From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.14453.1675439871107656733 for ; Fri, 03 Feb 2023 07:57:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CrjhNXas; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 81D3E61F6A for ; Fri, 3 Feb 2023 15:57:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5446CC433AF for ; Fri, 3 Feb 2023 15:57:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1675439870; bh=rGJGSHP2iJJCALh9KSt4wNVzHmbdv2EEJZ2nzDJtDvo=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=CrjhNXas2rfMib5U7UZDRwq0e5eDC+CE79uShzNZvk47tuUF/tpCPLiCj2/fKkGRY pRrqiGxG9DKAowO6gQikeku/ncsMbP0JJiO+7hy/ODIYEd9wMT62jgGi6OnBgLyGKN fsP1xxeKzOEiy8gBG4hCcgFLUSSanKDvSgZAYXo47cftdperbTDZYcJcz8G2pfgLNN T0Mwls+fkMgcVa2l7TP5gjLDfWHUoqEvU6YhEdEdguxfRZD/xv/kTL5HHOfzHncG9b hE4B1oItaUxiEm24TUth8z7UxTMCJ2LQLnsBiKPUuZDLeeMzJoNrfXjtz9M1Wkio8o VKPc5Jaby7Z6A== Received: by mail-lj1-f178.google.com with SMTP id b13so5652531ljf.8 for ; Fri, 03 Feb 2023 07:57:50 -0800 (PST) X-Gm-Message-State: AO0yUKVFrR+aJYq30qSU5vycRL+ghW5ZpYyaUfc/gh6qTORUpnRRQJmG 1CimglbW6T0Q7Np8gEd53Zcq8t/hXZ+T8XCPDtA= X-Google-Smtp-Source: AK7set8Z/y6Q6N9AvKg/Ej9m0Jjw6f+vQys4zP+t2d36j0qJYjsZRbB0kCLMSBLp3LgEJRbpUsKK1E+vj6olTZmqzDc= X-Received: by 2002:a2e:311:0:b0:290:5b9d:e97 with SMTP id 17-20020a2e0311000000b002905b9d0e97mr1558073ljd.187.1675439868211; Fri, 03 Feb 2023 07:57:48 -0800 (PST) MIME-Version: 1.0 References: <20230203132806.2275708-1-kraxel@redhat.com> <20230203153654.pyutijc54a66pe6e@sirius.home.kraxel.org> In-Reply-To: <20230203153654.pyutijc54a66pe6e@sirius.home.kraxel.org> From: "Ard Biesheuvel" Date: Fri, 3 Feb 2023 16:57:36 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [PATCH 00/11] OvmfPkg: add Crypto Driver support To: Gerd Hoffmann Cc: devel@edk2.groups.io, Min Xu , Ard Biesheuvel , Michael Roth , Jiewen Yao , Jian J Wang , Jordan Justen , Pawel Polawski , Oliver Steffen , Tom Lendacky , Xiaoyu Lu , Erdem Aktas , Guomin Jiang , James Bottomley Content-Type: text/plain; charset="UTF-8" On Fri, 3 Feb 2023 at 16:37, Gerd Hoffmann wrote: > > On Fri, Feb 03, 2023 at 02:33:07PM +0100, Ard Biesheuvel wrote: > > What is the point of this series? If we are trying to deduplicate > > crypto code by moving it into a dedicated driver, can we please just > > do that unconditionally, instead of doubling the size of the > > validation matrix again? Or are there reasons why one might avoid this > > crypto driver approach? > > Unfortunately it is not a clear size win everywhere. > > PEI jumps up in size even though I'm using the min_pei config for > CryptoPei, seems it *still* has way too much bits compiled in > (didn't look into tweaking the config yet, hints are welcome). > > - 17530 TcgPei > + 17146 TcgPei > + 34362 Tcg2Pei > - 51066 Tcg2Pei > + 333950 CryptoPei > Why would we use this for PEI if the size increases? > SMM doesn't change much (slight increase): > > + 106662 VariableSmm > - 540818 VariableSmm > + 479374 CryptoSmm > > DXE is a clear win, three users go from > 400k to < 100k which easily > compensates for the almost 700k crypto driver: > > + 17326 TlsDxe > - 19494 TcgDxe > + 19450 TcgDxe > + 36682 SecurityStubDxe > + 54630 Tcg2Dxe > - 68498 Tcg2Dxe > + 78898 SecureBootConfigDxe > + 121190 IScsiDxe > - 125174 IScsiDxe > - 404574 SecureBootConfigDxe > - 479414 SecurityStubDxe > - 667006 TlsDxe > + 696298 CryptoDxe > > Overall it should still be a (small) win even without looking at why PEI > is so big. > > If there are no objections I happily drop the USE_CRYPTO_DRIVER option > and switch over to the crypto driver unconditionally. > Yeah, I'd prefer that.