Re: [PATCH EDK2 v2 1/1] SecurityPkg/DxeImageVerificationLib:Enhanced verification of Offset

Laszlo Ersek

On 08/18/20 12:24, Marvin Häuser wrote:
Good day everyone,

First off, for your information, I'm sending from my new e-mail address
from now on.
Thanks -- can you please update your email in bugzilla too? (Before
sending my email, I made sure I'd include your email address as seen in

Please excuse me, I cannot read your entire thread right now, I will
definitely make sure to catch up as soon as time permits, but I just
wanted to confirm we are indeed working on a reimplementation of the PE
Awesome, thank you.

It involves correcting several security issues (which will be detailed
as the patches are sent as anything else would be too much work for us
right now), reducing code duplication (how often is the hashing
algorithm duplicated across edk2? :) ) and a more or less experimental
approach to formal verification. We plan to submit it this year, however
please note that this is a low priority project and is not being worked
on on a full-time basis.

Please let us know about your own plans so we do not end up duplicating
I got no plans; I'm just happy that you can work on this (even if with
low priority) where I had to give up.


Join to automatically receive all group messages.