From: "Michael Brown" <mcb30@ipxe.org>
To: "Marvin Häuser" <mhaeuser@posteo.de>,
"Andrew Fish" <afish@apple.com>,
edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Laszlo Ersek <lersek@redhat.com>,
Mike Kinney <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [GSoC proposal] Secure Image Loader
Date: Thu, 8 Apr 2021 10:40:23 +0100 [thread overview]
Message-ID: <46b3594f-01c0-3afe-efb9-971d79d94002@ipxe.org> (raw)
In-Reply-To: <a67b2443-cdb9-b223-f97c-913acb97e2a6@posteo.de>
On 08/04/2021 10:04, Marvin Häuser wrote:
> Thank you a lot. One thing I noticed is that part of the quote I did not
> see on the list before, so I marked it below.
>
> On 08.04.21 00:10, Andrew Fish wrote:
>>> The general UEFI (and UEFI PI) is we mostly add new things, and don’t
>>> depreciated things to maintain compatibility. So for example you can
>>> add a new Protocol to a handle so you have V1 and V2 of a protocol on
>>> the same handle. An example of this is SimpleTextIn and
>>> SimpleTextInEx. SimpleTextIn was modeled on the LCD of a serial
>>> terminal (our server roots) so it did not expose modifier keys, or
>>> have an easy way to implement snag keys so that is why SimpleTextInEx
>>> got added for the new functional.
>
> ^ Here; +1
The addition of EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL was really not a good
example of how to handle this issue gracefully.
Here is the kind of workaround that external code has to implement: it's
a perfect example of how this "add a V2 protocol" approach ends up
imposing a permanent maintenance burden on external code:
https://github.com/ipxe/ipxe/commit/a08244ecc
Note that there was absolutely no reason for the specification to
require a V2 protocol in order to support Ctrl-<key>, and the EDK2
codebase will indeed do the sensible thing and return the ASCII values
for Ctrl-<key> via the original EFI_SIMPLE_TEXT_INPUT_PROTOCOL. It
would be amazing if, as you suggested, everyone uses the EDK2 codebase
and so all public implementations of EFI_SIMPLE_TEXT_INPUT_PROTOCOL
would do this sensible thing.
Unfortunately, this is not the case. Very large numbers of vendors use
some other non-EDK2 implementation that does not do the sensible thing.
I have no idea why.
It's also worth noting that the addition of
EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL opened up a gaping potential security
hole related to pointer lifetimes, as documented in the above-linked
commit message.
TL;DR: please assume that creating a V2 protocol has a very significant
cost, and needs to come with benefits that outweigh that very
significant cost. If you can achieve what you need without breaking
backwards compatibility, then that represents a massive increase in value.
Thanks,
Michael
next prev parent reply other threads:[~2021-04-08 9:40 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-04 23:01 [GSoC proposal] Secure Image Loader Marvin Häuser
2021-04-06 9:41 ` [edk2-devel] " Nate DeSimone
2021-04-06 10:06 ` Marvin Häuser
2021-04-06 16:16 ` [EXTERNAL] " Bret Barkelew
2021-04-08 11:16 ` Laszlo Ersek
2021-04-08 14:13 ` Andrew Fish
2021-04-08 16:06 ` Marvin Häuser
2021-04-08 16:44 ` Andrew Fish
2021-04-08 17:02 ` Marvin Häuser
2021-04-08 17:39 ` Andrew Fish
2021-04-08 21:07 ` Marvin Häuser
2021-04-08 21:48 ` Andrew Fish
2021-04-08 22:42 ` Michael Brown
2021-04-12 17:22 ` Marvin Häuser
2021-04-12 18:30 ` [EXTERNAL] " Bret Barkelew
2021-04-13 0:19 ` Michael D Kinney
2021-04-13 0:56 ` Nate DeSimone
2021-04-13 7:31 ` Marvin Häuser
2021-04-13 15:05 ` Andrew Fish
2021-04-13 18:04 ` Nate DeSimone
2021-04-13 18:08 ` Michael D Kinney
2021-04-13 18:14 ` Andrew Fish
2021-04-16 7:36 ` Marvin Häuser
2021-04-07 21:05 ` Michael Brown
2021-04-07 21:31 ` Marvin Häuser
2021-04-07 21:50 ` Michael Brown
2021-04-07 22:02 ` Andrew Fish
[not found] ` <1673B28429E5B4FE.4742@groups.io>
2021-04-07 22:10 ` Andrew Fish
2021-04-08 9:04 ` Marvin Häuser
2021-04-08 9:40 ` Michael Brown [this message]
2021-04-08 8:53 ` Marvin Häuser
2021-04-08 9:26 ` Michael Brown
2021-04-08 9:41 ` Marvin Häuser
2021-04-08 9:50 ` Marvin Häuser
2021-04-08 9:55 ` Michael Brown
2021-04-08 10:13 ` Marvin Häuser
2021-04-08 10:31 ` Michael Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46b3594f-01c0-3afe-efb9-971d79d94002@ipxe.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox