From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:47 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: zhichao.gao@intel.com) IronPort-SDR: UHbWDvrND7JWz427ZjwgUTe3jwcpcx0U074LU90DYbblTt/uLSIhKfZbRr6YjIwXgzPWQ+Kkjz pBNdh0u09bKw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:47 -0700 IronPort-SDR: PFhgvdiZJfq1T+LzsbRWP/MVIy6cqG6SyInlze6R6yO24cMvVrN0BNS9FwQ+W4aAOzQwH+Ufcz pm8WxXUbmX0Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246824" Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:46 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [PATCH 5/8] CryptoPkg/dec: Add pcds to avoid building the deprecated function Date: Fri, 27 Mar 2020 09:56:26 +0800 Message-Id: <20200327015629.2588-6-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682 Md5 and SHA1 is not secure any longer but uefi spec need to keep them for backwards compatibility. Add two pcds PcdMD5Enable and PcdSHA1Enable to control the function enablement. Set the default value to false to indicate they are deprecated. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dec | 11 +++++++++++ CryptoPkg/CryptoPkg.uni | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index 4d1a1368a8..4d1750839f 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -82,5 +82,16 @@ # @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010 gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00000001 + ## Enable/Disable the MD5 algorithm. The MD5 is deprecated but the UEFI spec + # want to keep it for backwards compatibility. + # @prompt Enable/Disable MD5 function. + gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable|FALSE|BOOLEAN|0x00000003 + + ## Enable/Disable the SHA1 algorithm. The SHA1 is deprecated but the UEFI spec + # want to keep it for backwards compatibility. It should be set to TRUE when + # PcdHashApiLibPolicy enable the SHA1. + # @prompt Enable/Disable SHA1 function. + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable|FALSE|BOOLEAN|0x00000004 + [UserExtensions.TianoCore."ExtraFiles"] CryptoPkgExtra.uni diff --git a/CryptoPkg/CryptoPkg.uni b/CryptoPkg/CryptoPkg.uni index 28459fcafe..8e27ebcd36 100644 --- a/CryptoPkg/CryptoPkg.uni +++ b/CryptoPkg/CryptoPkg.uni @@ -30,3 +30,14 @@ #string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_PROMPT #language en-US "Enable/Disable EDK II Crypto Protocol/PPI services" #string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_HELP #language en-US "Enable/Disable the families and individual services produced by the EDK II Crypto Protocols/PPIs. The default is all services disabled. This Structured PCD is associated with PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure that is defined in Include/Pcd/PcdCryptoServiceFamilyEnable.h." + +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdMD5Enable_PROMPT #language en-US "Enable/Disable the MD5 algorithm. The MD5 is deprecated but the UEFI spec\n" + "want to keep it for backwards compatibility." + +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdMD5Enable_HELP #language en-US "Enable/Disable MD5 function." + +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSHA1Enable_PROMPT #language en-US "Enable/Disable the SHA1 algorithm. The SHA1 is deprecated but the UEFI spec\n" + "want to keep it for backwards compatibility.It should be set to TRUE when\n" + "PcdHashApiLibPolicy enable the SHA1." + +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSHA1Enable_HELP #language en-US "Enable/Disable SHA1 function." -- 2.21.0.windows.1