Follow these steps to create a new project in Metalware by uploading your firmware binary, verifying the configuration, adjusting memory maps as needed, and performing a dry run to ensure everything is set up correctly.
1. Upload Your Firmware Binary
- Open your web browser and navigate to:
bashhttp://<host>:<port>
You will see the Metalware home screen:
- Click the New Project button. This opens a form for uploading your firmware binary (ELF image):
2. Verify the Inferred Configuration
Metalware automatically infers key configuration details from your firmware image, including:
- Vector Table Address:
This address contains the initial stack pointer and interrupt handlers (including the reset handler).
- Fuzz Start Location:
The address of the first basic block executed after the firmware has fully booted. This should typically be the main loop in the main function.
- Memory Maps:
The inferred memory regions should match the memory map provided in your boardβs reference manual.
Review the inferred details on the configuration page:
We strongly recommend you confirm the inferred addresses are correct by consulting the reference manual and/or viewing the binary under a decompiler (such as Ghidra, IDA or Binary Ninja).
It's important to set any manually-configured (not automatically inferred from ELF) memory as RAM (which will default to 0s) or MMIO (which will draw input from fuzzer for each read) since the firmware image does not contain any text or data for it.
3. Memory Map Guidelines
Metalware categorizes memory into the following types:
Memory Type | Description |
ROM | Flash and ROM-like memory in your SoCβs memory space. |
RAM | Volatile memory (e.g., DRAM, SRAM). |
MMIO | Memory-mapped I/O regions for peripherals or secondary memory (e.g., UART, Bluetooth, HSM, Zigbee, external flash). |
If your firmware relies on specific NVRAM configurations that are not present in the firmware image, designate that region as MMIO rather than RAM so that Metalware can correctly infer the required boot configurations.
General guidelines:
- Allocate a large, contiguous MMIO region for external peripherals.
- Define smaller, distinct MMIO regions for NVRAM and internal peripherals.
- For example, internal peripherals such as ARMβs CoreSight modules (ITM, DWT) should be mapped separately from external peripherals.
- If your board interfaces with secondary storage (e.g., flash, EEPROM) that does not host the firmware image, map that storage as MMIO.
4. Dry Run and Save
Once youβve verified and, if necessary, amended the address mappings, click the Create button.
Metalware will perform a dry run of your firmware to ensure that the memory map is correctly configured.
Success: If the configuration is correct, you will see a confirmation message in the Status box:
Failure: If there is an error (e.g., a memory segment is not mapped correctly), you will see an error message similar to the example below:
cError: The following segments are not mapped to RAM memory region: Segment (0x20000000 - 0x20000298): - Section: .isr_vector
This error indicates that the segment from
0x20000000 to 0x200000298 must be covered by an appropriately sized RAM region.- Action: Refer to your reference manual, adjust the address and size of the relevant RAM region, and rerun the dry run until the configuration passes.