Security best practices are of utmost importance on all layers if a system is to be considered secure. Unfortunately, during my internship at ISP RAS my colleague Vitaly Cheptsov and I identified multiple defects in the current implementation of the EDK II PE/COFF loader. In consequence, I was tasked with implementing a more robust version of the library, ensuring reliability and security using formal methods. After the internship has concluded and our new loader has proven to be functional in many real-world scenarios, it is time to integrate it into the EDK II core, to increase the overall level of the firmware's reliability and security. The surrounding ecosystem should follow to take full advantage of the new code, including application of stricter memory permissions.



Marvin Häuser


  • bret
  • Benjamin You