From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from blyat.fensystems.co.uk (blyat.fensystems.co.uk [54.246.183.96])
 by mx.groups.io with SMTP id smtpd.web09.1273.1617921764553172161
 for <devel@edk2.groups.io>;
 Thu, 08 Apr 2021 15:42:45 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: ipxe.org, ip: 54.246.183.96, mailfrom: mcb30@ipxe.org)
Received: from dolphin.home (unknown [IPv6:2a00:23c6:5495:5e00:72b3:d5ff:feb1:e101])
	by blyat.fensystems.co.uk (Postfix) with ESMTPSA id 9F37A441FB;
	Thu,  8 Apr 2021 22:42:40 +0000 (UTC)
Subject: Re: [edk2-devel] [GSoC proposal] Secure Image Loader
To: devel@edk2.groups.io, mhaeuser@posteo.de, Andrew Fish <afish@apple.com>
Cc: Laszlo Ersek <lersek@redhat.com>,
 Nate DeSimone <nathaniel.l.desimone@intel.com>,
 Mike Kinney <michael.d.kinney@intel.com>
References: <259a114d-7132-1774-d46a-8e8d9b4ff5e2@redhat.com>
 <C24A5B12-7144-4FA4-A42F-FB515620ADD3@apple.com>
 <8dcae34e-e975-9233-3738-62662201aae9@posteo.de>
 <00A00172-982E-4989-8AE3-EF390DB4E531@apple.com>
 <2e051761-c7ed-c6c6-e8e6-fb45ba3d0a2d@posteo.de>
 <2B908E95-EF9D-43DA-B31E-CD90C2D8C98D@apple.com>
 <9f565a00-03de-4e54-b86f-5ff2851bb7a3@posteo.de>
From: "Michael Brown" <mcb30@ipxe.org>
Message-ID: <c481baea-bf50-ca71-e386-4ebd8134fa4f@ipxe.org>
Date: Thu, 8 Apr 2021 23:42:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <9f565a00-03de-4e54-b86f-5ff2851bb7a3@posteo.de>
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
	autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	blyat.fensystems.co.uk
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 08/04/2021 22:07, Marvin H=C3=A4user wrote:
> PE is not a moving target, but EDK II is. The fact that even old and pr=
oven code sometimes needs maintanance is evidental from the proposal and =
its so far positive feedback. I'm not ready to duplicate code, I'd rather=
 take the utilities out of the current scope and discuss ways to consume =
MdePkg libraries later. In fact, I want to reduce code duplication as a "=
free benefit" from the changes, especially image hashing.
>=20
> I know it takes time, but I think it will be worth it. We have been deb=
ugging and fuzztesting our EDK II packages in userland for a while, and f=
ound it to be a great help. I hope you will agree. :)

In case any of it happens to be helpful:

   https://github.com/ipxe/efikit

is a proof-of-concept build of portions of EDK2 (specifically, several=20
of the MdePkg libraries) as cross-platform libraries that can be linked=20
against by standard Linux, Windows, or Mac userspace applications.

It's quite satisfying to be able to use

   #include <Library/DevicePathLib.h>
   ...
   size_t len =3D UefiDevicePathLibGetDevicePathSize ( path );

from otherwise perfectly normal-looking userspace C code.

It uses GNU autotools, so just download=20
https://github.com/ipxe/efikit/releases/download/v0.3/efikit-0.3.tar.gz=20
and run the standard:

   ./configure
   make

Totally undocumented (for now), but if you're curious then good places=20
to dig in are probably

https://github.com/ipxe/efikit/blob/master/src/Makefile.am#L186-L237
https://github.com/ipxe/efikit/blob/master/src/libefidevpath.c#L187-L215

Michael