[edk2-devel] [GSoC proposal] Secure Image Loader
Andrew Fish via groups.io
afish=apple.com at groups.io
Thu Apr 8 21:48:36 UTC 2021
> On Apr 8, 2021, at 2:07 PM, Marvin Häuser <mhaeuser at posteo.de> wrote:
>
>
> 08.04.2021 19:39:16 Andrew Fish <afish at apple.com <mailto:afish at apple.com>>:
>
>>
>>
>>> On Apr 8, 2021, at 10:02 AM, Marvin Häuser <mhaeuser at posteo.de> wrote:
>>>
>>> On 08.04.21 18:44, Andrew Fish via groups.io wrote:
>>>>
>>>>
>>>>> On Apr 8, 2021, at 9:06 AM, Marvin Häuser <mhaeuser at posteo.de <mailto:mhaeuser at posteo.de>> wrote:
>>>>>
>>>>> We use the loader code in userspace anyway for fuzzing and such. I also want to build a database of all sorts of UEFI binaries some time before the merge to confirm they are all accepted (Windows / macOS / Linux bootloaders, tools like memtest, drivers like iPXE). As part of that, I'm sure we can have a userspace tool that uses the code to emit parsing information.
>>>>>
>>>>> But as the EDK II build system is very... not so userspace friendly, I will not promise it will be very nice. :)
>>>>>
>>>>
>>>> Marvin,
>>>>
>>>> The BaseTools can easily build C command line tools that are cross platform?
>>>>
>>>> Actually GenFw [1] already does a lot of PE/COFF magic, so it should be relatively easy to add a -I, —info, and dump out an overview of a PE/COFF image, and make comments on things that are not secure. It would also probably be useful to dump out information about the Debug Directory entries, His sections, etc. for general debug.
>>>
>>> I did not look at the code much, but I do know that BaseTools duplicates the PE/COFF code from MdePkg. Whether it was changed or not I cannot tell.
>>>
>>
>> GenFw does the ELF to PE/COFF conversion, zeroing out Debug Directory Entries etc. so it should be correct. It is not like the PE/COFF spec is a moving target.
>
>
> PE is not a moving target, but EDK II is. The fact that even old and proven code sometimes needs maintanance is evidental from the proposal and its so far positive feedback. I'm not ready to duplicate code, I'd rather take the utilities out of the current scope and discuss ways to consume MdePkg libraries later. In fact, I want to reduce code duplication as a "free benefit" from the changes, especially image hashing.
>
Marvin,
I was thinking more about tooling to introspect PE/COFF images.
Trying to consolidate the BaseTools to use the common edk2 libraries would be doable, but I agree that is a separate project. The inspection tool feature could be a separate project too.
> I know it takes time, but I think it will be worth it. We have been debugging and fuzztesting our EDK II packages in userland for a while, and found it to be a great help. I hope you will agree. :)
>
Yea I’ve build emulators before that are just native OS C applications and they pull in the edk2 libs, not the BaseTools libs and it makes things like fuzzing much easier. Have a project to have only one validated PE/COFF lib seems very reasonable, I guess a lot of us are too trusting of our build servers.
Thanks,
Andrew Fish
> Best regards,
> Marvin
>
>>
>> Thanks,
>>
>> Andrew Fish
>>
>>> Best regards,
>>> Marvin
>>>
>>>>
>>>> [1] https://github.com/tianocore/edk2/tree/master/BaseTools/Source/C/GenFw <https://github.com/tianocore/edk2/tree/master/BaseTools/Source/C/GenFw>
>>>> /Volumes/Case/edk2-github(eng/PR-557-XcodeResourceSections)>. edksetup.sh
>>>> Loading previous configuration from /Volumes/Case/edk2-github/Conf/BuildEnv.sh
>>>> WORKSPACE: /Volumes/Case/edk2-github
>>>> EDK_TOOLS_PATH: /Volumes/Case/edk2-github/BaseTools
>>>> CONF_PATH: /Volumes/Case/edk2-github/Conf
>>>> /Volumes/Case/edk2-github(eng/PR-557-XcodeResourceSections)>GenFw -h
>>>> GenFw Version 0.2 Developer Build based on Revision: Unknown
>>>>
>>>> Usage: GenFw [options] <input_file>
>>>>
>>>> Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
>>>>
>>>> Options:
>>>> -o FileName, --outputfile FileName
>>>> File will be created to store the output content.
>>>> -e EFI_FILETYPE, --efiImage EFI_FILETYPE
>>>> Create Efi Image. EFI_FILETYPE is one of BASE,SMM_CORE,
>>>> PEI_CORE, PEIM, DXE_CORE, DXE_DRIVER, UEFI_APPLICATION,
>>>> SEC, DXE_SAL_DRIVER, UEFI_DRIVER, DXE_RUNTIME_DRIVER,
>>>> DXE_SMM_DRIVER, SECURITY_CORE, COMBINED_PEIM_DRIVER,
>>>> MM_STANDALONE, MM_CORE_STANDALONE,
>>>> PIC_PEIM, RELOCATABLE_PEIM, BS_DRIVER, RT_DRIVER,
>>>> APPLICATION, SAL_RT_DRIVER to support all module types
>>>> It can only be used together with --keepexceptiontable,
>>>> --keepzeropending, --keepoptionalheader, -r, -o option.
>>>> It is a action option. If it is combined with other action options,
>>>> the later input action option will override the previous one.
>>>> -c, --acpi Create Acpi table.
>>>> It can't be combined with other action options
>>>> except for -o, -r option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> -t, --terse Create Te Image.
>>>> It can only be used together with --keepexceptiontable,
>>>> --keepzeropending, --keepoptionalheader, -r, -o option.
>>>> It is a action option. If it is combined with other action options,
>>>> the later input action option will override the previous one.
>>>> -u, --dump Dump TeImage Header.
>>>> It can't be combined with other action options
>>>> except for -o, -r option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> -z, --zero Zero the Debug Data Fields in the PE input image file.
>>>> It also zeros the time stamp fields.
>>>> This option can be used to compare the binary efi image.
>>>> It can't be combined with other action options
>>>> except for -o, -r option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> -b, --exe2bin Convert the input EXE to the output BIN file.
>>>> It can't be combined with other action options
>>>> except for -o, -r option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> -l, --stripped Strip off the relocation info from PE or TE image.
>>>> It can't be combined with other action options
>>>> except for -o, -r option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> -s timedate, --stamp timedate
>>>> timedate format is "yyyy-mm-dd 00:00:00". if timedata
>>>> is set to NOW, current system time is used. The support
>>>> date scope is 1970-01-01 00+timezone:00:00
>>>> ~ 2038-01-19 03+timezone:14:07
>>>> The scope is adjusted according to the different zones.
>>>> It can't be combined with other action options
>>>> except for -o, -r option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> -m, --mcifile Convert input microcode txt file to microcode bin file.
>>>> It can't be combined with other action options
>>>> except for -o option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> -j, --join Combine multi microcode bin files to one file.
>>>> It can be specified with -a, -p, -o option.
>>>> No other options can be combined with it.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> -a NUM, --align NUM NUM is one HEX or DEC format alignment value.
>>>> This option is only used together with -j option.
>>>> -p NUM, --pad NUM NUM is one HEX or DEC format padding value.
>>>> This option is only used together with -j option.
>>>> --keepexceptiontable Don't clear exception table.
>>>> This option can be used together with -e or -t.
>>>> It doesn't work for other options.
>>>> --keepoptionalheader Don't zero PE/COFF optional header fields.
>>>> This option can be used together with -e or -t.
>>>> It doesn't work for other options.
>>>> --keepzeropending Don't strip zero pending of .reloc.
>>>> This option can be used together with -e or -t.
>>>> It doesn't work for other options.
>>>> -r, --replace Overwrite the input file with the output content.
>>>> If more input files are specified,
>>>> the last input file will be as the output file.
>>>> -g HiiPackageListGuid, --hiiguid HiiPackageListGuid
>>>> Guid is used to specify hii package list guid.
>>>> Its format is xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
>>>> If not specified, the first Form FormSet guid is used.
>>>> --hiipackage Combine all input binary hii packages into
>>>> a single package list as the text resource data(RC).
>>>> It can't be combined with other action options
>>>> except for -o option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> --hiibinpackage Combine all input binary hii packages into
>>>> a single package list as the binary resource section.
>>>> It can't be combined with other action options
>>>> except for -o option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> --rc FlieName Append a Hii resource section to the
>>>> last PE/COFF section. The FileName is the resource section to append
>>>> If FileName does not exist this operation is skipped. This feature is
>>>> only intended for toolchains, like XCODE, that don't suport $(RC).
>>>> This option can only be combined with -e
>>>> --rebase NewAddress Rebase image to new base address. New address
>>>> is also set to the first none code section header.
>>>> It can't be combined with other action options
>>>> except for -o or -r option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> --address NewAddress Set new address into the first none code
>>>> section header of the input image.
>>>> It can't be combined with other action options
>>>> except for -o or -r option. It is a action option.
>>>> If it is combined with other action options, the later
>>>> input action option will override the previous one.
>>>> -v, --verbose Turn on verbose output with informational messages.
>>>> -q, --quiet Disable all messages except key message and fatal error
>>>> -d, --debug level Enable debug messages, at input debug level.
>>>> --version Show program's version number and exit
>>>> -h, --help Show this help message and exit
>>>>
>>>> Thanks,
>>>>
>>>> Andrew Fish
>>>>
>>>>> Best regards,
>>>>> Marvin
>>>>>
>>>>> On 08.04.21 16:13, Andrew (EFI) Fish wrote:
>>>>>> At a minimum it would be nice if we had a tool that would point out the security faults with a given PE/COFF file layout.
>>>>>>
>>>>>>
>>>>>>
>>>>>>> …
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73884): https://edk2.groups.io/g/devel/message/73884
Mute This Topic: https://groups.io/mt/81853302/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/edk2-devel-archive/attachments/20210408/b55e798c/attachment.htm>
More information about the edk2-devel-archive
mailing list