public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>, Yi Li <yi1.li@intel.com>,
	Xiaoyu Lu <xiaoyu1.lu@intel.com>,
	Guomin Jiang <guomin.jiang@intel.com>
Subject: [edk2-devel] [PATCH v2 06/10] CryptoPkg: Add all .inf files for BaseCryptLibMbedTls
Date: Sat,  2 Sep 2023 22:16:23 +0800	[thread overview]
Message-ID: <20230902141627.3178-7-wenxing.hou@intel.com> (raw)
In-Reply-To: <20230902141627.3178-1-wenxing.hou@intel.com>

Add .inf files and other support files.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 CryptoPkg/CryptoPkg.dec                       |   4 +
 CryptoPkg/CryptoPkgMbedTls.dsc                | 280 +++++++++++
 .../BaseCryptLibMbedTls/BaseCryptLib.inf      |  81 +++
 .../BaseCryptLibMbedTls/PeiCryptLib.inf       | 101 ++++
 .../BaseCryptLibMbedTls/PeiCryptLib.uni       |  25 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |  92 ++++
 .../BaseCryptLibMbedTls/RuntimeCryptLib.uni   |  22 +
 .../BaseCryptLibMbedTls/SecCryptLib.inf       |  84 ++++
 .../BaseCryptLibMbedTls/SecCryptLib.uni       |  17 +
 .../BaseCryptLibMbedTls/SmmCryptLib.inf       |  92 ++++
 .../BaseCryptLibMbedTls/SmmCryptLib.uni       |  22 +
 .../SysCall/ConstantTimeClock.c               |  75 +++
 .../BaseCryptLibMbedTls/SysCall/CrtWrapper.c  |  58 +++
 .../SysCall/RuntimeMemAllocation.c            | 462 ++++++++++++++++++
 .../SysCall/TimerWrapper.c                    | 198 ++++++++
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |  78 +++
 16 files changed, 1691 insertions(+)
 create mode 100644 CryptoPkg/CryptoPkgMbedTls.dsc
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 0c7d16109b..a5fa81a338 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -27,6 +27,10 @@
   Library/OpensslLib/openssl/providers/implementations/include
   Library/OpensslLib/OpensslGen/include
   Library/OpensslLib/OpensslGen/providers/common/include
+  Library/MbedTlsLib/Include
+  Library/MbedTlsLib/mbedtls
+  Library/MbedTlsLib/mbedtls/include
+  Library/MbedTlsLib/mbedtls/include/mbedtls
 
 [LibraryClasses]
   ##  @libraryclass  Provides basic library functions for cryptographic primitives.
diff --git a/CryptoPkg/CryptoPkgMbedTls.dsc b/CryptoPkg/CryptoPkgMbedTls.dsc
new file mode 100644
index 0000000000..5d0ae6ff3f
--- /dev/null
+++ b/CryptoPkg/CryptoPkgMbedTls.dsc
@@ -0,0 +1,280 @@
+## @file
+#  Cryptographic Library Package for UEFI Security Implementation.
+#  PEIM, DXE Driver, and SMM Driver with all crypto services enabled.
+#
+#  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+################################################################################
+#
+# Defines Section - statements that will be processed to create a Makefile.
+#
+################################################################################
+[Defines]
+  PLATFORM_NAME                  = CryptoPkg
+  PLATFORM_GUID                  = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6
+  PLATFORM_VERSION               = 0.98
+  DSC_SPECIFICATION              = 0x00010005
+  OUTPUT_DIRECTORY               = Build/CryptoPkgMbed
+  SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64|RISCV64
+  BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
+  SKUID_IDENTIFIER               = DEFAULT
+
+!ifndef CRYPTO_IMG_TYPE
+  DEFINE CRYPTO_IMG_TYPE         = DXE_SMM
+!endif
+
+!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM DXE_SMM"
+!else
+  !error CRYPTO_IMG_TYPE must be set to one of PEI_DEFAULT PEI_PREMEM DXE_SMM.
+!endif
+
+################################################################################
+#
+# Library Class section - list of all Library Classes needed by this Platform.
+#
+################################################################################
+
+!include MdePkg/MdeLibs.dsc.inc
+[LibraryClasses]
+  BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
+  BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+  DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
+  UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+  UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+  SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
+  #
+  # It is not possible to prevent the ARM compiler for generic intrinsic functions.
+  # This library provides the instrinsic functions generate by a given compiler.
+  # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this library
+  # into all ARM and AARCH64 images.
+  #
+  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
+
+  # Add support for stack protector
+  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
+
+[LibraryClasses.common.PEIM]
+  PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
+  MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
+  PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
+  PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
+  HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+  SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
+  MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
+  MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
+  SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+
+[LibraryClasses]
+  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+  DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
+  DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
+  OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
+  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+  DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
+  UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
+  IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
+  MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+
+[LibraryClasses.ARM]
+  ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
+
+[LibraryClasses.common.PEIM]
+  PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+
+[LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM]
+  PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
+
+[LibraryClasses.ARM.PEIM, LibraryClasses.AARCH64.PEIM]
+  PeiServicesTablePointerLib|ArmPkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
+
+[LibraryClasses.common.DXE_DRIVER]
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+  ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+
+################################################################################
+#
+# Pcd Section - list of all EDK II PCD Entries defined by this Platform
+#
+################################################################################
+[PcdsFixedAtBuild]
+  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x0f
+  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000
+  gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
+
+!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family         | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!endif
+
+!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT"
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New                     | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free                    | TRUE
+
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.GetContextSize         | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.Init                   | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.Update                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Services.Final                  | TRUE
+
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.GetContextSize       | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Init                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Update               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Final                | TRUE
+
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.GetContextSize       | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Init                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Update               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Final                | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.HashAll              | TRUE
+
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.GetContextSize          | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Init                    | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Update                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Final                   | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.HashAll                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Services.Duplicate               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.New              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Free             | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.SetKey           | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Duplicate        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Update           | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Services.Final            | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services.Sha256ExtractAndExpand | TRUE
+!endif
+
+!if $(CRYPTO_IMG_TYPE) IN "PEI_PREMEM"
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.GetContextSize       | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Init                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Update               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.Final                | TRUE
+
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.GetContextSize       | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Init                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Update               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.Final                | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Services.HashAll              | TRUE
+
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.GetContextSize       | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.Init                 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.Update               | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Services.Final                | TRUE
+!endif
+
+###################################################################################################
+#
+# Components Section - list of the modules and components that will be processed by compilation
+#                      tools and the EDK II tools to generate PE32/PE32+/Coff image files.
+#
+# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
+#       into firmware volume images. This section is just a list of modules to compile from
+#       source into UEFI-compliant binaries.
+#       It is the FDF file that contains information on combining binary files into firmware
+#       volume images, whose concept is beyond UEFI and is described in PI specification.
+#       Binary modules do not need to be listed in this section, as they should be
+#       specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
+#       Logo (Logo.bmp), and etc.
+#       There may also be modules listed in this section that are not required in the FDF file,
+#       When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
+#       generated for it, but the binary will not be put into any firmware volume.
+#
+###################################################################################################
+
+!if $(CRYPTO_IMG_TYPE) IN "PEI_DEFAULT PEI_PREMEM"
+[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
+  CryptoPkg/Driver/CryptoPei.inf {
+    <Defines>
+      !if "$(CRYPTO_SERVICES)" == "ALL"
+        FILE_GUID = 8DF53C2E-3380-495F-A8B7-370CFE28E1C6
+      !elseif "$(CRYPTO_SERVICES)" == "NONE"
+        FILE_GUID = E5A97EE3-71CC-407F-9DA9-6BE0C8A6C7DF
+      !elseif "$(CRYPTO_SERVICES)" == "MIN_PEI"
+        FILE_GUID = 0F5827A9-35FD-4F41-8D38-9BAFCE594D31
+      !endif
+  }
+!endif
+
+!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"
+[Components.IA32, Components.X64, Components.AARCH64]
+  CryptoPkg/Driver/CryptoDxe.inf {
+    <Defines>
+      !if "$(CRYPTO_SERVICES)" == "ALL"
+        FILE_GUID = D9444B06-060D-42C5-9344-F04707BE0169
+      !elseif "$(CRYPTO_SERVICES)" == "NONE"
+        FILE_GUID = C7A340F4-A6CC-4F95-A2DA-42BEA4C3944A
+      !elseif "$(CRYPTO_SERVICES)" == MIN_DXE_MIN_SMM
+        FILE_GUID = DDF5BE9E-159A-4B77-B6D7-82B84B5763A2
+      !endif
+  }
+
+[Components.IA32, Components.X64]
+  CryptoPkg/Driver/CryptoSmm.inf {
+    <Defines>
+      !if "$(CRYPTO_SERVICES)" == "ALL"
+        FILE_GUID = A3542CE8-77F7-49DC-A834-45D37D2EC1FA
+      !elseif "$(CRYPTO_SERVICES)" == "NONE"
+        FILE_GUID = 6DCB3127-01E7-4131-A487-DC77A965A541
+      !elseif "$(CRYPTO_SERVICES)" == MIN_DXE_MIN_SMM
+        FILE_GUID = 85F7EA15-3A2B-474A-8875-180542CD6BF3
+      !endif
+  }
+!endif
+
+[BuildOptions]
+  *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
+  MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
+  INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
+  GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
+  RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
+!if $(CRYPTO_IMG_TYPE) IN "DXE_SMM"
+  MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096
+  GCC:*_GCC*_*_DLINK_FLAGS = -z common-page-size=0x1000
+!endif
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
new file mode 100644
index 0000000000..697310e9c7
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
@@ -0,0 +1,81 @@
+## @file
+#  Cryptographic Library Instance for DXE_DRIVER.
+#
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BaseCryptLib
+  FILE_GUID                      = 693C5308-AF95-4CE5-ADE9-CA011C2FC642
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+  InternalCryptLib.h
+  Hash/CryptSha256.c
+  Hash/CryptSha512.c
+  Hash/CryptParallelHashNull.c
+  Hash/CryptSm3Null.c
+  Hash/CryptMd5.c
+  Hash/CryptSha1.c
+  Hmac/CryptHmac.c
+  Kdf/CryptHkdf.c
+  Pk/CryptRsaBasic.c
+  Pk/CryptRsaExt.c
+  Pk/CryptRsaPss.c
+  Pk/CryptRsaPssSign.c
+  Bn/CryptBnNull.c
+  Cipher/CryptAeadAesGcmNull.c
+  Cipher/CryptAesNull.c
+  Pem/CryptPemNull.c
+  Pk/CryptDhNull.c
+  Pk/CryptEcNull.c
+  Pk/CryptPkcs1OaepNull.c
+  Pk/CryptPkcs5Pbkdf2Null.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7VerifyNull.c
+  Pk/CryptPkcs7VerifyEkuNull.c
+  Pk/CryptX509Null.c
+  Pk/CryptAuthenticodeNull.c
+  Pk/CryptTsNull.c
+  Rand/CryptRandNull.c
+  SysCall/CrtWrapper.c
+  SysCall/TimerWrapper.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  MemoryAllocationLib
+  UefiRuntimeServicesTableLib
+  DebugLib
+  MbedTlsLib
+  PrintLib
+  IntrinsicLib
+  RngLib
+  SynchronizationLib
+[Protocols]
+  gEfiMpServiceProtocolGuid
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+  MSFT:*_*_*_CC_FLAGS = /GL-
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
new file mode 100644
index 0000000000..74025e29cd
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
@@ -0,0 +1,101 @@
+## @file
+#  Cryptographic Library Instance for PEIM.
+#
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Note:
+#  HMAC-SHA256 functions, AES functions, RSA external
+#  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
+#  certificate handler functions, authenticode signature verification functions,
+#  PEM handler functions, and pseudorandom number generator functions are not
+#  supported in this instance.
+#
+#  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PeiCryptLib
+  MODULE_UNI_FILE                = PeiCryptLib.uni
+  FILE_GUID                      = 91E0A3C3-37A7-4AEE-8689-C5B0AD2C8E63
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BaseCryptLib|PEIM PEI_CORE
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  InternalCryptLib.h
+  Hash/CryptMd5.c
+  Hash/CryptSha1.c
+  Hash/CryptSha256.c
+  Hash/CryptSm3Null.c
+  Hash/CryptSha512.c
+  Hash/CryptParallelHashNull.c
+  Hmac/CryptHmac.c
+  Kdf/CryptHkdf.c
+  Pk/CryptRsaBasic.c
+  Pk/CryptRsaExtNull.c
+  Pk/CryptRsaPss.c
+  Pk/CryptRsaPssSignNull.c
+  Bn/CryptBnNull.c
+  Cipher/CryptAeadAesGcmNull.c
+  Cipher/CryptAesNull.c
+  Pem/CryptPemNull.c
+  Pk/CryptDhNull.c
+  Pk/CryptEcNull.c
+  Pk/CryptPkcs1OaepNull.c
+  Pk/CryptPkcs5Pbkdf2Null.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7VerifyNull.c
+  Pk/CryptPkcs7VerifyEkuNull.c
+  Pk/CryptX509Null.c
+  Pk/CryptAuthenticodeNull.c
+  Pk/CryptTsNull.c
+  Rand/CryptRandNull.c
+  SysCall/CrtWrapper.c
+  SysCall/ConstantTimeClock.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  MemoryAllocationLib
+  DebugLib
+  MbedTlsLib
+  IntrinsicLib
+  PrintLib
+  PeiServicesTablePointerLib
+  PeiServicesLib
+  SynchronizationLib
+
+[Ppis]
+  gEfiPeiMpServicesPpiGuid
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+  #
+  # suppress the following warnings so we do not break the build with warnings-as-errors:
+  # C4090: 'function' : different 'const' qualifiers
+  # C4718: 'function call' : recursive call has no side effects, deleting
+  #
+  MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718
+
+  GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+  GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
+
+  XCODE:*_*_*_CC_FLAGS = -std=c99
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
new file mode 100644
index 0000000000..3a6845642d
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
@@ -0,0 +1,25 @@
+// /** @file
+// Cryptographic Library Instance for PEIM.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - signature.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Note: AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
+// signature verification functions, PEM handler functions, and pseudorandom number
+// generator functions are not supported in this instance.
+//
+// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for PEIM"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
new file mode 100644
index 0000000000..11b49fe32a
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
@@ -0,0 +1,92 @@
+## @file
+#  Cryptographic Library Instance for DXE_RUNTIME_DRIVER.
+#
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Note: SHA-384 Digest functions, SHA-512 Digest functions,
+#  HMAC-SHA256 functions, AES functions, RSA external
+#  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+#  authenticode signature verification functions are not supported in this instance.
+#
+#  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = RuntimeCryptLib
+  MODULE_UNI_FILE                = RuntimeCryptLib.uni
+  FILE_GUID                      = D263B580-D9FC-4DC4-B445-578AAEFF530E
+  MODULE_TYPE                    = DXE_RUNTIME_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BaseCryptLib|DXE_RUNTIME_DRIVER
+  CONSTRUCTOR                    = RuntimeCryptLibConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+  InternalCryptLib.h
+  Hash/CryptMd5.c
+  Hash/CryptSha1.c
+  Hash/CryptSha256.c
+  Hash/CryptSm3Null.c
+  Hash/CryptSha512.c
+  Hash/CryptParallelHashNull.c
+  Hmac/CryptHmac.c
+  Kdf/CryptHkdf.c
+  Pk/CryptRsaBasic.c
+  Pk/CryptRsaExtNull.c
+  Pk/CryptRsaPssNull.c
+  Pk/CryptRsaPssSignNull.c
+  Bn/CryptBnNull.c
+  Cipher/CryptAeadAesGcmNull.c
+  Cipher/CryptAesNull.c
+  Pem/CryptPemNull.c
+  Pk/CryptDhNull.c
+  Pk/CryptEcNull.c
+  Pk/CryptPkcs1OaepNull.c
+  Pk/CryptPkcs5Pbkdf2Null.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7VerifyNull.c
+  Pk/CryptPkcs7VerifyEkuNull.c
+  Pk/CryptX509Null.c
+  Pk/CryptAuthenticodeNull.c
+  Pk/CryptTsNull.c
+  Rand/CryptRandNull.c
+  SysCall/CrtWrapper.c
+  SysCall/TimerWrapper.c
+  SysCall/RuntimeMemAllocation.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  UefiRuntimeServicesTableLib
+  DebugLib
+  MbedTlsLib
+  IntrinsicLib
+  PrintLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+  #
+  # suppress the following warnings so we do not break the build with warnings-as-errors:
+  #
+  GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+  GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
+
+  XCODE:*_*_*_CC_FLAGS = -std=c99
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
new file mode 100644
index 0000000000..b2a2f5ff21
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
@@ -0,0 +1,22 @@
+// /** @file
+// Cryptographic Library Instance for DXE_RUNTIME_DRIVER.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - signature.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Note: AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Diffie-Hellman functions, and authenticode signature verification functions are
+// not supported in this instance.
+//
+// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
new file mode 100644
index 0000000000..8a8e4e7c51
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
@@ -0,0 +1,84 @@
+## @file
+#  Cryptographic Library Instance for SEC.
+#
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = SecCryptLib
+  MODULE_UNI_FILE                = SecCryptLib.uni
+  FILE_GUID                      = 894C367F-254A-4563-8624-798D46EAD796
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BaseCryptLib|SEC
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  InternalCryptLib.h
+  Hash/CryptSha512.c
+
+  Hash/CryptMd5Null.c
+  Hash/CryptSha1Null.c
+  Hash/CryptSha256Null.c
+  Hash/CryptSm3Null.c
+  Hash/CryptParallelHashNull.c
+  Hmac/CryptHmacNull.c
+  Kdf/CryptHkdfNull.c
+  Pk/CryptRsaBasicNull.c
+  Pk/CryptRsaExtNull.c
+  Bn/CryptBnNull.c
+  Cipher/CryptAeadAesGcmNull.c
+  Cipher/CryptAesNull.c
+  Pem/CryptPemNull.c
+  Pk/CryptDhNull.c
+  Pk/CryptEcNull.c
+  Pk/CryptPkcs1OaepNull.c
+  Pk/CryptPkcs5Pbkdf2Null.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7VerifyNull.c
+  Pk/CryptPkcs7VerifyEkuNull.c
+  Pk/CryptX509Null.c
+  Pk/CryptAuthenticodeNull.c
+  Pk/CryptTsNull.c
+  Rand/CryptRandNull.c
+  SysCall/CrtWrapper.c
+  SysCall/ConstantTimeClock.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  MemoryAllocationLib
+  DebugLib
+  MbedTlsLib
+  IntrinsicLib
+  PrintLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+  #
+  # suppress the following warnings so we do not break the build with warnings-as-errors:
+  #
+  GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+  GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
+
+  XCODE:*_*_*_CC_FLAGS = -std=c99
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
new file mode 100644
index 0000000000..be2fc4067f
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
@@ -0,0 +1,17 @@
+// /** @file
+// Cryptographic Library Instance for SEC driver.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - signature.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for SEC driver"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
new file mode 100644
index 0000000000..d8c2a60fec
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
@@ -0,0 +1,92 @@
+## @file
+#  Cryptographic Library Instance for SMM driver.
+#
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Note: SHA-384 Digest functions, SHA-512 Digest functions,
+#  RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+#  authenticode signature verification functions are not supported in this instance.
+#
+#  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = SmmCryptLib
+  MODULE_UNI_FILE                = SmmCryptLib.uni
+  FILE_GUID                      = CF104633-9901-4504-AD7A-91690926A253
+  MODULE_TYPE                    = DXE_SMM_DRIVER
+  VERSION_STRING                 = 1.0
+  PI_SPECIFICATION_VERSION       = 0x0001000A
+  LIBRARY_CLASS                  = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE MM_STANDALONE
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+  InternalCryptLib.h
+  Hash/CryptMd5.c
+  Hash/CryptSha1.c
+  Hash/CryptSha256.c
+  Hash/CryptSm3Null.c
+  Hash/CryptSha512.c
+  Hash/CryptParallelHashNull.c
+  Hmac/CryptHmac.c
+  Kdf/CryptHkdf.c
+  Pk/CryptRsaBasic.c
+  Pk/CryptRsaExtNull.c
+  Pk/CryptRsaPss.c
+  Pk/CryptRsaPssSignNull.c
+  Bn/CryptBnNull.c
+  Cipher/CryptAeadAesGcmNull.c
+  Cipher/CryptAesNull.c
+  Pem/CryptPemNull.c
+  Pk/CryptDhNull.c
+  Pk/CryptEcNull.c
+  Pk/CryptPkcs1OaepNull.c
+  Pk/CryptPkcs5Pbkdf2Null.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7VerifyNull.c
+  Pk/CryptPkcs7VerifyEkuNull.c
+  Pk/CryptX509Null.c
+  Pk/CryptAuthenticodeNull.c
+  Pk/CryptTsNull.c
+  Rand/CryptRandNull.c
+  SysCall/CrtWrapper.c
+  SysCall/ConstantTimeClock.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  MemoryAllocationLib
+  MbedTlsLib
+  IntrinsicLib
+  PrintLib
+  MmServicesTableLib
+  SynchronizationLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+  #
+  # suppress the following warnings so we do not break the build with warnings-as-errors:
+  #
+
+  XCODE:*_*_*_CC_FLAGS = -mmmx -msse -std=c99
+
+  GCC:*_CLANG35_*_CC_FLAGS = -std=c99
+  GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+  GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
new file mode 100644
index 0000000000..13948c2f3d
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
@@ -0,0 +1,22 @@
+// /** @file
+// Cryptographic Library Instance for SMM driver.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - signature.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Note: AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Diffie-Hellman functions, and authenticode signature verification functions are
+// not supported in this instance.
+//
+// Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for SMM driver"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
new file mode 100644
index 0000000000..2ec13ef9d0
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
@@ -0,0 +1,75 @@
+/** @file
+  C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation
+  for MbedTLS-based Cryptographic Library.
+
+  This C file implements constant time value for time() and NULL for gmtime()
+  thus should not be used in library instances which require functionality
+  of following APIs which need system time support:
+  1)  RsaGenerateKey
+  2)  RsaCheckKey
+  3)  RsaPkcs1Sign
+  4)  Pkcs7Sign
+  5)  DhGenerateParameter
+  6)  DhGenerateKey
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/BaseMemoryLib.h>
+
+typedef int time_t;
+
+//
+// Structures Definitions
+//
+struct tm {
+  int     tm_sec;    /* seconds after the minute [0-60] */
+  int     tm_min;    /* minutes after the hour [0-59] */
+  int     tm_hour;   /* hours since midnight [0-23] */
+  int     tm_mday;   /* day of the month [1-31] */
+  int     tm_mon;    /* months since January [0-11] */
+  int     tm_year;   /* years since 1900 */
+  int     tm_wday;   /* days since Sunday [0-6] */
+  int     tm_yday;   /* days since January 1 [0-365] */
+  int     tm_isdst;  /* Daylight Savings Time flag */
+  long    tm_gmtoff; /* offset from CUT in seconds */
+  char    *tm_zone;  /* timezone abbreviation */
+};
+
+//
+// -- Time Management Routines --
+//
+
+/**time function. **/
+time_t
+time (
+  time_t  *timer
+  )
+{
+  if (timer != NULL) {
+    *timer = 0;
+  }
+
+  return 0;
+}
+
+/**gmtime function. **/
+struct tm *
+gmtime (
+  const time_t  *timer
+  )
+{
+  return NULL;
+}
+
+/**_time64 function. **/
+time_t
+_time64 (
+  time_t  *t
+  )
+{
+  return time (t);
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
new file mode 100644
index 0000000000..f1d9b9c35c
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
@@ -0,0 +1,58 @@
+/** @file
+  C Run-Time Libraries (CRT) Wrapper Implementation for MbedTLS-based
+  Cryptographic Library.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <stdio.h>
+
+/**dummy mbedtls_printf function. **/
+int
+mbedtls_printf (
+  char const  *fmt,
+  ...
+  )
+{
+  ASSERT (FALSE);
+  return 0;
+}
+
+/**dummy mbedtls_vsnprintf function. **/
+int
+mbedtls_vsnprintf (
+  char        *str,
+  size_t      size,
+  const char  *format,
+  ...
+  )
+{
+  ASSERT (FALSE);
+  return 0;
+}
+
+/**strchr function. **/
+char *
+strchr (
+  const char  *str,
+  int         ch
+  )
+{
+  return ScanMem8 (str, AsciiStrSize (str), (char)ch);
+}
+
+/**strcmp function. **/
+int
+strcmp (
+  const char  *s1,
+  const char  *s2
+  )
+{
+  return (int)AsciiStrCmp (s1, s2);
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
new file mode 100644
index 0000000000..51992029a8
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
@@ -0,0 +1,462 @@
+/** @file
+  Light-weight Memory Management Routines for MbedTLS-based Crypto
+  Library at Runtime Phase.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <CrtLibSupport.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Guid/EventGroup.h>
+
+// ----------------------------------------------------------------
+// Initial version. Needs further optimizations.
+// ----------------------------------------------------------------
+
+//
+// Definitions for Runtime Memory Operations
+//
+#define RT_PAGE_SIZE   0x200
+#define RT_PAGE_MASK   0x1FF
+#define RT_PAGE_SHIFT  9
+
+#define RT_SIZE_TO_PAGES(a)  (((a) >> RT_PAGE_SHIFT) + (((a) & RT_PAGE_MASK) ? 1 : 0))
+#define RT_PAGES_TO_SIZE(a)  ((a) << RT_PAGE_SHIFT)
+
+//
+// Page Flag Definitions
+//
+#define RT_PAGE_FREE  0x00000000
+#define RT_PAGE_USED  0x00000001
+
+#define MIN_REQUIRED_BLOCKS  600
+
+//
+// Memory Page Table
+//
+typedef struct {
+  UINTN     StartPageOffset;    // Offset of the starting page allocated.
+                                // Only available for USED pages.
+  UINT32    PageFlag;           // Page Attributes.
+} RT_MEMORY_PAGE_ENTRY;
+
+typedef struct {
+  UINTN                   PageCount;
+  UINTN                   LastEmptyPageOffset;
+  UINT8                   *DataAreaBase;       // Pointer to data Area.
+  RT_MEMORY_PAGE_ENTRY    Pages[1];            // Page Table Entries.
+} RT_MEMORY_PAGE_TABLE;
+
+//
+// Global Page Table for Runtime Cryptographic Provider.
+//
+RT_MEMORY_PAGE_TABLE  *mRTPageTable = NULL;
+
+//
+// Event for Runtime Address Conversion.
+//
+STATIC EFI_EVENT  mVirtualAddressChangeEvent;
+
+/**
+  Initializes pre-allocated memory pointed by ScratchBuffer for subsequent
+  runtime use.
+
+  @param[in, out]  ScratchBuffer      Pointer to user-supplied memory buffer.
+  @param[in]       ScratchBufferSize  Size of supplied buffer in bytes.
+
+  @retval EFI_SUCCESS  Successful initialization.
+
+**/
+EFI_STATUS
+InitializeScratchMemory (
+  IN OUT  UINT8  *ScratchBuffer,
+  IN      UINTN  ScratchBufferSize
+  )
+{
+  UINTN  Index;
+  UINTN  MemorySize;
+
+  //
+  // Parameters Checking
+  //
+  if (ScratchBuffer == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (ScratchBufferSize < MIN_REQUIRED_BLOCKS * 1024) {
+    return EFI_BUFFER_TOO_SMALL;
+  }
+
+  mRTPageTable = (RT_MEMORY_PAGE_TABLE *)ScratchBuffer;
+
+  //
+  // Initialize Internal Page Table for Memory Management
+  //
+  SetMem (mRTPageTable, ScratchBufferSize, 0xFF);
+  MemorySize = ScratchBufferSize - sizeof (RT_MEMORY_PAGE_TABLE) + sizeof (RT_MEMORY_PAGE_ENTRY);
+
+  mRTPageTable->PageCount           = MemorySize / (RT_PAGE_SIZE + sizeof (RT_MEMORY_PAGE_ENTRY));
+  mRTPageTable->LastEmptyPageOffset = 0x0;
+
+  for (Index = 0; Index < mRTPageTable->PageCount; Index++) {
+    mRTPageTable->Pages[Index].PageFlag        = RT_PAGE_FREE;
+    mRTPageTable->Pages[Index].StartPageOffset = 0;
+  }
+
+  mRTPageTable->DataAreaBase = ScratchBuffer + sizeof (RT_MEMORY_PAGE_TABLE) +
+                               (mRTPageTable->PageCount - 1) * sizeof (RT_MEMORY_PAGE_ENTRY);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Look-up Free memory Region for object allocation.
+
+  @param[in]  AllocationSize  Bytes to be allocated.
+
+  @return  Return available page offset for object allocation.
+
+**/
+UINTN
+LookupFreeMemRegion (
+  IN  UINTN  AllocationSize
+  )
+{
+  UINTN  StartPageIndex;
+  UINTN  Index;
+  UINTN  SubIndex;
+  UINTN  ReqPages;
+
+  StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->LastEmptyPageOffset);
+  ReqPages       = RT_SIZE_TO_PAGES (AllocationSize);
+  if (ReqPages > mRTPageTable->PageCount) {
+    //
+    // No enough region for object allocation.
+    //
+    return (UINTN)(-1);
+  }
+
+  //
+  // Look up the free memory region with in current memory map table.
+  //
+  for (Index = StartPageIndex; Index <= (mRTPageTable->PageCount - ReqPages); ) {
+    //
+    // Check consecutive ReqPages pages.
+    //
+    for (SubIndex = 0; SubIndex < ReqPages; SubIndex++) {
+      if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) {
+        break;
+      }
+    }
+
+    if (SubIndex == ReqPages) {
+      //
+      // Succeed! Return the Starting Offset.
+      //
+      return RT_PAGES_TO_SIZE (Index);
+    }
+
+    //
+    // Failed! Skip current free memory pages and adjacent Used pages
+    //
+    while ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) {
+      SubIndex++;
+    }
+
+    Index += SubIndex;
+  }
+
+  //
+  // Look up the free memory region from the beginning of the memory table
+  // until the StartCursorOffset
+  //
+  if (ReqPages > StartPageIndex) {
+    //
+    // No enough region for object allocation.
+    //
+    return (UINTN)(-1);
+  }
+
+  for (Index = 0; Index < (StartPageIndex - ReqPages); ) {
+    //
+    // Check Consecutive ReqPages Pages.
+    //
+    for (SubIndex = 0; SubIndex < ReqPages; SubIndex++) {
+      if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) {
+        break;
+      }
+    }
+
+    if (SubIndex == ReqPages) {
+      //
+      // Succeed! Return the Starting Offset.
+      //
+      return RT_PAGES_TO_SIZE (Index);
+    }
+
+    //
+    // Failed! Skip current adjacent Used pages
+    //
+    while ((SubIndex < (StartPageIndex - ReqPages)) &&
+           ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0))
+    {
+      SubIndex++;
+    }
+
+    Index += SubIndex;
+  }
+
+  //
+  // No available region for object allocation!
+  //
+  return (UINTN)(-1);
+}
+
+/**
+  Allocates a buffer at runtime phase.
+
+  @param[in]  AllocationSize    Bytes to be allocated.
+
+  @return  A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+RuntimeAllocateMem (
+  IN  UINTN  AllocationSize
+  )
+{
+  UINT8  *AllocPtr;
+  UINTN  ReqPages;
+  UINTN  Index;
+  UINTN  StartPage;
+  UINTN  AllocOffset;
+
+  AllocPtr = NULL;
+  ReqPages = 0;
+
+  //
+  // Look for available consecutive memory region starting from LastEmptyPageOffset.
+  // If no proper memory region found, look up from the beginning.
+  // If still not found, return NULL to indicate failed allocation.
+  //
+  AllocOffset = LookupFreeMemRegion (AllocationSize);
+  if (AllocOffset == (UINTN)(-1)) {
+    return NULL;
+  }
+
+  //
+  // Allocates consecutive memory pages with length of Size. Update the page
+  // table status. Returns the starting address.
+  //
+  ReqPages  = RT_SIZE_TO_PAGES (AllocationSize);
+  AllocPtr  = mRTPageTable->DataAreaBase + AllocOffset;
+  StartPage = RT_SIZE_TO_PAGES (AllocOffset);
+  Index     = 0;
+  while (Index < ReqPages) {
+    mRTPageTable->Pages[StartPage + Index].PageFlag       |= RT_PAGE_USED;
+    mRTPageTable->Pages[StartPage + Index].StartPageOffset = AllocOffset;
+
+    Index++;
+  }
+
+  mRTPageTable->LastEmptyPageOffset = AllocOffset + RT_PAGES_TO_SIZE (ReqPages);
+
+  ZeroMem (AllocPtr, AllocationSize);
+
+  //
+  // Returns a VOID pointer to the allocated space
+  //
+  return AllocPtr;
+}
+
+/**
+  Frees a buffer that was previously allocated at runtime phase.
+
+  @param[in]  Buffer  Pointer to the buffer to free.
+
+**/
+VOID
+RuntimeFreeMem (
+  IN  VOID  *Buffer
+  )
+{
+  UINTN  StartOffset;
+  UINTN  StartPageIndex;
+
+  StartOffset    = (UINTN)Buffer - (UINTN)mRTPageTable->DataAreaBase;
+  StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES (StartOffset)].StartPageOffset);
+
+  while (StartPageIndex < mRTPageTable->PageCount) {
+    if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
+        (mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
+    {
+      //
+      // Free this page
+      //
+      mRTPageTable->Pages[StartPageIndex].PageFlag       &= ~RT_PAGE_USED;
+      mRTPageTable->Pages[StartPageIndex].PageFlag       |= RT_PAGE_FREE;
+      mRTPageTable->Pages[StartPageIndex].StartPageOffset = 0;
+
+      StartPageIndex++;
+    } else {
+      break;
+    }
+  }
+
+  return;
+}
+
+/**
+  Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
+
+  This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE
+  event. It converts a pointer to a new virtual address.
+
+  @param[in]  Event      The event whose notification function is being invoked.
+  @param[in]  Context    The pointer to the notification function's context.
+
+**/
+VOID
+EFIAPI
+RuntimeCryptLibAddressChangeEvent (
+  IN  EFI_EVENT  Event,
+  IN  VOID       *Context
+  )
+{
+  //
+  // Converts a pointer for runtime memory management to a new virtual address.
+  //
+  EfiConvertPointer (0x0, (VOID **)&mRTPageTable->DataAreaBase);
+  EfiConvertPointer (0x0, (VOID **)&mRTPageTable);
+}
+
+/**
+  Constructor routine for runtime crypt library instance.
+
+  The constructor function pre-allocates space for runtime cryptographic operation.
+
+  @param  ImageHandle   The firmware allocated handle for the EFI image.
+  @param  SystemTable   A pointer to the EFI System Table.
+
+  @retval EFI_SUCCESS          The construction succeeded.
+  @retval EFI_OUT_OF_RESOURCE  Failed to allocate memory.
+
+**/
+EFI_STATUS
+EFIAPI
+RuntimeCryptLibConstructor (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS  Status;
+  VOID        *Buffer;
+
+  //
+  // Pre-allocates runtime space for possible cryptographic operations
+  //
+  Buffer = AllocateRuntimePool (MIN_REQUIRED_BLOCKS * 1024);
+  Status = InitializeScratchMemory (Buffer, MIN_REQUIRED_BLOCKS * 1024);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  //
+  // Create address change event
+  //
+  Status = gBS->CreateEventEx (
+                  EVT_NOTIFY_SIGNAL,
+                  TPL_NOTIFY,
+                  RuntimeCryptLibAddressChangeEvent,
+                  NULL,
+                  &gEfiEventVirtualAddressChangeGuid,
+                  &mVirtualAddressChangeEvent
+                  );
+  ASSERT_EFI_ERROR (Status);
+
+  return Status;
+}
+
+//
+// -- Memory-Allocation Routines Wrapper for UEFI-MbedTLS Library --
+//
+
+/** Allocates memory blocks. **/
+VOID *
+malloc (
+  size_t  size
+  )
+{
+  return RuntimeAllocateMem ((UINTN)size);
+}
+
+/** Reallocate memory blocks. **/
+VOID *
+realloc (
+  VOID    *ptr,
+  size_t  size
+  )
+{
+  VOID   *NewPtr;
+  UINTN  StartOffset;
+  UINTN  StartPageIndex;
+  UINTN  PageCount;
+
+  if (ptr == NULL) {
+    return malloc (size);
+  }
+
+  //
+  // Get Original Size of ptr
+  //
+  StartOffset    = (UINTN)ptr - (UINTN)mRTPageTable->DataAreaBase;
+  StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES (StartOffset)].StartPageOffset);
+  PageCount      = 0;
+  while (StartPageIndex < mRTPageTable->PageCount) {
+    if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
+        (mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
+    {
+      StartPageIndex++;
+      PageCount++;
+    } else {
+      break;
+    }
+  }
+
+  if (size <= RT_PAGES_TO_SIZE (PageCount)) {
+    //
+    // Return the original pointer, if Caller try to reduce region size;
+    //
+    return ptr;
+  }
+
+  NewPtr = RuntimeAllocateMem ((UINTN)size);
+  if (NewPtr == NULL) {
+    return NULL;
+  }
+
+  CopyMem (NewPtr, ptr, RT_PAGES_TO_SIZE (PageCount));
+
+  RuntimeFreeMem (ptr);
+
+  return NewPtr;
+}
+
+/** Deallocates or frees a memory block. **/
+VOID
+free (
+  VOID  *ptr
+  )
+{
+  //
+  // In Standard C, free() handles a null pointer argument transparently. This
+  // is not true of RuntimeFreeMem() below, so protect it.
+  //
+  if (ptr != NULL) {
+    RuntimeFreeMem (ptr);
+  }
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
new file mode 100644
index 0000000000..b7cd4d3181
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
@@ -0,0 +1,198 @@
+/** @file
+  C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation
+  for MbedTLS-based Cryptographic Library (used in DXE & RUNTIME).
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+typedef int time_t;
+
+//
+// Structures Definitions
+//
+struct tm {
+  int     tm_sec;    /* seconds after the minute [0-60] */
+  int     tm_min;    /* minutes after the hour [0-59] */
+  int     tm_hour;   /* hours since midnight [0-23] */
+  int     tm_mday;   /* day of the month [1-31] */
+  int     tm_mon;    /* months since January [0-11] */
+  int     tm_year;   /* years since 1900 */
+  int     tm_wday;   /* days since Sunday [0-6] */
+  int     tm_yday;   /* days since January 1 [0-365] */
+  int     tm_isdst;  /* Daylight Savings Time flag */
+  long    tm_gmtoff; /* offset from CUT in seconds */
+  char    *tm_zone;  /* timezone abbreviation */
+};
+
+//
+// -- Time Management Routines --
+//
+
+#define IsLeap(y)  (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0))
+#define SECSPERMIN   (60)
+#define SECSPERHOUR  (60 * 60)
+#define SECSPERDAY   (24 * SECSPERHOUR)
+
+//
+//  The arrays give the cumulative number of days up to the first of the
+//  month number used as the index (1 -> 12) for regular and leap years.
+//  The value at index 13 is for the whole year.
+//
+UINTN  CumulativeDays[2][14] = {
+  {
+    0,
+    0,
+    31,
+    31 + 28,
+    31 + 28 + 31,
+    31 + 28 + 31 + 30,
+    31 + 28 + 31 + 30 + 31,
+    31 + 28 + 31 + 30 + 31 + 30,
+    31 + 28 + 31 + 30 + 31 + 30 + 31,
+    31 + 28 + 31 + 30 + 31 + 30 + 31 + 31,
+    31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
+    31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
+    31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
+    31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
+  },
+  {
+    0,
+    0,
+    31,
+    31 + 29,
+    31 + 29 + 31,
+    31 + 29 + 31 + 30,
+    31 + 29 + 31 + 30 + 31,
+    31 + 29 + 31 + 30 + 31 + 30,
+    31 + 29 + 31 + 30 + 31 + 30 + 31,
+    31 + 29 + 31 + 30 + 31 + 30 + 31 + 31,
+    31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
+    31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
+    31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
+    31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
+  }
+};
+
+/** Get the system time as seconds elapsed since midnight, January 1, 1970. **/
+time_t
+time (
+  time_t  *timer
+  )
+{
+  EFI_STATUS  Status;
+  EFI_TIME    Time;
+  time_t      CalTime;
+  UINTN       Year;
+
+  //
+  // Get the current time and date information
+  //
+  Status = gRT->GetTime (&Time, NULL);
+  if (EFI_ERROR (Status) || (Time.Year < 1970)) {
+    return 0;
+  }
+
+  //
+  // Years Handling
+  // UTime should now be set to 00:00:00 on Jan 1 of the current year.
+  //
+  for (Year = 1970, CalTime = 0; Year != Time.Year; Year++) {
+    CalTime = CalTime + (time_t)(CumulativeDays[IsLeap (Year)][13] * SECSPERDAY);
+  }
+
+  //
+  // Add in number of seconds for current Month, Day, Hour, Minute, Seconds, and TimeZone adjustment
+  //
+  CalTime = CalTime +
+            (time_t)((Time.TimeZone != EFI_UNSPECIFIED_TIMEZONE) ? (Time.TimeZone * 60) : 0) +
+            (time_t)(CumulativeDays[IsLeap (Time.Year)][Time.Month] * SECSPERDAY) +
+            (time_t)(((Time.Day > 0) ? Time.Day - 1 : 0) * SECSPERDAY) +
+            (time_t)(Time.Hour * SECSPERHOUR) +
+            (time_t)(Time.Minute * 60) +
+            (time_t)Time.Second;
+
+  if (timer != NULL) {
+    *timer = CalTime;
+  }
+
+  return CalTime;
+}
+
+/** Convert a time value from type time_t to struct tm. **/
+struct tm *
+gmtime (
+  const time_t  *timer
+  )
+{
+  struct tm  *GmTime;
+  UINT16     DayNo;
+  UINT16     DayRemainder;
+  time_t     Year;
+  time_t     YearNo;
+  UINT16     TotalDays;
+  UINT16     MonthNo;
+
+  if (timer == NULL) {
+    return NULL;
+  }
+
+  GmTime = AllocateZeroPool (sizeof (struct tm));
+  if (GmTime == NULL) {
+    return NULL;
+  }
+
+  ZeroMem ((VOID *)GmTime, (UINTN)sizeof (struct tm));
+
+  DayNo        = (UINT16)(*timer / SECSPERDAY);
+  DayRemainder = (UINT16)(*timer % SECSPERDAY);
+
+  GmTime->tm_sec  = (int)(DayRemainder % SECSPERMIN);
+  GmTime->tm_min  = (int)((DayRemainder % SECSPERHOUR) / SECSPERMIN);
+  GmTime->tm_hour = (int)(DayRemainder / SECSPERHOUR);
+  GmTime->tm_wday = (int)((DayNo + 4) % 7);
+
+  for (Year = 1970, YearNo = 0; DayNo > 0; Year++) {
+    TotalDays = (UINT16)(IsLeap (Year) ? 366 : 365);
+    if (DayNo >= TotalDays) {
+      DayNo = (UINT16)(DayNo - TotalDays);
+      YearNo++;
+    } else {
+      break;
+    }
+  }
+
+  GmTime->tm_year = (int)(YearNo + (1970 - 1900));
+  GmTime->tm_yday = (int)DayNo;
+
+  for (MonthNo = 12; MonthNo > 1; MonthNo--) {
+    if (DayNo >= CumulativeDays[IsLeap (Year)][MonthNo]) {
+      DayNo = (UINT16)(DayNo - (UINT16)(CumulativeDays[IsLeap (Year)][MonthNo]));
+      break;
+    }
+  }
+
+  GmTime->tm_mon  = (int)MonthNo - 1;
+  GmTime->tm_mday = (int)DayNo + 1;
+
+  GmTime->tm_isdst  = 0;
+  GmTime->tm_gmtoff = 0;
+  GmTime->tm_zone   = NULL;
+
+  return GmTime;
+}
+
+/**_time64 function. **/
+time_t
+_time64 (
+  time_t  *t
+  )
+{
+  return time (t);
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
new file mode 100644
index 0000000000..eb5bdad862
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
@@ -0,0 +1,78 @@
+## @file
+#  Cryptographic Library Instance for DXE_DRIVER.
+#
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - signature.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+#  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BaseCryptLib
+  FILE_GUID                      = 9DD60CFE-9D05-41E2-8B9E-958E2A4C1913
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+  InternalCryptLib.h
+  Bn/CryptBn.c
+  Hash/CryptSha256.c
+  Hash/CryptSha512.c
+  Hash/CryptSha3.c
+  Hash/CryptSm3Null.c
+  Hash/CryptMd5.c
+  Hash/CryptSha1.c
+  Hmac/CryptHmac.c
+  Kdf/CryptHkdf.c
+  Pk/CryptRsaBasic.c
+  Pk/CryptRsaExt.c
+  Pk/CryptRsaPss.c
+  Pk/CryptRsaPssSign.c
+  Bn/CryptBnNull.c
+  Cipher/CryptAeadAesGcmNull.c
+  Cipher/CryptAesNull.c
+  Pem/CryptPemNull.c
+  Pk/CryptDhNull.c
+  Pk/CryptEcNull.c
+  Pk/CryptPkcs1OaepNull.c
+  Pk/CryptPkcs5Pbkdf2Null.c
+  Pk/CryptPkcs7SignNull.c
+  Pk/CryptPkcs7VerifyNull.c
+  Pk/CryptPkcs7VerifyEkuNull.c
+  Pk/CryptX509Null.c
+  Pk/CryptAuthenticodeNull.c
+  Pk/CryptTsNull.c
+  Rand/CryptRandNull.c
+  SysCall/CrtWrapper.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  MemoryAllocationLib
+  UefiRuntimeServicesTableLib
+  DebugLib
+  MbedTlsLib
+  PrintLib
+  RngLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+  MSFT:*_*_*_CC_FLAGS = /GL-
-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108241): https://edk2.groups.io/g/devel/message/108241
Mute This Topic: https://groups.io/mt/101114031/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



  parent reply	other threads:[~2023-09-02 14:16 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-02 14:16 [edk2-devel] [PATCH v2 00/10] Add HMAC/HKDF/RSA/HASH features based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 01/10] CryptoPkg: Add mbedtls submodule for EDKII Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 02/10] CryptoPkg: Add mbedtls_config and MbedTlsLib.inf Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 03/10] CryptoPkg: Add HMAC functions based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 04/10] CryptoPkg: Add HKDF " Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA " Wenxing Hou
2023-09-04  8:43   ` Li, Yi
2023-09-02 14:16 ` Wenxing Hou [this message]
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 07/10] CryptoPkg: Add Null functions for building pass Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 08/10] CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 09/10] CryptoPkg: Add Mbedtls submodule in CI Wenxing Hou
2023-09-04  8:46   ` Li, Yi
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 10/10] CryptoPkg: Add basic Readme for BaseCryptLibMbedTls Wenxing Hou

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230902141627.3178-7-wenxing.hou@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox