From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 1E37B82152 for ; Thu, 23 Feb 2017 14:26:35 -0800 (PST) Received: by mail-it0-x232.google.com with SMTP id 203so2402419ith.0 for ; Thu, 23 Feb 2017 14:26:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=E+gasE7/N2Anv50EHK3MOAqnP2flm7ikGDce4seTRB4=; b=akliJsgZpR6ne+zkuUPXUO9e00TybpUAWvO8JGiyvKqmtaCv86akAiQ/J/JviUDb0v +GYEF65CKq813P+RVU0/UZpu3g6caAKv61PjVfe40mWpzdfysrqCbp/3ShDIzKhDQ9/d Qbye9Gyptgmd7eCD8YryHQOHOLuIkBaCKpfL8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=E+gasE7/N2Anv50EHK3MOAqnP2flm7ikGDce4seTRB4=; b=ayM7dOQISgydkiduorYWomHSe9wgFtBu2xfDdCF/mcdNA0QoHejyWKZaQEbtBcRiVh CpJDYzBjnQ86xar5y7AUHCkc++ND93mRb98hBvaI/SvTiLpRKxVvOCxJT5ILPAYDxvjJ 77t28swT56lfozZ7z6ibhbDlKdeJdB4nFouA/dLAfAXYddC9p5uCgtpNn6DVYvf8o753 wIi/sz95MddryggGeZJWXLqvggU2uMMbc5h9Iu9f91FEEvZNKTUpn9yyip4b791QRoQU ptgncMSE0OlPwJ46RGuYOC6nwDIQZkEiUfZKhMUeBAJ5jH7Oudj3Fyp31tnmIXu8DQJb fgiQ== X-Gm-Message-State: AMke39migoHP5IKbxCwVyX0i94T8d5xUaTv3huwdIM7GWmBa8SqJhMy25oUF86+oKIIo4VN8Ua86Rh4OkG/6SHJv X-Received: by 10.36.23.74 with SMTP id 71mr6826956ith.37.1487888794427; Thu, 23 Feb 2017 14:26:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.198.134 with HTTP; Thu, 23 Feb 2017 14:26:34 -0800 (PST) In-Reply-To: <20170223215744.7293-4-lersek@redhat.com> References: <20170223215744.7293-1-lersek@redhat.com> <20170223215744.7293-4-lersek@redhat.com> From: Ard Biesheuvel Date: Thu, 23 Feb 2017 22:26:34 +0000 Message-ID: To: Laszlo Ersek Cc: edk2-devel-01 , Tomas Hoger Subject: Re: [PATCH 3/5] ArmVirtPkg: resolve OpensslLib to OpensslLibNoSsl X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 22:26:35 -0000 Content-Type: text/plain; charset=UTF-8 On 23 February 2017 at 21:57, Laszlo Ersek wrote: > The OpensslLibNoSsl library instance (which does not contain libssl > functions) is sufficient for the Secure Boot feature. It would not be > sufficient for HTTPS booting (which requires TLS), but in ArmVirtPkg, we > don't even enable plaintext HTTP booting for the time being. > > Ease security analsysis by excluding libssl functionality from the > OpensslLib instance we use. > > Cc: Ard Biesheuvel > Cc: Tomas Hoger > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Laszlo Ersek Reviewed-by: Ard Biesheuvel > --- > ArmVirtPkg/ArmVirt.dsc.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc > index 43699cb9bdd6..407b9b66dfe6 100644 > --- a/ArmVirtPkg/ArmVirt.dsc.inc > +++ b/ArmVirtPkg/ArmVirt.dsc.inc > @@ -136,7 +136,7 @@ [LibraryClasses.common] > # > !if $(SECURE_BOOT_ENABLE) == TRUE > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibNoSsl.inf > TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > -- > 2.9.3 > >