[edk2-devel] [GSoC proposal] Secure Image Loader
Michael Brown
mcb30 at ipxe.org
Wed Apr 7 21:05:27 UTC 2021
On 05/04/2021 00:01, Marvin Häuser wrote:
> 3. During my initial exploration, I discovered defective PPIs and
> protocols (e.g. returning data with no corresponding size) originating
> from the UEFI PI and UEFI specifications. Changes need to be discussed,
> settled on, and submitted to the UEFI Forum.
Would any of these changes break backwards compatibility? With the UEFI
development model, any protocol that has ever existed in the
specification will practically need to always be supported in that form:
breaking backwards compatibility is simply not an option.
For example: there is a fundamental design flaw in the LoadImage() and
StartImage() API that makes it logically impossible for arbitrary code
to install an EFI_LOADED_IMAGE_PROTOCOL instance (see
https://github.com/ipxe/ProxyLoaderPkg/#why-is-it-needed for details on
this). But there's zero chance that this design flaw will ever be
fixed, because there's no way to eliminate code that relies on the
existing LoadImage()/StartImage() APIs.
So: if the formally verified image loader can fit within the constraints
of "must not modify any externally exposed APIs" then it sounds like a
potentially good idea. If it requires breaking changes to public APIs
then I don't see how it could be integrated in practice.
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73800): https://edk2.groups.io/g/devel/message/73800
Mute This Topic: https://groups.io/mt/81853302/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list