From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel-01 <edk2-devel@ml01.01.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Tomas Hoger <thoger@redhat.com>
Subject: [PATCH v2 3/5] ArmVirtPkg: resolve OpensslLib to OpensslLibCrypto
Date: Fri, 24 Feb 2017 12:01:30 +0100 [thread overview]
Message-ID: <20170224110132.19374-4-lersek@redhat.com> (raw)
In-Reply-To: <20170224110132.19374-1-lersek@redhat.com>
The OpensslLibCrypto library instance (which does not contain libssl
functions) is sufficient for the Secure Boot feature. It would not be
sufficient for HTTPS booting (which requires TLS), but in ArmVirtPkg, we
don't even enable plaintext HTTP booting for the time being.
Ease security analysis by excluding libssl functionality from the
OpensslLib instance we use.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
Notes:
v2:
- replace "OpensslLibNoSsl" with "OpensslLibCrypto" in commit message
- fix typo "analsysis" in commit message
- pick up Ard's R-b
- resolve OpensslLib to OpensslLibCrypto.inf in ArmVirt.dsc.inc, rather
than OpensslLibNoSsl.inf
- test-build ArmVirtQemu
ArmVirtPkg/ArmVirt.dsc.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 43699cb9bdd6..b5de4163c1cb 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -136,7 +136,7 @@ [LibraryClasses.common]
#
!if $(SECURE_BOOT_ENABLE) == TRUE
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
--
2.9.3
next prev parent reply other threads:[~2017-02-24 11:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-24 11:01 [PATCH v2 0/5] ArmVirt- Nt32- Ovmf- CryptoPkg: conditionalize libssl presence in OpensslLib Laszlo Ersek
2017-02-24 11:01 ` [PATCH v2 1/5] CryptoPkg/OpensslLib: refresh OpensslLib.inf, opensslconf.h after 32387e00 Laszlo Ersek
2017-02-24 13:20 ` Long, Qin
2017-02-27 0:57 ` Wu, Jiaxin
2017-02-24 11:01 ` [PATCH v2 2/5] CryptoPkg/OpensslLib: introduce OpensslLibCrypto instance Laszlo Ersek
2017-02-24 13:30 ` Long, Qin
2017-02-24 11:01 ` Laszlo Ersek [this message]
2017-02-24 11:01 ` [PATCH v2 4/5] Nt32Pkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE Laszlo Ersek
2017-02-27 0:52 ` Wu, Jiaxin
2017-02-27 9:46 ` Laszlo Ersek
2017-02-27 2:37 ` Ni, Ruiyu
2017-02-24 11:01 ` [PATCH v2 5/5] OvmfPkg: " Laszlo Ersek
2017-02-25 14:08 ` [PATCH v2 0/5] ArmVirt- Nt32- Ovmf- CryptoPkg: conditionalize libssl presence in OpensslLib Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170224110132.19374-4-lersek@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox