From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9A0588216E for ; Fri, 24 Feb 2017 03:01:48 -0800 (PST) Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 36B4ED599F; Fri, 24 Feb 2017 11:01:49 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-39.phx2.redhat.com [10.3.116.39]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1OB1bDv003054; Fri, 24 Feb 2017 06:01:48 -0500 From: Laszlo Ersek To: edk2-devel-01 Cc: Ard Biesheuvel , Tomas Hoger Date: Fri, 24 Feb 2017 12:01:30 +0100 Message-Id: <20170224110132.19374-4-lersek@redhat.com> In-Reply-To: <20170224110132.19374-1-lersek@redhat.com> References: <20170224110132.19374-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Fri, 24 Feb 2017 11:01:49 +0000 (UTC) Subject: [PATCH v2 3/5] ArmVirtPkg: resolve OpensslLib to OpensslLibCrypto X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2017 11:01:48 -0000 The OpensslLibCrypto library instance (which does not contain libssl functions) is sufficient for the Secure Boot feature. It would not be sufficient for HTTPS booting (which requires TLS), but in ArmVirtPkg, we don't even enable plaintext HTTP booting for the time being. Ease security analysis by excluding libssl functionality from the OpensslLib instance we use. Cc: Ard Biesheuvel Cc: Tomas Hoger Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Ard Biesheuvel --- Notes: v2: - replace "OpensslLibNoSsl" with "OpensslLibCrypto" in commit message - fix typo "analsysis" in commit message - pick up Ard's R-b - resolve OpensslLib to OpensslLibCrypto.inf in ArmVirt.dsc.inc, rather than OpensslLibNoSsl.inf - test-build ArmVirtQemu ArmVirtPkg/ArmVirt.dsc.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 43699cb9bdd6..b5de4163c1cb 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -136,7 +136,7 @@ [LibraryClasses.common] # !if $(SECURE_BOOT_ENABLE) == TRUE IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf -- 2.9.3