DinSecUEFI: Dynamic Testing in CI Pipelines for UEFI Specification-Based Firmware
Abstract
Firmware security is critical due to its elevated privileges and the absence of defenses typical of operating systems (OSs). While OSs have multiple layers of protection, firmware remains more vulnerable and attractive to attacks. Following DevSecOps principles, this work proposes a pipeline that automates dynamic testing in UEFI modules. The methodology uses binary instrumentation and fuzzing executed in containers for scalable dynamic analysis. In experiments with a real BIOS, the pipeline identified failures in more than 5% of the analyzed modules. The results indicate that the approach reduces operational costs and strengthens the secure development cycle of UEFI-based firmware.
References
Beekman, J. (2015). Reverse engineering UEFI firmware. [link]. Acessado em 12/05/2025.
Binarly (2021). The firmware supply-chain security is broken: Can we fix it? Binarly REsearch Team. [link]. Acessado em 12/05/2025.
Carlsbad, A. (2020). Moving from dynamic emulation of UEFI modules to coverage-guided fuzzing of UEFI firmware. [link]. Acessado em 12/05/2025.
Fioraldi, A., Maier, D., Eißfeldt, H., and Heuse, M. (2020). AFL++: Combining incremental steps of fuzzing research. In 14th USENIX Workshop on Offensive Technologies, Virtual Event. USENIX Association.
Gomes, E., Amora, P., Teixeira, E. M., Lima, A., Brito, F. T., Ciocari, J., and Machado, J. C. (2016). UTTOS: A tool for testing UEFI code in OS environment. In 28th IFIP International Conference on Testing Software and Systems, volume 9976, pages 218–224, Graz, Austria. Springer.
Häuser, M. (2023). Designing a secure and space-efficient executable file format for the unified extensible firmware interface. Master’s thesis, University of Kaiserslautern-Landau, Kaiserslautern, Germany.
Lu, Z., an Tan, Y., Cheng, X., Zheng, Z., Shi, N., and Li, Y. (2025). An automated framework for detecting and mitigating memory safety vulnerabilities in UEFI firmware. Computers and Electrical Engineering, 122:109945.
Machado, R. R. (2018). Desenvolvimento das fundações para acessibilidade em ambiente pré-OS. Master’s thesis, Universidade Federal de São Carlos - UFSCar, Sorocaba, SP.
Matsuo, K., Tanda, S., Suzaki, K., Kawakoya, Y., and Mori, T. (2024). SmmPack: Obfuscation for SMM modules with TPM sealed key. In 21st International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, page 439–459, Lausanne, Switzerland. Springer.
Putra, A. M. and Kabetta, H. (2022). Implementation of DevSecOps by integrating static and dynamic security testing in CI/CD pipelines. In International Conference of Computer Science and Information Technology, pages 1–6, Laguboti, North Sumatra, Indonesia. IEEE.
Quarkslab, Falcon, F., and Arce, I. (2024). PixieFail: Nine vulnerabilities in Tianocore’s EDK II IPv6 network stack. [link]. Acessado em 12/05/2025.
Richardson, B., Wu, C., Yao, J., and Zimmer, V. J. (2019). Using host-based firmware analysis to improve platform resiliency. Technical report, Intel, S. l. [link]. Acessado em 12/05/2025.
Shafiuzzaman, M., Desai, A., Sarker, L., and Bultan, T. (2024). STASE: Static analysis guided symbolic execution for UEFI vulnerability signature generation. In 39th International Conference on Automated Software Engineering, pages 1783–1794, Sacramento, CA, USA. ACM.
UEFI (2021). UEFI forum - unified extensible firmware interface specification. [link]. Acessado em 12/05/2025.
UEFI PI (2024). UEFI platform initialization specification. [link]. Version 1.8 Errata A; Acessado em 12/05/2025.
Yang, Z., Viktorov, Y., Yang, J., Yao, J., and Zimmer, V. (2020). UEFI firmware fuzzing with Simics virtual platform. In 57th Design Automation Conference, pages 1–6, San Francisco, CA, USA. IEEE.
Yao, J. and Zimmer, V. (2020). Building Secure Firmware: Armoring the Foundation of the Platform. Apress, Berkeley, CA.
Yin, J., Li, M., Li, Y., Yu, Y., Lin, B., Zou, Y., Liu, Y., Huo, W., and Xue, J. (2023). RSFuzzer: Discovering deep SMI handler vulnerabilities in UEFI firmware with hybrid fuzzing. In 44th Symposium on Security and Privacy, pages 2155–2169, San Francisco, CA, USA. IEEE.
Binarly (2021). The firmware supply-chain security is broken: Can we fix it? Binarly REsearch Team. [link]. Acessado em 12/05/2025.
Carlsbad, A. (2020). Moving from dynamic emulation of UEFI modules to coverage-guided fuzzing of UEFI firmware. [link]. Acessado em 12/05/2025.
Fioraldi, A., Maier, D., Eißfeldt, H., and Heuse, M. (2020). AFL++: Combining incremental steps of fuzzing research. In 14th USENIX Workshop on Offensive Technologies, Virtual Event. USENIX Association.
Gomes, E., Amora, P., Teixeira, E. M., Lima, A., Brito, F. T., Ciocari, J., and Machado, J. C. (2016). UTTOS: A tool for testing UEFI code in OS environment. In 28th IFIP International Conference on Testing Software and Systems, volume 9976, pages 218–224, Graz, Austria. Springer.
Häuser, M. (2023). Designing a secure and space-efficient executable file format for the unified extensible firmware interface. Master’s thesis, University of Kaiserslautern-Landau, Kaiserslautern, Germany.
Lu, Z., an Tan, Y., Cheng, X., Zheng, Z., Shi, N., and Li, Y. (2025). An automated framework for detecting and mitigating memory safety vulnerabilities in UEFI firmware. Computers and Electrical Engineering, 122:109945.
Machado, R. R. (2018). Desenvolvimento das fundações para acessibilidade em ambiente pré-OS. Master’s thesis, Universidade Federal de São Carlos - UFSCar, Sorocaba, SP.
Matsuo, K., Tanda, S., Suzaki, K., Kawakoya, Y., and Mori, T. (2024). SmmPack: Obfuscation for SMM modules with TPM sealed key. In 21st International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, page 439–459, Lausanne, Switzerland. Springer.
Putra, A. M. and Kabetta, H. (2022). Implementation of DevSecOps by integrating static and dynamic security testing in CI/CD pipelines. In International Conference of Computer Science and Information Technology, pages 1–6, Laguboti, North Sumatra, Indonesia. IEEE.
Quarkslab, Falcon, F., and Arce, I. (2024). PixieFail: Nine vulnerabilities in Tianocore’s EDK II IPv6 network stack. [link]. Acessado em 12/05/2025.
Richardson, B., Wu, C., Yao, J., and Zimmer, V. J. (2019). Using host-based firmware analysis to improve platform resiliency. Technical report, Intel, S. l. [link]. Acessado em 12/05/2025.
Shafiuzzaman, M., Desai, A., Sarker, L., and Bultan, T. (2024). STASE: Static analysis guided symbolic execution for UEFI vulnerability signature generation. In 39th International Conference on Automated Software Engineering, pages 1783–1794, Sacramento, CA, USA. ACM.
UEFI (2021). UEFI forum - unified extensible firmware interface specification. [link]. Acessado em 12/05/2025.
UEFI PI (2024). UEFI platform initialization specification. [link]. Version 1.8 Errata A; Acessado em 12/05/2025.
Yang, Z., Viktorov, Y., Yang, J., Yao, J., and Zimmer, V. (2020). UEFI firmware fuzzing with Simics virtual platform. In 57th Design Automation Conference, pages 1–6, San Francisco, CA, USA. IEEE.
Yao, J. and Zimmer, V. (2020). Building Secure Firmware: Armoring the Foundation of the Platform. Apress, Berkeley, CA.
Yin, J., Li, M., Li, Y., Yu, Y., Lin, B., Zou, Y., Liu, Y., Huo, W., and Xue, J. (2023). RSFuzzer: Discovering deep SMI handler vulnerabilities in UEFI firmware with hybrid fuzzing. In 44th Symposium on Security and Privacy, pages 2155–2169, San Francisco, CA, USA. IEEE.
Published
2025-09-01
How to Cite
A. FILHO, Gelson José de; SANTI, Juliana de; WILL, Newton Carlos; MACHADO, Rafael R.; LELES, Andréia.
DinSecUEFI: Dynamic Testing in CI Pipelines for UEFI Specification-Based Firmware. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 350-366.
DOI: https://doi.org/10.5753/sbseg.2025.11497.
