Skip to content

MeetingNotes 2020 Q3

Jump to bottom
johnloucaides edited this page Jul 22, 2020 · 2 revisions

Community Meeting - Wednesday, July 22, 2020 9AM PT

Attendees: Intel, Eclypsium, Lenovo, Linux Foundation

Future Meetings:

  • Review previous meeting notes
  • Meeting Cadence? We'll try to set these up monthly. Is this time friendly? Please email the list with alternative options.

Topics:

  • Current usage, attention, and goals?

    • Eclypsium: mostly paying attention to image parsing
    • Intel: mostly paying attention to maintenance and platform support/validation
    • Lenovo: security testing

  • Problems / Technical Debt

    • is everyone ok with the approval (two approvals to merge) and release process?
    • wiki needs some work
    • generate installation manual from the wiki
    • generate user manual from the wiki
    • generate developers manual from the code + standards/templates/examples - may need stricter coding standards (eg. for imports, when to use cs vs your own HAL module, how should is_supported work?)
    • expected results on the wiki + github issues - what should I look for? general guide (wiki) vs ongoing conversation (issues)
      • when should a test run?
      • not applicable vs not implemented
    • increased verbosity/review of the output messages
    • python 2.7 used in UEFI shell but need python3... more generally, how should we support shell going forward?
      • what if we just gather registers without python? would that break current validation process?
      • ideas include building into shell application, HSTI, shim, option ROM, DXE, DAL Applet?
    • current/future hardware register access is getting locked down earlier in the boot process limiting OS visibility
    • OS security is blocking access to various registers
    • other architecture support
    • SPI decompress could look for vulnerabilities inside the unpacked images (eg. static analysis)
    • Configuration improvement
      • Starting this for Intel but will need help - will update with a branch
      • (Step 1) Common registers aren't common on most newer platforms. We could break it apart by family. This seems like a quick step to avoid common issues.
      • (Step 2) If you can identify an IP block, we could have common registers at that level.
Clone this wiki locally