If a CoCo guest is booted using drivers/firmware/efi/libstub, this code needs to be audited, fuzzed and hardened to withstand malicious inputs from host/VMM. In particular some components of efi boot stub are actively receiving inputs from the host, such as Graphics Output Protocol.
Problem
If a CoCo guest is booted using drivers/firmware/efi/libstub, this code needs to be audited, fuzzed and hardened to withstand malicious inputs from host/VMM. In particular some components of efi boot stub are actively receiving inputs from the host, such as Graphics Output Protocol.
Solution
Audit, fuzz & harden the code.