From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2EBF3803ED for ; Thu, 23 Mar 2017 11:31:14 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 814054DAF7; Thu, 23 Mar 2017 18:31:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 814054DAF7 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=lersek@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 814054DAF7 Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-84.phx2.redhat.com [10.3.116.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0A88D19161; Thu, 23 Mar 2017 18:31:11 +0000 (UTC) To: Qin Long , edk2-devel@lists.01.org References: <20170323131932.6168-1-qin.long@intel.com> <20170323131932.6168-6-qin.long@intel.com> Cc: ting.ye@intel.com, jiaxin.wu@intel.com, ard.biesheuvel@linaro.org, glin@suse.com, ronald.cron@arm.com, Moso.Lee@citrix.com, thomas.palmer@hpe.com, David Woodhouse From: Laszlo Ersek Message-ID: <72e0920f-b6c5-bc84-04c4-cb6f953c1ff7@redhat.com> Date: Thu, 23 Mar 2017 19:31:09 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20170323131932.6168-6-qin.long@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 23 Mar 2017 18:31:14 +0000 (UTC) Subject: Re: [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2017 18:31:14 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 03/23/17 14:19, Qin Long wrote: > Add one new OpenSSL-HOWTO.txt to introduce how to clone / download > the latest OpenSSL release source for build. > ALso update buildinf.h to reflect the latest update time. > > Cc: Ting Ye > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Gary Lin > Cc: Ronald Cron > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: David Woodhouse > Signed-off-by: Qin Long > --- > CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 53 ++++++++++++++++++++++++++ > CryptoPkg/Library/OpensslLib/buildinf.h | 2 +- > 2 files changed, 54 insertions(+), 1 deletion(-) > create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > > diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > new file mode 100644 > index 0000000000..e8b0bab010 > --- /dev/null > +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > @@ -0,0 +1,53 @@ > + > +============================================================================= > + Introduction > +============================================================================= > + OpenSSL is a well-known open source implementation of SSL/TLS protocols. > +The core library implements the cryptographic and SSL/TLS functions and > +also provides various utility functions. The OpenSSL library is widely used > +in variety of security products development as base crypto provider. > +(See http://www.openssl.org/ for more information about OpenSSL). > + UEFI (Unified Extensible Firmware Interface) is a specification detailing > +the interfaces between OS and platform firmware. Several security features > +were introduced (e.g. Authenticated Variable Service, Driver Signing, etc) > +from UEFI 2.2 (http://www.uefi.org/). These security features highly depend > +on the cryptography. > + This HOWTO documents OpenSSL building under UEFI/EDKII environment. > + > +============================================================================= > + OpenSSL-Version > +============================================================================= > + EDKII supports building with the latest release of OpenSSL. > + The latest official release is OpenSSL-1.1.0e (Released at 2017-Feb-16). > + NOTE: Only latest release version was fully validated. > + And no guarantees on build & functionality if using other versions. > + > +============================================================================= > + HOW to Install OpenSSL for UEFI Building > +============================================================================= > +1. Clone the latest official OpenSSL release into the directory > + CryptoPkg/Library/OpensslLib/openssl/ > + > + Use OpenSSL-1.1.0e release as one example: > + (OpenSSL_1_1_0e below is the tag name for the OpenSSL-1.1.0e release) > + > cd CryptoPkg/Library/OpensslLib > + > git clone -b OpenSSL_1_1_0e https://github.com/openssl/openssl openssl > + or > + > git clone https://github.com/openssl/openssl openssl > + > git checkout OpenSSL_1_1_0e > +Or > +2. Download the latest OpenSSL release package from the official website: > + https://www.openssl.org/source/ > + and unpack the OpenSSL source into: > + CryptoPkg/Library/OpensslLib/openssl/ > + > +============================================================================= > + About process_files.pl > +============================================================================= > + "process_files.pl" is one Perl script which runs the OpenSSL Configure, > +then processes the resulting file list into our local OpensslLib.inf and > +OpensslLibCrypto.inf. > + This only needs to be done once by the maintainer / developer when > +updating to a new version of OpenSSL (or changing options, etc.). > +Normal users do not need do this, since the results are already stored in > +the EDKII git repository for them. > diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h b/CryptoPkg/Library/OpensslLib/buildinf.h > index 673bf787c1..3d967d2a86 100644 > --- a/CryptoPkg/Library/OpensslLib/buildinf.h > +++ b/CryptoPkg/Library/OpensslLib/buildinf.h > @@ -1,2 +1,2 @@ > #define PLATFORM "UEFI" > -#define DATE "Mon Mar 8 14:17:05 PDT 2010" > +#define DATE "Tues Mar 21 01:23:45 PDT 2017" > Acked-by: Laszlo Ersek Tested-by: Laszlo Ersek (I used the tarball download method for testing.) Thanks! Laszlo