tutorials/edk2-uefi: use build.sh to create corpus

Wenzel · Wenzel · commit fc63ff4c52d9 · 2025-10-16T08:29:50.000-07:00
diff --git a/docs/src/tutorials/edk2-uefi/building-the-application.md b/docs/src/tutorials/edk2-uefi/building-the-application.md
@@ -38,7 +38,10 @@ This Dockerfile will obtain the EDK2 source and compile the BaseTools, then copy
 
 We will want to get our built UEFI application from the container, which we can
 do using the `docker cp` command. There are a few files we want to copy, so we'll
-use this script `build.sh` to automate the process:
+use this script `build.sh` to automate the process.
+
+It will also copy the `tsffs.h` header into the harness sources, copy the minimal boot disk
+and create a initial fuzzing corpus to prepare the project.
 
 ```sh
 #!/bin/bash
@@ -64,6 +67,15 @@ for file_ext in efi map debug; do
 done
 
 docker rm -f "${CONTAINER_NAME}"
+
+# ensure corpus
+if [ ! -d "${SCRIPT_DIR}/corpus" ]; then
+    mkdir "${SCRIPT_DIR}/corpus"
+    curl -L -o "${SCRIPT_DIR}/corpus/0" https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/0
+    curl -L -o "${SCRIPT_DIR}/corpus/1" https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/1
+    curl -L -o "${SCRIPT_DIR}/corpus/2" https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/2
+    curl -L -o "${SCRIPT_DIR}/corpus/3" https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/3
+fi
 ```
 
 The script will build the image, create a container using it, copy the relevant files
diff --git a/docs/src/tutorials/edk2-uefi/configuring-the-fuzzer.md b/docs/src/tutorials/edk2-uefi/configuring-the-fuzzer.md
@@ -75,18 +75,15 @@ Re-compile the application by running the build script.
 
 ## Obtain a Corpus
 
-The fuzzer will take input from the `corpus` directory in the project directory, so
-we'll create that directory and add some sample certificate files in DER format as
-our input corpus.
-
-```sh
-mkdir corpus
-curl -L -o corpus/0 https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/0
-curl -L -o corpus/1 https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/1
-curl -L -o corpus/2 https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/2
-curl -L -o corpus/3 https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/3
+The fuzzer will take input from the `corpus` directory located under `edk2-uefi`:
+
+```python
+@tsffs.corpus_directory = SIM_lookup_file("%simics%/../corpus")
 ```
 
+In `build.sh` we have already created that directory and added some sample
+certificate files in DER format as our input corpus.
+
 ## Configuring the Fuzzer
 
 Even though we loaded the fuzzer module, it didn't run previously because we did not
@@ -126,13 +123,17 @@ hangs, and CPU exceptions. we'll enable exceptions 13 for general protection fau
 @tsffs.exceptions = [13, 14]
 ```
 
-We'll tell the fuzzer where to take its corpus and save its solutions. The fuzzer will
-take its corpus from the `corpus` directory and save solutions to the `solutions`
-directory in the project by default, so this call can be skipped in real usage unless
-you want to change the defaults.
+By default, TSFFS expects the `corpus` and `solutions` directories to be located within
+the Simics project directory.
+
+However, Since our fuzzer is configured to read its corpus from the `../corpus`
+directory (relative to the `project` directory), we must explicitly specify the
+correct path using the following configuration:
 
 ```python
-@tsffs.corpus_directory = SIM_lookup_file("%simics%/corpus")
+# project/../corpus
+@tsffs.corpus_directory = SIM_lookup_file("%simics%/../corpus")
+# set solutions directory (default location, explicitly defined for clarity)
 @tsffs.solutions_directory = SIM_lookup_file("%simics%/solutions")
 ```
 
diff --git a/examples/tutorials/edk2-uefi/build.sh b/examples/tutorials/edk2-uefi/build.sh
@@ -26,3 +26,12 @@ for file_ext in efi map debug; do
 done
 
 docker rm -f "${CONTAINER_NAME}"
+
+# ensure corpus
+if [ ! -d "${SCRIPT_DIR}/corpus" ]; then
+    mkdir "${SCRIPT_DIR}/corpus"
+    curl -L -o "${SCRIPT_DIR}/corpus/0" https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/0
+    curl -L -o "${SCRIPT_DIR}/corpus/1" https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/1
+    curl -L -o "${SCRIPT_DIR}/corpus/2" https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/2
+    curl -L -o "${SCRIPT_DIR}/corpus/3" https://github.com/dvyukov/go-fuzz-corpus/raw/master/x509/certificate/corpus/3
+fi
