Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Vineel Kovvuri <vineel.kovvuri@gmail.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: devel@edk2.groups.io, "Yao, Jiewen" <jiewen.yao@intel.com>,
	 "vineelko@microsoft.com" <vineelko@microsoft.com>
Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms
Date: Wed, 10 Nov 2021 08:18:11 -0800	[thread overview]
Message-ID: <CABG47Q_1cE1t+LzqGWKrwzafw6UNa4oucfhAvCGyETpc_1JG5A@mail.gmail.com> (raw)
In-Reply-To: <20211109085809.22kqmzd6zxu465ua@sirius.home.kraxel.org>

[-- Attachment #1: Type: text/plain, Size: 3731 bytes --]

Hi All,

Sorry, my bad for not providing the details. Below is the build
configuration.

Passing: stuart_build -c OvmfPkg/PlatformCI/PlatformBuild.py
TOOL_CHAIN_TAG=GCC5 TARGET=NOOPT   -a IA32,X64

Failing: stuart_build -c OvmfPkg/PlatformCI/PlatformBuild.py
TOOL_CHAIN_TAG=GCC5 TARGET=NOOPT -a IA32,X64 BLD_*_SECURE_BOOT_ENABLE=1
BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1
BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1

The failure is happening while generating DXEFV.FVINFO
- Generating DXEFV FV
INFO - ##### ['GenFv', '-F', 'FALSE', '-a',
'/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/DXEFV.inf', '-o',
'/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/DXEFV.Fv', '-i',
'/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/DXEFV.inf']
INFO - Return Value = 2
INFO - GenFv: ERROR 3000: Invalid
INFO -   the required fv image size 0xcb2ac0 exceeds the set fv image size
0xc00000

The difference I see without ecc change and with the change is the increase
in file sizes for below ffs files,(other .ffs files remained unchanged)

Without ecc change:
794742
/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9-7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646-88E33EF71DFC.ffs
653470
/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F-7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3-AC64-54F202CD0A21.ffs
1174654
 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0-3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56-74d435052646.ffs
872594
/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3-EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB-43E3298C2343.ffs

With ecc change:
1058678
 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9-7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646-88E33EF71DFC.ffs
917214
/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F-7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3-AC64-54F202CD0A21.ffs
1470718
 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0-3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56-74d435052646.ffs
1134738
 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3-EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB-43E3298C2343.ffs

Below is the size of DXEFV.Fv in successful build(without ecc change)

ubuntu@ubuntuubuntu:~/src/edk2$ ls -l
/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/DXEFV.Fv
-rw-rw-r-- 1 ubuntu ubuntu 12582912(0xC0000) Nov  9 19:18
/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/DXEFV.Fv

We haven't looked at porting to OpenSSL 3.0.

I am wondering, removing existing ciphers might impact other platforms.
Could you please suggest any less intrusive options without impacting
other platforms.

I am new to EDK and what compile time options are you referring to? Please
let me know if any other information is needed from the build.

Thanks in advance,
Vineel


On Tue, Nov 9, 2021 at 12:58 AM Gerd Hoffmann <kraxel@redhat.com> wrote:

> >   2.  Remove unnecessary algo in openssl config
> >      *   Do you really want to enable all those algorithms? Such as SM2?
> Maybe revisit them again to see if they are really needed. I could see it
> might break other platform potentially.
>
> Enabling only those algorithms which are actually used by tianocore
> certainly makes sense ...
>
> >   3.  Provide 2 profiles – with ECC and without ECC.
>
> ... and if it gets down the size enough would be better than yet another
> compile time option.
>
> take care,
>   Gerd
>
>

[-- Attachment #2: Type: text/html, Size: 4382 bytes --]

next prev parent reply	other threads:[~2021-11-10 16:18 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-12  5:38 [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Vineel Kovvuri
2021-10-12  5:38 ` [PATCH 2/2] Allow wildcards in hostname Vineel Kovvuri
2021-10-13  2:50   ` Yao, Jiewen
2021-10-13  2:45 ` [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Yao, Jiewen
2021-10-17  2:49 ` Yao, Jiewen
2021-10-18 20:06   ` vineelko
2021-11-03  0:37     ` Yao, Jiewen
2021-11-03  8:34       ` Vineel Kovvuri
2021-11-08 22:29         ` [edk2-devel] " Vineel Kovvuri
2021-11-09  8:06           ` Yao, Jiewen
2021-11-09  8:58             ` Gerd Hoffmann
2021-11-10 16:18               ` Vineel Kovvuri [this message]
2021-11-11 13:05                 ` Gerd Hoffmann
2021-11-11 13:26                   ` Yao, Jiewen
2021-11-18 18:40                     ` Vineel Kovvuri
2022-02-23  2:32                       ` yi1 li
2022-02-23  2:46                         ` Vineel Kovvuri
2022-02-23  2:54                           ` yi1 li
2022-02-24  6:51                             ` Vineel Kovvuri
2022-02-24  8:20                               ` yi1 li
2022-02-25 17:51                                 ` Vineel Kovvuri
2022-02-26 15:54                                   ` yi1 li
2022-02-28  8:24                                   ` yi1 li
2022-03-01 14:04                                     ` Gerd Hoffmann
2022-03-01 17:38                                       ` Sean
2022-03-02  4:23                                       ` yi1 li
2022-03-02  6:59                                         ` Yao, Jiewen
2022-03-02  7:42                                           ` Gerd Hoffmann
2022-03-02 11:56                                             ` Yao, Jiewen
2022-03-03  8:43                                               ` yi1 li
2022-03-03 10:05                                                 ` Yao, Jiewen
2022-03-04  2:15                                                   ` Vineel Kovvuri
2022-03-02  7:58                                         ` Gerd Hoffmann
2022-03-03  6:30                                   ` Vineel Kovvuri
2022-03-03  6:37                                     ` Vineel Kovvuri
2021-11-09  8:55           ` Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CABG47Q_1cE1t+LzqGWKrwzafw6UNa4oucfhAvCGyETpc_1JG5A@mail.gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox