From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 2EBF3803ED
 for <edk2-devel@lists.01.org>; Thu, 23 Mar 2017 11:31:14 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 814054DAF7;
 Thu, 23 Mar 2017 18:31:14 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 814054DAF7
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=lersek@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 814054DAF7
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-84.phx2.redhat.com
 [10.3.116.84])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 0A88D19161;
 Thu, 23 Mar 2017 18:31:11 +0000 (UTC)
To: Qin Long <qin.long@intel.com>, edk2-devel@lists.01.org
References: <20170323131932.6168-1-qin.long@intel.com>
 <20170323131932.6168-6-qin.long@intel.com>
Cc: ting.ye@intel.com, jiaxin.wu@intel.com, ard.biesheuvel@linaro.org,
 glin@suse.com, ronald.cron@arm.com, Moso.Lee@citrix.com,
 thomas.palmer@hpe.com, David Woodhouse <dwmw2@infradead.org>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <72e0920f-b6c5-bc84-04c4-cb6f953c1ff7@redhat.com>
Date: Thu, 23 Mar 2017 19:31:09 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170323131932.6168-6-qin.long@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.29]); Thu, 23 Mar 2017 18:31:14 +0000 (UTC)
Subject: Re: [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 18:31:14 -0000
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit

On 03/23/17 14:19, Qin Long wrote:
> Add one new OpenSSL-HOWTO.txt to introduce how to clone / download
> the latest OpenSSL release source for build.
> ALso update buildinf.h to reflect the latest update time.
> 
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
>  CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 53 ++++++++++++++++++++++++++
>  CryptoPkg/Library/OpensslLib/buildinf.h        |  2 +-
>  2 files changed, 54 insertions(+), 1 deletion(-)
>  create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> 
> diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> new file mode 100644
> index 0000000000..e8b0bab010
> --- /dev/null
> +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> @@ -0,0 +1,53 @@
> +
> +=============================================================================
> +                             Introduction
> +=============================================================================
> +  OpenSSL is a well-known open source implementation of SSL/TLS protocols.
> +The core library implements the cryptographic and SSL/TLS functions and
> +also provides various utility functions. The OpenSSL library is widely used
> +in variety of security products development as base crypto provider.
> +(See http://www.openssl.org/ for more information about OpenSSL).
> +  UEFI (Unified Extensible Firmware Interface) is a specification detailing
> +the interfaces between OS and platform firmware. Several security features
> +were introduced (e.g. Authenticated Variable Service, Driver Signing, etc)
> +from UEFI 2.2 (http://www.uefi.org/). These security features highly depend
> +on the cryptography.
> +  This HOWTO documents OpenSSL building under UEFI/EDKII environment.
> +
> +=============================================================================
> +                             OpenSSL-Version
> +=============================================================================
> +  EDKII supports building with the latest release of OpenSSL.
> +  The latest official release is OpenSSL-1.1.0e (Released at 2017-Feb-16).
> +  NOTE: Only latest release version was fully validated.
> +        And no guarantees on build & functionality if using other versions.
> +
> +=============================================================================
> +                      HOW to Install OpenSSL for UEFI Building
> +=============================================================================
> +1. Clone the latest official OpenSSL release into the directory
> +     CryptoPkg/Library/OpensslLib/openssl/
> +
> +   Use OpenSSL-1.1.0e release as one example:
> +     (OpenSSL_1_1_0e below is the tag name for the OpenSSL-1.1.0e release)
> +     > cd CryptoPkg/Library/OpensslLib
> +     > git clone -b OpenSSL_1_1_0e https://github.com/openssl/openssl openssl
> +     or
> +     > git clone https://github.com/openssl/openssl openssl
> +     > git checkout OpenSSL_1_1_0e
> +Or
> +2. Download the latest OpenSSL release package from the official website:
> +     https://www.openssl.org/source/
> +   and unpack the OpenSSL source into:
> +     CryptoPkg/Library/OpensslLib/openssl/
> +
> +=============================================================================
> +                      About process_files.pl
> +=============================================================================
> +  "process_files.pl" is one Perl script which runs the OpenSSL Configure,
> +then processes the resulting file list into our local OpensslLib.inf and
> +OpensslLibCrypto.inf.
> +  This only needs to be done once by the maintainer / developer when
> +updating to a new version of OpenSSL (or changing options, etc.).
> +Normal users do not need do this, since the results are already stored in
> +the EDKII git repository for them.
> diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h b/CryptoPkg/Library/OpensslLib/buildinf.h
> index 673bf787c1..3d967d2a86 100644
> --- a/CryptoPkg/Library/OpensslLib/buildinf.h
> +++ b/CryptoPkg/Library/OpensslLib/buildinf.h
> @@ -1,2 +1,2 @@
>  #define PLATFORM  "UEFI"
> -#define DATE      "Mon Mar 8 14:17:05 PDT 2010"
> +#define DATE      "Tues Mar 21 01:23:45 PDT 2017"
> 

Acked-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>

(I used the tarball download method for testing.)

Thanks!
Laszlo