Aravind Machiry, assistant professor of electrical and computer engineering

A Purdue University researcher is co-PI for a multi-institutional effort to make the software that helps computers boot up more secure.

Aravind Machiry, assistant professor in Purdue’s Elmore Family School of Electrical and Computer Engineering, is the Purdue lead for a new project funded by the National Science Foundation’s Secure and Trustworthy Cyberspace: Secure and Assured Open Source Ecosystems (SAFE-OSE) program. The roughly $1.2 million award, shared with the University of Colorado - Colorado Springs, will support the development of tools and processes to improve the security of the TianoCore open-source firmware ecosystem, a foundational part of the world’s computing infrastructure.

When a computer powers on, it relies on embedded firmware to start up and connect with its operating system. This firmware, based on the Unified Extensible Firmware Interface (UEFI) standard, runs on everything from cloud servers to Internet of Things (IoT) devices. The open-source TianoCore community maintains key components of UEFI, including EDK II, one of the most widely used bootloaders.

Because of its broad adoption, vulnerabilities in TianoCore’s code could have far-reaching consequences.

“The TianoCore ecosystem plays a critical role in how modern computing devices start and function,” Machiry said. “Improving its security helps protect not just individual systems, but the safety, privacy, and economic interests of the nation.”

The project, called TianoShield, will enhance the security posture of the TianoCore ecosystem through three key efforts:

1. Rapid triaging and patching of vulnerabilities — using large language models (LLMs) to analyze and improve bug reports and proactively fix known issues.
2. Deployment of advanced analysis tools — extending state-of-the-art static and dynamic security tools to detect weaknesses in firmware source code.
3. Streamlined and automated bug handling — improving structured reporting and continuous integration/continuous delivery (CI/CD) practices to make security a built-in part of development.

The team will collaborate closely with industry partners and the TianoCore community to ensure that these enhancements are adopted and sustained within real-world development workflows.

“TianoShield’s innovations will help set a new standard for how open-source communities manage and secure critical software,” Machiry said. “The tools and practices we develop can be extended to other ecosystems and repositories as well.”

In addition to strengthening national cybersecurity, the project will contribute to academic knowledge in software and systems engineering by producing experience reports and practical frameworks that can guide future open-source security efforts.