From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web10.14911.1679043720870874677
 for <devel@edk2.groups.io>;
 Fri, 17 Mar 2023 02:02:00 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=g38vfkkQ;
 spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: wenxing.hou@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1679043720; x=1710579720;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=dfelaO4Ria3C7Hzg7QNhDZa32p57qwvHxQSKYFOxPyQ=;
  b=g38vfkkQjeyDxCNl6DSky22NbmAxNFBrqU4drw7amFtzCEyOVyshYLbk
   Th/tCWGsNTsXstk/BMs9cxWn1TvnQL6tFmIw8dYxLHyK7rbjdpDqoXWLT
   PBowswY2gNt7/aJIVcYQBsZeHjYlh5Qtkn1OvYb7tY+3dbo8mgqM2Q3h/
   w58YCo7Ls/ZPn5Ww/GIlGFr/q/WbEyMI1mP1AIxrKd/JI5ShXuJ8CB0D2
   AU8ZBmZgub1bVKST+whIr/5M2cdwcVeow/kvM7JLFZrkdNL4tn1MfPrI9
   bbQ7qSAmCewBp3yVA1wexZ8bLJH9ptwfVHo3/Vwxj2hyIEekmfEOCvccC
   g==;
X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="317871116"
X-IronPort-AV: E=Sophos;i="5.98,268,1673942400"; 
   d="scan'208";a="317871116"
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2023 02:02:00 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="926066801"
X-IronPort-AV: E=Sophos;i="5.98,268,1673942400"; 
   d="scan'208";a="926066801"
Received: from shwdejointd777.ccr.corp.intel.com ([10.239.157.39])
  by fmsmga006.fm.intel.com with ESMTP; 17 Mar 2023 02:01:59 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Wenxing Hou <wenxing.hou@intel.com>
Subject: [edk2-staging/OpenSSL11_EOL PATCH 1/7] Update ReadmeMbedtls
Date: Fri, 17 Mar 2023 17:00:47 +0800
Message-Id: <20230317090053.1895-2-wenxing.hou@intel.com>
X-Mailer: git-send-email 2.26.2.windows.1
In-Reply-To: <20230317090053.1895-1-wenxing.hou@intel.com>
References: <20230317090053.1895-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 CryptoPkg/ReadmeMbedtls.md | 55 +++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 19 deletions(-)

diff --git a/CryptoPkg/ReadmeMbedtls.md b/CryptoPkg/ReadmeMbedtls.md
index 4b5a132fd0..39fc93028c 100644
--- a/CryptoPkg/ReadmeMbedtls.md
+++ b/CryptoPkg/ReadmeMbedtls.md
@@ -1,21 +1,18 @@
 # CryptoMbedTlsPkg(enable mbedtls for EDKII POC)=0D
 =0D
-## background=0D
+## Overview=0D
 This POC is to explore mbedtls as a smaller alternative to OpenSSL.=0D
 =0D
-## MbedTLS version=0D
-Depend on Mbedtls 3.3.0.=0D
-=0D
-## MbedTLS and OpenSSL CryptoPkg size compare=0D
+### MbedTLS and OpenSSL CryptoPkg size compare=0D
 =0D
-|  Driver  | OpenSSL  | OpenSSL(no SM3 and Pkcs7) | MbedTLS |=0D
-|  ----  | ----  | ----  | ----  |=0D
-|  PEI  | 387Kb  | 387kb  | 162kb |=0D
-|  PeiPreMem  | 31Kb  | WIP  | WIP |=0D
-|  DXE  | 804Kb  | WIP  | WIP |=0D
-|  SMM  | 558Kb  | WIP  | WIP |=0D
+|  Driver  | OpenSSL  |  MbedTLS |=0D
+|  ----  | ----  | ----  |=0D
+|  PEI  | 387Kb  | 162Kb |=0D
+|  PeiPreMem  | 31Kb  | 58Kb |=0D
+|  DXE  | 804Kb  | 457Kb  |=0D
+|  SMM  | 558Kb  | 444Kb  |=0D
 =0D
-## Current enabling status=0D
+### Current enabling status=0D
 =0D
 |  FILE  | Build Pass  | Test Pass |=0D
 |  ----  | ----  | ----  |=0D
@@ -33,24 +30,44 @@ Depend on Mbedtls 3.3.0.
 | Pem/CryptPem.c  | YES | YES |=0D
 | Pk/CryptAuthenticode.c  | WIP | WIP |=0D
 | Pk/CryptDh.c  | YES | YES |=0D
-| Pk/CryptEc.c  | WIP | WIP |=0D
+| Pk/CryptEc.c  | YES | YES |=0D
 | Pk/CryptPkcs1Oaep.c  | YES | YES |=0D
 | Pk/CryptPkcs5Pbkdf2.c  | YES | YES |=0D
 | Pk/CryptPkcs7Sign.c  | YES | YES |=0D
-| Pk/CryptPkcs7VerifyBase.c  | YES | WIP |=0D
-| Pk/CryptPkcs7VerifyCommon.c  | YES | WIP |=0D
+| Pk/CryptPkcs7VerifyBase.c  | YES | YES |=0D
+| Pk/CryptPkcs7VerifyCommon.c  | YES | YES |=0D
 | Pk/CryptPkcs7VerifyEku.c  | YES | WIP |=0D
 | Pk/CryptPkcs7VerifyEkuRuntime.c  | YES | YES |=0D
 | Pk/CryptPkcs7VerifyRuntime.c  | YES | YES |=0D
 | Pk/CryptRsaBasic.c  | YES | YES |=0D
 | Pk/CryptRsaExt.c  | YES | YES |=0D
-| Pk/CryptTs.c  | YES | YES |=0D
-| Pk/CryptX509.c  | WIP | WIP |=0D
-=0D
+| Pk/CryptTs.c  | YES | WIP |=0D
+| Pk/CryptX509.c  | YES | YES |=0D
 =0D
 ## Build command=0D
 =0D
    ```=0D
    edksetup.bat Rebuild VS2019=0D
    build -a X64 -p CryptoPkg/CryptoPkgMbedTls.dsc -DCRYPTO_IMG_TYPE=3DPEI_=
DEFAULT -t VS2019=0D
-   ```
\ No newline at end of file
+   ```=0D
+## Risk=0D
+=0D
+|  Risk  | Soluton  | Time required |=0D
+|  ----  | ----  | ----  |=0D
+| SM3 and SHA3 are missing in Mbedtls  | Wait Mbedtls enable SM3 and SHA3 =
| Unkown |=0D
+| Following API implementation is WIP  | Implement API | 2 weeks |=0D
+=0D
+### API need to complete=0D
+|  API  | Time required |=0D
+|  ----  | ----  |=0D
+| VerifyEKUsInPkcs7Signature  | 3 days |=0D
+| AuthenticodeVerify  | 3 days |=0D
+| EcPointSetCompressedCoordinates  | 2 days |=0D
+| ImageTimestampVerify  | 3 days |=0D
+=0D
+## Timeline=0D
+Target for 2023 Q1=0D
+## Owner=0D
+The branch owner: Wenxing Hou <wenxing.hou@intel.com>  =0D
+## MbedTls Version=0D
+Depend on Mbedtls 3.3.0.=0D
--=20
2.26.2.windows.1