public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH v1 0/1] Enable AES and HKDF
@ 2022-11-07 22:15 Judah Vang
  2022-11-07 22:15 ` [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions Judah Vang
       [not found] ` <17256D461071259B.1802@groups.io>
  0 siblings, 2 replies; 8+ messages in thread
From: Judah Vang @ 2022-11-07 22:15 UTC (permalink / raw)
  To: devel

https://bugzilla.tianocore.org/show_bug.cgi?id=3992

Need crypto AES to be supported for PEI phase and need
crypto KDF to be supported for SMM phase. Update Readme
to show AES and HKDF defaults.

Judah Vang (1):
  CryptoPkg: Need to enable crypto functions

 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |  2 +-
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |  2 +-
 CryptoPkg/Readme.md                            | 27 +++++++++++---------
 3 files changed, 17 insertions(+), 14 deletions(-)

-- 
2.35.1.windows.2


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
  2022-11-07 22:15 [PATCH v1 0/1] Enable AES and HKDF Judah Vang
@ 2022-11-07 22:15 ` Judah Vang
       [not found] ` <17256D461071259B.1802@groups.io>
  1 sibling, 0 replies; 8+ messages in thread
From: Judah Vang @ 2022-11-07 22:15 UTC (permalink / raw)
  To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
	Nishant C Mistry

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992

V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase.
    Update Readme.md

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Judah Vang <judah.vang@intel.com>
---
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |  2 +-
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |  2 +-
 CryptoPkg/Readme.md                            | 27 +++++++++++---------
 3 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index b1629647f9c6..ee5f3cd5d4b6 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -43,7 +43,7 @@ [Sources]
   Hash/CryptParallelHashNull.c
   Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
-  Cipher/CryptAesNull.c
+  Cipher/CryptAes.c
   Cipher/CryptAeadAesGcmNull.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 0af7a3f96e8f..cc5a53ca92cd 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -43,7 +43,7 @@ [Sources]
   Hash/CryptCShake256.c
   Hash/CryptParallelHash.c
   Hmac/CryptHmac.c
-  Kdf/CryptHkdfNull.c
+  Kdf/CryptHkdf.c
   Cipher/CryptAes.c
   Cipher/CryptAeadAesGcmNull.c
   Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md
index 067465b8eb7d..cb072db72397 100644
--- a/CryptoPkg/Readme.md
+++ b/CryptoPkg/Readme.md
@@ -447,18 +447,20 @@ and CryptoSmm modules.
 #### Common PEI PcdCryptoServiceFamilyEnable Settings
 
 ```
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free               | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey             | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                          | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                           | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family                           | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                     | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free                    | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword      | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services.Sha256ExtractAndExpand | TRUE
 ```
 
 #### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings
@@ -466,6 +468,7 @@ and CryptoSmm modules.
 ```
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt             | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword          | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify                | TRUE
-- 
2.35.1.windows.2


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
       [not found] ` <17256D461071259B.1802@groups.io>
@ 2022-12-20  0:43   ` Judah Vang
  2022-12-20  1:40     ` Yao, Jiewen
  0 siblings, 1 reply; 8+ messages in thread
From: Judah Vang @ 2022-12-20  0:43 UTC (permalink / raw)
  To: devel@edk2.groups.io, Vang, Judah
  Cc: Yao, Jiewen, Wang, Jian J, Xiaoyu Lu, Jiang, Guomin,
	Mistry, Nishant C

Hi Jiewen,

Has this patch been merged?
This is an important change for the UEFI Protected Variable feature.

Judah

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Judah Vang
Sent: Monday, November 7, 2022 2:16 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>
Subject: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992

V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase.
    Update Readme.md

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Judah Vang <judah.vang@intel.com>
---
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |  2 +-  CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |  2 +-
 CryptoPkg/Readme.md                            | 27 +++++++++++---------
 3 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index b1629647f9c6..ee5f3cd5d4b6 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -43,7 +43,7 @@ [Sources]
   Hash/CryptParallelHashNull.c
   Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
-  Cipher/CryptAesNull.c
+  Cipher/CryptAes.c
   Cipher/CryptAeadAesGcmNull.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 0af7a3f96e8f..cc5a53ca92cd 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -43,7 +43,7 @@ [Sources]
   Hash/CryptCShake256.c
   Hash/CryptParallelHash.c
   Hmac/CryptHmac.c
-  Kdf/CryptHkdfNull.c
+  Kdf/CryptHkdf.c
   Cipher/CryptAes.c
   Cipher/CryptAeadAesGcmNull.c
   Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md index 067465b8eb7d..cb072db72397 100644
--- a/CryptoPkg/Readme.md
+++ b/CryptoPkg/Readme.md
@@ -447,18 +447,20 @@ and CryptoSmm modules.
 #### Common PEI PcdCryptoServiceFamilyEnable Settings
 
 ```
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free               | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey             | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                          | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                           | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family                           | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                     | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free                    | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword      | TRUE
+  
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services
+ .Sha256ExtractAndExpand | TRUE
 ```
 
 #### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings @@ -466,6 +468,7 @@ and CryptoSmm modules.
 ```
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt             | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword          | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify                | TRUE
--
2.35.1.windows.2







^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
  2022-12-20  0:43   ` [edk2-devel] " Judah Vang
@ 2022-12-20  1:40     ` Yao, Jiewen
  2022-12-20  1:55       ` Michael D Kinney
  0 siblings, 1 reply; 8+ messages in thread
From: Yao, Jiewen @ 2022-12-20  1:40 UTC (permalink / raw)
  To: Vang, Judah, devel@edk2.groups.io
  Cc: Wang, Jian J, Xiaoyu Lu, Jiang, Guomin, Mistry, Nishant C

Just merged - https://github.com/tianocore/edk2/pull/3796


> -----Original Message-----
> From: Vang, Judah <judah.vang@intel.com>
> Sent: Tuesday, December 20, 2022 8:44 AM
> To: devel@edk2.groups.io; Vang, Judah <judah.vang@intel.com>
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin
> <guomin.jiang@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>
> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto
> functions
> 
> Hi Jiewen,
> 
> Has this patch been merged?
> This is an important change for the UEFI Protected Variable feature.
> 
> Judah
> 
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Judah
> Vang
> Sent: Monday, November 7, 2022 2:16 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin
> <guomin.jiang@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>
> Subject: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto
> functions
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992
> 
> V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase.
>     Update Readme.md
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
> Signed-off-by: Judah Vang <judah.vang@intel.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |  2 +-
> CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |  2 +-
>  CryptoPkg/Readme.md                            | 27 +++++++++++---------
>  3 files changed, 17 insertions(+), 14 deletions(-)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> index b1629647f9c6..ee5f3cd5d4b6 100644
> --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> @@ -43,7 +43,7 @@ [Sources]
>    Hash/CryptParallelHashNull.c
>    Hmac/CryptHmac.c
>    Kdf/CryptHkdf.c
> -  Cipher/CryptAesNull.c
> +  Cipher/CryptAes.c
>    Cipher/CryptAeadAesGcmNull.c
>    Pk/CryptRsaBasic.c
>    Pk/CryptRsaExtNull.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> index 0af7a3f96e8f..cc5a53ca92cd 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> @@ -43,7 +43,7 @@ [Sources]
>    Hash/CryptCShake256.c
>    Hash/CryptParallelHash.c
>    Hmac/CryptHmac.c
> -  Kdf/CryptHkdfNull.c
> +  Kdf/CryptHkdf.c
>    Cipher/CryptAes.c
>    Cipher/CryptAeadAesGcmNull.c
>    Pk/CryptRsaBasic.c
> diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md index
> 067465b8eb7d..cb072db72397 100644
> --- a/CryptoPkg/Readme.md
> +++ b/CryptoPkg/Readme.md
> @@ -447,18 +447,20 @@ and CryptoSmm modules.
>  #### Common PEI PcdCryptoServiceFamilyEnable Settings
> 
>  ```
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> -  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> -  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk
> cs1Verify        | TRUE
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.N
> ew                | TRUE
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr
> ee               | TRUE
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se
> tKey             | TRUE
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> kcs5HashPassword | TRUE
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk
> cs1Verify             | TRUE
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.N
> ew                     | TRUE
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr
> ee                    | TRUE
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se
> tKey                  | TRUE
> +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> kcs5HashPassword      | TRUE
> +
> + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services
> + .Sha256ExtractAndExpand | TRUE
>  ```
> 
>  #### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings @@ -
> 466,6 +468,7 @@ and CryptoSmm modules.
>  ```
> 
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> 
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> +  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> 
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> kcs1v2Encrypt             | TRUE
> 
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> kcs5HashPassword          | TRUE
> 
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> kcs7Verify                | TRUE
> --
> 2.35.1.windows.2
> 
> 
> 
> 
> 


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
  2022-12-20  1:40     ` Yao, Jiewen
@ 2022-12-20  1:55       ` Michael D Kinney
  2022-12-20  2:51         ` Yao, Jiewen
  0 siblings, 1 reply; 8+ messages in thread
From: Michael D Kinney @ 2022-12-20  1:55 UTC (permalink / raw)
  To: devel@edk2.groups.io, Yao, Jiewen, Vang, Judah
  Cc: Wang, Jian J, Xiaoyu Lu, Jiang, Guomin, Mistry, Nishant C,
	Kinney, Michael D

Hi Jiewen,

I noticed that this patch is missing the update to the table in ReadMe.md to
show the new PEI and SMM crypto services enabled by default in *CryptLib
library instances.

https://github.com/tianocore/edk2/tree/master/CryptoPkg#supported-cryptographic-families-and-services

It did update the recommended PCD settings at the end of the 
ReadMe, but missed the update to CryptoPkg.dsc file to actually
enable the PEI and SMM services in the Crypto Drivers.

Mike

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Monday, December 19, 2022 5:40 PM
> To: Vang, Judah <judah.vang@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Mistry, Nishant C <nishant.c.mistry@intel.com>
> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
> 
> Just merged - https://github.com/tianocore/edk2/pull/3796
> 
> 
> > -----Original Message-----
> > From: Vang, Judah <judah.vang@intel.com>
> > Sent: Tuesday, December 20, 2022 8:44 AM
> > To: devel@edk2.groups.io; Vang, Judah <judah.vang@intel.com>
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin
> > <guomin.jiang@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>
> > Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto
> > functions
> >
> > Hi Jiewen,
> >
> > Has this patch been merged?
> > This is an important change for the UEFI Protected Variable feature.
> >
> > Judah
> >
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Judah
> > Vang
> > Sent: Monday, November 7, 2022 2:16 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin
> > <guomin.jiang@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>
> > Subject: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto
> > functions
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992
> >
> > V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase.
> >     Update Readme.md
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
> > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
> > Signed-off-by: Judah Vang <judah.vang@intel.com>
> > ---
> >  CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |  2 +-
> > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |  2 +-
> >  CryptoPkg/Readme.md                            | 27 +++++++++++---------
> >  3 files changed, 17 insertions(+), 14 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > index b1629647f9c6..ee5f3cd5d4b6 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > @@ -43,7 +43,7 @@ [Sources]
> >    Hash/CryptParallelHashNull.c
> >    Hmac/CryptHmac.c
> >    Kdf/CryptHkdf.c
> > -  Cipher/CryptAesNull.c
> > +  Cipher/CryptAes.c
> >    Cipher/CryptAeadAesGcmNull.c
> >    Pk/CryptRsaBasic.c
> >    Pk/CryptRsaExtNull.c
> > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > index 0af7a3f96e8f..cc5a53ca92cd 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > @@ -43,7 +43,7 @@ [Sources]
> >    Hash/CryptCShake256.c
> >    Hash/CryptParallelHash.c
> >    Hmac/CryptHmac.c
> > -  Kdf/CryptHkdfNull.c
> > +  Kdf/CryptHkdf.c
> >    Cipher/CryptAes.c
> >    Cipher/CryptAeadAesGcmNull.c
> >    Pk/CryptRsaBasic.c
> > diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md index
> > 067465b8eb7d..cb072db72397 100644
> > --- a/CryptoPkg/Readme.md
> > +++ b/CryptoPkg/Readme.md
> > @@ -447,18 +447,20 @@ and CryptoSmm modules.
> >  #### Common PEI PcdCryptoServiceFamilyEnable Settings
> >
> >  ```
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk
> > cs1Verify        | TRUE
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.N
> > ew                | TRUE
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr
> > ee               | TRUE
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se
> > tKey             | TRUE
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs5HashPassword | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk
> > cs1Verify             | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.N
> > ew                     | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr
> > ee                    | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se
> > tKey                  | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs5HashPassword      | TRUE
> > +
> > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services
> > + .Sha256ExtractAndExpand | TRUE
> >  ```
> >
> >  #### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings @@ -
> > 466,6 +468,7 @@ and CryptoSmm modules.
> >  ```
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs1v2Encrypt             | TRUE
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs5HashPassword          | TRUE
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs7Verify                | TRUE
> > --
> > 2.35.1.windows.2
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
  2022-12-20  1:55       ` Michael D Kinney
@ 2022-12-20  2:51         ` Yao, Jiewen
  2022-12-20 18:43           ` Judah Vang
  0 siblings, 1 reply; 8+ messages in thread
From: Yao, Jiewen @ 2022-12-20  2:51 UTC (permalink / raw)
  To: Kinney, Michael D, devel@edk2.groups.io, Vang, Judah
  Cc: Wang, Jian J, Xiaoyu Lu, Jiang, Guomin, Mistry, Nishant C

Hi Mike
You are right. I missed that part.

Hi Judah
Would you please file another patch to update DSC file, to make it align with readme?

Thank you
Yao, Jiewen

> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Tuesday, December 20, 2022 9:55 AM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Vang,
> Judah <judah.vang@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>;
> Jiang, Guomin <guomin.jiang@intel.com>; Mistry, Nishant C
> <nishant.c.mistry@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto
> functions
> 
> Hi Jiewen,
> 
> I noticed that this patch is missing the update to the table in ReadMe.md to
> show the new PEI and SMM crypto services enabled by default in *CryptLib
> library instances.
> 
> https://github.com/tianocore/edk2/tree/master/CryptoPkg#supported-
> cryptographic-families-and-services
> 
> It did update the recommended PCD settings at the end of the
> ReadMe, but missed the update to CryptoPkg.dsc file to actually
> enable the PEI and SMM services in the Crypto Drivers.
> 
> Mike
> 
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> Jiewen
> > Sent: Monday, December 19, 2022 5:40 PM
> > To: Vang, Judah <judah.vang@intel.com>; devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu
> <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Mistry, Nishant C <nishant.c.mistry@intel.com>
> > Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto
> functions
> >
> > Just merged - https://github.com/tianocore/edk2/pull/3796
> >
> >
> > > -----Original Message-----
> > > From: Vang, Judah <judah.vang@intel.com>
> > > Sent: Tuesday, December 20, 2022 8:44 AM
> > > To: devel@edk2.groups.io; Vang, Judah <judah.vang@intel.com>
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang,
> Guomin
> > > <guomin.jiang@intel.com>; Mistry, Nishant C
> <nishant.c.mistry@intel.com>
> > > Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable
> crypto
> > > functions
> > >
> > > Hi Jiewen,
> > >
> > > Has this patch been merged?
> > > This is an important change for the UEFI Protected Variable feature.
> > >
> > > Judah
> > >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> Judah
> > > Vang
> > > Sent: Monday, November 7, 2022 2:16 PM
> > > To: devel@edk2.groups.io
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang,
> Guomin
> > > <guomin.jiang@intel.com>; Mistry, Nishant C
> <nishant.c.mistry@intel.com>
> > > Subject: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto
> > > functions
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992
> > >
> > > V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase.
> > >     Update Readme.md
> > >
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
> > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > > Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
> > > Signed-off-by: Judah Vang <judah.vang@intel.com>
> > > ---
> > >  CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |  2 +-
> > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |  2 +-
> > >  CryptoPkg/Readme.md                            | 27 +++++++++++---------
> > >  3 files changed, 17 insertions(+), 14 deletions(-)
> > >
> > > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > index b1629647f9c6..ee5f3cd5d4b6 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > @@ -43,7 +43,7 @@ [Sources]
> > >    Hash/CryptParallelHashNull.c
> > >    Hmac/CryptHmac.c
> > >    Kdf/CryptHkdf.c
> > > -  Cipher/CryptAesNull.c
> > > +  Cipher/CryptAes.c
> > >    Cipher/CryptAeadAesGcmNull.c
> > >    Pk/CryptRsaBasic.c
> > >    Pk/CryptRsaExtNull.c
> > > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > index 0af7a3f96e8f..cc5a53ca92cd 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > @@ -43,7 +43,7 @@ [Sources]
> > >    Hash/CryptCShake256.c
> > >    Hash/CryptParallelHash.c
> > >    Hmac/CryptHmac.c
> > > -  Kdf/CryptHkdfNull.c
> > > +  Kdf/CryptHkdf.c
> > >    Cipher/CryptAes.c
> > >    Cipher/CryptAeadAesGcmNull.c
> > >    Pk/CryptRsaBasic.c
> > > diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md index
> > > 067465b8eb7d..cb072db72397 100644
> > > --- a/CryptoPkg/Readme.md
> > > +++ b/CryptoPkg/Readme.md
> > > @@ -447,18 +447,20 @@ and CryptoSmm modules.
> > >  #### Common PEI PcdCryptoServiceFamilyEnable Settings
> > >
> > >  ```
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > > amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > > amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk
> > > cs1Verify        | TRUE
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.N
> > > ew                | TRUE
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr
> > > ee               | TRUE
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se
> > > tKey             | TRUE
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > > kcs5HashPassword | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > > amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > > amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk
> > > cs1Verify             | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.N
> > > ew                     | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr
> > > ee                    | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se
> > > tKey                  | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > > kcs5HashPassword      | TRUE
> > > +
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services
> > > + .Sha256ExtractAndExpand | TRUE
> > >  ```
> > >
> > >  #### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings
> @@ -
> > > 466,6 +468,7 @@ and CryptoSmm modules.
> > >  ```
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > > amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > > amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > > kcs1v2Encrypt             | TRUE
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > > kcs5HashPassword          | TRUE
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > > kcs7Verify                | TRUE
> > > --
> > > 2.35.1.windows.2
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> > 
> >


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
  2022-12-20  2:51         ` Yao, Jiewen
@ 2022-12-20 18:43           ` Judah Vang
  2022-12-20 20:51             ` Michael D Kinney
  0 siblings, 1 reply; 8+ messages in thread
From: Judah Vang @ 2022-12-20 18:43 UTC (permalink / raw)
  To: Yao, Jiewen, Kinney, Michael D, devel@edk2.groups.io
  Cc: Wang, Jian J, Xiaoyu Lu, Jiang, Guomin, Mistry, Nishant C

The readme was updated, however, I did miss the .dsc.
Will submit another patch to address the .dsc file

Judah

-----Original Message-----
From: Yao, Jiewen <jiewen.yao@intel.com> 
Sent: Monday, December 19, 2022 6:52 PM
To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io; Vang, Judah <judah.vang@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>
Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions

Hi Mike
You are right. I missed that part.

Hi Judah
Would you please file another patch to update DSC file, to make it align with readme?

Thank you
Yao, Jiewen

> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Tuesday, December 20, 2022 9:55 AM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Vang, 
> Judah <judah.vang@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu 
> <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; 
> Mistry, Nishant C <nishant.c.mistry@intel.com>; Kinney, Michael D 
> <michael.d.kinney@intel.com>
> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable 
> crypto functions
> 
> Hi Jiewen,
> 
> I noticed that this patch is missing the update to the table in 
> ReadMe.md to show the new PEI and SMM crypto services enabled by 
> default in *CryptLib library instances.
> 
> https://github.com/tianocore/edk2/tree/master/CryptoPkg#supported-
> cryptographic-families-and-services
> 
> It did update the recommended PCD settings at the end of the ReadMe, 
> but missed the update to CryptoPkg.dsc file to actually enable the PEI 
> and SMM services in the Crypto Drivers.
> 
> Mike
> 
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> Jiewen
> > Sent: Monday, December 19, 2022 5:40 PM
> > To: Vang, Judah <judah.vang@intel.com>; devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu
> <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Mistry, Nishant C <nishant.c.mistry@intel.com>
> > Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable 
> > crypto
> functions
> >
> > Just merged - https://github.com/tianocore/edk2/pull/3796
> >
> >
> > > -----Original Message-----
> > > From: Vang, Judah <judah.vang@intel.com>
> > > Sent: Tuesday, December 20, 2022 8:44 AM
> > > To: devel@edk2.groups.io; Vang, Judah <judah.vang@intel.com>
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J 
> > > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang,
> Guomin
> > > <guomin.jiang@intel.com>; Mistry, Nishant C
> <nishant.c.mistry@intel.com>
> > > Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable
> crypto
> > > functions
> > >
> > > Hi Jiewen,
> > >
> > > Has this patch been merged?
> > > This is an important change for the UEFI Protected Variable feature.
> > >
> > > Judah
> > >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> Judah
> > > Vang
> > > Sent: Monday, November 7, 2022 2:16 PM
> > > To: devel@edk2.groups.io
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J 
> > > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang,
> Guomin
> > > <guomin.jiang@intel.com>; Mistry, Nishant C
> <nishant.c.mistry@intel.com>
> > > Subject: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable 
> > > crypto functions
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992
> > >
> > > V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase.
> > >     Update Readme.md
> > >
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
> > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > > Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
> > > Signed-off-by: Judah Vang <judah.vang@intel.com>
> > > ---
> > >  CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |  2 +- 
> > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |  2 +-
> > >  CryptoPkg/Readme.md                            | 27 +++++++++++---------
> > >  3 files changed, 17 insertions(+), 14 deletions(-)
> > >
> > > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > index b1629647f9c6..ee5f3cd5d4b6 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > @@ -43,7 +43,7 @@ [Sources]
> > >    Hash/CryptParallelHashNull.c
> > >    Hmac/CryptHmac.c
> > >    Kdf/CryptHkdf.c
> > > -  Cipher/CryptAesNull.c
> > > +  Cipher/CryptAes.c
> > >    Cipher/CryptAeadAesGcmNull.c
> > >    Pk/CryptRsaBasic.c
> > >    Pk/CryptRsaExtNull.c
> > > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > index 0af7a3f96e8f..cc5a53ca92cd 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > @@ -43,7 +43,7 @@ [Sources]
> > >    Hash/CryptCShake256.c
> > >    Hash/CryptParallelHash.c
> > >    Hmac/CryptHmac.c
> > > -  Kdf/CryptHkdfNull.c
> > > +  Kdf/CryptHkdf.c
> > >    Cipher/CryptAes.c
> > >    Cipher/CryptAeadAesGcmNull.c
> > >    Pk/CryptRsaBasic.c
> > > diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md index
> > > 067465b8eb7d..cb072db72397 100644
> > > --- a/CryptoPkg/Readme.md
> > > +++ b/CryptoPkg/Readme.md
> > > @@ -447,18 +447,20 @@ and CryptoSmm modules.
> > >  #### Common PEI PcdCryptoServiceFamilyEnable Settings
> > >
> > >  ```
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > > amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > > amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> Pk
> > > cs1Verify        | TRUE
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> N
> > > ew                | TRUE
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> Fr
> > > ee               | TRUE
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> Se
> > > tKey             | TRUE
> > > -
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> .P
> > > kcs5HashPassword | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > > amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > > amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> Pk
> > > cs1Verify             | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> N
> > > ew                     | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> Fr
> > > ee                    | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> Se
> > > tKey                  | TRUE
> > > +
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> .P
> > > kcs5HashPassword      | TRUE
> > > +
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services
> > > + .Sha256ExtractAndExpand | TRUE
> > >  ```
> > >
> > >  #### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings
> @@ -
> > > 466,6 +468,7 @@ and CryptoSmm modules.
> > >  ```
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > > amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > > amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > +
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family
> > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> .P
> > > kcs1v2Encrypt             | TRUE
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> .P
> > > kcs5HashPassword          | TRUE
> > >
> > >
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> .P
> > > kcs7Verify                | TRUE
> > > --
> > > 2.35.1.windows.2
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> > 
> >


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
  2022-12-20 18:43           ` Judah Vang
@ 2022-12-20 20:51             ` Michael D Kinney
  0 siblings, 0 replies; 8+ messages in thread
From: Michael D Kinney @ 2022-12-20 20:51 UTC (permalink / raw)
  To: Vang, Judah, Yao, Jiewen, devel@edk2.groups.io, Kinney, Michael D
  Cc: Wang, Jian J, Xiaoyu Lu, Jiang, Guomin, Mistry, Nishant C,
	Kinney, Michael D

Judah,

The readme update was not complete.

I provided a pointer to the Table at the beginning of the readme
that need to be updated too.

Thanks,

Mike

> -----Original Message-----
> From: Vang, Judah <judah.vang@intel.com>
> Sent: Tuesday, December 20, 2022 10:43 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Mistry, Nishant C <nishant.c.mistry@intel.com>
> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
> 
> The readme was updated, however, I did miss the .dsc.
> Will submit another patch to address the .dsc file
> 
> Judah
> 
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Monday, December 19, 2022 6:52 PM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io; Vang, Judah <judah.vang@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Mistry, Nishant C <nishant.c.mistry@intel.com>
> Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
> 
> Hi Mike
> You are right. I missed that part.
> 
> Hi Judah
> Would you please file another patch to update DSC file, to make it align with readme?
> 
> Thank you
> Yao, Jiewen
> 
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Tuesday, December 20, 2022 9:55 AM
> > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Vang,
> > Judah <judah.vang@intel.com>
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu
> > <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Mistry, Nishant C <nishant.c.mistry@intel.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>
> > Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable
> > crypto functions
> >
> > Hi Jiewen,
> >
> > I noticed that this patch is missing the update to the table in
> > ReadMe.md to show the new PEI and SMM crypto services enabled by
> > default in *CryptLib library instances.
> >
> > https://github.com/tianocore/edk2/tree/master/CryptoPkg#supported-
> > cryptographic-families-and-services
> >
> > It did update the recommended PCD settings at the end of the ReadMe,
> > but missed the update to CryptoPkg.dsc file to actually enable the PEI
> > and SMM services in the Crypto Drivers.
> >
> > Mike
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> > Jiewen
> > > Sent: Monday, December 19, 2022 5:40 PM
> > > To: Vang, Judah <judah.vang@intel.com>; devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu
> > <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > Mistry, Nishant C <nishant.c.mistry@intel.com>
> > > Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable
> > > crypto
> > functions
> > >
> > > Just merged - https://github.com/tianocore/edk2/pull/3796
> > >
> > >
> > > > -----Original Message-----
> > > > From: Vang, Judah <judah.vang@intel.com>
> > > > Sent: Tuesday, December 20, 2022 8:44 AM
> > > > To: devel@edk2.groups.io; Vang, Judah <judah.vang@intel.com>
> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang,
> > Guomin
> > > > <guomin.jiang@intel.com>; Mistry, Nishant C
> > <nishant.c.mistry@intel.com>
> > > > Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable
> > crypto
> > > > functions
> > > >
> > > > Hi Jiewen,
> > > >
> > > > Has this patch been merged?
> > > > This is an important change for the UEFI Protected Variable feature.
> > > >
> > > > Judah
> > > >
> > > > -----Original Message-----
> > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > Judah
> > > > Vang
> > > > Sent: Monday, November 7, 2022 2:16 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang,
> > Guomin
> > > > <guomin.jiang@intel.com>; Mistry, Nishant C
> > <nishant.c.mistry@intel.com>
> > > > Subject: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable
> > > > crypto functions
> > > >
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992
> > > >
> > > > V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase.
> > > >     Update Readme.md
> > > >
> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > > Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
> > > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > > > Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
> > > > Signed-off-by: Judah Vang <judah.vang@intel.com>
> > > > ---
> > > >  CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |  2 +-
> > > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |  2 +-
> > > >  CryptoPkg/Readme.md                            | 27 +++++++++++---------
> > > >  3 files changed, 17 insertions(+), 14 deletions(-)
> > > >
> > > > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > > index b1629647f9c6..ee5f3cd5d4b6 100644
> > > > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > > @@ -43,7 +43,7 @@ [Sources]
> > > >    Hash/CryptParallelHashNull.c
> > > >    Hmac/CryptHmac.c
> > > >    Kdf/CryptHkdf.c
> > > > -  Cipher/CryptAesNull.c
> > > > +  Cipher/CryptAes.c
> > > >    Cipher/CryptAeadAesGcmNull.c
> > > >    Pk/CryptRsaBasic.c
> > > >    Pk/CryptRsaExtNull.c
> > > > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > > index 0af7a3f96e8f..cc5a53ca92cd 100644
> > > > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > > @@ -43,7 +43,7 @@ [Sources]
> > > >    Hash/CryptCShake256.c
> > > >    Hash/CryptParallelHash.c
> > > >    Hmac/CryptHmac.c
> > > > -  Kdf/CryptHkdfNull.c
> > > > +  Kdf/CryptHkdf.c
> > > >    Cipher/CryptAes.c
> > > >    Cipher/CryptAeadAesGcmNull.c
> > > >    Pk/CryptRsaBasic.c
> > > > diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md index
> > > > 067465b8eb7d..cb072db72397 100644
> > > > --- a/CryptoPkg/Readme.md
> > > > +++ b/CryptoPkg/Readme.md
> > > > @@ -447,18 +447,20 @@ and CryptoSmm modules.
> > > >  #### Common PEI PcdCryptoServiceFamilyEnable Settings
> > > >
> > > >  ```
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > > > amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > > > amily               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> > Pk
> > > > cs1Verify        | TRUE
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> > N
> > > > ew                | TRUE
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> > Fr
> > > > ee               | TRUE
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> > Se
> > > > tKey             | TRUE
> > > > -
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> > .P
> > > > kcs5HashPassword | TRUE
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > > > amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > > > amily                    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> > Pk
> > > > cs1Verify             | TRUE
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> > N
> > > > ew                     | TRUE
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> > Fr
> > > > ee                    | TRUE
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.
> > Se
> > > > tKey                  | TRUE
> > > > +
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> > .P
> > > > kcs5HashPassword      | TRUE
> > > > +
> > > > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services
> > > > + .Sha256ExtractAndExpand | TRUE
> > > >  ```
> > > >
> > > >  #### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings
> > @@ -
> > > > 466,6 +468,7 @@ and CryptoSmm modules.
> > > >  ```
> > > >
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > > > amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > >
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > > > amily                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family
> > > > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > > >
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> > .P
> > > > kcs1v2Encrypt             | TRUE
> > > >
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> > .P
> > > > kcs5HashPassword          | TRUE
> > > >
> > > >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services
> > .P
> > > > kcs7Verify                | TRUE
> > > > --
> > > > 2.35.1.windows.2
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > > 
> > >


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2022-12-20 20:51 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-07 22:15 [PATCH v1 0/1] Enable AES and HKDF Judah Vang
2022-11-07 22:15 ` [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions Judah Vang
     [not found] ` <17256D461071259B.1802@groups.io>
2022-12-20  0:43   ` [edk2-devel] " Judah Vang
2022-12-20  1:40     ` Yao, Jiewen
2022-12-20  1:55       ` Michael D Kinney
2022-12-20  2:51         ` Yao, Jiewen
2022-12-20 18:43           ` Judah Vang
2022-12-20 20:51             ` Michael D Kinney

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox