* [edk2-devel] [PATCH edk2-platforms 1/1] Platform/RaspberryPi: Switch to MbedTls crypto library
@ 2024-08-30 8:18 Ard Biesheuvel via groups.io
2024-08-30 18:23 ` Jeremy Linton
0 siblings, 1 reply; 3+ messages in thread
From: Ard Biesheuvel via groups.io @ 2024-08-30 8:18 UTC (permalink / raw)
To: devel; +Cc: quic_llindhol, sami.mujawar, jeremy.linton, Ard Biesheuvel
From: Ard Biesheuvel <ardb@kernel.org>
Switch to the MbedTls crypto library, which uses less space, which has
run out on RPi4 (the DEBUG build can only succeed with HTTPS boot
disabled at this point)
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
Platform/RaspberryPi/RPi3/RPi3.dsc | 5 +++--
Platform/RaspberryPi/RPi4/RPi4.dsc | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/Platform/RaspberryPi/RPi3/RPi3.dsc b/Platform/RaspberryPi/RPi3/RPi3.dsc
index 43d6d028e126..86c5281d7af6 100644
--- a/Platform/RaspberryPi/RPi3/RPi3.dsc
+++ b/Platform/RaspberryPi/RPi3/RPi3.dsc
@@ -134,7 +134,8 @@ [LibraryClasses.common]
# Cryptographic libraries
RngLib|MdePkg/Library/DxeRngLib/DxeRngLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
+ MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
@@ -228,7 +229,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
!endif
###################################################################################################
diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc
index c79f322d9e75..2e7798c71ff3 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -134,7 +134,8 @@ [LibraryClasses.common]
# Cryptographic libraries
RngLib|MdePkg/Library/DxeRngLib/DxeRngLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
+ MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
@@ -236,7 +237,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
!endif
###################################################################################################
--
2.46.0.469.g59c65b2a67-goog
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120478): https://edk2.groups.io/g/devel/message/120478
Mute This Topic: https://groups.io/mt/108250188/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH edk2-platforms 1/1] Platform/RaspberryPi: Switch to MbedTls crypto library
2024-08-30 8:18 [edk2-devel] [PATCH edk2-platforms 1/1] Platform/RaspberryPi: Switch to MbedTls crypto library Ard Biesheuvel via groups.io
@ 2024-08-30 18:23 ` Jeremy Linton
2024-08-30 21:11 ` Ard Biesheuvel via groups.io
0 siblings, 1 reply; 3+ messages in thread
From: Jeremy Linton @ 2024-08-30 18:23 UTC (permalink / raw)
To: Ard Biesheuvel, devel; +Cc: quic_llindhol, sami.mujawar, Ard Biesheuvel
Hi,
On 8/30/24 3:18 AM, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
>
> Switch to the MbedTls crypto library, which uses less space, which has
> run out on RPi4 (the DEBUG build can only succeed with HTTPS boot
> disabled at this point)
This is going to be endless, maybe its better to adjust the image
offsets to increase the space available, its not like we have a problem
with storage capacity. The only gotcha with the patch I pointed out a
few months ago was that it requires moving the DTB in the config.txt
file as well, along with TFA. I was looking at alternatives, IIRC its
possible to gain some space without doing that just by moving a few
things around.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> Platform/RaspberryPi/RPi3/RPi3.dsc | 5 +++--
> Platform/RaspberryPi/RPi4/RPi4.dsc | 5 +++--
> 2 files changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/Platform/RaspberryPi/RPi3/RPi3.dsc b/Platform/RaspberryPi/RPi3/RPi3.dsc
> index 43d6d028e126..86c5281d7af6 100644
> --- a/Platform/RaspberryPi/RPi3/RPi3.dsc
> +++ b/Platform/RaspberryPi/RPi3/RPi3.dsc
> @@ -134,7 +134,8 @@ [LibraryClasses.common]
> # Cryptographic libraries
> RngLib|MdePkg/Library/DxeRngLib/DxeRngLib.inf
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
> + MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>
> @@ -228,7 +229,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
> VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
> !if $(SECURE_BOOT_ENABLE) == TRUE
> - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
> !endif
>
> ###################################################################################################
> diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc
> index c79f322d9e75..2e7798c71ff3 100644
> --- a/Platform/RaspberryPi/RPi4/RPi4.dsc
> +++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
> @@ -134,7 +134,8 @@ [LibraryClasses.common]
> # Cryptographic libraries
> RngLib|MdePkg/Library/DxeRngLib/DxeRngLib.inf
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
> + MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>
> @@ -236,7 +237,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
> VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
> !if $(SECURE_BOOT_ENABLE) == TRUE
> - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
> !endif
>
> ###################################################################################################
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120454): https://edk2.groups.io/g/devel/message/120454
Mute This Topic: https://groups.io/mt/108184374/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH edk2-platforms 1/1] Platform/RaspberryPi: Switch to MbedTls crypto library
2024-08-30 18:23 ` Jeremy Linton
@ 2024-08-30 21:11 ` Ard Biesheuvel via groups.io
0 siblings, 0 replies; 3+ messages in thread
From: Ard Biesheuvel via groups.io @ 2024-08-30 21:11 UTC (permalink / raw)
To: devel, jeremy.linton; +Cc: Ard Biesheuvel, quic_llindhol, sami.mujawar
On Fri, 30 Aug 2024 at 20:23, Jeremy Linton <jeremy.linton@arm.com> wrote:
>
> Hi,
>
> On 8/30/24 3:18 AM, Ard Biesheuvel wrote:
> > From: Ard Biesheuvel <ardb@kernel.org>
> >
> > Switch to the MbedTls crypto library, which uses less space, which has
> > run out on RPi4 (the DEBUG build can only succeed with HTTPS boot
> > disabled at this point)
>
> This is going to be endless, maybe its better to adjust the image
> offsets to increase the space available, its not like we have a problem
> with storage capacity. The only gotcha with the patch I pointed out a
> few months ago was that it requires moving the DTB in the config.txt
> file as well, along with TFA. I was looking at alternatives, IIRC its
> possible to gain some space without doing that just by moving a few
> things around.
>
Yeah, but using a smaller and less bloated crypto library is an
improvement in itself, so I'd still like to pursue this. But it would
indeed be nice if we could make more space available too.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120455): https://edk2.groups.io/g/devel/message/120455
Mute This Topic: https://groups.io/mt/108184374/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-09-03 18:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-30 8:18 [edk2-devel] [PATCH edk2-platforms 1/1] Platform/RaspberryPi: Switch to MbedTls crypto library Ard Biesheuvel via groups.io
2024-08-30 18:23 ` Jeremy Linton
2024-08-30 21:11 ` Ard Biesheuvel via groups.io
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox