-
Notifications
You must be signed in to change notification settings - Fork 577
MeetingNotes 2020 Q3
johnloucaides edited this page Jul 22, 2020
·
2 revisions
Attendees: Intel, Eclypsium, Lenovo, Linux Foundation
Future Meetings:
- Review previous meeting notes
- Meeting Cadence? We'll try to set these up monthly. Is this time friendly? Please email the list with alternative options.
Topics:
-
Current usage, attention, and goals?
- Eclypsium: mostly paying attention to image parsing
- Intel: mostly paying attention to maintenance and platform support/validation
- Lenovo: security testing
-
Problems / Technical Debt
- is everyone ok with the approval (two approvals to merge) and release process?
- wiki needs some work
- generate installation manual from the wiki
- generate user manual from the wiki
- generate developers manual from the code + standards/templates/examples - may need stricter coding standards (eg. for imports, when to use cs vs your own HAL module, how should is_supported work?)
- expected results on the wiki + github issues - what should I look for? general guide (wiki) vs ongoing conversation (issues)
- when should a test run?
- not applicable vs not implemented
- increased verbosity/review of the output messages
- python 2.7 used in UEFI shell but need python3... more generally, how should we support shell going forward?
- what if we just gather registers without python? would that break current validation process?
- ideas include building into shell application, HSTI, shim, option ROM, DXE, DAL Applet?
- current/future hardware register access is getting locked down earlier in the boot process limiting OS visibility
- OS security is blocking access to various registers
- other architecture support
- SPI decompress could look for vulnerabilities inside the unpacked images (eg. static analysis)
- Configuration improvement
- Starting this for Intel but will need help - will update with a branch
- (Step 1) Common registers aren't common on most newer platforms. We could break it apart by family. This seems like a quick step to avoid common issues.
- (Step 2) If you can identify an IP block, we could have common registers at that level.