From: Laszlo Ersek <lersek@redhat.com>
To: Qin Long <qin.long@intel.com>, edk2-devel@lists.01.org
Cc: ting.ye@intel.com, jiaxin.wu@intel.com,
ard.biesheuvel@linaro.org, glin@suse.com, ronald.cron@arm.com,
Moso.Lee@citrix.com, thomas.palmer@hpe.com,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document.
Date: Thu, 23 Mar 2017 19:31:09 +0100 [thread overview]
Message-ID: <72e0920f-b6c5-bc84-04c4-cb6f953c1ff7@redhat.com> (raw)
In-Reply-To: <20170323131932.6168-6-qin.long@intel.com>
On 03/23/17 14:19, Qin Long wrote:
> Add one new OpenSSL-HOWTO.txt to introduce how to clone / download
> the latest OpenSSL release source for build.
> ALso update buildinf.h to reflect the latest update time.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 53 ++++++++++++++++++++++++++
> CryptoPkg/Library/OpensslLib/buildinf.h | 2 +-
> 2 files changed, 54 insertions(+), 1 deletion(-)
> create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
>
> diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> new file mode 100644
> index 0000000000..e8b0bab010
> --- /dev/null
> +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> @@ -0,0 +1,53 @@
> +
> +=============================================================================
> + Introduction
> +=============================================================================
> + OpenSSL is a well-known open source implementation of SSL/TLS protocols.
> +The core library implements the cryptographic and SSL/TLS functions and
> +also provides various utility functions. The OpenSSL library is widely used
> +in variety of security products development as base crypto provider.
> +(See http://www.openssl.org/ for more information about OpenSSL).
> + UEFI (Unified Extensible Firmware Interface) is a specification detailing
> +the interfaces between OS and platform firmware. Several security features
> +were introduced (e.g. Authenticated Variable Service, Driver Signing, etc)
> +from UEFI 2.2 (http://www.uefi.org/). These security features highly depend
> +on the cryptography.
> + This HOWTO documents OpenSSL building under UEFI/EDKII environment.
> +
> +=============================================================================
> + OpenSSL-Version
> +=============================================================================
> + EDKII supports building with the latest release of OpenSSL.
> + The latest official release is OpenSSL-1.1.0e (Released at 2017-Feb-16).
> + NOTE: Only latest release version was fully validated.
> + And no guarantees on build & functionality if using other versions.
> +
> +=============================================================================
> + HOW to Install OpenSSL for UEFI Building
> +=============================================================================
> +1. Clone the latest official OpenSSL release into the directory
> + CryptoPkg/Library/OpensslLib/openssl/
> +
> + Use OpenSSL-1.1.0e release as one example:
> + (OpenSSL_1_1_0e below is the tag name for the OpenSSL-1.1.0e release)
> + > cd CryptoPkg/Library/OpensslLib
> + > git clone -b OpenSSL_1_1_0e https://github.com/openssl/openssl openssl
> + or
> + > git clone https://github.com/openssl/openssl openssl
> + > git checkout OpenSSL_1_1_0e
> +Or
> +2. Download the latest OpenSSL release package from the official website:
> + https://www.openssl.org/source/
> + and unpack the OpenSSL source into:
> + CryptoPkg/Library/OpensslLib/openssl/
> +
> +=============================================================================
> + About process_files.pl
> +=============================================================================
> + "process_files.pl" is one Perl script which runs the OpenSSL Configure,
> +then processes the resulting file list into our local OpensslLib.inf and
> +OpensslLibCrypto.inf.
> + This only needs to be done once by the maintainer / developer when
> +updating to a new version of OpenSSL (or changing options, etc.).
> +Normal users do not need do this, since the results are already stored in
> +the EDKII git repository for them.
> diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h b/CryptoPkg/Library/OpensslLib/buildinf.h
> index 673bf787c1..3d967d2a86 100644
> --- a/CryptoPkg/Library/OpensslLib/buildinf.h
> +++ b/CryptoPkg/Library/OpensslLib/buildinf.h
> @@ -1,2 +1,2 @@
> #define PLATFORM "UEFI"
> -#define DATE "Mon Mar 8 14:17:05 PDT 2010"
> +#define DATE "Tues Mar 21 01:23:45 PDT 2017"
>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
(I used the tarball download method for testing.)
Thanks!
Laszlo
next prev parent reply other threads:[~2017-03-23 18:31 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
2017-03-23 13:19 ` [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build Qin Long
2017-03-23 18:27 ` Laszlo Ersek
2017-03-27 9:40 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 02/11] CryptoPkg: Update .gitignore for OpenSSL source masking Qin Long
2017-03-23 18:28 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 03/11] CryptoPkg/OpensslLib: Remove patch file and installation scripts Qin Long
2017-03-23 18:28 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 04/11] CryptoPkg/OpensslLib: Add new Perl script for file list generation Qin Long
2017-03-23 18:29 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document Qin Long
2017-03-23 18:31 ` Laszlo Ersek [this message]
2017-03-27 9:58 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 06/11] CryptoPkg: Fix handling of &strcmp function pointers Qin Long
2017-03-23 18:33 ` Laszlo Ersek
2017-03-27 9:41 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper Qin Long
2017-03-23 18:34 ` Laszlo Ersek
2017-03-27 9:42 ` Gary Lin
2017-03-30 17:33 ` Laszlo Ersek
2017-03-31 2:06 ` Long, Qin
2017-03-23 13:19 ` [PATCH v2 08/11] CryptoPkg: Add extra build option to disable VS build warning Qin Long
2017-03-23 13:19 ` [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object Qin Long
2017-03-23 18:37 ` Laszlo Ersek
2017-03-27 9:56 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 10/11] CryptoPkg: Update PK Cipher Wrappers work with opaque objects Qin Long
2017-03-23 18:38 ` Laszlo Ersek
2017-03-27 9:44 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes Qin Long
2017-03-23 16:23 ` Palmer, Thomas
2017-03-24 5:40 ` Wu, Jiaxin
2017-03-23 17:28 ` [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Laszlo Ersek
2017-03-28 8:19 ` Ye, Ting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=72e0920f-b6c5-bc84-04c4-cb6f953c1ff7@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox