Firmware components present unique challenges for automated testing due to their tight coupling with hardware, which typically requires additional setup compared to regular user-space software. In particular, coverage-guided fuzzing tools such as AFL++, LibFuzzer, and LibAFL are not straightforward to apply in this domain. By combining these fuzzers with existing CPU emulators - whether provided by Arm or other sources - it becomes possible to unlock new approaches to dynamic security analysis for firmware. This thesis topic focuses on exploring and evaluating methods for applying coverage-guided fuzzing techniques to firmware projects using emulation-based workflows. 

Arm can provide consultancy and special tools(like FVP) to do analysis in a special way against firmware that is not feasible otherwise.