public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
@ 2023-02-09 10:26 Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 01/10] CryptoPkg: move Driver PCD configs to include files Gerd Hoffmann
                   ` (10 more replies)
  0 siblings, 11 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Known problem: the NOOPT builds fail due to PEI becoming too big.

What is the reason for doing these NOOPT builds?  I'm not sure what
value they provide.  But the lack of LTO bloats the binaries with dead
code, which is a constant source of trouble ...

v2 changes:
 - turn on crypto driver support by default.
 - left the config option in for now as fallback option.
   When all goes as planned remove it one or two releases
   later.
 - fix various build problems.

Gerd Hoffmann (10):
  CryptoPkg: move Driver PCD configs to include files
  CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc
  CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc
  OvmfPkg: add OvmfCrypto*.inc
  OvmfPkg: OvmfPkgX64: use crypto includes
  OvmfPkg: OvmfPkgIa32X64: use crypto includes
  OvmfPkg: OvmfPkgIa32: use crypto includes
  OvmfPkg: Microvm: use crypto includes
  OvmfPkg: IntelTdx: use crypto includes
  OvmfPkg: AmdSev: use crypto includes

 .../Include/Dsc/CryptoServicePcd.all.dsc.inc  | 29 +++++++
 .../Dsc/CryptoServicePcd.hash_only.dsc.inc    |  8 ++
 .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc  | 37 +++++++++
 .../Dsc/CryptoServicePcd.min_pei.dsc.inc      | 20 +++++
 .../Dsc/OvmfCryptoComponentsDxe.dsc.inc       | 23 ++++++
 .../Dsc/OvmfCryptoComponentsPei.dsc.inc       | 19 +++++
 .../Dsc/OvmfCryptoComponentsSmm.dsc.inc       | 18 +++++
 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc |  5 ++
 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc    | 57 ++++++++++++++
 CryptoPkg/CryptoPkg.dsc                       | 78 +------------------
 OvmfPkg/AmdSev/AmdSevX64.dsc                  | 12 ++-
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              | 15 ++--
 OvmfPkg/Microvm/MicrovmX64.dsc                | 24 +++---
 OvmfPkg/OvmfPkgIa32.dsc                       | 22 +++---
 OvmfPkg/OvmfPkgIa32X64.dsc                    | 22 +++---
 OvmfPkg/OvmfPkgX64.dsc                        | 22 +++---
 OvmfPkg/AmdSev/AmdSevX64.fdf                  |  6 ++
 OvmfPkg/IntelTdx/IntelTdxX64.fdf              |  5 ++
 OvmfPkg/Microvm/MicrovmX64.fdf                |  7 ++
 OvmfPkg/OvmfPkgIa32.fdf                       |  6 ++
 OvmfPkg/OvmfPkgIa32X64.fdf                    |  6 ++
 OvmfPkg/OvmfPkgX64.fdf                        |  6 ++
 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc  | 12 +++
 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc     |  9 +++
 24 files changed, 331 insertions(+), 137 deletions(-)
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc

-- 
2.39.1


^ permalink raw reply	[flat|nested] 17+ messages in thread

* [PATCH v2 01/10] CryptoPkg: move Driver PCD configs to include files
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 02/10] CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
                   ` (9 subsequent siblings)
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Makes it easier to reuse the predefined config sets in other places.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .../Include/Dsc/CryptoServicePcd.all.dsc.inc  | 29 +++++++
 .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc  | 35 +++++++++
 .../Dsc/CryptoServicePcd.min_pei.dsc.inc      | 20 +++++
 CryptoPkg/CryptoPkg.dsc                       | 78 +------------------
 4 files changed, 87 insertions(+), 75 deletions(-)
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc

diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
new file mode 100644
index 000000000000..1c3ffa461ca5
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
@@ -0,0 +1,29 @@
+##
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
new file mode 100644
index 000000000000..aaf35e4c6061
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
@@ -0,0 +1,35 @@
+##
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword          | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify                | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners            | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners           | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey                      | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll                  | FALSE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
new file mode 100644
index 000000000000..023c6f1d1d04
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
@@ -0,0 +1,20 @@
+##
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize     | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 4676193e8953..6a5fbd807a17 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -193,32 +193,7 @@ [PcdsFixedAtBuild]
 #
 !if $(CRYPTO_SERVICES) IN "ALL TARGET_UINT_TESTS"
 [PcdsFixedAtBuild]
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
 !endif
 
 #
@@ -227,23 +202,7 @@ [PcdsFixedAtBuild]
 #
 !if $(CRYPTO_SERVICES) == MIN_PEI
 [PcdsFixedAtBuild]
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free               | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey             | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize     | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init               | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt         | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt         | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
 !endif
 
 #
@@ -252,38 +211,7 @@ [PcdsFixedAtBuild]
 #
 !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
 [PcdsFixedAtBuild]
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt             | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword          | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify                | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners            | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners           | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify         | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify                 | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                         | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free                        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey                      | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll                  | FALSE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName             | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert                 | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt              | TRUE
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
 !endif
 
 ###################################################################################################
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 02/10] CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 01/10] CryptoPkg: move Driver PCD configs to include files Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 03/10] CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
                   ` (8 subsequent siblings)
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Contains only hash functions needed for measurements.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc

diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
new file mode 100644
index 000000000000..0d5402be9a1a
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
@@ -0,0 +1,8 @@
+##
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 03/10] CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 01/10] CryptoPkg: move Driver PCD configs to include files Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 02/10] CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 04/10] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
                   ` (7 subsequent siblings)
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Enable Sha384 + Sha512 + Sm3.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
index aaf35e4c6061..9209b4c526a7 100644
--- a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
@@ -18,7 +18,9 @@
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509        | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll                  | FALSE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName             | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName              | TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName        | TRUE
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 04/10] OvmfPkg: add OvmfCrypto*.inc
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (2 preceding siblings ...)
  2023-02-09 10:26 ` [PATCH v2 03/10] CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 05/10] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
                   ` (6 subsequent siblings)
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Create include files for crypto support, so the configuration can be
shared for all OVMF build variants.  Also add support for using the
Crypto Driver.

The Crypto Driver is enabled by default and can be disabled by setting
USE_CRYPTO_DRIVER to FALSE.  The config option is intended to be
temporary and will probably stay for one or two releases as fallback,
then be removed.

The configuration follows mostly the recommendations given in
CryptoPkg/Readme.md, with some minor exceptions like only compiling
TLS support in case NETWORK_TLS_ENABLE is TRUE.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .../Dsc/OvmfCryptoComponentsDxe.dsc.inc       | 23 ++++++++
 .../Dsc/OvmfCryptoComponentsPei.dsc.inc       | 19 +++++++
 .../Dsc/OvmfCryptoComponentsSmm.dsc.inc       | 18 ++++++
 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc |  5 ++
 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc    | 57 +++++++++++++++++++
 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc  | 12 ++++
 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc     |  9 +++
 7 files changed, 143 insertions(+)
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc

diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
new file mode 100644
index 000000000000..46518cdd33a7
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
@@ -0,0 +1,23 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+  CryptoPkg/Driver/CryptoDxe.inf {
+    <LibraryClasses>
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+      TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+      TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+    <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+  }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
new file mode 100644
index 000000000000..3cfe541315ca
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
@@ -0,0 +1,19 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+  CryptoPkg/Driver/CryptoPei.inf {
+    <LibraryClasses>
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+      TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+    <PcdsFixedAtBuild>
+#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
+  }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
new file mode 100644
index 000000000000..ca64ea8e5b26
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
@@ -0,0 +1,18 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE
+
+  CryptoPkg/Driver/CryptoSmm.inf {
+    <LibraryClasses>
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+      TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+    <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+  }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
new file mode 100644
index 000000000000..42934c3d3855
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
@@ -0,0 +1,5 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+  DEFINE USE_CRYPTO_DRIVER = TRUE
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
new file mode 100644
index 000000000000..4f979274a61e
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
@@ -0,0 +1,57 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+[LibraryClasses]
+  HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+[LibraryClasses.common.SEC]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.PEIM]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+  TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+  TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+  TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+
+!else
+
+[LibraryClasses.common]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+
+[LibraryClasses.common.PEIM]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
new file mode 100644
index 000000000000..ad425a7acfaf
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
@@ -0,0 +1,12 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+INF CryptoPkg/Driver/CryptoDxe.inf
+!if $(SMM_REQUIRE) == TRUE
+INF CryptoPkg/Driver/CryptoSmm.inf
+!endif
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
new file mode 100644
index 000000000000..7c357d748acb
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
@@ -0,0 +1,9 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+INF CryptoPkg/Driver/CryptoPei.inf
+
+!endif
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 05/10] OvmfPkg: OvmfPkgX64: use crypto includes
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (3 preceding siblings ...)
  2023-02-09 10:26 ` [PATCH v2 04/10] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 06/10] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
                   ` (5 subsequent siblings)
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/OvmfPkgX64.dsc | 22 +++++++++-------------
 OvmfPkg/OvmfPkgX64.fdf |  6 ++++++
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e3c64456dfef..fc5305350b2a 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -35,6 +35,7 @@ [Defines]
   DEFINE CC_MEASUREMENT_ENABLE   = FALSE
 
 !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 
   #
   # Shell can be useful for debugging but should not be enabled for production
@@ -232,12 +233,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -260,10 +255,6 @@ [LibraryClasses]
   #
 !include NetworkPkg/NetworkLibs.dsc.inc
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
 !if $(BUILD_SHELL) == TRUE
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
 !endif
@@ -274,9 +265,9 @@ [LibraryClasses]
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
@@ -385,7 +376,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -473,7 +463,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
 !endif
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
 
@@ -974,6 +963,13 @@ [Components]
 
   OvmfPkg/VirtioNetDxe/VirtioNet.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 16666ba24440..541e0df85e1d 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -189,6 +189,7 @@ [FV.PEIFV]
 INF  FILE_GUID = $(UP_CPU_PEI_GUID) UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
 !include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
 
 ################################################################################
 
@@ -414,6 +415,11 @@ [FV.DXEFV]
 #
 !include OvmfPkg/OvmfTpmDxe.fdf.inc
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.FVMAIN_COMPACT]
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 06/10] OvmfPkg: OvmfPkgIa32X64: use crypto includes
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (4 preceding siblings ...)
  2023-02-09 10:26 ` [PATCH v2 05/10] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 07/10] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
                   ` (4 subsequent siblings)
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++++++++-------------
 OvmfPkg/OvmfPkgIa32X64.fdf |  6 ++++++
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 6b539814bdb0..c04f03287d87 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -34,6 +34,7 @@ [Defines]
   DEFINE SOURCE_DEBUG_ENABLE     = FALSE
 
 !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 
   #
   # Shell can be useful for debugging but should not be enabled for production
@@ -215,12 +216,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -243,10 +238,6 @@ [LibraryClasses]
   #
 !include NetworkPkg/NetworkLibs.dsc.inc
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
 !if $(BUILD_SHELL) == TRUE
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
 !endif
@@ -257,9 +248,9 @@ [LibraryClasses]
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -364,7 +355,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -452,7 +442,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
 !endif
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
 
@@ -739,6 +728,7 @@ [Components.IA32]
   UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
 
 [Components.X64]
   #
@@ -901,6 +891,12 @@ [Components.X64]
 
   OvmfPkg/VirtioNetDxe/VirtioNet.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 4c5bd0dbc3b0..cf287303cb2c 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -173,6 +173,7 @@ [FV.PEIFV]
 INF  UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
 !include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
 
 ################################################################################
 
@@ -380,6 +381,11 @@ [FV.DXEFV]
 #
 !include OvmfPkg/OvmfTpmDxe.fdf.inc
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.FVMAIN_COMPACT]
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 07/10] OvmfPkg: OvmfPkgIa32: use crypto includes
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (5 preceding siblings ...)
  2023-02-09 10:26 ` [PATCH v2 06/10] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 08/10] OvmfPkg: Microvm: " Gerd Hoffmann
                   ` (3 subsequent siblings)
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/OvmfPkgIa32.dsc | 22 +++++++++-------------
 OvmfPkg/OvmfPkgIa32.fdf |  6 ++++++
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 22dc29330d2d..8ca29e9747c1 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -35,6 +35,7 @@ [Defines]
   DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE
 
 !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 
   #
   # Shell can be useful for debugging but should not be enabled for production
@@ -211,12 +212,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -239,10 +234,6 @@ [LibraryClasses]
   #
 !include NetworkPkg/NetworkLibs.dsc.inc
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
 !if $(BUILD_SHELL) == TRUE
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
 !endif
@@ -253,9 +244,9 @@ [LibraryClasses]
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
 
@@ -359,7 +350,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -447,7 +437,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
 !endif
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
 
@@ -888,6 +877,13 @@ [Components]
 
   OvmfPkg/VirtioNetDxe/VirtioNet.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 5451bfb84525..552730485123 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -173,6 +173,7 @@ [FV.PEIFV]
 INF  UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
 !include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
 
 ################################################################################
 
@@ -373,6 +374,11 @@ [FV.DXEFV]
 #
 !include OvmfPkg/OvmfTpmDxe.fdf.inc
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
 INF  OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
 !endif
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 08/10] OvmfPkg: Microvm: use crypto includes
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (6 preceding siblings ...)
  2023-02-09 10:26 ` [PATCH v2 07/10] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 09/10] OvmfPkg: IntelTdx: " Gerd Hoffmann
                   ` (2 subsequent siblings)
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++++++++++-------------
 OvmfPkg/Microvm/MicrovmX64.fdf |  7 +++++++
 2 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 0d65d21e651c..35b2dcb2b833 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -33,6 +33,8 @@ [Defines]
   DEFINE SMM_REQUIRE             = FALSE
   DEFINE SOURCE_DEBUG_ENABLE     = FALSE
 
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
+
   #
   # Network definition
   #
@@ -206,12 +208,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -234,10 +230,6 @@ [LibraryClasses]
   #
 !include NetworkPkg/NetworkLibs.dsc.inc
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
   S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
@@ -247,8 +239,9 @@ [LibraryClasses]
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
 
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
+
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
   SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf
   PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf
@@ -356,7 +349,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
 #  PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
 #  PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
 #  PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf
@@ -441,7 +433,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
 !endif
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
   PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
   PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf
@@ -829,6 +820,13 @@ [Components]
 
   OvmfPkg/VirtioNetDxe/VirtioNet.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
index b83fd1e6e4fe..92d4b446b7fe 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
@@ -149,6 +149,8 @@ [FV.PEIFV]
 INF  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
 INF  UefiCpuPkg/CpuMpPei/CpuMpPei.inf
 
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
+
 ################################################################################
 
 [FV.DXEFV]
@@ -302,6 +304,11 @@ [FV.DXEFV]
 INF  MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
 INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.FVMAIN_COMPACT]
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 09/10] OvmfPkg: IntelTdx: use crypto includes
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (7 preceding siblings ...)
  2023-02-09 10:26 ` [PATCH v2 08/10] OvmfPkg: Microvm: " Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 10:26 ` [PATCH v2 10/10] OvmfPkg: AmdSev: " Gerd Hoffmann
  2023-02-09 16:46 ` [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Ard Biesheuvel
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 +++++++++------
 OvmfPkg/IntelTdx/IntelTdxX64.fdf |  5 +++++
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 95b9594ddce0..6b028361e163 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -36,6 +36,8 @@ [Defines]
   #
   DEFINE BUILD_SHELL             = TRUE
 
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
+
   #
   # Device drivers
   #
@@ -191,8 +193,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -220,8 +220,9 @@ [LibraryClasses]
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
 
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
+
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
@@ -280,7 +281,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -355,7 +355,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
 
 [LibraryClasses.common.SMM_CORE]
@@ -552,7 +551,6 @@ [Components]
     <LibraryClasses>
       NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
       NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
-      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
   }
 
   #
@@ -718,6 +716,11 @@ [Components]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index 73dffc104301..e1b07449b7a9 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -257,6 +257,11 @@ [FV.DXEFV]
 #
 INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.NCCFV]
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 10/10] OvmfPkg: AmdSev: use crypto includes
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (8 preceding siblings ...)
  2023-02-09 10:26 ` [PATCH v2 09/10] OvmfPkg: IntelTdx: " Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
  2023-02-09 16:46 ` [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Ard Biesheuvel
  10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
  To: devel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel

Use the new crypto support include files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++++++++----
 OvmfPkg/AmdSev/AmdSevX64.fdf |  6 ++++++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 1cebd6b4bcc2..0bb34b8b258b 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -34,6 +34,7 @@ [Defines]
   DEFINE SOURCE_DEBUG_ENABLE     = FALSE
 
 !include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 
   #
   # Shell can be useful for debugging but should not be enabled for production
@@ -182,8 +183,6 @@ [LibraryClasses]
   LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
@@ -201,9 +200,9 @@ [LibraryClasses]
   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
 
 !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
 
 [LibraryClasses.common]
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -310,7 +309,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
 !endif
   UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
   QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -708,6 +706,12 @@ [Components]
   OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Crypto Support
+  #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
   #
   # Usb Support
   #
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 5fb3b5d27632..84842a601262 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -163,6 +163,7 @@ [FV.PEIFV]
 INF  OvmfPkg/AmdSev/SecretPei/SecretPei.inf
 
 !include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
 
 ################################################################################
 
@@ -318,6 +319,11 @@ [FV.DXEFV]
 #
 !include OvmfPkg/OvmfTpmDxe.fdf.inc
 
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
 ################################################################################
 
 [FV.FVMAIN_COMPACT]
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
  2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
                   ` (9 preceding siblings ...)
  2023-02-09 10:26 ` [PATCH v2 10/10] OvmfPkg: AmdSev: " Gerd Hoffmann
@ 2023-02-09 16:46 ` Ard Biesheuvel
  2023-02-10  8:41   ` Gerd Hoffmann
  10 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2023-02-09 16:46 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
	Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
	Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel

On Thu, 9 Feb 2023 at 11:27, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> Known problem: the NOOPT builds fail due to PEI becoming too big.
>
> What is the reason for doing these NOOPT builds?

They are very useful for doing single step debugging with GDB. On ARM,
I use the NOOPT builds fairly regularly.

>  I'm not sure what
> value they provide.  But the lack of LTO bloats the binaries with dead
> code, which is a constant source of trouble ...
>

> v2 changes:
>  - turn on crypto driver support by default.
>  - left the config option in for now as fallback option.
>    When all goes as planned remove it one or two releases
>    later.
>  - fix various build problems.
>
> Gerd Hoffmann (10):
>   CryptoPkg: move Driver PCD configs to include files
>   CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc
>   CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc
>   OvmfPkg: add OvmfCrypto*.inc
>   OvmfPkg: OvmfPkgX64: use crypto includes
>   OvmfPkg: OvmfPkgIa32X64: use crypto includes
>   OvmfPkg: OvmfPkgIa32: use crypto includes
>   OvmfPkg: Microvm: use crypto includes
>   OvmfPkg: IntelTdx: use crypto includes
>   OvmfPkg: AmdSev: use crypto includes
>

This looks fine to me but I'll give other folks some time to chime in.

Thanks,

>  .../Include/Dsc/CryptoServicePcd.all.dsc.inc  | 29 +++++++
>  .../Dsc/CryptoServicePcd.hash_only.dsc.inc    |  8 ++
>  .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc  | 37 +++++++++
>  .../Dsc/CryptoServicePcd.min_pei.dsc.inc      | 20 +++++
>  .../Dsc/OvmfCryptoComponentsDxe.dsc.inc       | 23 ++++++
>  .../Dsc/OvmfCryptoComponentsPei.dsc.inc       | 19 +++++
>  .../Dsc/OvmfCryptoComponentsSmm.dsc.inc       | 18 +++++
>  OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc |  5 ++
>  OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc    | 57 ++++++++++++++
>  CryptoPkg/CryptoPkg.dsc                       | 78 +------------------
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  | 12 ++-
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc              | 15 ++--
>  OvmfPkg/Microvm/MicrovmX64.dsc                | 24 +++---
>  OvmfPkg/OvmfPkgIa32.dsc                       | 22 +++---
>  OvmfPkg/OvmfPkgIa32X64.dsc                    | 22 +++---
>  OvmfPkg/OvmfPkgX64.dsc                        | 22 +++---
>  OvmfPkg/AmdSev/AmdSevX64.fdf                  |  6 ++
>  OvmfPkg/IntelTdx/IntelTdxX64.fdf              |  5 ++
>  OvmfPkg/Microvm/MicrovmX64.fdf                |  7 ++
>  OvmfPkg/OvmfPkgIa32.fdf                       |  6 ++
>  OvmfPkg/OvmfPkgIa32X64.fdf                    |  6 ++
>  OvmfPkg/OvmfPkgX64.fdf                        |  6 ++
>  OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc  | 12 +++
>  OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc     |  9 +++
>  24 files changed, 331 insertions(+), 137 deletions(-)
>  create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
>  create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
>  create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
>  create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
>  create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
>  create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
>  create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
>  create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
>  create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
>  create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
>  create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
>
> --
> 2.39.1
>

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
  2023-02-09 16:46 ` [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Ard Biesheuvel
@ 2023-02-10  8:41   ` Gerd Hoffmann
  2023-02-10 13:42     ` Ard Biesheuvel
  0 siblings, 1 reply; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-10  8:41 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
	Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
	Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel

On Thu, Feb 09, 2023 at 05:46:15PM +0100, Ard Biesheuvel wrote:
> On Thu, 9 Feb 2023 at 11:27, Gerd Hoffmann <kraxel@redhat.com> wrote:
> >
> > Known problem: the NOOPT builds fail due to PEI becoming too big.
> >
> > What is the reason for doing these NOOPT builds?
> 
> They are very useful for doing single step debugging with GDB. On ARM,
> I use the NOOPT builds fairly regularly.

Can LTO be enabled for the NOOPT build?  Or depends that on
optimizations being turned on?

take care,
  Gerd


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
  2023-02-10  8:41   ` Gerd Hoffmann
@ 2023-02-10 13:42     ` Ard Biesheuvel
  2023-02-10 13:46       ` Ard Biesheuvel
  0 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2023-02-10 13:42 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
	Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
	Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel

On Fri, 10 Feb 2023 at 09:42, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Thu, Feb 09, 2023 at 05:46:15PM +0100, Ard Biesheuvel wrote:
> > On Thu, 9 Feb 2023 at 11:27, Gerd Hoffmann <kraxel@redhat.com> wrote:
> > >
> > > Known problem: the NOOPT builds fail due to PEI becoming too big.
> > >
> > > What is the reason for doing these NOOPT builds?
> >
> > They are very useful for doing single step debugging with GDB. On ARM,
> > I use the NOOPT builds fairly regularly.
>
> Can LTO be enabled for the NOOPT build?  Or depends that on
> optimizations being turned on?
>

With the hunk below applied:

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
  2023-02-10 13:42     ` Ard Biesheuvel
@ 2023-02-10 13:46       ` Ard Biesheuvel
  2023-02-13 11:39         ` Gerd Hoffmann
  0 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2023-02-10 13:46 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
	Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
	Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel

On Fri, 10 Feb 2023 at 14:42, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Fri, 10 Feb 2023 at 09:42, Gerd Hoffmann <kraxel@redhat.com> wrote:
> >
> > On Thu, Feb 09, 2023 at 05:46:15PM +0100, Ard Biesheuvel wrote:
> > > On Thu, 9 Feb 2023 at 11:27, Gerd Hoffmann <kraxel@redhat.com> wrote:
> > > >
> > > > Known problem: the NOOPT builds fail due to PEI becoming too big.
> > > >
> > > > What is the reason for doing these NOOPT builds?
> > >
> > > They are very useful for doing single step debugging with GDB. On ARM,
> > > I use the NOOPT builds fairly regularly.
> >
> > Can LTO be enabled for the NOOPT build?  Or depends that on
> > optimizations being turned on?
> >
>

With the hunk below applied:

FV Space Information
SECFV [63%Full] 212992 (0x34000) total, 135824 (0x21290) used, 77168
(0x12d70) free
PEIFV [59%Full] 917504 (0xe0000) total, 544744 (0x84fe8) used, 372760
(0x5b018) free
DXEFV [53%Full] 13631488 (0xd00000) total, 7300712 (0x6f6668) used,
6330776 (0x609998) free
FVMAIN_COMPACT [40%Full] 3440640 (0x348000) total, 1383832 (0x151d98)
used, 2056808 (0x1f6268) free


Without:

FV Space Information
SECFV [49%Full] 212992 (0x34000) total, 105936 (0x19dd0) used, 107056
(0x1a230) free
PEIFV [62%Full] 917504 (0xe0000) total, 575656 (0x8c8a8) used, 341848
(0x53758) free
DXEFV [56%Full] 13631488 (0xd00000) total, 7652840 (0x74c5e8) used,
5978648 (0x5b3a18) free
FVMAIN_COMPACT [40%Full] 3440640 (0x348000) total, 1376272 (0x150010)
used, 2064368 (0x1f7ff0) free


(without any -D options turned on)


diff --git a/BaseTools/Conf/tools_def.template
b/BaseTools/Conf/tools_def.template
index f77e936c0453..48319fc2e9b4 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -2342,8 +2342,8 @@ RELEASE_GCC5_IA32_DLINK_FLAGS    =
DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
 RELEASE_GCC5_X64_CC_FLAGS        = DEF(GCC5_X64_CC_FLAGS) -flto
-DUSING_LTO -Wno-unused-but-set-variable -Wno-unused-const-variable
 RELEASE_GCC5_X64_DLINK_FLAGS     = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os

-  NOOPT_GCC5_X64_CC_FLAGS        = DEF(GCC5_X64_CC_FLAGS) -O0
-  NOOPT_GCC5_X64_DLINK_FLAGS     = DEF(GCC5_X64_DLINK_FLAGS) -O0
+  NOOPT_GCC5_X64_CC_FLAGS        = DEF(GCC5_X64_CC_FLAGS) -O0 -flto -DUSING_LTO
+  NOOPT_GCC5_X64_DLINK_FLAGS     = DEF(GCC5_X64_DLINK_FLAGS) -O0 -flto

 ##################
 # GCC5 ARM definitions

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
  2023-02-10 13:46       ` Ard Biesheuvel
@ 2023-02-13 11:39         ` Gerd Hoffmann
  2023-02-13 11:45           ` [edk2-devel] " Ard Biesheuvel
  0 siblings, 1 reply; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-13 11:39 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
	Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
	Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel

On Fri, Feb 10, 2023 at 02:46:34PM +0100, Ard Biesheuvel wrote:
> On Fri, 10 Feb 2023 at 14:42, Ard Biesheuvel <ardb@kernel.org> wrote:
> >
> > > Can LTO be enabled for the NOOPT build?  Or depends that on
> > > optimizations being turned on?

Turns out: kind of.  The crypto driver effectively does

	if (fixed.pcd.bit)
		call libcrypt / libopenssl
	else
		throw error

With optimizations turned off altogether gcc will not notice it can
evaluate the PCD config bits at compile time, which in turn leads to
everything being compiled in no matter whenever the features are
enabled or not ...

take care,
  Gerd

>From e0a080ead544813445f731eef137747ff805a5cd Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 13 Feb 2023 10:21:50 +0100
Subject: [PATCH 1/1] CryptoPkg/Driver: enable moderate optimizations for NOOPT
 builds

With optimizations turned off altogether gcc will not evaluate the
(constant) configuration PCDs at compile time (see CALL_BASECRYPTLIB
macro).  Which renders LTO ineffective and leads to huge amounts of
dead code being included in the crypto driver builds.

Turn on optimizations for GCC, lowest level (-O1), to fix this.

FIXME: visual studio needs that too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 CryptoPkg/Driver/CryptoDxe.inf | 3 +++
 CryptoPkg/Driver/CryptoPei.inf | 3 +++
 CryptoPkg/Driver/CryptoSmm.inf | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/CryptoPkg/Driver/CryptoDxe.inf b/CryptoPkg/Driver/CryptoDxe.inf
index 0d08f3a190c8..44921c1fdaa8 100644
--- a/CryptoPkg/Driver/CryptoDxe.inf
+++ b/CryptoPkg/Driver/CryptoDxe.inf
@@ -47,3 +47,6 @@ [Pcd]
 
 [Depex]
   TRUE
+
+[BuildOptions]
+  GCC:NOOPT_*_*_CC_FLAGS = -O1
diff --git a/CryptoPkg/Driver/CryptoPei.inf b/CryptoPkg/Driver/CryptoPei.inf
index dfa1ab58b16f..45704f5f9e42 100644
--- a/CryptoPkg/Driver/CryptoPei.inf
+++ b/CryptoPkg/Driver/CryptoPei.inf
@@ -49,3 +49,6 @@ [Pcd]
 
 [Depex]
   TRUE
+
+[BuildOptions]
+  GCC:NOOPT_*_*_CC_FLAGS = -O1
diff --git a/CryptoPkg/Driver/CryptoSmm.inf b/CryptoPkg/Driver/CryptoSmm.inf
index 9fe8718823d2..906cf06006f4 100644
--- a/CryptoPkg/Driver/CryptoSmm.inf
+++ b/CryptoPkg/Driver/CryptoSmm.inf
@@ -47,3 +47,6 @@ [Pcd]
 
 [Depex]
   TRUE
+
+[BuildOptions]
+  GCC:NOOPT_*_*_CC_FLAGS = -O1
-- 
2.39.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* Re: [edk2-devel] [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
  2023-02-13 11:39         ` Gerd Hoffmann
@ 2023-02-13 11:45           ` Ard Biesheuvel
  0 siblings, 0 replies; 17+ messages in thread
From: Ard Biesheuvel @ 2023-02-13 11:45 UTC (permalink / raw)
  To: devel, kraxel
  Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
	Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
	James Bottomley, Erdem Aktas, Ard Biesheuvel

On Mon, 13 Feb 2023 at 12:39, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Fri, Feb 10, 2023 at 02:46:34PM +0100, Ard Biesheuvel wrote:
> > On Fri, 10 Feb 2023 at 14:42, Ard Biesheuvel <ardb@kernel.org> wrote:
> > >
> > > > Can LTO be enabled for the NOOPT build?  Or depends that on
> > > > optimizations being turned on?
>
> Turns out: kind of.  The crypto driver effectively does
>
>         if (fixed.pcd.bit)
>                 call libcrypt / libopenssl
>         else
>                 throw error
>
> With optimizations turned off altogether gcc will not notice it can
> evaluate the PCD config bits at compile time, which in turn leads to
> everything being compiled in no matter whenever the features are
> enabled or not ...
>
> take care,
>   Gerd
>
> From e0a080ead544813445f731eef137747ff805a5cd Mon Sep 17 00:00:00 2001
> From: Gerd Hoffmann <kraxel@redhat.com>
> Date: Mon, 13 Feb 2023 10:21:50 +0100
> Subject: [PATCH 1/1] CryptoPkg/Driver: enable moderate optimizations for NOOPT
>  builds
>
> With optimizations turned off altogether gcc will not evaluate the
> (constant) configuration PCDs at compile time (see CALL_BASECRYPTLIB
> macro).  Which renders LTO ineffective and leads to huge amounts of
> dead code being included in the crypto driver builds.
>
> Turn on optimizations for GCC, lowest level (-O1), to fix this.
>
> FIXME: visual studio needs that too.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  CryptoPkg/Driver/CryptoDxe.inf | 3 +++
>  CryptoPkg/Driver/CryptoPei.inf | 3 +++
>  CryptoPkg/Driver/CryptoSmm.inf | 3 +++
>  3 files changed, 9 insertions(+)
>
> diff --git a/CryptoPkg/Driver/CryptoDxe.inf b/CryptoPkg/Driver/CryptoDxe.inf
> index 0d08f3a190c8..44921c1fdaa8 100644
> --- a/CryptoPkg/Driver/CryptoDxe.inf
> +++ b/CryptoPkg/Driver/CryptoDxe.inf
> @@ -47,3 +47,6 @@ [Pcd]
>
>  [Depex]
>    TRUE
> +
> +[BuildOptions]
> +  GCC:NOOPT_*_*_CC_FLAGS = -O1

Could we use -Og instead?

> diff --git a/CryptoPkg/Driver/CryptoPei.inf b/CryptoPkg/Driver/CryptoPei.inf
> index dfa1ab58b16f..45704f5f9e42 100644
> --- a/CryptoPkg/Driver/CryptoPei.inf
> +++ b/CryptoPkg/Driver/CryptoPei.inf
> @@ -49,3 +49,6 @@ [Pcd]
>
>  [Depex]
>    TRUE
> +
> +[BuildOptions]
> +  GCC:NOOPT_*_*_CC_FLAGS = -O1
> diff --git a/CryptoPkg/Driver/CryptoSmm.inf b/CryptoPkg/Driver/CryptoSmm.inf
> index 9fe8718823d2..906cf06006f4 100644
> --- a/CryptoPkg/Driver/CryptoSmm.inf
> +++ b/CryptoPkg/Driver/CryptoSmm.inf
> @@ -47,3 +47,6 @@ [Pcd]
>
>  [Depex]
>    TRUE
> +
> +[BuildOptions]
> +  GCC:NOOPT_*_*_CC_FLAGS = -O1
> --
> 2.39.1
>
>
>
> 
>
>

^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2023-02-13 11:45 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 01/10] CryptoPkg: move Driver PCD configs to include files Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 02/10] CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 03/10] CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 04/10] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 05/10] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 06/10] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 07/10] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 08/10] OvmfPkg: Microvm: " Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 09/10] OvmfPkg: IntelTdx: " Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 10/10] OvmfPkg: AmdSev: " Gerd Hoffmann
2023-02-09 16:46 ` [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Ard Biesheuvel
2023-02-10  8:41   ` Gerd Hoffmann
2023-02-10 13:42     ` Ard Biesheuvel
2023-02-10 13:46       ` Ard Biesheuvel
2023-02-13 11:39         ` Gerd Hoffmann
2023-02-13 11:45           ` [edk2-devel] " Ard Biesheuvel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox