It would be 7:30pm PST Does this work? -miki -- Miki Demeter (she/her/Miki) Security Researcher / FW Developer FST Intel Corporation Co-Chair, Network of Intel African-Ancestry(NIA) -

Yes, we can run other analyzer; however, in case of CodeChecker we also need a server to upload the result to.

I have Coverity scan builds running in a GitHub Action and then uploaded to Coverity. We should be able to configure a GitHub Action to run other analyzers. Mike

(Re-adding devel@ since Felix dropped it) wrote: -- Pedro Falcato

Just want to note that if we want to go ahead with fuzzing (I detailed a possible plan to do so in the mailing list a month or so ago) we will definitely need somewhere to run fuzzing (even if it's

Yes, LLVM/CLANG Static Analyzer is another possibility. I've mentioned it in the first version of the RFC. CodeChecker (https://codechecker.readthedocs.io/en/latest/) is an open source front-end for

LLVM's tools also appear to be much easier to review, for other people to run etc. I'd suggest at least starting with clang-tidy + scan-build and possibly adding Coverity later. I've found the

(Replying under Mike for devel visibility) Felix, Why coverity? I feel like we could run something akin to LLVM's clang-tidy + scan-build; it's open source (transparent *and* we can improve it or

+devel@edk2.groups.io Mike

This is version 2 of the proposal that provides additional details regarding the bring up process. The initial version is at https://edk2.groups.io/g/rfc/message/696 The goal of the proposal is

Nice, didn't know about those flags. I'll take a closer look at those and see if any other flag could be useful. One of the challenges of this patch was to check that the edition calculation was

Yep, I'm good with the latter.

Definitely the latter please! Martin, is that okay for you? Yes; I'll do a big picture overview, an introduction into uswid and Martin can explain the patch functionality in more detail. Does

Hi Miki, Sure, not a problem. Let me know what you'd like me to present, and a rough duration to stick to. I did a similar thing for the coreboot leadership so it's no problem at all. Richard

I am also interested in this capability. There are (undocumented?) capabilities in the build scripts currently that may be germane. --hash, --binary-destination, --binary-source. The rough usage

Martin, Richard Thank you I will add you to the agenda for the July 7th meeting at 7:30 pm -miki -- Miki Demeter (she/her/Miki) Security Researcher / FW Developer FST Intel Corporation Co-Chair,

Great. Next community meeting is July 7th. Is morning or evening best for you? i.e. 7am or 7:30pm Is 20minutes enough time? -miki -- Miki Demeter (she/her/Miki) Security Researcher / FW

Hi Richard, Would you like to attend one of the community meetings coming up and talk about this patch. -miki (Community manager Intel)

<martin.fernandez@...> wrote: If it helps drive progress, both AMI and Insyde have been testing building images based on this patch. I'd really like something like this to be included in

This patch modifies the build system in order to generate and use metadata to add it to the efi binaries. It uses python-uswid [1], given a set of config files (.ini) with the metadata it