Re: [edk2-devel] [GSoC proposal] Secure Image Loader

["Michael Brown" <mcb30@ipxe.org>]

On 08/04/2021 22:07, Marvin Häuser wrote:
> PE is not a moving target, but EDK II is. The fact that even old and proven code sometimes needs maintanance is evidental from the proposal and its so far positive feedback. I'm not ready to duplicate code, I'd rather take the utilities out of the current scope and discuss ways to consume MdePkg libraries later. In fact, I want to reduce code duplication as a "free benefit" from the changes, especially image hashing.
> 
> I know it takes time, but I think it will be worth it. We have been debugging and fuzztesting our EDK II packages in userland for a while, and found it to be a great help. I hope you will agree. :)

In case any of it happens to be helpful:

   https://github.com/ipxe/efikit

is a proof-of-concept build of portions of EDK2 (specifically, several 
of the MdePkg libraries) as cross-platform libraries that can be linked 
against by standard Linux, Windows, or Mac userspace applications.

It's quite satisfying to be able to use

   #include <Library/DevicePathLib.h>
   ...
   size_t len = UefiDevicePathLibGetDevicePathSize ( path );

from otherwise perfectly normal-looking userspace C code.

It uses GNU autotools, so just download 
https://github.com/ipxe/efikit/releases/download/v0.3/efikit-0.3.tar.gz 
and run the standard:

   ./configure
   make

Totally undocumented (for now), but if you're curious then good places 
to dig in are probably

https://github.com/ipxe/efikit/blob/master/src/Makefile.am#L186-L237
https://github.com/ipxe/efikit/blob/master/src/libefidevpath.c#L187-L215

Michael