From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66])
 by mx.groups.io with SMTP id smtpd.web11.6550.1650025872780919083
 for <devel@edk2.groups.io>;
 Fri, 15 Apr 2022 05:31:13 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@posteo.de header.s=2017 header.b=M9n4sbPS;
 spf=pass (domain: posteo.de, ip: 185.67.36.66, mailfrom: mhaeuser@posteo.de)
Received: from submission (posteo.de [185.67.36.169]) 
	by mout02.posteo.de (Postfix) with ESMTPS id A9B1224010B
	for <devel@edk2.groups.io>; Fri, 15 Apr 2022 14:31:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017;
	t=1650025870; bh=Ozy2wYLyy4YUWJoP6dZmHiHfUrfcqhaf5RRjaG1yveg=;
	h=Date:Subject:To:Cc:From:From;
	b=M9n4sbPSJEH6KKwevT707efspBxzNeP8Vdp0KivSOUsdsoDNkhtYsZh1Hzmkr7ZmW
	 2Uyon3u+MQGOd4AuyTWx4b8DYcjVZ8CqpWws2iaAaqDB1mThJ8anI2IgE/PKNFiXoQ
	 h5mmixIuAuHspC77/SMYitIbyJxFZ2DyTL3ei5LIFAUB5uxUwTO5VHW1DkfklTDFSk
	 ERcB1Y3nkhIAu9OVmnr2g2IaRPokRyL9cKBLsJ/uI8UaBg1FH9alfhptQezF7eN3ta
	 pNj7Z4HRudfMMbyW2Hp//bt9LdQRbZgP/RpWtuQIZfms3V3qaWfHlY9IwFouPy29zX
	 m/dwAetdyXLbg==
Received: from customer (localhost [127.0.0.1])
	by submission (posteo.de) with ESMTPSA id 4Kfwfh6xzNz6tn9;
	Fri, 15 Apr 2022 14:31:08 +0200 (CEST)
Message-ID: <a6985d0e-4815-721d-8751-7c76cc3d17ad@posteo.de>
Date: Fri, 15 Apr 2022 12:31:08 +0000
MIME-Version: 1.0
Subject: Re: [edk2-devel] [edk2-discuss] GSoC Proposal
To: Ada Christine <adachristine18@gmail.com>,
 edk2-devel-groups-io <devel@edk2.groups.io>, nathaniel.l.desimone@intel.com,
 Mike Wolan <mwolan@caseking.de>,
 Michael D Kinney <michael.d.kinney@intel.com>
Cc: Andrew Fish <afish@apple.com>,
 "discuss@edk2.groups.io" <discuss@edk2.groups.io>,
 Pedro Falcato <pedro.falcato@gmail.com>, "Shi, Steven" <steven.shi@intel.com>
References: <MW4PR11MB5821B7C5D2B76ABF12B009D7CDEC9@MW4PR11MB5821.namprd11.prod.outlook.com>
 <865CD9EA-0EB4-4DE9-AFC6-DCB505A067EE@posteo.de>
 <MW4PR11MB582126A5E094610634B751DFCDEE9@MW4PR11MB5821.namprd11.prod.outlook.com>
 <47C4D916-19E4-48E8-BB81-982F9B70B5DC@apple.com>
 <56CE4C08-4232-4897-9B0F-6C6443C2C48D@intel.com>
 <CAJdDEFddMfSWT7avbBPmgkc5BTaQs-uByiqY-tf6+VQrPkhEdQ@mail.gmail.com>
From: =?UTF-8?B?TWFydmluIEjDpHVzZXI=?= <mhaeuser@posteo.de>
In-Reply-To: <CAJdDEFddMfSWT7avbBPmgkc5BTaQs-uByiqY-tf6+VQrPkhEdQ@mail.gmail.com>
Content-Language: en-GB
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

CC Mike (proposal review as per announcement mail)

Hey Ada,

I can neither decide on nor even view your proposal (I think that's up 
to Nate and Mike?), but I had a brief conversation with Vitaly about the 
Amaranth downstream. There are other potentially technologically related 
topics Vitaly's team wants to deploy, including driver sandboxing and 
ASLR (both will probably significantly impact paging). The easiest route 
for these two is likely to let go of identity mapping. *If* this is 
feasible and will be accepted upstream, prelinking might become a much 
simpler matter. For memory protection, all PE/COFF image sections must 
be page-aligned anyway, so depending on how the more sophisticated 
paging would actually work, there may be a lot of wiggle room for where 
to load modules wrt virtual addresses. In *simple and naive* theory, 
they could all be assigned a virtual base address at UEFI image 
construction (which will be free from any physical memory layout 
constraints due to non-identity mapping) and ASLR could just be a slide 
value that shifts the entire executable UEFI address space around 
(randomised). With (virtual) addresses known at build-time, none of that 
"custom relocation" madness I mentioned before is relevant (gladly). Of 
course, there needs to be discussion whether fine-grained ASLR would be 
worth the trouble first.

To get more input on the "ecosystem" of security features mentioned 
(ASLR, sandboxing, prelinking), we will try to discuss it with Microsoft 
next week. If you are interested in a prelinking route, I can let you 
know. This would unlikely be quick to deploy, however, and it would need 
strong support from Intel. I think the overall pool of ideas is clear 
now and I'll leave it to you and Nate. Good luck!

Best regards,
Marvin

On 15.04.22 14:09, Ada Christine wrote:
> Hi Everybody
>
> I've read all the discussion here and condensed my plan into a short 
> project proposal. It's a little short and light on detail at the 
> moment because I'm pressed for time for other matters today, but I 
> wanted to get something in before EOD today as requested. Anybody 
> else's input or a change in the overall strategy to allow for code 
> sharing between DXE modules, whether it be prelinking or some kind of 
> function pointer table is absolutely welcome and I'm not attached to 
> any particular way of solving the code repetition problem. You can 
> find my proposal here 
> https://summerofcode.withgoogle.com/proposals/details/whGX9tXL
>
> Looking forward to your commentary!
>
> Thanks!
> - Ada Christine