Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8

["Ard Biesheuvel" <ardb@kernel.org>]

On Tue, 14 Mar 2023 at 09:16, kraxel@redhat.com <kraxel@redhat.com> wrote:
>
> On Mon, Mar 13, 2023 at 03:13:28PM +0000, Li, Yi wrote:
> > Hi Gerd,
> >
> > I also have some work on Openssl3, mainly to research how to reduce the binary size increase after the upgrade:
> >
> > https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md
> >
> >
> >
> > I really appreciate your work in this patch series, especially the clear py script.
> >
> > But it seems that part of our work is repeated, if you don't mind, can
> > I merge your work into openssl3.0 Edk2Staging branch? You can find it
> > here if you're interested:
>
> Sure, that is the point of sharing it ;)
>
> github branch (which hot some updates for aarch64 meanwhile) is at
> https://github.com/kraxel/edk2/commits/openssl3
>
> aarch64 is not working, the cpu capability probing needs some work.
> openssl seems to just try instructions and catch SIGILL.  edk2 needs
> something else of course.  Easiest way out would be to just provide
> dummy functions, but that would also mean we wouldn't use aes
> instructions if available ...
>
> Any hints on that from the arm camp are welcome.
>

Yeah the SIGILL trapping is a bit nasty, but that is only used if no
implementation of getauxval() exists.

So perhaps the cleanest way to approach this is to provide a dummy
implementation of getauxval() which only supports AT_HWCAP, and
returns the correct hwcap mask for what the CPU id registers report in
terms for ISA support for crypto extensions.

I can code that up if you want.