From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.29876.1585190658093865182 for ; Wed, 25 Mar 2020 19:44:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=jk7yiav9; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: christopher.j.zurcher@intel.com) IronPort-SDR: ltT4ujNAGTsgXG2J6rG48YAlcux5lUx4qAz34nnqND5PGLQuVwDPq62g7JET+97Ko44YZyoK/Y FXq1iRz5ezUQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2020 19:44:17 -0700 IronPort-SDR: tCfSfT7Jc8UcDOrozAOUT0YUwHMwuLevuwlKxg1RwjH/Sw0vGadnv2OqvOiijkCuvDhauOpfkL g2IuvcrreylQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,306,1580803200"; d="scan'208";a="326421496" Received: from orsmsx107.amr.corp.intel.com ([10.22.240.5]) by orsmga001.jf.intel.com with ESMTP; 25 Mar 2020 19:44:17 -0700 Received: from orsmsx126.amr.corp.intel.com (10.22.240.126) by ORSMSX107.amr.corp.intel.com (10.22.240.5) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 25 Mar 2020 19:44:16 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by ORSMSX126.amr.corp.intel.com (10.22.240.126) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 25 Mar 2020 19:44:16 -0700 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.44) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 25 Mar 2020 19:44:16 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h+QIRg0tdZ5dq8j3t9xNQAjfpg3+YSQ+Z1w4z9yq4ZL8P7B6TRpWCOPQYNDkbTsaqHcwxFAwGJrq5u3tZ2RFfvKsLHhM7W2q8BEr4XbVMFXxsHxgKx8YfUMscvKG+qTOVknTtlDD0EUMcqm/G6NVsz6hjsZmXDAtGggRINlvAy2bPw0IaZU1hEp3LIn9fNHXaPnqYUlUgY6zKWh3CntR6oV7y+eH+H84oa+SHE9ntUrHoU4DfKoMScwDo6AYSTj9uIOsP+qchexqhfYlH3zUGiV2XRqHmlGcNGy0jMVEv1GO6+/+JtHhw0JXfiglKP17oCpOoN8YTBVWlccOSFra9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6q2tfhinko7VT0o7iyfzi32/289hHEFijjdsfDk/Yg4=; b=kY2ggmROcfQFFQyNLhF7P2GZ9X06c0fdAMHq3nyxlWXFheu737cr11ybXnCXaX/gX5DE21DsRtR68jyUXGtfFHAlv46aRb3lCmI96O5WR0b59Ob9yR/PPr1IMZ5OFXGIdvXYd+xpBmzGcXV2vCnMbcVr6AjKbiVfpSoiIK9TlBGgZRwcJY1s5aoUXy2v7NFo0CQ/HMaUo4hN7Pw8AdT2+4DXX3JrXZfhUlkVdHG2mzJVEAHlFtv0qLPkuKnsfxJb9kKipRv33+qLGWHahoVmIlJsjA8XjQnONf00Njq8Knwa698Y8h1YczTcoN53O2bPi6uLFUyFJPr2xO+tCO1H/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6q2tfhinko7VT0o7iyfzi32/289hHEFijjdsfDk/Yg4=; b=jk7yiav9pOXq38TAAOx/Ni6UOHwL8XDMcq46QHdpFHrbGioXX6eUa4l003U6KvzOjeKlFiI6v3Kjei9vgA8TLyL7daRusTxWPqBt0AQuU1jzaCp69trs3ldkIhuoFleZ8dBjCFwfcvDdkxI9OwB1otzTkZRxRuqHvaJWs79GGkU= Received: from CY4PR1101MB2119.namprd11.prod.outlook.com (2603:10b6:910:20::19) by CY4PR1101MB2312.namprd11.prod.outlook.com (2603:10b6:910:1c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Thu, 26 Mar 2020 02:44:15 +0000 Received: from CY4PR1101MB2119.namprd11.prod.outlook.com ([fe80::1dbf:efb3:d3d4:2a5c]) by CY4PR1101MB2119.namprd11.prod.outlook.com ([fe80::1dbf:efb3:d3d4:2a5c%8]) with mapi id 15.20.2835.023; Thu, 26 Mar 2020 02:44:15 +0000 From: "Zurcher, Christopher J" To: "devel@edk2.groups.io" , "Yao, Jiewen" CC: "Wang, Jian J" , "Lu, XiaoyuX" , Ard Biesheuvel , "david.harris4@hp.com" , "Kinney, Michael D" Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64 Thread-Topic: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64 Thread-Index: AQHWAw0aWzdiHuy2CkyTUK3Aoep296haFGIA Date: Thu, 26 Mar 2020 02:44:15 +0000 Message-ID: References: <20200317102656.20032-1-christopher.j.zurcher@intel.com> <20200317102656.20032-2-christopher.j.zurcher@intel.com> <15FFB5A5A94CCE31.23217@groups.io> <74D8A39837DF1E4DA445A8C0B3885C503F99C64F@shsmsx102.ccr.corp.intel.com> In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503F99C64F@shsmsx102.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-reaction: no-action dlp-product: dlpe-windows x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNjIyYTM2MzUtMzMxMS00N2RkLTliMWQtZmFiMTIyYzUzOGFkIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiR1lRdDBubTVBSGVoZmJoMEdnY2JuTGlQSFRRT3dQRVBqSGx3Zjg5bEhNY1JkNHdKRUc1M3RKZ2tsSTF0QUU5NSJ9 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christopher.j.zurcher@intel.com; x-originating-ip: [134.134.136.213] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b1f7769f-1d49-4020-7d28-08d7d12f92d4 x-ms-traffictypediagnostic: CY4PR1101MB2312: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0354B4BED2 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(39860400002)(136003)(366004)(396003)(346002)(376002)(66446008)(110136005)(66946007)(6506007)(53546011)(9686003)(76116006)(66556008)(81166006)(107886003)(52536014)(64756008)(26005)(66476007)(8936002)(81156014)(8676002)(54906003)(4326008)(86362001)(33656002)(5660300002)(186003)(2906002)(7696005)(478600001)(316002)(55016002)(71200400001)(966005)(6636002);DIR:OUT;SFP:1102;SCL:1;SRVR:CY4PR1101MB2312;H:CY4PR1101MB2119.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /4ZK4ByBgRZDMhNrZHAXCoskuT2A3lKGDNF0wm2QhQusUguUqTRSIEW2QiYsOrOtdOmsVTObyUsSYDBLwL/yoaSO+2IfDQSita0NXzo1/ZWSBURpdfBfy2zag/raus/Yzho203tgtc+x2fAQ/cLaP4Yuj0pkiTofIE1/S8SakykrPJ5LYTR0572UbtVX91GynQSo6D5qY55q5p4PSFWfn7QBPV8akvBXv3HTQcaSATpKMQogcF4KAlw0UrUyWb5rVdJXHn/eQalLZRFfIiLu3zzM97mASqfOxxJ7f5IdmJw3+deErJ+WXeEOqz1ldxbigLIRqHeWKdu6TAEPUEJShxRli1iQAEmD8eodmmgJDeRlarrI0EokQecWgFqXV0OgLaVd7SL1sS2lexNWOpGHiNdh8pdVbH+0/UYzIqNg5j7dqJD4S49QL9XB65YEaUTlQ6p8KqHtAnu9hJOnCFIglEsYHxHn0pZ4F1DAhCzD783LEu3/YW9ooG23S63TgpXJaLTaw1aCLneabJ5lqfFVIw== x-ms-exchange-antispam-messagedata: 9/ww45oTt/GwCF4qKx8UbxBTa1zMtTvZJ/c+W9Dlr5Tj3kckVmw+O+tmBvApljgOlzkWa9YB03XiKINJWLS2NVrFRIS/4Sv187/nX3hRGkbIT0/X7XeR8GrnCtDhqrY3GwkTHxEM2C2KxB1QAY6FOw== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: b1f7769f-1d49-4020-7d28-08d7d12f92d4 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2020 02:44:15.2142 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: r9QSo/xztqPhG9i/Xh8jjMfhi0c8/xtdFHRgLoHSRAN5WJZZbQ7pswMSJcIfjZmlugtdGXCYkOJTtQmUe3wismilq9nXjeRW+j8zq1iyN5o= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2312 Return-Path: christopher.j.zurcher@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The specific performance improvement depends on the operation; the OS provi= sioning I mentioned in the [Patch 0/1] thread removed the hashing as a bott= leneck and improved the overall operation speed over 4x (saving 2.5 minutes= of flashing time), but a direct SHA256 benchmark on the particular silicon= I have available showed over 12x improvement. I have not benchmarked the i= mprovements to boot time. I do not know the use case targeted by BZ 2507 so= I don't know what benefit will be seen there. I will look at unifying the INF files in the next patch-set and will also = add the OpensslLibCrypto.inf case. I have not exercised the AVX code specifically, as it is coming directly f= rom OpenSSL and includes checks against the CPUID capability flags before e= xecuting. I'm not entirely familiar with AVX requirements; is there a known= environment restriction against AVX instructions in EDK2? Regarding RNG, it looks like we already have architecture-specific variant= s of RdRand...? There was some off-list feedback regarding the number of files required to= be checked in here. OpenSSL does not include assembler-specific implementa= tions of these files and instead relies on "perlasm" scripts which are pars= ed by a translation script at build time (in the normal OpenSSL build flow)= to generate the resulting .nasm files. The implementation I have shared he= re generates these files as part of the OpensslLib maintainer process, simi= lar to the existing header files which are also generated. Since process_fi= les.pl already requires the package maintainer to have a Perl environment i= nstalled, this does not place any additional burden on them. An alternative implementation has been proposed which would see only a lis= ting/script of the required generator operations to be checked in, and any = platform build which intended to utilize the native algorithms would requir= e a local Perl environment as well as any underlying environment dependenci= es (such as a version check against the NASM executable) for every develope= r, and additional pre-build steps to run the generator scripts. Are there any strong opinions here around adding Perl as a build environme= nt dependency vs. checking in maintainer-generated assembly "intermediate" = build files? Thanks, Christopher Zurcher > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, Jiew= en > Sent: Wednesday, March 25, 2020 18:23 > To: devel@edk2.groups.io; Yao, Jiewen ; Zurcher, > Christopher J > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Eugene Cohen ; Ard Biesheuvel > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > instruction support for IA32 and X64 >=20 > Some more comment: >=20 > 3) Do you consider to enable RNG instruction as well? >=20 > 4) I saw you added some code for AVX instruction, such as YMM register. > Have you validated that code, to make sure it can work correctly in curr= ent > environment? >=20 >=20 >=20 >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Yao, Ji= ewen > > Sent: Thursday, March 26, 2020 9:15 AM > > To: devel@edk2.groups.io; Zurcher, Christopher J > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > ; > > Eugene Cohen ; Ard Biesheuvel > > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > > instruction support for IA32 and X64 > > > > HI Christopher > > Thanks for the contribution. I think it is good enhancement. > > > > Do you have any data show what performance improvement we can get? > > Did the system boot faster with the this? Which feature ? > > UEFI Secure Boot? TCG Measured Boot? HTTPS boot? > > > > > > Comment for the code: > > 1) I am not sure if we need separate OpensslLibIa32 and OpensslLibX64. > > Can we just define single INF, such as OpensslLibHw.inf ? > > > > 2) Do we also need add a new version for OpensslLibCrypto.inf ? > > > > > > > > Thank you > > Yao Jiewen > > > > > -----Original Message----- > > > From: devel@edk2.groups.io On Behalf Of Zurch= er, > > > Christopher J > > > Sent: Tuesday, March 17, 2020 6:27 PM > > > To: devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; > > > Eugene Cohen ; Ard Biesheuvel > > > Subject: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > > instruction > > > support for IA32 and X64 > > > > > > > > > >=20 >=20 >=20