Good day everyone,
Staging branch available at:
https://github.com/tianocore/edk2-staging/tree/2021-gsoc-secure-loader
As part of an internship at ISP RAS, my colleague Vitaly and I developed
a replacement for the current EDK II PE/COFF loader with the help of
formal methods. The reason for this is that people both inside and
outside of the community find the current solution to be unjustifiably
hard to maintain, hard to integrate and expand, as well as hard to
verify and review. Multiple bugs that affect its reliability have been
unfixed for a significant amount of time. During the development of our
proposed alternative, we managed to gain support from well-regarded
community members like Laszlo, whom I would like to thank one more time
for his review work on the publication, and all his efforts around the
EDK II ecosystem, which unfortunately have come to a close recently.
The new solution follows much stricter API and coding practices, aims to
be fully documented and provide additional security hardening, and the
most important properties of the loading process have been formally
verified to ensure functionality and safety. A significant amount of
testing with real-world workloads has been performed already, but we are
yet to present an exhaustive methodology. Please note that since the
last fully verified snapshot, a lot of hacks needed to be implemented,
e.g. around XIP TE Images, and as such code review will definitely be as
important as ever.
To make efforts around Image formats easier in the future, a layer of
abstraction has been introduced in the form of "UefiImageLib". Further
explanation can be found in the branch README. The current design is not
by any means finished, but hopefully it portraits the idea sufficiently
well. Arguably this is the most important design aspect of the
submission, as it will allow for bigger "PeCoffLib" changes without
changing all of the callers, so please voice any sorts of wishes,
feedback, and doubts regarding this new layer.
To gather feedback early and make initial inspection easier, a branch in
edk2-staging has been set up to present the initial work-in-progress
draft to the community. I would like to thank my mentors Bret and Ben
for their efforts and support so far to get this proposal ready. Please
note that this branch does not reflect the patch workflow, and as such
has many changes I will submit as distinct patch sets at a later point
in time. The branch README should hopefully give you a good idea about
the project's state and goals.
Please do not start in-depth code reviews yet, as the current state is
definitely still a work-in-progress. I would like to ask everyone
interested, especially package maintainers close to Image loading code,
to inspect the nature of the changes so far, especially any form of
abstraction, and provide your impressions and concerns regarding the
integration. Please also inspect the work-in-progress documentation
linked in the README, which is far from exhaustive, but should hopefully
provide a good-enough impression of the planned layout.
Several discussions with package maintainers about code directly and
indirectly related to PE/COFF loading are ongoing already, and I believe
we are already making some great progress. Thank you for your
involvement and your time.
Best regards,
Marvin
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78717): https://edk2.groups.io/g/devel/message/78717
Mute This Topic: https://groups.io/mt/84687032/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
