From 6a4f46ac5e2abe2a33600135bbad36cf14b23881 Mon Sep 17 00:00:00 2001 From: Patrick Georgi Date: Sun, 23 Feb 2020 09:51:07 +0100 Subject: Documentation/project_ideas: Update after 2019 The coverity project is done, for the most part, so drop it. Expand a bit on the scope of the toolchain binary project, and point out that the Ghidra project already has code from GSoC 2019 but could be developed further. Change-Id: I7342cc3133494f69b175b11b1f8342a0f40840e7 Signed-off-by: Patrick Georgi Reviewed-on: https://review.coreboot.org/c/coreboot/+/39086 Tested-by: build bot (Jenkins) Reviewed-by: Jacob Garber Reviewed-by: Patrick Rudolph --- Documentation/contributing/project_ideas.md | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/Documentation/contributing/project_ideas.md b/Documentation/contributing/project_ideas.md index 90164a2bfa..8271ea91f0 100644 --- a/Documentation/contributing/project_ideas.md +++ b/Documentation/contributing/project_ideas.md @@ -27,7 +27,9 @@ which is a bad experience when trying to build coreboot the first time. Provide packages/installers of our compiler toolchain for Linux distros, Windows, Mac OS. For Windows, this should also include the environment -(shell, make, ...). +(shell, make, ...). A student doesn't have to cover _all_ platforms, but +pick a set of systems that match their interest and knowledge and lay +out a plan on how to do this. The scripts to generate these packages should be usable on a Linux host, as that's what we're using for our automated build testing system @@ -131,26 +133,6 @@ their bug reports. ### Mentors * Patrick Georgi -## Make coreboot coverity clean -coreboot and several other of our projects are automatically tested -using Synopsys' free "Coverity Scan" service. While some fare pretty -good, like [em100](https://scan.coverity.com/projects/em100) at 0 known -defects, there are still many open issues in other projects, most notably -[coreboot](https://scan.coverity.com/projects/coreboot) itself (which -is also the largest codebase). - -Not all of the reports are actual issues, but the project benefits a -lot if the list of unhandled reports is down to 0 because that provides -a baseline when future changes reintroduce new issues: it's easier to -triage and handle a list of 5 issues rather than more than 350. - -This project would be going through all reports and handling them -appropriately: Figure out if reports are valid or not and mark them -as such. For valid reports, provide patches to fix the underlying issue. - -### Mentors -* Patrick Georgi - ## Extend Ghidra to support analysis of firmware images [Ghidra](https://ghidra-sre.org) is a recently released cross-platform disassembler and decompiler that is extensible through plugins. Make it @@ -158,6 +140,11 @@ useful for firmware related work: Automatically parse formats (eg. by integrating UEFITool, cbfstool, decompressors), automatically identify 16/32/64bit code on x86/amd64, etc. +This has been done in 2019 with [some neat +features](https://github.com/al3xtjames/ghidra-firmware-utils) being +developed, but it may be possible to expand support for all kinds of firmware +analyses. + ## Learn hardware behavior from I/O and memory access logs [SerialICE](https://www.serialice.com) is a tool to trace the behavior of executable code like firmware images. One result of that is a long log file -- cgit v1.2.3