Asset: Build Tool · EDK II Security Coding Guide

Powered by GitBook

EDK II Secure Coding Guide

DRAFT [08/08/2019 06:15:29]

Revision 02.0

Asset: Build Tool

In 1983, Ken Thompson received the Turing Award with Dennis Ritchie. There he delivered a speech - Reflections on Trusting Trust, and demonstrated how to inject a Trojan Horse into the compiler. Afterward the compiler generated a buggy binary. It is not impossible.

This is not a traditional attack to the final system, but it represents an attack to the tool chain in the build environment.

The mitigation is: only trust the tool chain from a trusted source with the source code, and protect the tool chain in the build environment.

EDK II Secure Coding Guide

DRAFT [08/08/2019 06:15:29]

Revision 02.0