From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Vang, Judah" <judah.vang@intel.com>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
Xiaoyu Lu <xiaoyux.lu@intel.com>,
"Jiang, Guomin" <guomin.jiang@intel.com>,
"Mistry, Nishant C" <nishant.c.mistry@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
Date: Tue, 20 Dec 2022 01:55:27 +0000 [thread overview]
Message-ID: <CO1PR11MB49297BBAB32E5E5B350CCA72D2EA9@CO1PR11MB4929.namprd11.prod.outlook.com> (raw)
In-Reply-To: <MW4PR11MB5872EA798401C1CBB3A982198CEA9@MW4PR11MB5872.namprd11.prod.outlook.com>
Hi Jiewen,
I noticed that this patch is missing the update to the table in ReadMe.md to
show the new PEI and SMM crypto services enabled by default in *CryptLib
library instances.
https://github.com/tianocore/edk2/tree/master/CryptoPkg#supported-cryptographic-families-and-services
It did update the recommended PCD settings at the end of the
ReadMe, but missed the update to CryptoPkg.dsc file to actually
enable the PEI and SMM services in the Crypto Drivers.
Mike
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Monday, December 19, 2022 5:40 PM
> To: Vang, Judah <judah.vang@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Mistry, Nishant C <nishant.c.mistry@intel.com>
> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions
>
> Just merged - https://github.com/tianocore/edk2/pull/3796
>
>
> > -----Original Message-----
> > From: Vang, Judah <judah.vang@intel.com>
> > Sent: Tuesday, December 20, 2022 8:44 AM
> > To: devel@edk2.groups.io; Vang, Judah <judah.vang@intel.com>
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin
> > <guomin.jiang@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>
> > Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto
> > functions
> >
> > Hi Jiewen,
> >
> > Has this patch been merged?
> > This is an important change for the UEFI Protected Variable feature.
> >
> > Judah
> >
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Judah
> > Vang
> > Sent: Monday, November 7, 2022 2:16 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Jiang, Guomin
> > <guomin.jiang@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>
> > Subject: [edk2-devel] [PATCH v1 1/1] CryptoPkg: Need to enable crypto
> > functions
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992
> >
> > V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase.
> > Update Readme.md
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
> > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
> > Signed-off-by: Judah Vang <judah.vang@intel.com>
> > ---
> > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
> > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
> > CryptoPkg/Readme.md | 27 +++++++++++---------
> > 3 files changed, 17 insertions(+), 14 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > index b1629647f9c6..ee5f3cd5d4b6 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > @@ -43,7 +43,7 @@ [Sources]
> > Hash/CryptParallelHashNull.c
> > Hmac/CryptHmac.c
> > Kdf/CryptHkdf.c
> > - Cipher/CryptAesNull.c
> > + Cipher/CryptAes.c
> > Cipher/CryptAeadAesGcmNull.c
> > Pk/CryptRsaBasic.c
> > Pk/CryptRsaExtNull.c
> > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > index 0af7a3f96e8f..cc5a53ca92cd 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > @@ -43,7 +43,7 @@ [Sources]
> > Hash/CryptCShake256.c
> > Hash/CryptParallelHash.c
> > Hmac/CryptHmac.c
> > - Kdf/CryptHkdfNull.c
> > + Kdf/CryptHkdf.c
> > Cipher/CryptAes.c
> > Cipher/CryptAeadAesGcmNull.c
> > Pk/CryptRsaBasic.c
> > diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md index
> > 067465b8eb7d..cb072db72397 100644
> > --- a/CryptoPkg/Readme.md
> > +++ b/CryptoPkg/Readme.md
> > @@ -447,18 +447,20 @@ and CryptoSmm modules.
> > #### Common PEI PcdCryptoServiceFamilyEnable Settings
> >
> > ```
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > amily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > amily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk
> > cs1Verify | TRUE
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.N
> > ew | TRUE
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr
> > ee | TRUE
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se
> > tKey | TRUE
> > -
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs5HashPassword | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > amily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > amily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pk
> > cs1Verify | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.N
> > ew | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Fr
> > ee | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Se
> > tKey | TRUE
> > +
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs5HashPassword | TRUE
> > +
> > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Services
> > + .Sha256ExtractAndExpand | TRUE
> > ```
> >
> > #### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings @@ -
> > 466,6 +468,7 @@ and CryptoSmm modules.
> > ```
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.F
> > amily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.F
> > amily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family
> > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs1v2Encrypt | TRUE
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs5HashPassword | TRUE
> >
> > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P
> > kcs7Verify | TRUE
> > --
> > 2.35.1.windows.2
> >
> >
> >
> >
> >
>
>
>
>
>
next prev parent reply other threads:[~2022-12-20 1:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-07 22:15 [PATCH v1 0/1] Enable AES and HKDF Judah Vang
2022-11-07 22:15 ` [PATCH v1 1/1] CryptoPkg: Need to enable crypto functions Judah Vang
[not found] ` <17256D461071259B.1802@groups.io>
2022-12-20 0:43 ` [edk2-devel] " Judah Vang
2022-12-20 1:40 ` Yao, Jiewen
2022-12-20 1:55 ` Michael D Kinney [this message]
2022-12-20 2:51 ` Yao, Jiewen
2022-12-20 18:43 ` Judah Vang
2022-12-20 20:51 ` Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO1PR11MB49297BBAB32E5E5B350CCA72D2EA9@CO1PR11MB4929.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox