From: Laszlo Ersek <lersek@redhat.com>
To: Qin Long <qin.long@intel.com>, edk2-devel@lists.01.org
Cc: ard.biesheuvel@linaro.org, ting.ye@intel.com,
ronald.cron@arm.com, jiaxin.wu@intel.com, glin@suse.com
Subject: Re: [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest OpenSSL 1.1.0xx/stable release ***
Date: Wed, 22 Mar 2017 14:02:28 +0100 [thread overview]
Message-ID: <4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com> (raw)
In-Reply-To: <20170321155612.1192-1-qin.long@intel.com>
On 03/21/17 16:56, Qin Long wrote:
> (https://github.com/qloong/edk2/tree/dev-openssl-stable)
>
> Current EDKII-CryptoPkg is leveraging OpenSSL-1.0.2xx as the underlying
> cryptographic provider, which requires some extra patches
> (EDKII-openssl-xxxx.patch) and installation scripts for EDKII build & usage.
> The latest stable version of OpenSSL was upgraded to the 1.1.0 series
> of release, with lots of EDKII-specific patches integration, which make
> CryptoPkg possbile to remove all extra patch and scripts for more native
> build support.
>
> This patch series is to update EDKII-CryptoPkg to support native building
> with the latest OpenSSL 1.1.0xx. (By now, the latest OpenSSL stable release
> is 1.1.0e). Refer "CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt" for the
> information about the version and source installation.
>
> (NOTE: The extra build options for ARM/RVCT/XCODE were kept, which expect
> further optimizations from community)
>
> Qin Long (9):
> CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0xx build.
> CryptoPkg/OpensslLib: Remove patch file and installation scripts.
> CryptoPkg: Fix handling of &strcmp function pointers
> CryptoPkg/OpensslLib: Use new Perl script for file list generation.
> CryptoPkg: Clean-up CRT Library Wrapper.
> CryptoPkg: Add extra build option to disable VS build warning
> CryptoPkg: Update HMAC Wrapper implementation with opaque HMAC_CTX object.
> CryptoPkg: Update PK Ciphers Wrapper Implementations work with opaque objects.
> CryptoPkg/TlsLib: Update TLS Wrapper Library to align with OpenSSL changes.
* I build-tested this series with ArmVirtQemu, as in:
build -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtQemu.dsc \
-n 12 -b DEBUG -D DEBUG_PRINT_ERROR_LEVEL=0x8040004F \
-D PURE_ACPI_BOOT_ENABLE --cmd-len=65536 -D SECURE_BOOT_ENABLE
Note that the buid does not cover TLS functionality (patch #9), because
ArmVirtQemu uses "OpensslLibCrypto.inf"
* I did some functional testing with OVMF (Ia32X64), again without
enabling TLS (so patch #9 was likely not exercised.) Secure Boot remains
enabled & working for VMs that had it enabled earlier. Also, deleting
the PK, and re-enrolling all the keys (re-enabling SB) works too.
Unsigned images are rejected.
If this was the final version of the set, I'd give my T-b, for patches
1-8. But, I think you are going to submit a v2 anyway, which I'll have
to test again.
(I tested v1 to see if there was a functional problem that I should report.)
Thanks!
Laszlo
next prev parent reply other threads:[~2017-03-22 13:02 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-21 15:56 [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest OpenSSL 1.1.0xx/stable release *** Qin Long
2017-03-21 15:56 ` [PATCH v1 1/9] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0xx build Qin Long
2017-03-22 12:02 ` Laszlo Ersek
2017-03-22 12:18 ` Laszlo Ersek
2017-03-21 15:56 ` [PATCH v1 2/9] CryptoPkg/OpensslLib: Remove patch file and installation scripts Qin Long
2017-03-22 12:05 ` Laszlo Ersek
2017-03-21 15:56 ` [PATCH v1 3/9] CryptoPkg: Fix handling of &strcmp function pointers Qin Long
2017-03-22 10:11 ` Gary Lin
2017-03-23 2:16 ` Long, Qin
2017-03-23 3:39 ` Long, Qin
2017-03-21 15:56 ` [PATCH v1 4/9] CryptoPkg/OpensslLib: Use new Perl script for file list generation Qin Long
2017-03-21 15:56 ` [PATCH v1 5/9] CryptoPkg: Clean-up CRT Library Wrapper Qin Long
2017-03-21 15:56 ` [PATCH v1 6/9] CryptoPkg: Add extra build option to disable VS build warning Qin Long
2017-03-21 15:56 ` [PATCH v1 7/9] CryptoPkg: Update HMAC Wrapper implementation with opaque HMAC_CTX object Qin Long
2017-03-21 15:56 ` [PATCH v1 8/9] CryptoPkg: Update PK Ciphers Wrapper Implementations work with opaque objects Qin Long
2017-03-21 15:56 ` [PATCH v1 9/9] CryptoPkg/TlsLib: Update TLS Wrapper Library to align with OpenSSL changes Qin Long
2017-03-21 17:42 ` Palmer, Thomas
2017-03-22 1:32 ` Long, Qin
2017-03-23 1:20 ` Wu, Jiaxin
2017-03-23 16:23 ` Palmer, Thomas
2017-03-22 2:22 ` [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest OpenSSL 1.1.0xx/stable release *** Gao, Liming
2017-03-22 2:44 ` Long, Qin
2017-03-22 13:02 ` Laszlo Ersek [this message]
2017-03-22 16:20 ` Long, Qin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox