From 1baaa3c5cefe8cd0cb92a6d020a50b3335e156aa Mon Sep 17 00:00:00 2001 From: Mikhail Krichanov Date: Wed, 19 Jul 2023 11:26:13 +0300 Subject: [PATCH] Docs: Updated README.md. --- PEvsTE.png | Bin 0 -> 27455 bytes README.md | 90 +++++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 80 insertions(+), 10 deletions(-) create mode 100644 PEvsTE.png diff --git a/PEvsTE.png b/PEvsTE.png new file mode 100644 index 0000000000000000000000000000000000000000..d46f19f9c38e44bb1cc481398161b121d132aeb6 GIT binary patch literal 27455 zcmb5W2{=}3+c&;Y$PjmfBoa!KDG3!(M1zV58IvSah>*Dq5rrf}p$I8Mk_?$Mgv?{e z5Hds*nTPMU+RyjB@AJOz_Z|QLKK9g#=lPq?<*R&Fk(q&mfglLxlPBcQ z69m;P{!yl<#s5(?HebXK9wu^f$|vRIwprb{oi?;NjrdC@wj^UQts;-M7}aTq$SUFTU1|0o{_D zbl4oOmMA5B_vI_O{QQ21_|@a8d{Mj)UPYXpJ62{GGRbC~tYcK|^m~)H&3vV3tI1lv z+s6ft-l1Q8;gPcUefH!-yV=gaaDy3GuHFOi^SLc%vM(P{%pIPz7BrX9m`vCivQBh zqSJFD>SMxr@;=dCKCLKEEE03X9K+`481gnFJI3PdeL^XO7bi z(oxnP;y8EQ_!dEIBTmX6RdZ+`{c5kHR^CoG(M`?hV;i_`o6jZLdoMN9*72G0GPL9t zt=qUmp_DyOBeniX*wBw=otPr;)g8zp5tvuyKvQj}N{7zA|>R3u;*m?1ujP)=rQ=_7S!JmmlaH%J3)F z?#ATH{__u-=`Zt!skiUk+4m`k?^9*vy7!5%Uw`cE51s%Mdh?Zv~&zI+KM z>b_S$iGHm#SQELv#%1Q`SG5Zlj^Dab{_+wvEk?ht2O-#m?wUbH4{HOYasACjRTKyBdV%z1g>HVJzq_aN}-iX*m|^ zDlfmPYme>TUb!mt)o^{RLsiBDK0OkYfaTxym3Qx zE%y=sA`dz_MMXMmYimiDd9fGgchfR+G+mOgzH(*zy7lY#IZRxd`uX)k{oC%`TkG$x z<+>9TL~(X;dBRm$AmQoSs=H@*kBMiRs4VS)BIqdxr zu&=C5Tk6x#-vdwzeg1%ah!MdtBU(_t(EN zaC38;cVx>&_<#biB9th}J7JLZ;e%moiZ1ix!=j?=zUJKY$jp>zXlUs9`SU?# zW#v^D?XCj10;`|jzkheYousg{)8nHB^m5rBJa`~!JH(1DdCAbQvEQ1HkFP%N^d<*K z$8R_rLk)3^F|n}*hK3$-r$fnmU|?Y2Fc@ji%E`$@e)+E4%>+l%VZzdA3CCc;&GO^T zJ0I-F8Cstk*E~H*MMbrp%`Z_SRqs(?psc)nX=&*db91GLh=}c>RlYu->god9-&>rX zo12rD?;jsOM|^5)3w!wR;kB{$4BLsGqrAKvl2+TOo@JP|uA`{v>20OjW?^CRu;R*w z4IAW%YqJx*$Fe&+JLw58Pfu1#eMRujHN@u4n}d}2`FLaW@*LN+23A#7RTLNBnV%Y# zlb0W?jowMTb6uLJt(C^Dmz=?w3l0g{7#a-9v&tGl_AA8_qj6P zzI`YlD46Ip^HW~_-Sw}BsAbJsl6ZJyp3B``M`&f3h8*LXUszzAlhL-fR3(?-b+>lw zaZ58ZKNguq)~d&XszdQBleIEIPo6N^*x2~U^Ahe+QCoj@<@p8gJa-wJ>R5YCTvGIfX&#YU{w;zw1SZLLEW5yjk5qF+b(n>b5?}+0RJ>h9Ki*;wmofZ=l z)0@q3-15&^;^^73aFvBPpQzTR?qu;^?(SL!lOJ31bQh8f9xL>o^A1K>53bN+=>C za_udXkr7%w7gwaCjC|OWCo~SCCzu>WmFwEtG!yIl&pnZ}j+t<>vU)S&q@qF@9UG$} zx}7JPU%h%2A$5JMr(|l%7B#!|;Nw@XOoIn*z5m%YJ&!gp{dm>v$cSn03^uJ}2I9URK75#oL+oX}3ze+4_7*}}Pw&B_M;qjiALkJlXA=!)LV5X^ zsG8vU_EBi)-cfB$O?sl($HvXg?V716HPL?~dm{Z@^pQ7j-ngsnDNVYVu6+Ld9aMSG zyLTltQxd9lw!BGBPUZ=%O1oOk@ghE+f%~fKY%kqYsaxw56ckXDWtEj#2{Fgct~{rY zMMYGEh|9b!Pu=*}51WWfSFWt;IhlFuTu%}Jt`}h1ZGBOb&2GrP)6k`5&mGEwH@yE0*Tb1wfa@sPxVbTE;YpN)mK*KYA&Heuu)bVe41gJxEKkD7l?dx_+F)=gm zyHrRlVr6uW`lq#?l9zw+*}30;DP&+^;HbWSK?M;V9o^kCIr+W%W6sSVS)!W_Q-urt z<;|#>HHQmBlrz$Qk7P0J-!j|O|6Wb8&{CkbY9>dW;s~w{19;D50 zW@neOcTdeQuHC8>F1i}6{KUC)mMt5qaA2geLJUR^go&A~LoW>s3c9`DxW>v$q)f7K ze+vf+p#K($wS;Hf&CQ1XG*X7ivH(B?5h|?zz48(Xr;;+>WM*M3&f#p2z-lc158d0B1Gb|_Z z!p)mEA3b_h`1vyvK+|1c-;AE~;Of8F(!WSFsmXhJdD-@VqTIM~gLmi7ou`zPHZ-&}H3ddTa|7=&SBOoBK>(C)Bp7Fump`r`hckI}$n{eR3fh$+9#w+V5N9N}r85kTac$Dk! z?@vz*eE+`A&_C}~a*khDL&G}V4|b*a`jm|uFAUC=2XOQ4*s;1Wc=$y0^5a7W#jAQd z>_UZfSvPEW(X`L3;AX+X&kuFY&0c7D3J*AahlZ}beD&(vM;00R>(_;do({``<2b9+ zqhDyaxVU%%D0~W++TWS5AH1<0m!S7j=ge5}!-scJ<9F#M?AfzNL`PCz)V?Ld7Js<)Rgn{#8Vj=8EJN7T2c-Z#E;fg zMFRsK^;A7(OUrS`P5Z(R-Q0sudILDZdW;?!)#j&_mSXkn360bgh*d;7nUgEpH{EuTeVmYf4gMxwrf8MHUZaad% z-n@N#CpMN3?{Vq+^#?#3#VsxBZQaGi)Y4AVNx_y_o#n;Jb6CA^fIsDLjjF5$Yq(q$ zQQzohTNTkL)2~(+qh$q!hx?+z%FD|amX{|Kxg1%VQhgB@SJd6j4czGU;ltqv+%jv4 zT>=8~$Bx~ZxK{J|3X1PFv=%@|#%I4e;$FRey)mU);zG*c!O+3xY#U?jGHN1!;pbsB z4UN8rxYLUdE|YvNRYO*mz&XMF)*{O!`~Is+9;fZPKG?Gmbt$@sSJBb+0lU<-w3NLw zX(R~6fUU=YslCb<=O#n;e8im~YY>ojELNF_>WtUm4p;KVK8(c|Jr(-nR?UDB_NXVe z`#nFuIj&N6L(U$3VO3RCr6{S*WPNE#*8Vk|5G@`y{Y7N}>s0b^$7wJoKF9|-paU;c3>5Z-E78hYe+#0aTT7o=+gw>) zT^h(E=XrhDyGi2q8j1m`$n39j?ljjWM?gC{`uyzd?6%xn>Br{Zz7-YFdPfg9yIy^p zQ`e0H838#thZq^deAEo z=UFRFP0dR+PY+swUFPLUgWFjzOj|4t%B+}7g`w80yKc5H-C>EZ?S_WXhXuaYn!%H?c<17*q65ILt8EDooEiO(h&2-1c#89I%oH%`2&cQ*l;0e3os30#d z?>b-k>XC;QW50j@2I%s9`jqoULITP9(Hm2z!hl+`oMwdHWn}aY4QYjO@8{0ekQ4YxzwrMfj9nPGKg0Ii$zzuR`*lrH_C6kbnI^BV|S# zCFc%u+@Wy)^)mx`Pm7NCy*N_J7cO|ErR{V4GqM`xpNabjC-KH@#TBH5W}WXU4h{|- z6UY%Lt7GI*MoBQhVZ>39J9dnk+&ay#H5g3*0R15tv~qL?2M70l`&KN>YUrOvYrV;Z z4;aA{HBt7=SjFHoaPV!rcAen4k54SSzh$Pq^3gx7Wy0^{-vcwr%M0jDyL$ENV)1k5 z&UqbIL|L)MIXJZNeQ=PEmzTO=X?hE~(1xh0ni>Uja{(Xvo#&!Tz&U@6x(zq%812Yp zsjsgue&3O4Y1s5qCGf=d6KBpGcXpNn-UJ_l*2R599(_erRMgW2ZHINs7Qf=+W1NR< zPZ;F7%kvgN)36?C+WqN@sA~}kju!Pl$}In40g)*B@@4b$=g+tCqAt+_v8*O^KG-pD z-MV#RdOBtOQxFWlC~2pdw{O>7y?T`-Qe@rd0d50$*DP?A#_76`)?HLp#d!Pn?c!xV z1^>Uz=;>1to9{~G(Jl;5xdmt}d5+h5Dt1nZ%r&h*PIdy>wey{wq7YeD=(pr~^)zU7dROzrmdwrJ`keyO(LZJ1cD#%0avHn3x;pm$aU~_Dtun6uz@du^-796&V;yPG ze}D;Y>svv16q;|rYB~|_KqowslI)v=^*rCd7e{?;8FD4@I4OfgL~xKjZvM}YFp}Qp zp4fignWCmP@q%xFgj-6Hhc-qYx_KudA)(ktSPqH;Kqs4!&MqnSWG%0KhGi3eHDvYB zE-+SnJu~`cJqa6te(+sA76kS4IkA7}nV3p&VxYv`G5F}c`{rkGn%VhzUP(#KMD1SC zwI@qdg#hRh*E?l(beG)ExFZC#jk`KR8Yj{(6;V%( zcXLAoEow?stG3IoWptVEkxF_K1(?ht8RX z8t35T^zqXtdc1=o1WO%V-CwnC%j>USzmB5O24n`r^B^pYeQ|kVeD+VPzSm?!Q&Y)p z8ajf2Qs|M9aX{?Af%*bBH`jXow00Kn`+o?O*Q#xQyO8kGAxpEs&`>%kd8CFYEzJeh z@6G%7*KZW0=Fc+#JK+8@1EHws==h^8_O@r3X=Yy64PMZ=aN+s0X9UhN&`s6#%a?hj z^mTNYAlSToDK+OjJ<%)oY2XGF>2D}iBI4rerdOr2bsj*G3JVVh#f;XUpk-%g$4BZK zEPD(#=esxoE^p)GqZ!X%5YiAb91ZC`@~YHJ%AF$_dKy-sPet)8X8{hcM&us>S7gH%)jPr1oAj0 zD_h7oumiHp%^&JIxekE!96*01v%mVRac~Et8Uf8&A(zsxS#vbuY^0vk5`Z-?iZb?e zp5vcl?D>!*trEI+WnG7)E(jW?TE1#W?+Av30$pW~prFh1-2BDgr$;(6g>h~u6csd& zgOZYUcUCicimh3*W&FG)8 z_hBd!TgIr&erD$j8X5b47}~tRsErDY?l4g;(Jg!WG$TnX>g!F^x1wt|H#gHWGkbv; zunA}qX`24fbqt{8V_#4F`c?GjM{Cg2r~aVhhJezLBFSD(JVQr&laX=!#0h$6?ax7a zIy-f2e|ByLpUt{8$q(j5PYglcS+{N-j@c@-=PA@G!V2Gyzp*I?FTusE!hT0xiUGPP zwm~D7y!HD^Ub=+%&6Et?g>#|0dqTc}3f%k+!KxHZD^)EVHP*2#%P;>Ty827igtM!j zb=?I#_?l%MTj30%=H&tm3OK2&2GAidulRtIXUmo?)UxQFBrhj>Qn-==E@meohBi9V zn#xVJ4R8^+ZU?kpYFR-3*oP0-iSFCSL-hard6v{0aRUSI-DBXAatQP}ktilFPoYpy z!H)0Vz55*s;z(z9`kRPvj|H{q376%$!FNVgY;WJaOKLpc-Il#hCGxGJynJ9l0842} zNnQAU;}ddn9z@-}je8&MS#Owpo3*F8scE)|#kFaYkVS8GF|o{n*&)u}Nu`W0vwPpZ zv;o&Fc<;jLiyaO%rT3TFM@?u$c^5jYKM;`VM+1YE3KJ@v7 zgJ`h3mrwBl{n7X8swUtR|6NsgBrhDr0#H~@Q?sq-z-)ZYpD%BtW!$3Prl5G5}Kie z%7Ik^&-V@tTrlQ&K2PousIjL)$bw4{&^(C3uOIBeQ=f~Z8_JoyefySVY$!>WV2MER zrY68ndh%wv+XmgJ1U8J`uB`4nr%l+WL+u%R^OvTzKSv(k#JEYQ1aJ(n z6kolce-eA!V%oanok{G3!SQghj3QMWXHD^2zrK|!YiN{1!l5N@Qrp_p;`C(HxI&8| z9UmWh=$0E(T4}DmQ}WMXle!m`);fenOb`+hnVTvTl9HHUw5ZQc=Q_x zcWZwA`b84zmK5FB%HFs&By`tIZx$L`=yDp*v(nolaa~?b?NPBf^iGEoRw18V0>wTL4w^M#NFQ1!t0kKqnNeI~^+ zdwYA7eL4Q%-qA1VFB21w0#m#1%q-vSlv4Xx`tac`pqn(r;$-xSCwLL5)8H%+j7;G*3q`KKE}a;{(euGYSEf+E>TU7cL%sF_HmOmk6c%{l%LVNVRLHcIUXqf__03z z%oY$c#@oMZWmeRNDrH<3C9ikqGZQ{OKFaK&HUpI#{kdhfLL)^{;)2VilOV+$NAW9d zOE+f03R=UJBKH$c6A6m}rvPu)py!aPCb!EJ1-t55e7rY$ih;mU)xml5FA0$RfC_Pi zJfLi-mP4J{`>%*z3^ux)l+iPAd9zt@m5xwLbu}{yLVz^uVRsGIkT>{7HYcbi(0I_B z#nHySjMTD5MmtEy!X?@znWQxP_EE53J>gQ4MUsw=&Y*a+QDf8N9dHi$`T1|EYYXh& zeN;h#7F9kdI+{gVS{kMUxlV;aP8j`v#limo9*acrtPWlS-=%EWoMiX z7xPb(h%MFi2)KWr>;>pZ&r?#?^6K)x|KC{v6c>N?eboE*?YsH7Tgq;f9d{J3d4M7d z1Y)qfI46P?X&^mRlvTJicd=MjW-4QXhhZfsIyyQAn?(IoSK~hiQD(HefP4Sd&tP7+ zy}fC#cjfw`sPjlkaUMT@y!urriNEH5q@qcAq@)OWvv9A4XK-TsI!`aJHIo4(ScV|v zYBIT1C;P_gy&5U`P6Qv>zbHf$;0q5eJ}& zy6_q0-WXtbzKA z{6QzK^?wSo{WEeQu2D?loUi;b&=ci0OKf)B@LxKACZVFR67AVG3B`8VI%nL(JJIV(kMHq5RI(_`eJC0jcj zHUp;*c4HG&!UemWsh6SnP}tbKp`h)u-4cKu0d@T&(iTC%!Lbv`uktOm;Gwee=PUD9 zr`PTd9?Y`t+t85vDKn?t@Q9On&~ zh<;>bgkAIseg6E&YYDxYgpRYQBM?6DxAX6cotpX1bK0uWwdsp#qU$$heBZcAyW{|A z5(?<%Yyd!4rT>{>8rr$a9qc|yFOOqoQf5WfQep~#@7GuRZUdOxni-}SJj$Ixvy+mN zI0QpQO*l^L>+0SoJ>j-D1`L+V#wWM0dkVD=q7S>sCE3W106lrbTV#U*Lm?5W52?|pE=`91*Z5>zOG&6+K{MZj~5F$c+ zmysC^!q%RKd~W9nD$)J>(=5A>Tr)9w4jcsPqAuCxC*bwLtW}6?Xrw^rLysl_vynAw zye*9n2FhvzuVZT;h<|Vkt{2Qo51*cafz?QBbmrbt4ePCkatY70c#%$ATpaS9h1HxP z>Lj8Qz1Y}+r{dVft|@zb9Ywb$bw6yQAMcE7O$DpyGkq*4HVNs-V*ll}Dw{UbR-_x( z9@`Tl?(pOESTPSamBmyTwzOgJzJ>*A82tlL8>HjY5{~FfKrD=MDXs~MUOZM zTRgRk%KZW9%O&)rl7epqf?7h#1xu((A~*U^yfbTE8y6Rc&6aU~4yln%_+StsE@;~# zu8R&h@YdTeC7)L<;v%M|rmV2H$yiKRR~Ixu59re{{tUqUkr^Qa66lpBZwx+?<{6o< zAh7|Mi99dGae8zOJj~7lH+`P4=Fo(<-H&F*yIBa4{rf$#vk#J{&MI13@-6%}345c` zlI{W;M_XIluA84feL7(~+^`yksie(!rX1VhJK*>Dqf5gLae&rGVWf238svh8{Sohg zhR>F74mC%4_F-T|#J$SOQ>4@Hw$RZn;y85;2Dm5@ZU=pM6{$uvUy8t23-tB%otQx?gq~pLlnmro3X{d!AIY%n)-&KX zY7moH0tOnuzG=Zf34S zY9~50yVm)75_M2+fEi2gZR{Tz+2e1CEffbtwC2|8RjcS*d!Fo>ta~n30oe#8eh4`Z zHC^56)}Al=$Hopgz*{%aR;_9gfA?;@_v76)1oIYgf5@9dXgjvwKZg%$F-QPlX3@e8 zbVG;YRaI>~Gz^{2YarO;pY+G6Xhrnei&|ReQMd3t03dI+uO{A^Ht+G8bj?YL(p{Dm z77ic+p~+NS5k=eMCB&R(Ck~yazx#g+qx5KZh!zXR_~pOv$bp$W{A2fh-Gs!Hl$4pr zDR9*orKuoGC)(>9HSBtlpQs%N8GB;(mmzk=p8i&-)(SHVqv^FG*vVcN$cd>OvV{Br zh$*YD&;2i@$@APBm`KM#-RGyrUf1o7F%JixBvlBX(r;IFyDlXiIB)l*-8gg_8jlx< z$b+rY_sFbBcfJeusbc!?q*|m!06{eTH}8+Hv6-Hp4m)VWPl~C+`Lon85>Nf3cZ7uO zP^y=L{)TNCSCR6&jGcqyGOAx-)c}xovG4kw9OesV8hexS9zl)xS8U}->yP^L?|caT zj<0$jlobtg?8k+4ek2AU&H-(0pWSGi!X#Wd)8O*+{MCLhYAY-6XbO}Sdok)eMv8~n z+uDke2=BNbTTx@9YM90%@Gz^dJo5t@hY+KyNf|2Sr46!KSy>f&GjAbHF*w>xoRX{% zX%ulE^&NKWfF&qJh@G5WfVlP#)BllLP=>v#tfh4iM5w3noXmw0sjbqEtBB&8&R9LX z!GzZj%gRT)HFIotQ&UruDggW{F~_Qz#xZr5VJ-5ue&cWkRqXx#-5bbpcaq4TcYqwR zIXN6~`K|2jA@p3y6Yc>UgJ%-4CBnIO?H_cPf8LXoh7(;9tbgk#lE@u zqvh(rm$3F8T3G{w=VbBd=%69;=e}=wu91;wsHLqeRpk=X-7c_wNieVo|Qvn*_ByjjA5+W@>xAwA136w5bt*MxKsP>VE2_VGHL|uU?&R>(cCkr~&SG2O^&mznqQ^Cn_tH^SV@h8B(CZK0D?L zkpU^PQz79#Be|~rOB8I(O+}BUADk}T#s1E zlg2S;LHWvZ_!U#PwZ+kHt`8s$QqD0jm$o!R$(tjO>Xt(g?Rjd5HLs&tLo6>Z7u(jK z6W-rB@|be{l<@7lG? z2Vq8elx5Wu_PxccIS$(;iCh}!uL!>R8~x6vvHOF4fI`4lL8hL-iYufjZlDeO8{eRD zpenSYy*+{meD!M25=7;cnJ~!4FCf;hCw@;&y+AsPm7-#2CvMS|8{X91d{RRr^u75P zUM6<4UE?q^gF&>yBO)5e%nj8(h`~s@q48kH@Hsg-k?EVc+1Wry=1UVFS?+&#!fg~i za9{_*j)!ja)1R~bxV#Rp{TrT>eUFO_JtilY7!z~H$LC-9p5lelf5JUOAd3AxJ+j10 zX#B`bZ0`?$^hh4+pO|qCXT)K9p_?O3zEBOk2DemBUW989e=?YVjZymlzZ_85`Eqc! zzbPQi{|_mk9lSAEp+La>;gOLBs46hU0|3x~`h$?CM3m_vG~5h}j>o)wd|p(x&~JBw z#kNDS#lgGJe=bT1VYN@`b`yOQy&re)+^IO6W41=C|3(_DpAz&lQrm(cEk1jnjljiO z!>qq%X7;hZUWMJf{votgC_zP^Kaa+p+1H`g1(g7sfi=FT8Wuy=SOV;w;o)JJFze&X zn;RM&1&v(4I=s@Fes#e9OFKF|e*e+q$KO!Jt!~_S)mXj6|G3ysb_Tyt zk+P8-q!>9lIiprNKu89SOW9a90?m{PL^Z`H6M$_s>Le{T7@|K>D6agUQ-weOnx7Jj zg-t2m*woZ7?w95$C0#A7??EQ9wRrx?ZT~-9$=OY+7cb7WKlmeFd$MqHhe%mgq{-$c zt;Pz@!*)!)y}i(66alM0fBr1uw(Jc1Ggmo(VP?D>{SaRLGccvfN;d>UlC&}y@bX=I z_Pmlf12e~U>5oP~qE;Fjo1h8aMKoypx;2PVK?g#f`AhmvoLOcUm!;72?@{+iLjw5m zBPi5d;Qt#pZDQmN|M%pi{wY21|5ffcY;1g`xglseLQK=oS&MMOFo@y{ zSloMd?Rtj&+yLZ|2vZG0${8@~XSn?J6cwahsGdc;Ennmbz(HvQ;>JQ79lALpj~w?- z-Wc`z<11sC-Mp|7ou)@`BZ&OQrNoC4CT_t&riJkKalcQUJXwSf*zg{Pw;?D@>VOVn zNfAnh=H^Kg>5orrCxhKczUiO*5+%LWaI_i?Mgb`gSQ>OLE-nVr6#Tobz5Oy$2k_i1 z-kte1F;Pgz?OZsfw72COjq`uX1AXv~KO1=uADg86fsF_Z4klX#{_4S5&bl#hFK`-W z1^WTh4Y;j{0;B)IH)%C2o<2)2_4i}z}utpP@%VUpaaXG z80DRni%WN~dh#vk9hr`RF>ptTUo}UdFxbqXV0nHo@YtTumPtxo2M-?ffe?Z(2(Ue+ zRW2gZ(taP1tbXu-m>4jik3u7;L_s~VBH9sN*3N$2Sh7%J2vQn053q9b%&mW9)n443 zwzo!%sAEWtlOCQyZ}DGF0+E@PIC1u@_v6QGkdJ)O);4V1NZLUY6BF*4nVEruK&AUk z8n#36dIn>N%!)%VBaqWon_UI=Z9dwb!HE1Ndal~gMW1{3?jY8273pIjw7j?TbBIfj zQFDkbfDg~nU3cx>tNKa+>M|Mf!Ux?&E)x`4D=`=7j11Bu%Dfg58M}yvpmd`@Ye1xU~mv;|YS)=9%M%F)9!q7RE{m0%yAA=y)E7w_@N%grqfZ z;;UB;;4Z#CL$LuzV!oss?;R~bWU)6VOKlI?6;OR%O)Pe=EZak)r=+YnIXKi6-ljRZ zCuAL^9x^YPTrd9P{9l~sTT2KJozWw8svX3!i_xwin++f%zCJHsyzoS3I%anDa{mVk{xwy6-%F zLi|Nej#ieqFqmb9iuxC@FHEWc@I(mHg z&d3>MTldj|m6u%pWiwdK?sOPKI(>ltE`no9hGSfr`%~5Z3TVeM?|}|4ub{AJRlODo zw82!K9<&+xS`Z&k3vPg{s>X;zMl>fxi1q2 zog-J^y5#A;GIf`kcir^46DP>E$LtJbTWIpi7cZ{ym8VWrdu5g6P1=DDH-?|*51M8I zO@C}}=P)euF9O;p9hD@V>~+XGo_QRnU*HN?{3Dz-uSL{F7&sx7PkctW(rVeA<{)x= zjAypbjHi#CLZ?FTpsgpaBD9{o(Jm83be%Q1r;-g~w(!QlLgo-RXNNZGha#&8G%kk7 z8UlV#jvaz64Dmna%oFi?;ey3uC^v}i@JbcH_BemxLL8c6AOj=gFzB2Zqz!6W#5{Mx zmjjo$VrF(4cK37gSHU`VNlQomgG8ag@j)yH9EpMXJknhtgS+2|>O6#k(0R&zj*I+%R~`@hz>_eS_9yskD8DzHYMdO+y>IN ztE{a}00j&N^`P2@Ha&=WMig~iDji62%EwBerjrZ z1ne;cIa8{>S`~^DJ+YCE?e`~5f78a>b!`FIfjdf#kux{Y3n&Cte>w0?7E$3 z!tjnkU?(_y1!lj>9&l+}<_o_@>Ac@-_q}=T+w~NRuY8Q-hfM95(NS}xtT(|+x3abM zym#;N&f{oOB6g#iWNrkYa0v7!((F6<7BZ13>En%na0s#2A%j9ILnSfIocm8&;8;Mh z-`Ru?_WzRwXb#`|Eb%Qe^SnqOKus%t7lQ2Sse!Lr|HK2hplS*~4MmazTMzmTNAAy0 z95XeC$9pP6_LAd8S)yIM%o(dI-`Qi2NRfTVVPYH1VeM9(DdG}*@I}4@WyQrYMS~bS zdy@bDc?`9&@!;U~{%E1T*GxY%jBZ+4Ii$QritZT%O(IGs-Rx|al8S{y96poIzGXzL ziEURSS#9p=1s60_ASS&{Mur=PKh;pOM| z)_0lK`iiu0VeqYz&4!~FR2QnAzKr1DKl}7ks-%-4teI5=Df?;A8u}L$?QhX)stMM0 zI?exgU@*z+uvHHM8G@yQgU=@&}U!1TYjq2C0k9?$qhiY1o5t z*Nu%vQ!zThP1Y{-#|gwq))TH19^Ch(VD&zEdbF~x?oEyB<+L!wP)wk?7e5RgowNAz z)@y}(t|)+iYsTq02Hh!?9F?%t$bGaW<>h_YT*VCq_n~E+joi!wLoxgG@mrn# zEM9h}Q?NovhBQ#`MT`#*`&#DDd7Js9B`gBeo=VjzRlSyf1l0F?)jfadKJ;6pTQ|h( z52{Q7z-#U;`8x#hZ-Wm1!w>%qUTQM7eB1OSsA`}s=jL7{{SiK3CUvOA*<*{2Mu&SyMwxphX&f3gm&7t$;WuNj3;5N<+w8I6FJn zVYD&SZV?kiFlB&4Vt@z25E?Hy&E7XXl5C!ym1lZvOlJz&?VEm2pUlIac!4T{vb2#x ziHnbah>;mV%{M)9{n40zD=I1~?*5OsMo45M0=`}cy)eP$H3pVe>^$f}$Kq;K9(}-! zjcS{|es{rQ=OAovK4JqaYu)8q1K1qNSGO*F4l5dK)^5%KC?MEringr15c<9L7=7{{a{AmWijemH4*k}C-Fk~s-fkTx~|LTCnzRc`qVIFiNV z-rnBD<9Jyy=f~6=T53SG%l#cWM@kG~93g?-U)eMLsyX9gr(Q;bkfX2s9e@_BOmTfZ z1#*TvvQfaZh_x$wy_2x)DuHB44j}34>w5{sXlGt0_qO~hVPRpMB4p~3_x?{KolFS5 zAP*Z0JpiAC5Oq`_IqZpOEiR!K8C~!IY628P&{hQwz7uptdKQ+u7}>;)(ld1tvwQGw z)1aQvg!hha;o>4qmEzLUxQlZTPFT0!_QveqAFqr$^{kyrb*F?wfH&$6Tro71gDVw-6rPvZf6H;~ zKN)x43xlS8CJ4Y_3=;CyX>vT{ZCV=g^bm0|KDZI6DByE-^%?@Pl{24K5~5vs;WZs{ zo)uX_S4VnY0o;g(mlq8UN05hTLadoYwoqx-5xD7Yd4rFhJ{5S{Nb(%Yyj*t5zuw`nbCivx-(#-<0 zDx;2UY$+c5`a#0z>Q#(x-nw=0qNb)YMtwG8qm6MYr$H_37vYt|pTrWLA4w3oz;9EBiarB)lxR_%% zb_%)ebz3dk-z837H5uiE*g;R2n3)AD@y9-UwvAer%z z@$$klpq9l18nh^RTw@$gV#EJn9c*4ZVY#c&4W`8^7{?Srt#>}i2_G!9ar#p{cEP4Y z;CkvTM{WZojX(sQpoOk!b^Ir>vKrlyEIf$LA*x@59IX{L10f6LKu9Oc9a^qI0T@aj zpff!^z4H95+w$B_aBqW4m$nJiBf)tW2Ny$s=XsLh77_GjexaeE65(!OyGVixNR9ju zG9Bea{Yx|WNV_<`vMdZ^!|Gef8iF;YQ8&wq3Kkc}KQ`q|MCHXdYc8Mrff$00j?M%* z0D{mpknG+6@B@wkv3t-mf6H%|xPsO}5=fAkH;#WynYK!?gPZE?>(tA8H+?FcEI+LY z$LVH~MnP(4E8xT|{8?*EdywKZ@lOoq3Whe;cu1o``hX?K@djOjn?%Np3B&{YD%@B7 zmD!bN@2V?|CG%u>T#Zs!R<0Y$zmdHd*Cb~+NKcS4(RU~9b^mu30G1Ug@I$*G2p@U^ z9>YvO_tE16*^{XVylE%w>v&^8LlUp3s0WBnegm@TtSmT6nt$-s4X$4GMx}X<#D5m1 zyEK?GHBi)wr(fYhu+F1hdD^odkSc1+bIP1Ze2sHByTK8n58)1DADSYWOfWMuBV-*N z4?PSH{?V_$uqJa~#>)1;)2bIQ?q>StfU!SC42WRfh8ym3Apq(|g%8w)hsSeih+RTL z3TT|^lWy(lZpKDN2EY3&B<+84f~8}w@HUvwjngaM5QkV`^pMX8fEMISMMJx7`*zR0 z-W_|dr)phvYX0_N2t=49?p_wqPRS+)1Xq`EjvHeWvf#}Sys_DiLP{sIFCXkJB_$;Z z0z+s*xz^KQ+&vYZ%o)0>pdv3{zGOX8+Oj-~6dQI0(gXq64WI!$5)z~#TD)cEi%Znf zToO44>*h8;o-kuE%Grk~59axCm5^6^VQ>>=XjEq|>wjxB_1Gx{hA# zv73ugQV6aE9xWzm`T&xS#g=tRF)}iOR?$NHB7?q|SOYlGuN>1FO>NdYkXik0dgOp< zg~uqCx}v!`1nI*eve!aSuSfK=0<)`Rs@@jehZmL@wJcf~=E;Tqbua|FQNe)v8G!Y9 zWWFdA60HL>lFGMwlIBsE9(-`64PKbSIj2yd^9Lm-3%X2yF%~l{VOZ)rvmT9l{zvxt>r)Su3 zvWT)v`g`){zJn31vimjYY%)aE9t^(GxusP%cFm~#2G_Z3Dh&0Nxk)9fs>P%uw0zvX z@9;6~+Q#sb$-2P5=kw&k$MI3_(B8)mN4rxqG>5vPzc{%?u}n(sPnSuzr|kT)Pygl~ z{iUv_rOu@nr?_4vCI-Qipip)T2|b2mDIOfGml_Il4nJSdNJ&dm!Toy_o+QX^+^*=v zMC*YF?!S79L5FL zRebt16qNp++ml+D_XZ4}9chOT9;^Tq(d-FN4NG+ld%QYdQGY0Y*oy+h8)75;T~k~8 zV|RD==%J8Pt7T*g#JO9;PYU2TP5k+j_xjhh*8zJ%7;plv_FcVfX2y75frd;z{Jg=` zVah_VNKdiKL===u|0-E8Y5i@Lp5yQiQrE-Gdod~wW$V_O9ufV0`oB1(D1WYi$h2iz za^ox-h_JI#D7WG7opqDG=krr=kGK0!SO3^pva{fjy6phR6cm_Q$W{|2>(5;(y0e-D zxY!4GXJ;MoY=#@kKAJtgFAp==D0ZL8*M%_ThbttHJM5?p3jXY51-T3#hm)O`&4G7> zOsOkE5V5>!Q>dL)^5-I`d`#!$;K=EGtQ<%PYf0B9FD4*A~#&)kxqtX2f(3A**%ws`kH}>@T z{HeOyrN^*mbd(9xQAXEgO-zQlWV|soJ-~eO)G3A)5#P_SuV96!v*z-YHf`FZ z;Qew<-!Nu3o+z>$T~{khZaW}K`s zTkoun^3gizIJHa9`PXqWMFxWujGGSXcSRxVpKZBng7wm;5*m-nU!O~O9Zf*g>O1E) zzdl7L`wnhjA0DP)WWDq9?VT}Er&3${nlHG=cmP@Pn3@p zCX~no2q`fm)jWY08z4Bu#6)4l##94dle4lCA@kor+T@*5e=6T(^NY_hhVGFMdD-MJ z14etiksazq#9iR0yugHflj;Qx4MV&S(v$A>*W|&V@>iA@gt`O0u|J&zV(Wd-!VHni zBSY}`Q#_L74LU`~``QC$EhOqd&+D`p*N0q=rKe9;uPSntMSZx00V;ASpl-2pa|Z+* znWumJSc&el#%B$I36?;KE(aP!T*xUbQhgkGoq8D?4NLs<@tEOqNj@e;c^!D|6AlTQ`(sJVsH_`33B28Kih!+*t*0NxnOCDg0=A$!;7WK-d z`X7JD7!YtNeTEh@!7k+>0yJM=S7%k#k(!)*91Aw`1dI_PRyPA z{)CmXc8ca3Mi-9aEm6CEwH7RItf;798QtMP)}gJdo*wUBi~S0?dNwPx5b*XV0xWn0jJwYzP+Ro5txd#R=eZltTf{i-6Rd=7*La)B58{@?p5-fP)vCOf&G5jVkc$D+nM_%aTy! zwR-Zp$g?}4rhY@xhrqO@g1o%AWfxh4-{P9SAeHb^Z4VX|X~q|51*G{+^y3Lbk8VwV z_XQOr0zscLIx;a59cPI}<}}|A{b98`&cUCyBa#OXt|6@L>>k5An;QCse4Pi0N?Dh! zMfFt};j^zNMBzG9D7}hPTx~FOAsJH!q=%*O zxQzSQOn7Js43Q1UX#%$wKH9B{Cyw|)R{Z?*plbHl?-;5EHKal=4kt)4yP4a{=KUn7 zAUSD`m#hb_y&W0J1*e>JltNC$nJc1hg6UVTJ_VjyLWL|f9H=0qxNzwAvy*3lg`RD8 zEz@SvRa(hxw^(NzmDaw-CIRD?TJv$flJkOF~qQz^LJ zckbTYz17RNLxB<@sT7r!(URFOu$6tVO#g!7cUsB6E88#^22m8l6RT_waY1shLcW@S zfJsHjVq-z2spPgbCTAImM<@56L4+Z5K{K}g)6wnDa0GPcpYVO(`+YCl?1G+!g`oKL z&Xfm-6XEMAK*Ykpi3rdb zxzfZNOlJ)Erei#TaKC?_+5HLknMiE%xq08=kfi!+CCHeHn74`G@mSCE^S6SB;S81{ z1pjE~^~UM%u9FF7@ol>-+SCu=#U7OdEomORsk$jWs{#xH7hJ{OKFbgmt|yrAh1AweKD zeYIock0ahb6mEk04~{KccJT4Z3F+sXPg}>kyeq#Xastno0J3{O-_Dp;m|nPka$|yyt zTVA|H6hg|h`q_CwgnL5T4po0Fv!TsChuZBf!*#j4dD1>PEt4a0TK2iBI zh;#LX>bu?^zIDt#bhzaOe6P~z<*A)`@6s(nNX)8a)7~+ydv=s?hh29GF-Ct@mGw{- zN?~Hebjo}D6l#=2q<|c2F_iU*@bUBeh-U!M!xkW(Ucr=)tv)(CFYn)fkr?j3|L4E{ zXm%kK+Ycq1JbMs1w?SpY*ecp*xkbky##}}47@rQu;hwTG1#)n{2xrF+&m$ruf1Ktx z5Z_-f_}t^U*1g3t_cknV&Lht3=oOe)hpk%zNjYcW>L!Ga5h5u9zIbE=Baxi106*#J z>$B0G&#>w}=DhT$wQ^+!(|jvS<8HGU+W35Q=jHs%`QHxDE8+ZYzz$wm5aPNH9@jcaY8)zBist5hiu(M*4ePfKNaGiF#qg`C|%Y*N>WLnE>!P zA9}0^6@F#N_7IF|p8fmRqmW_@p#;Y(C?v!S3eoJ`9P)G2P)-RVS=|phom{dyIq8ht zFLAv~rw1Z9;f@>xr$Q_RC#&w77!+604q*&{4dm01&%q*}=msqY52AbGah5#wrS=mu z1&Z7*8#wOM;eL5r*IBA_N9MKzt02tof$6&*Tytd(9=CMg%x@V z^1(n17z3Z(nEP!+p@4O*$0cu;c6{gKLq1i5T9$l*N4D!y4q$kd4~0)&e!HmXdEyg> zsgBEELCwc2=K6!LE?}c&5rOESu<6&KKhAyRUf!k-uC7w0X#$RQRG}oWodx+ zPAvUMK|V|ayA2$MaEDWl2RGiu zP%*YCl2E694q{jE)rdX9!j>~>3bAQl|G>Ee9xsFu z(ewQ~E#-F6rJlm|`#?g|3cI_}+|%%6wt*GIQrohu`J!B=FB0xWmz4FquHx}V1iC1m zP~n5A`yw1ZQdXl&R_`!fh}Xy(`}O-bwUv!`lJBtd7tjkg`)+^@Heo$~3@ly7!!^j< z81Aw)CQQ~!{k>Gi#UNy0H$O(5b@8ds}X67)iBRa}u zH*v=GxJ-tMuxU)j$Ve((h$OoVqkBn{VJC)>+)`2V}$q`K3-W@ZO)H{PL|1*ty(pKj=gO8^0le){|THjX8pb-+HP|0G<)-1y(5QaY%nbi znM1hdxJLPj-9bB;+FfU#pBB23>_cS8H|CC}P1Mg6P3WDSDB9*EtA?7S zGiRGllz+Rn-n?JsXdtA&d6qWPJWj*va~D~j ztHIDP*+>$ryG)ibxo5a|_k{89zco#R8IIjpF2ADo)t`T@#mionl760dRphQ26nIIm zXB5pTAJ$h>9DSbW%i)`{D;2gR#R(yrz;jTo72UB#yMZ`9pI(Bte}v`%<&gws@3(ef zp+UlFN$P?Q97LEqvpJOJPHGv*K+WULVB11ICcN*I{we$ASNs-Cc=B=(BL-DmO=9)^ zK;SF3bQA~+NkVeu-2U^aNT0vpPgj$Sx}KNz{g{!4tvp#!*)Kwy+*s#i?~&h z?o-2~qT%tdP#aKm=Rldusp8TacjVI&eAXm36YT-AX*lxSw7h6nQZ9{27%2p3M8V}c z8a=(H*Ei2N7der{ToWXgEglcF?e)~U0?WY`qVsPD|5*L!Ft-38cJZyj8JQ@yHKbuP z+;p-#>iaMQ1{2^Y)Kco2eWlz*9y|vx^?Q!aJI~MWr>f^$jhB}9o%@Em3Tw0(eKp`@ z3?dsZqB}RY)h__U$*g{vMiL~gPaRwo@6T`20Ins)z27EPnsiTR$ zd(IVjM<6HAmEuJRyDZ2cAWx5yFZ)h=nv?i1vm*L2xm+tO+_56=DnRFIq)Xtue~w`V z1{bX-dbHmAFvWT=5@>)2V z=oN9)WGh@x`rJyu4*YXg#J;Xld6@$r_uh`7{BPBy3?~zdQNa6N$BRWTJ9D42Ol%D! zx0sBi{bQs2meI|}5(2Ddf~w%o**UhZ-6uj&K1hSKwDKJ8s*^V|O2R3yH>?fL=z&oB|7`ka;34Sa%>J$h4Z zHnFIZgo`C6HB}47S#jsi)&xZl^9DMRS>58|%OjX!^J@3Zklxug(8K@tSQV$5nwpgK z3u8IZdoQ3j244ZYO5k26RD*QqY*RhWuheGrQhUCO1j%>4ZKTA5>toDcbLmEtI-!s&ngka{Z2dOxS9&rK*7 zDV##dPwdzq`B#jxl0?kL38T#-N?Kx;?Dfqv$5_zJXwIqk0+-juZg)THJKR7dn~lWXD?$x| zmCF6tFBZ+68(7i;_$`L@UZWr=lBg!@9yan6U8$+DJzDwtmp+pTz1pi(ig;hZ+bcJ3 zE?IGY)hFQkLq)5Jby>8CS35r2-NmIMSK78&@&fyl^7G8wB(eM7@1(puyu(Pb`S zM=y$Rg@%@%`^wh!meup)3;6QKeWUIM6^^$;m_h|m8O(IPG$nFkP&H53dD*;<-es@}z2ogzJ zsZi(N=IX3&jyP54J>>|(Gu;ZJ387ddFW)3ld092_e<8=H`T?l-ldcOC4D zZP)bn)lt6Ut7;apSD`d8%XFm*u(59Rs6lskucd;`#IfwG1#6uMK#007mpk37cJ*V+ z{XkoMMu7hH?yg1y0U+1ajlxjunmUs@edV11-_o+8sw8)ep= zYfO`3t|tTKYIU`ZQ_(SfD#aE?4PbyDktL+Q>bSY5d8obLXcoaOnIyh^Ze?|Jz`z$D zr#;Yn%_w$>I1E6x^vdz~fe^LGDYDpgqi{1)B#OOTr2U19a;93hhLwhywW)ru9vl`u zP9P?8gET+65pn#u*lj8*E8VLTKW+B?8e=vxCJjlT$#c3plPlrpW>eDN@6#uU0>xu!9HdKuM4bnE3grwk&yt1rts)D#=*D$1`qS&HG&-STsAY2>0fa zQ|b~YQ;+|Sde(JBNbr(VmvM&e5{h)ld8aqt@Kvg3Hx0d7(jOfg;u*@o_>YuwyQXi# zAHH^JsjzO(!uKRF4v*$zC21&hRy0c|KxVkuB9r5}kAIxwmrIu9rPXc=LA>LUe>OSs zsIjj{W`G`-|Hy2ApYS&=&WiB!o6b(lU&v72ZAj$a`-Hnq=hpQ`BE@d~sZBzei_k~# zUWF!sO;(ZeIAn6Rh%p(UtsPu$=ldc4SD6?|k&rn2vf~5LF-2+-D4~$K2#OTT=}y5^ zNjQjh0qQy+XO1l$$Zfccm!R56OTu3{8ID$+Y;|FDVBeibq(xlz7=3+VyI?Qg8r~)@ zL{-g0G8Ky2QywHDNl0mYLoCQ<;D=#*7dod{>&)Du!9jB_YXRI5c}sW;;N5)1uypa_ za;rH!{5r-y9|=qn?<^$rJtx0e!^3a7Y^>GY8$YwgUm=$pTYE+YMS-mVzkey069}hI zMQ8IZK34?jx0Zg~JPDP463L9K$hNxAcD03jHE^IHVva?4>dxAFTJ^ldtl)J{SMw$@ z^YF7|vZ)XzAN22USw&uA^;6K&l=NCweDBu{r>;6r->v-I+nafe-zTlH$I6~gPlBG^$CC*IfZ-Tz|W0_2#-N?3* z+Zw)5SpU_?>jGH?X=Q%9+uLhyS0EI$ZFm%~GaR`1cGqc}^|yz9^pQzIIUiZk4^QNk zsP4}7;<4+f51D+yrR?k^*QWjf9qLf$y%;b7>6Tl)W#LJ2X?pbN)bU$gbwT}~5V0Q1zN}Fq3`Z1 zc|A_dN8EGr96n|_CKV3mfT2To{q)mM203fW!z#8eT;E<(nb_Ros3&V|$Vka0WBwAn zWUc?ph$IE`z9^T8Yp(7#d>R%{px32)_eKB&oBr+0Pa?SX-AQ2h*;lp%^lsuhCSyWSKqC;caz^8f@Tg8 zFGoJzxFYTWu7g0lmv3>ij{829i3(4qDPt_FT;Zg_1Cx_a>|Ln0XQ5;AI?bTDuU?AM zf(rIGup3Q=A%{}K$AE|sB?i8x)mw7JtL@tLp2)+5C5btG`hD8)=;h;{jr73LE9P8b z4{=usnj8yUTj8`@7c-0CE1p&qzNoo)u3^J>vCTvsNSG2-PYcEuyQE-gx(sp4CvEhT zh-Vc;)^i_Y$PbYb$gfB7WPF=ps5x}#;Yn9x*KKyI%>O|=p$5(CE%Wy(|CwE`8~RvS zv;~9&rC^0_?^t{_q^A+Mhnk5U?I9iWv6wjNt7{v7J+sW*e6*}YVMX5JXNHC${K1H2 zR(S_$-8$;a?-1+;h2kJkvRuF<-fx=I9^ipGz=^XE@zf9CK^_kb`$8Y6Cu!~VL7dp3 zIOA!+8&d2`69IBo85tRAY$sgrx(HYDcoW5h1~4-O^uQ`(>lr`%8)9Lq%y5q@iH&z{ zsm-ZX*xQV-!7~__ZJ*_1anGk|Vy{uqgJFUaaB>tM=+RJ{lOrJo3wO$Q2PFhc8%izo zrp4*^V8k|?vep^Qw%z-sx%rRcQ!T)su3o>sNRYtsGx;uJkp zKT@55Zh?j;V2QfA;xqq1nU}{F8zJr?z#K> pCxd$M1>MM?|K^LLBkQ_*b!?BB)4e2sAxV-JEm$HyKhNR2e*t1r^{@Z{ literal 0 HcmV?d00001 diff --git a/README.md b/README.md index efa9528d4d..3fba39aa39 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,30 @@ -# PE/COFF loader designed with formal methods +# Acidanthera UEFI Development Kit + +AUDK is a fork of [EDK II project](https://github.com/tianocore/edk2) focused on security.
+The main goal of AUDK project is to bring the best practices of secure code development into firmware domain.
+These practices include (but are not limited to) static analysis, fuzzing, formal verification,
+code hardening through various compiler optimizations and codebase architectural refactoring. + +[STATUS.md](STATUS.md) lists current states of the supported packages (toolchains, targets, CI supervision). + +Stable branches in AUDK project are constructed by rebasing all the commits in master branch upon EDK II stable tag.
+Available stable branches:
+[audk-stable-202211](https://github.com/acidanthera/audk/tree/audk-stable-202211)
+[audk-stable-202302](https://github.com/acidanthera/audk/tree/audk-stable-202302)
+ +## Supported features +[PE loader designed with formal methods](#pe-loader-designed-with-formal-methods)
+[UEFI Executable File Format](#uefi-executable-file-format)
+[ImageTool](#imagetool)
+Ext4Pkg, FatPkg: Various improvements based on [Sydr](https://github.com/ispras/oss-sydr-fuzz) fuzzing results
+Introduced CpuArchLib to move the CPU Architectural initialization to DxeCore (https://bugzilla.tianocore.org/show_bug.cgi?id=3223)
+CI checks not only compilation results of various packages but also boot results of Windows 10 / Linux kernels for OVMF, ArmVirtQemu
+ +## PE loader designed with formal methods This branch demonstrates the integration of a new PE/COFF loader designed with the help of formal methods into the EDK II infrastructure. -## Introduction +### Introduction The PE/COFF loader is one of the central components of the firmware core and its trust base. Every Image which is part of a UEFI system, including platform drivers from the primary firmware storage, Option ROMs from external hardware, and OS loaders from arbitrary storage, is verified and loaded by this library. Clearly it is a key component to ensure platform reliability and software compatibility, and can only be modified with great care. It also is an essential component for security technologies such as Secure Boot and Measured Boot. @@ -14,41 +36,45 @@ The usage of formal methods to design the new solution greatly helped restore th Please also refer to the new work-in-progress documentation available at [MdePkg/Library/BasePeCoffLib2/Documentation.md](MdePkg/Library/BasePeCoffLib2/Documentation.md) -## Further abstraction +### Further abstraction The new solution has been implemented as a new library class in MdePkg. ``PeCoffLib2`` features a new API that allows for a more resilient and a more flexible caller design. Most notably, all Image operations have been integrated into the API design rather than the callers accessing the library context and duplicating certain work. ``PeCoffLib`` remains intact as deprecated API to support legacy code during the transition period. To increase platform flexibility, a new layer of abstraction is introduced in the form of the library class ``UefiImageLib``, which can be found at [MdePkg/Include/Library/UefiImageLib.h](MdePkg/Include/Library/UefiImageLib.h). Currently, it is a subset of the APIs provided by ``PeCoffLib2`` that is expected to be compatible with most other common executable formats, plus a few convenience functions. As part of the proposal, the instance ``UefiImageLibPeCoff`` is provided, which is basically a shim for ``PeCoffLib2``. In the future, instances to support other file formats can be introduced without having to integrate them across the entire EDK II tree. -## Issues of the current solution +For security and code size optimization reasons, the ``UefiImageLib`` design is complicated. +To not expose FV-only UEFI image formats via, e.g., DxeCore to untrusted sources, +``UefiImageLib`` can be configured to support different UEFI image formats per source. + +### Issues of the current solution * High level of maintenance cost due to convoluted function contracts * Error-prone design promoting the introduction of code bugs * Multiple real-world bugs affecting reliability, some unaddressed for years * A lot of duplicate caller-side code that decreases the flexibility of porting and integration (e.g. Image permissions in PEI) * Dependency on Image re-parsing for production code -## Benefits of the new solution +### Benefits of the new solution * Fixes all known reported BugZilla tickets on PE/COFF loader reliability * Formal methods increase confidence in a high level of reliability and security * Improved design eases future maintenance and extension * Architecture-independent Image processing (e.g. for emulation) * Support for more granular Image section permissions (e.g. read-only) -## Benefits of the formal methods involved +### Benefits of the formal methods involved * Complete proof arithmetic cannot overflow (excluding intentional modulo arithmetic) * Mostly complete proof memory accesses are safe (requires axioms) * Complete proof of Image format compliance verification * Complete proof of Image loading * Mostly complete proof of Image relocation (final memory state cannot be easily described) -## Further notes about the formal approach +### Further notes about the formal approach * A snapshot of the new PE/COFF loader code will be provided with annotations and proving results * The snapshot will not be current and updating the old code is out of the scope of this project, however the functional changes should be manageable to review * We are currently investigating whether deploying the proving environment as a Docker container is feasible * There may be aids to compare the updates over the last fully verified state (e.g. stripped versions of the code with diffs) * If accepted, the new PE/COFF loader code should be developed further without updating the formal annotations, but with thorough review of important invariants and sufficient documentation -## Current progress, future goals, and further notes +### Current progress, future goals, and further notes * OVMF boots to Shell with SMM and Secure Boot enabled * Linux EmulatorPkg boots * Extended support for Image protection has been implemented @@ -58,14 +84,58 @@ To increase platform flexibility, a new layer of abstraction is introduced in th * Specified interfaces need adjustments (e.g. security architectural protocol) * Some validation is still absent -## BZs fixed by integrating the new PE/COFF loader +### BZs fixed by integrating the new PE/COFF loader * https://bugzilla.tianocore.org/show_bug.cgi?id=1860 * https://bugzilla.tianocore.org/show_bug.cgi?id=1999 * https://bugzilla.tianocore.org/show_bug.cgi?id=2120 * https://bugzilla.tianocore.org/show_bug.cgi?id=3329 * More to be added shortly... -## BZs easier to address by integrating the new PE/COFF loader +### BZs easier to address by integrating the new PE/COFF loader * https://bugzilla.tianocore.org/show_bug.cgi?id=3326 * https://bugzilla.tianocore.org/show_bug.cgi?id=3331 * More to be added shortly... + +## UEFI Executable File Format + +The Terse Executable (TE) format is a curious approach to reducing the size of PE files. +Essentially, it replaces the multi-layer Portable Executable (PE) image file header with a single, denser image file header. + +![image](PEvsTE.png) + +However, the conversion does not fix the internal offsets — this must be done by the image file loading — and +it is unlikely to reduce the size of memory page-aligned execute-in-place (XIP) image files. +The simpler parsing properties of having only a single, simple image file header are contrasted by the complexity of +considering the shift in data offsets and the semantic change to the image address space. +For XIP files, the replacement of the PE image file header also shifts the addresses of all image segments. +To account for this, EDK II’s PeiCore has a workaround to apply the shift to the load address, +so that the image file header is technically misaligned, but the image segments are correctly aligned. +This is especially important when enforcing memory permissions during PEI. + +We propose a novel executable file format (UEFI Executable File Format, [UE](https://github.com/mhaeuser/MastersThesis/tree/main)), +accompanied by a trivial digital signature scheme. (In our repository TE format is completely replaced with UE.) +Both help reduce the complexity of parsing and validation, while also encoding metadata much more efficiently than +the PE and the TE formats. They are specifically designed for UEFI firmware implementations and are explicitly not optimized +for the needs of modern operating systems. Compared to existing alternatives such as ELF and the Mach-O format, +the proposed alternative makes extensive use of encoding techniques to impose certain constraints on the metadata, +reducing the need for conformance validation. + +## ImageTool + +For compiler toolchain configurations based on GCC and Clang, EDK II generates ELF files in the first step. +To convert these into PE files, the TianoCore tool ``GenFw`` is used. It converts ELF image file sections to PE image file sections +while ignoring ELF image segments. Due to the great flexibility offered by ELF image file sections, conversion is done by using +custom static linking scripts to merge ELF image file sections as desired. +An undocumented detail of the EDK II build system is that all image files are generated as XIP, regardless of their phase or purpose. + +The main architectural flaw of ``GenFw`` and [other TianoCore tools](BaseTools/Source/C) is code duplication, i.e. +instead of using standard library modules of the already existing packages in the repository, necessary source files (or functions) +are simply copied into the building directory of those tools. + +We addressed that issue in our AUDK project greatly increasing code reuse among BaseTools and, in addition, +to make image file conversion easier to maintain, extend, and validate, we have replaced ``GenFw`` with ``ImageTool``. +``ImageTool`` implements an approach based on an intermediate representation. +This allows input and output formats to be processed independently of each other. +At the same time, operations such as relocating an image became format-independent, contributing to improved extensibility. +Because we designed the intermediate representation to be semi-canonical, we were able to use it to reduce the validation of the output file +to parsing the input file and comparing the resulting intermediate representation to the original one.