Marvin Häuser <mhaeuser@...>
On 13. Apr 2022, at 20:43, Pedro Falcato <pedro.falcato@...> wrote:
Hi Marvin, Ada,
I don't think the purpose of the dynamic linker is to treat EFI as a complete operating system, but to try to eliminate the static linking that may be needlessly duplicating
code that could instead be put in a single dynamic library.
Which is already possible as part of protocols. In fact, there are such for string and device path operations. What about that model justifies a fundamental change?
For instance, MdePkg and MdeModulePkg are linked into a *lot* of .efi, instead of being just a library. It'd be nice to see some
numbers on this (something like Google's bloaty could be run on every .efi file, in order to understand how much file space we would actually save).
The worst issue is PEI because of XIP. This should be out of scope anyway. Also needs numbers of how much new space is occupied by the loader duplicated into DXE and SMM.
Other comments inline.
On Wed, Apr 13, 2022 at 4:15 PM Marvin Häuser <mhaeuser@...> wrote:Note: fuzzing is also part of the LLVM instrumentation suite (see https://llvm.org/docs/LibFuzzer.html) and is something I could happily mentor.
On 13. Apr 2022, at 16:38, Ada Christine <adachristine18@...> wrote:i was replying via the groups.io web interface, I'm guessing that messed up
the thread? i haven't used mailing lists before and don't know how they
work. I'll use my mail client from here on.
I'm on board with not treating EFI as an operating system. the more i think
about it the more it looks like scope creep.
I'm not quite as enthusiasticHow about fuzz-testing? This is also something edk2 needs quite badly. At Acidanthera, we compile edk2 code in userspace outside the edk2 build system and fuzz with dummy applications.
about it as i was at first glance.
I'm still keen on doing my gsoc proposal for edk, though, and even if this
task and the acpica application are decided to be out of scope unit
Is Vitaly going to be a mentor? I was assuming it was going to be me and some other, more senior, mentor (possibly Steven Shi, which I included in the task).
clang integrationPedro and Vitaly are looking for someone to finish ASan: https://edk2.groups.io/g/devel/topic/90010978#87991
There are working UBSan concepts, but they also need to be mainlined.
Looking was not specifically meant for mentoring, mostly he just wants it done. He offered to mentor after we saw that every Meeting Minutes mail asked for new mentors. Albeit his little activity on the list, I can assure you he is plenty senior for about any task in the list. :)
Anyway, re: ASAN, if the project includes ASAN, UBSAN and possibly some other sanitizer it's quite possible that it could be considered a large project (which means more hours but a larger stipend too). Fuzzing + coverage could
be very nice additions to this project idea.
Also, is stress-testing a decent idea?
Literally any kind of sophisticated testing… please
and source-level debugging are all relevant toI want the entirety of MM to leverage SmmMemLib and to support SMAP. SmmMemLib would then handle UEFI->MMRAM and BaseMemoryLib would only work on MMRAM. Also evaluation of how to best avoid pointers in MM communication buffers would be nice.
how about your ideas for security stuff?
There also is a bunch of other stuff, like working out moving a part of CpuDxe into DxeCore to have memory protection live immediately, memory protection in PEI, a replacement for the TE format (it’s buggy and most platforms mostly abandoned it over various issues), and alternatives to guarding critical code with SMM (like allowing NVRAM commits only as part of a reboot).
I personally find all of those projects very important, but I cannot promise many people agree. Especially those that impose global changes (most notably the TE replacement) may be very tedious to submit. Gladly, I believe you can submit multiple proposals (?)
I'm not very knowledgeable about
trusted platform or secure boot but I'm willing to learn whatever is
necessary to get something spun up for my proposal.
On Wed, Apr 13, 2022, 12:05 Marvin Häuser <mhaeuser@...> wrote:
Do you use the “reply all” option in your mail client? Looks like my CCs
have been dropped again. Comments inline.
On 13. Apr 2022, at 12:54, Ada Christine <adachristine18@...>wrote:
Hi, Marvinattention. I have no particular use case in mind for it, but I see its
Its similarity to my own latest experiment is the key to what grabbed my
potential for anybody developing larger applications in that when a library
is changed there's no need to distribute a new version of the whole binary,
just the relevant library module.
I really do not like the trend of treating UEFI as a full-fledged OS - it
is not. The most used UEFI applications, OS loaders, are really not that
huge and are distributed as part of the OS image anyway. Even for less used
applications, you will always get a full snapshot anyhow. Gladly we don’t
have auto-update and package management yet. :)
similarly to the shell protocol in that the linker/loader is itself an
I slept on it and it occurred to me that the whole thing could operate
application that does a LoadImage() on the application needing dynamic
That would mean the linker itself is shipped with every application that
requires it? Otherwise it doesn’t make much sense for it to be an app and
below’s problems apply.
If however the whole plan is making the linker as a DXE and including itwith the firmware, that I'm not quite as sure about. That would necessarily
tie any applications using dynamic linking to TianoCore or any firmware
distribution that derives from it.
I think that was the idea referred to as “edk2 core” by Steven, but I’d
like to hear his proposal to be sure. Virtually everyone uses edk2, so that
itself is not the problem, but versioning is. Vendors are slow to update
their snapshots or have just given up doing that entirely. Distributing it
for external applications like OS loaders would mean this can be leveraged
probably no earlier than 10 years from now. And for in-firmware things, I
have a hard time thinking about a use-case that outweighs the drawbacks.
on other items on the task list. Unit testing and an ACPICA application are
To shift the topic slightly back to GSoC, however, I'm willing to work
the alternative projects I had thought about. I need to choose fairly soon
as the proposal deadline is next Tuesday. I know a tiny bit about porting
ACPICA as I also have plans to incorporate it into my own project.
I have a few more ideas for security stuff, but Nate did not confirm them
as appropriate yet and I’m not here to drive you away from this specific
task (or the others). However, I’m still curious and concerned. :)