 11
Aptio V project
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Test driven development (cont.)
Unity
• Unit test for C
• Comparison functions
• Modified for UEFI
• e.g. SerialPortWrite()
15.04.2023 Huzaifa Saadat 12
Unity and example
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Test driven development (cont.)
TDD work flow
15.04.2023 Huzaifa Saadat 13
TDD
Target Platform
Debug OutputDebug OutputBurn Serial Out
Write/Refactor code
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Static analysis
Cppcheck
• Directory check
• Code oriented
• Open source
• Light weight
PVS-Studio
• Build monitor
• Code oriented
• Proprietary
• Normal
CppDepend
• Build monitor
• Architecture oriented
• Proprietary
• Extremely heavy
15.04.2023 Huzaifa Saadat 14
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Dynamic analysis
Dr. Memory
• Dynamic memory analyzer
• Windows based
• 32 bit applications
15.04.2023 Huzaifa Saadat 15
Application with Dr. Memory
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Dynamic analysis (cont.)
Avatar
• Emulate UEFI (QEMU)
• Use target platform
• Avatar in the middle
• Run analysis scripts
• Slow and unstable
Architecture
15.04.2023 Huzaifa Saadat 16
EmulatorTarget platform
Avatar
Dynamic firmware analysis
Analysis scripts
Analysis scripts
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Results
Results criteria
• Increase test coverage
• Maximize automation
• Portability
• Check PI/UEFI specification
• Check proprietary specification
• Ability to automate regression test
15.04.2023 Huzaifa Saadat 17
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Results (cont.)
Test coverage, automation and portability
15.04.2023 Huzaifa Saadat 18
Current
Manual
Tests
fwts PI SCT Chipsec Automated
Regression Test
Suite
Approximate
Time
Required
4 weeks 5 minutes 4 hours 1 minute 4 hours and 6
minutes
Approximate
Test Cases
32 1,182 10,737 9 11,928
Approximate
Failed Test
Cases
1 74 18 1 93
UEFI Phases
Covered
Negligible (BDS, TSL, RT
and AL)
(PEI, DXE
and BDS)
(SEC, PEI) (All)
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Results (cont.)
Specifications
• PI SCT (PI Specification)
• fwts (UEFI Specification)
• Chipsec and PI SCT (open source extendible)
Automate
• Combined regression test suite
• STAF\STAX regression test framework
15.04.2023 Huzaifa Saadat 19
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Results (cont.)
Test driven development
• Possible for UEFI
• Small modifications
• Minimize bugs
• Maximize test coverage
Code analysis
• Improves C code
• Minimization of bugs
• Code review alternative
• Dynamic analysis concept
15.04.2023 Huzaifa Saadat 20
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Further options
Research
• Unit tests for UEFI
• Static analysis tools for UEFI
• Dynamic analysis for UEFI
Possible result criteria
• Minimum modification, maximum usefulness
• User-friendliness, minimum false alarms, maximum errors
• Helpfulness, performance optimization
15.04.2023 Huzaifa Saadat 21
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further options • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
Conclusion
Concluding remarks
• Focus on UEFI testing
• Avoid reinventing the wheel
• Test early (TDD)
• Benefits of migration (Assembly to C)
• Try dynamic analysis
15.04.2023 Huzaifa Saadat 22
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further research • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
References
[1] Master_Thesis_Huzaifa_Saadat_Final.pdf
[2] Test Driven Development for embedded C – by James Grenning
[3] Beyond BIOS – by Intel Press
[4] http://tianocore.sourceforge.net/wiki/PI_Boot_Flow
[5] A. Hung, „Firmware Test Suite (fwts),“ Canonical, 2013
[6] https://github.com/chipsec/chipsec
[7] http://www.ibmsystemsmag.com
[8] Self-Certification Test (SCT) User Guide
[9] http://www.t-online.de
15.04.2023 Huzaifa Saadat 23
Agenda • UEFI • Motivation • State of the art • Test tools • TDD • Static analysis • Dynamic analysis • Results • Further research • Conclusion • References
www.tu-chemnitz.de
Fakultät für InformatikProfessur Technische Informatik
15.04.2023 Huzaifa Saadat 24
Q&A