From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242])
 by mx.groups.io with SMTP id smtpd.web10.782.1605248717411936617
 for <devel@edk2.groups.io>;
 Thu, 12 Nov 2020 22:25:20 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=none, err=permanent DNS error (domain: byosoft.com.cn, ip: 58.240.74.242, mailfrom: gaoliming@byosoft.com.cn)
Received: from DESKTOPS6D0PVI ([58.246.60.130])
	(envelope-sender <gaoliming@byosoft.com.cn>)
	by 192.168.6.13 with ESMTP
	for <ard.biesheuvel@arm.com>; Fri, 13 Nov 2020 14:25:08 +0800
X-WM-Sender: gaoliming@byosoft.com.cn
X-WM-AuthFlag: YES
X-WM-AuthUser: gaoliming@byosoft.com.cn
From: "gaoliming" <gaoliming@byosoft.com.cn>
To: <devel@edk2.groups.io>,
	<zhichao.gao@intel.com>
Cc: "'Justen, Jordan L'" <jordan.l.justen@intel.com>,
	"'Laszlo Ersek'" <lersek@redhat.com>,
	"'Ard Biesheuvel'" <ard.biesheuvel@arm.com>,
	"'Sami Mujawar'" <sami.mujawar@arm.com>,
	"'Leif Lindholm'" <leif@nuviainc.com>,
	"'Yao, Jiewen'" <jiewen.yao@intel.com>,
	"'Wang, Jian J'" <jian.j.wang@intel.com>,
	"'Lu, XiaoyuX'" <xiaoyux.lu@intel.com>,
	"'Jiang, Guomin'" <guomin.jiang@intel.com>,
	"'Kinney, Michael D'" <michael.d.kinney@intel.com>,
	"'Steele, Kelly'" <kelly.steele@intel.com>,
	"'Sun, Zailiang'" <zailiang.sun@intel.com>,
	"'Qian, Yi'" <yi.qian@intel.com>,
	"'Maciej Rabeda'" <maciej.rabeda@linux.intel.com>,
	"'Wu, Jiaxin'" <jiaxin.wu@intel.com>,
	"'Fu, Siyuan'" <siyuan.fu@intel.com>,
	"'Feng, Roger'" <roger.feng@intel.com>,
	"'Liu, Zhiguang'" <zhiguang.liu@intel.com>
References: <1646361F135EC661.31324@groups.io> <MWHPR11MB1647B0FB5D7F0F4F88EDA4D3F6E60@MWHPR11MB1647.namprd11.prod.outlook.com>
In-Reply-To: <MWHPR11MB1647B0FB5D7F0F4F88EDA4D3F6E60@MWHPR11MB1647.namprd11.prod.outlook.com>
Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIFYzIDAwLzEyXSBEaXNhYmxlIHRoZSBkZXByZWNhdGVkIE1ENSBhbmQgU0hBMSBzdXBwb3J0?=
Date: Fri, 13 Nov 2020 14:25:09 +0800
Message-ID: <009d01d6b985$bc7ac640$357052c0$@byosoft.com.cn>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQF0pWGdRdSqianmuVv9A3QpMQkBTAKtpMfzqnRLi/A=
Content-Type: text/plain;
	charset="gb2312"
Content-Transfer-Encoding: quoted-printable
Content-Language: zh-cn

Zhichao:
  I see the latest V4 version have been sent. Few days may be required for
code review.=20

Hi, NetworkPkg, CryptoPkg, OvmfPkg, ArmVirtPkg package maintainer and
reviewer:
  Because stable tag 202011 is coming soon, can you finish the code review
for this patch set (V4 version) before Nov 17 (Next Tuesday)?=20

Thanks
Liming
> -----=D3=CA=BC=FE=D4=AD=BC=FE-----
> =B7=A2=BC=FE=C8=CB: bounce+27952+67411+4905953+8761045@groups.io
> <bounce+27952+67411+4905953+8761045@groups.io> =B4=FA=B1=ED Gao, Zhichao
> =B7=A2=CB=CD=CA=B1=BC=E4: 2020=C4=EA11=D4=C213=C8=D5 9:08
> =CA=D5=BC=FE=C8=CB: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@inte=
l.com>
> =B3=AD=CB=CD: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>=
;
> Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin
> <guomin.jiang@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>=
;
> Steele, Kelly <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@inte=
l.
com>;
> Qian, Yi <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger
> <roger.feng@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>
> =D6=F7=CC=E2: Re: [edk2-devel] [PATCH V3 00/12] Disable the deprecated M=
D5 and
> SHA1 support
>=20
> I plan to catch the 202011 stable tag for this patch set. Please help to
review
> this patch. I would like to request to extend time for review after
feature
> freeze.
> Make the default setting for security and let the user of edk2 aware of =
it
if
> they are using unsecure functions make sense.
> If you have any doubt or comment, please feel free to let me know.
>=20
> Thanks,
> Zhichao
>=20
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> Zhichao
> > Sent: Wednesday, November 11, 2020 1:37 AM
> > To: devel@edk2.groups.io
> > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>;
> Yao,
> > Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; L=
u,
> > XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>=
;
> > Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly
> > <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; Qian=
,
Yi
> > <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Maciej
> Rabeda
> > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu,
> Siyuan
> > <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com>; Liu, Zhigua=
ng
> > <zhiguang.liu@intel.com>
> > Subject: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and
> SHA1
> > support
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3003
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3021
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3027
> >
> > MD5 is deprecated, make it disable as default for security.
> > It required to set MD5 enable explicitly if the module is still using
MD5. List
> the
> > modules that are still using it:
> > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config=
).
> >
> > This patch set would affact the platforms that are using iSCSI functio=
n.
> >
> > V2:
> > Remove MD5 and SHA1 support of Hash2DxeCrypto.
> > Remove the MD5 GUID defination in MdePkg.dec. SHA1 related GUIDs are
> still
> > using in TPM2, so keep them.
> > No requirement to add MD5 enable MACRO in SecurityPkg.
> >
> > V3:
> > Explicitly enable iSCSI for ArmVirtQemu, ArmVirtQemuKernel, OvmfPkgIa3=
2,
> > OvmfPkgIa32X64, OvmfPkgX64 and BhyveX64.
> > And set the MD5 enable base on the new MD5 MACRO.
> > Rejust the patch order.
> >
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> > Cc: Sami Mujawar <sami.mujawar@arm.com>
> > Cc: Leif Lindholm <leif@nuviainc.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Kelly Steele <kelly.steele@intel.com>
> > Cc: Zailiang Sun <zailiang.sun@intel.com>
> > Cc: Yi Qian <yi.qian@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> > Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > Cc: Roger Feng <roger.feng@intel.com>
> > Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> >
> > Zhichao Gao (12):
> >   SecurityPkg/Hash2DxeCrypto: Remove MD5 support
> >   SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
> >   CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
> >   NetworkPkg: Enable MD5 while enable iSCSI
> >   ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI
> >   ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI
> >   OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI
> >   OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI
> >   OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI
> >   OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI
> >   NetworkPkg/Defines: Make iSCSI disable as default
> >   CryptoPkg: Make the MD5 disable as default for security
> >
> >  ArmVirtPkg/ArmVirtQemu.dsc                             | 8
> +++++++-
> >  ArmVirtPkg/ArmVirtQemuKernel.dsc                       | 8
> +++++++-
> >  CryptoPkg/CryptoPkg.dsc                                | 3 +++
> >  CryptoPkg/Driver/Crypto.c                              | 4 ++--
> >  CryptoPkg/Include/Library/BaseCryptLib.h               | 2 +-
> >  CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c         | 2 +-
> >  CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +-
> >  NetworkPkg/Network.dsc.inc                             | 5
> +++++
> >  NetworkPkg/NetworkDefines.dsc.inc                      | 4 ++--
> >  OvmfPkg/Bhyve/BhyveX64.dsc                             | 7
> ++++++-
> >  OvmfPkg/OvmfPkgIa32.dsc                                | 5
> +++++
> >  OvmfPkg/OvmfPkgIa32X64.dsc                             | 5
> +++++
> >  OvmfPkg/OvmfPkgX64.dsc                                 | 5
> +++++
> >  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c            | 2 --
> >  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf          | 4 +---
> >  15 files changed, 51 insertions(+), 15 deletions(-)
> >
> > --
> > 2.21.0.windows.1
> >
> >
> >
> >
> >
>=20
>=20
>=20
>=20
>=20