[edk2-staging/OpenSSL11_EOL PATCH 1/7] Update ReadmeMbedtls

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Wenxing Hou <wenxing.hou@intel.com>
Subject: [edk2-staging/OpenSSL11_EOL PATCH 1/7] Update ReadmeMbedtls
Date: Fri, 17 Mar 2023 17:00:47 +0800	[thread overview]
Message-ID: <20230317090053.1895-2-wenxing.hou@intel.com> (raw)
In-Reply-To: <20230317090053.1895-1-wenxing.hou@intel.com>

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 CryptoPkg/ReadmeMbedtls.md | 55 +++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 19 deletions(-)

diff --git a/CryptoPkg/ReadmeMbedtls.md b/CryptoPkg/ReadmeMbedtls.md
index 4b5a132fd0..39fc93028c 100644
--- a/CryptoPkg/ReadmeMbedtls.md
+++ b/CryptoPkg/ReadmeMbedtls.md
@@ -1,21 +1,18 @@
 # CryptoMbedTlsPkg(enable mbedtls for EDKII POC)
 
-## background
+## Overview
 This POC is to explore mbedtls as a smaller alternative to OpenSSL.
 
-## MbedTLS version
-Depend on Mbedtls 3.3.0.
-
-## MbedTLS and OpenSSL CryptoPkg size compare
+### MbedTLS and OpenSSL CryptoPkg size compare
 
-|  Driver  | OpenSSL  | OpenSSL(no SM3 and Pkcs7) | MbedTLS |
-|  ----  | ----  | ----  | ----  |
-|  PEI  | 387Kb  | 387kb  | 162kb |
-|  PeiPreMem  | 31Kb  | WIP  | WIP |
-|  DXE  | 804Kb  | WIP  | WIP |
-|  SMM  | 558Kb  | WIP  | WIP |
+|  Driver  | OpenSSL  |  MbedTLS |
+|  ----  | ----  | ----  |
+|  PEI  | 387Kb  | 162Kb |
+|  PeiPreMem  | 31Kb  | 58Kb |
+|  DXE  | 804Kb  | 457Kb  |
+|  SMM  | 558Kb  | 444Kb  |
 
-## Current enabling status
+### Current enabling status
 
 |  FILE  | Build Pass  | Test Pass |
 |  ----  | ----  | ----  |
@@ -33,24 +30,44 @@ Depend on Mbedtls 3.3.0.
 | Pem/CryptPem.c  | YES | YES |
 | Pk/CryptAuthenticode.c  | WIP | WIP |
 | Pk/CryptDh.c  | YES | YES |
-| Pk/CryptEc.c  | WIP | WIP |
+| Pk/CryptEc.c  | YES | YES |
 | Pk/CryptPkcs1Oaep.c  | YES | YES |
 | Pk/CryptPkcs5Pbkdf2.c  | YES | YES |
 | Pk/CryptPkcs7Sign.c  | YES | YES |
-| Pk/CryptPkcs7VerifyBase.c  | YES | WIP |
-| Pk/CryptPkcs7VerifyCommon.c  | YES | WIP |
+| Pk/CryptPkcs7VerifyBase.c  | YES | YES |
+| Pk/CryptPkcs7VerifyCommon.c  | YES | YES |
 | Pk/CryptPkcs7VerifyEku.c  | YES | WIP |
 | Pk/CryptPkcs7VerifyEkuRuntime.c  | YES | YES |
 | Pk/CryptPkcs7VerifyRuntime.c  | YES | YES |
 | Pk/CryptRsaBasic.c  | YES | YES |
 | Pk/CryptRsaExt.c  | YES | YES |
-| Pk/CryptTs.c  | YES | YES |
-| Pk/CryptX509.c  | WIP | WIP |
-
+| Pk/CryptTs.c  | YES | WIP |
+| Pk/CryptX509.c  | YES | YES |
 
 ## Build command
 
    ```
    edksetup.bat Rebuild VS2019
    build -a X64 -p CryptoPkg/CryptoPkgMbedTls.dsc -DCRYPTO_IMG_TYPE=PEI_DEFAULT -t VS2019
-   ```
\ No newline at end of file
+   ```
+## Risk
+
+|  Risk  | Soluton  | Time required |
+|  ----  | ----  | ----  |
+| SM3 and SHA3 are missing in Mbedtls  | Wait Mbedtls enable SM3 and SHA3 | Unkown |
+| Following API implementation is WIP  | Implement API | 2 weeks |
+
+### API need to complete
+|  API  | Time required |
+|  ----  | ----  |
+| VerifyEKUsInPkcs7Signature  | 3 days |
+| AuthenticodeVerify  | 3 days |
+| EcPointSetCompressedCoordinates  | 2 days |
+| ImageTimestampVerify  | 3 days |
+
+## Timeline
+Target for 2023 Q1
+## Owner
+The branch owner: Wenxing Hou <wenxing.hou@intel.com>  
+## MbedTls Version
+Depend on Mbedtls 3.3.0.
-- 
2.26.2.windows.1

next prev parent reply	other threads:[~2023-03-17  9:02 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-17  9:00 [edk2-staging/OpenSSL11_EOL PATCH 0/7] Enable MbedTLS for CryptoPkg update Mar 17 Wenxing Hou
2023-03-17  9:00 ` Wenxing Hou [this message]
2023-03-17  9:00 ` [edk2-staging/OpenSSL11_EOL PATCH 2/7] Clear unnecessary API in DH Wenxing Hou
2023-03-17  9:00 ` [edk2-staging/OpenSSL11_EOL PATCH 3/7] Make all BaseCryptLibMbedTls inf files consistent with BaseCryptLib Wenxing Hou
2023-03-17  9:00 ` [edk2-staging/OpenSSL11_EOL PATCH 4/7] Update Pkcs7 api based on MbedTlsLib for CryptoPkg Wenxing Hou
2023-03-17  9:00 ` [edk2-staging/OpenSSL11_EOL PATCH 5/7] Update EC " Wenxing Hou
2023-03-17  9:00 ` [edk2-staging/OpenSSL11_EOL PATCH 6/7] Update X509 " Wenxing Hou
2023-03-17  9:00 ` [edk2-staging/OpenSSL11_EOL PATCH 7/7] Clean SysCall api by adding platform_util.c Wenxing Hou

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4b5a132fd dfblob:39fc93028 )
 OR (
bs:"[edk2-staging/OpenSSL11_EOL PATCH 1/7] Update ReadmeMbedtls" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230317090053.1895-2-wenxing.hou@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox