Re: [edk2-devel] [PATCH 00/11] OvmfPkg: add Crypto Driver support

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Li, Yi" <yi1.li@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"kraxel@redhat.com" <kraxel@redhat.com>,
	Ard Biesheuvel <ardb@kernel.org>
Cc: "Xu, Min M" <min.m.xu@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Michael Roth <michael.roth@amd.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	"Wang, Jian J" <jian.j.wang@intel.com>,
	"Justen, Jordan L" <jordan.l.justen@intel.com>,
	Pawel Polawski <ppolawsk@redhat.com>,
	Oliver Steffen <osteffen@redhat.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	"Lu, Xiaoyu1" <xiaoyu1.lu@intel.com>,
	"Aktas, Erdem" <erdemaktas@google.com>,
	"Jiang, Guomin" <guomin.jiang@intel.com>,
	James Bottomley <jejb@linux.ibm.com>
Subject: Re: [edk2-devel] [PATCH 00/11] OvmfPkg: add Crypto Driver support
Date: Tue, 7 Feb 2023 03:15:56 +0000	[thread overview]
Message-ID: <DM4PR11MB62394AE4C9CB1A21543DAE3EC5DB9@DM4PR11MB6239.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20230206082112.v7cl2wiyinhjwxri@sirius.home.kraxel.org>

Add -DOPENSSL_NO_AUTOALGINIT flag will reduce PEI size by ~60KB, based on patch you attached.

This flag will break PKCS7, Authenticode and Ts, but will be fine if only used in PEI builds.

Regards,
Yi

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd Hoffmann
Sent: Monday, February 6, 2023 4:21 PM
To: Ard Biesheuvel <ardb@kernel.org>
Cc: devel@edk2.groups.io; Xu, Min M <min.m.xu@intel.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Michael Roth <michael.roth@amd.com>; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Pawel Polawski <ppolawsk@redhat.com>; Oliver Steffen <osteffen@redhat.com>; Tom Lendacky <thomas.lendacky@amd.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Aktas, Erdem <erdemaktas@google.com>; Jiang, Guomin <guomin.jiang@intel.com>; James Bottomley <jejb@linux.ibm.com>
Subject: Re: [edk2-devel] [PATCH 00/11] OvmfPkg: add Crypto Driver support

> > > > PEI jumps up in size even though I'm using the min_pei config 
> > > > for CryptoPei, seems it *still* has way too much bits compiled 
> > > > in (didn't look into tweaking the config yet, hints are welcome).
> > > >
> > > > +  333950 CryptoPei
> > >
> > > Why would we use this for PEI if the size increases?

> Could we build CryptoPei with fewer algorithms built into it?

Patch attached below brings it down to

  211582 CryptoPei

Which still is quite big for some reason ...

take care,
  Gerd

commit a0ecb20af423d4b97fd008ac05807c46dcad3a53
Author: Gerd Hoffmann <kraxel@redhat.com>
Date:   Mon Feb 6 08:52:41 2023 +0100

    pei needs hashes only

diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
new file mode 100644
index 000000000000..1ead17340b6c
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
@@ -0,0 +1,10 @@
+##
+#  SPDX-License-Identifier: BSD-2-Clause-Patent ##
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                      | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc
index e34444dde470..3ab90d7718f5 100644
--- a/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc
@@ -12,7 +12,8 @@
       TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
       OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
     <PcdsFixedAtBuild>
-!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
+#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
   }
 
   CryptoPkg/Driver/CryptoSmm.inf {

     prev parent reply	other threads:[~2023-02-07  3:16 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-03 13:27 [PATCH 00/11] OvmfPkg: add Crypto Driver support Gerd Hoffmann
2023-02-03 13:27 ` [PATCH 01/11] CryptoPkg: move Driver PCD configs to include files Gerd Hoffmann
2023-02-03 13:27 ` [PATCH 02/11] OvmfPkg: add OvmfCryptoLibs.dsc.inc Gerd Hoffmann
2023-02-03 13:27 ` [PATCH 03/11] OvmfPkg: OvmfPkgX64: use Crypto Libs include Gerd Hoffmann
2023-02-03 13:27 ` [PATCH 04/11] OvmfPkg: Add Crypto driver support, add more OvmfCrypto*.inc files Gerd Hoffmann
2023-02-03 13:28 ` [PATCH 05/11] OvmfPkg: OvmfPkgX64: use new Crypto support includes Gerd Hoffmann
2023-02-03 13:28 ` [PATCH 06/11] OvmfPkg: add OVMF_X64_CRYPTO_DRIVER test case Gerd Hoffmann
2023-02-03 13:28 ` [PATCH 07/11] OvmfPkg: OvmfPkgIa32X64: use crypto includes Gerd Hoffmann
2023-02-03 13:28 ` [PATCH 08/11] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
2023-02-03 13:28 ` [PATCH 09/11] OvmfPkg: Microvm: " Gerd Hoffmann
2023-02-03 13:28 ` [PATCH 10/11] OvmfPkg: IntelTdx: " Gerd Hoffmann
2023-02-03 13:28 ` [PATCH 11/11] OvmfPkg: AmdSev: " Gerd Hoffmann
2023-02-03 13:33 ` [PATCH 00/11] OvmfPkg: add Crypto Driver support Ard Biesheuvel
2023-02-03 15:36   ` [edk2-devel] " Gerd Hoffmann
2023-02-03 15:57     ` Ard Biesheuvel
2023-02-03 16:28       ` Gerd Hoffmann
2023-02-03 19:45         ` Pedro Falcato
2023-02-03 23:24           ` Ard Biesheuvel
2023-02-04  1:08             ` Pedro Falcato
2023-02-04  7:56               ` Ard Biesheuvel
2023-02-04  1:13             ` Marvin Häuser
2023-02-04  8:05               ` Ard Biesheuvel
2023-02-04  9:58                 ` Marvin Häuser
2023-02-04  8:10         ` Ard Biesheuvel
2023-02-06  8:21           ` Gerd Hoffmann
2023-02-07  3:15             ` Li, Yi [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1ead17340b6 dfblob:e34444dde47 dfblob:3ab90d7718f )
 OR (
bs:"Re: [edk2-devel] [PATCH 00/11] OvmfPkg: add Crypto Driver support" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DM4PR11MB62394AE4C9CB1A21543DAE3EC5DB9@DM4PR11MB6239.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox