From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.75303.1675739768036161502 for ; Mon, 06 Feb 2023 19:16:08 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=UC55oETP; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1675739768; x=1707275768; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=jGbvSbb4sCzANOguIgc1sGGgFX8HBX6DPH4xT3PdSMk=; b=UC55oETPFftBMeih0P2iA6re87vxZxhRrYU88yioLcOd9qv/3AHGvFh2 HrAGwT8C97Oy9xkqD/9epOJOL5t4xoQXhfVUPgX+fK0FMPfbSR46chmFy POIdaHGZ33Qum2QSibNa2/7VYIADY3lk1RhubQUXykfHQLJxRon6YyXz6 qDGhnDOfFo7D+9pw1llywoDZW08UufFKxs+cOBiBvjM3DTf36EiLNR/FF sAfm645PLJZtMpdGyglK/nPB4iWP3eY+fEqYH1w7Z9vXyt8SjvfmmyZcY RqfC+OvkbzjsqmtRHU4UYaeNeSRuUziHkW8Rf6Pl3k55Lmh7qEv3XxWRY Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10613"; a="415609391" X-IronPort-AV: E=Sophos;i="5.97,278,1669104000"; d="scan'208";a="415609391" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Feb 2023 19:16:07 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10613"; a="840608783" X-IronPort-AV: E=Sophos;i="5.97,278,1669104000"; d="scan'208";a="840608783" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga005.jf.intel.com with ESMTP; 06 Feb 2023 19:16:06 -0800 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Mon, 6 Feb 2023 19:16:06 -0800 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Mon, 6 Feb 2023 19:16:06 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Mon, 6 Feb 2023 19:16:06 -0800 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.168) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Mon, 6 Feb 2023 19:16:05 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g6kLnE+zyNYG+t5sBr2U/pehSFUjMt87R6MbrlaPskSN3xLRH4g11xwo3zXz7YJSQ2QDWFOaPyW9iyiwJQ3C4BFnQBXMak3vY/r3pWMt/IiprYBnM9tKGCPPyaCxK+wiOEbt3t5tY8RGe43a8S2YLsEVQ7OZDA022nrIhPaLqR4QE/gFTzLZ3ORBqPWnCkJ5jy/wGUeVq1ncTcVDhxvgEr+cDBbt38AoZ1cF6LHd2/ZYixr9L6dJ9LhRjHRtNEkYdaOWHsFqqrss7GNusf6hjXOqRGuuFQS9Z/KzzYoiWMrmKbz03kMoOO4inWj1lJgT2EiEsLfBpVGS66b86EcstQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XsXU+Yo6XLhjlKbl4vxdgnPb452b2Z0b/DaPvilghoc=; b=bua5DcGVUW97mps8jsMjif5RoAjFmN+Ozm+TP/TSf+Ub8eCIs9p2dHd3CD4At1na0YiQJN/pZJBPwq0USbjkzPMqpv4qQHrs6YHE/ztzvDBJmMeUG8V84kacxByXEpmJJO4pSO7O3/gVMIDnjJCYeQ16Iq60vCALBUpiFsLAHt022vQOogZAASZ5Da1lgBm4eKrg5Xx6gS91pqQjUqfmOmFBplUuoBU7CsUVolXbvjgxswG0GaDaFhbLvJ11HWF27gNXms0QgK9gBsP5znn9QPJfgInyIy+hq6JS1q/uhQiBvyfCNCK/jKCN/CTJXyGrCQvDLMrHomZPfeSSu5b7Mw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from DM4PR11MB6239.namprd11.prod.outlook.com (2603:10b6:8:a7::20) by IA1PR11MB6124.namprd11.prod.outlook.com (2603:10b6:208:3ec::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.34; Tue, 7 Feb 2023 03:15:57 +0000 Received: from DM4PR11MB6239.namprd11.prod.outlook.com ([fe80::9c39:2f31:86fa:3479]) by DM4PR11MB6239.namprd11.prod.outlook.com ([fe80::9c39:2f31:86fa:3479%6]) with mapi id 15.20.6064.036; Tue, 7 Feb 2023 03:15:57 +0000 From: "Li, Yi" To: "devel@edk2.groups.io" , "kraxel@redhat.com" , Ard Biesheuvel CC: "Xu, Min M" , Ard Biesheuvel , Michael Roth , "Yao, Jiewen" , "Wang, Jian J" , "Justen, Jordan L" , Pawel Polawski , Oliver Steffen , Tom Lendacky , "Lu, Xiaoyu1" , "Aktas, Erdem" , "Jiang, Guomin" , James Bottomley Subject: Re: [edk2-devel] [PATCH 00/11] OvmfPkg: add Crypto Driver support Thread-Topic: [edk2-devel] [PATCH 00/11] OvmfPkg: add Crypto Driver support Thread-Index: AQHZN9NqJn/bwa8XGESL+gUSCNQn5K69OHKAgAAilgCAAAXIAIAACLMAgAEHDgCAAye6AIABPNrA Date: Tue, 7 Feb 2023 03:15:56 +0000 Message-ID: References: <20230203132806.2275708-1-kraxel@redhat.com> <20230203153654.pyutijc54a66pe6e@sirius.home.kraxel.org> <20230203162844.gailv3rz3ia3jdpe@sirius.home.kraxel.org> <20230206082112.v7cl2wiyinhjwxri@sirius.home.kraxel.org> In-Reply-To: <20230206082112.v7cl2wiyinhjwxri@sirius.home.kraxel.org> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DM4PR11MB6239:EE_|IA1PR11MB6124:EE_ x-ms-office365-filtering-correlation-id: e26c551e-aad9-4b0a-571b-08db08b9a101 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: EhJ2QLb7OOrOu0+alcxnsCSmWKTOuJcrGJFvPxlQsM01KPiqBsWT98nrdgStx/pL9fjqrSuayWrVqjzEUI1jZ7QUkeWR1NK9IjTTRoQIrxIxkx0qNnLw1X8kWGx/211+7yiA2MeeaRehgRW0BUYQs5rBPRdPfugFfKLVRYQAIQKtreA2mn7H5/u7loRqI4l1l41T65Zn5oYBF8ePAZAhykfRWWuGbBrDiKJTufzp/tJxEhvcqmCvIcHRA6PgUqJxVtRiQSgCPgQ7fqg7FXy/Zno8FXS723aLgiUF2LtnUOUStdAluR17pGUoZIRd664OJG/FenqU/S6VbJrgiV9ivVMEhVXl2jaX8bYSH5IFWbbjo61jF6xu3bMOe/nIfZRCswjADvgUjb8gDte4JLZzE2aQSp3T/KCptUk37ZJ8Gga8H8MIlyAJ3vvdfL1LhtZZdEXZppT84MPZDqs6oGLP4FMXfuhUJ/p2iSgld4Zmiaf+XEby9t3MBQitdkfMoaX9ctBxhaqyG07qKp34ADACwYNJO/DCGOZJBiRjzEJQBF0kk5Ca54KiBX2G/MpNZSmYp/esVyjrD9BxqXFgRpiQ7g15tJmDKMRmFNLh0bRo86+4wkbbl9m5Sqf+rNSey3CUZUcz2A8H1sHjTfpwZ0Y3P/3otiVM2FKpBZ8dnmM4sK4Q6nQGljGq67euG/p+ISEnKyyHKVNtVOYU2Vg8nRiUEbNxg5CdTZW+/w3W50MaJvJQVmSls/sXOtcYwMvNmNt0k3DsBd18GUUdVphFEfJGyQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR11MB6239.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(39860400002)(376002)(346002)(366004)(396003)(136003)(451199018)(83380400001)(38100700002)(76116006)(4326008)(966005)(122000001)(66446008)(64756008)(66556008)(66946007)(54906003)(66476007)(7696005)(8676002)(38070700005)(110136005)(82960400001)(316002)(9686003)(86362001)(26005)(52536014)(53546011)(5660300002)(186003)(6506007)(55016003)(71200400001)(8936002)(478600001)(41300700001)(33656002)(7416002)(66899018)(2906002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?1vjCurKYL5/9fIFQGmWZ0lLhT3HcR9RyoQcbUfXRePpH/2VpHZlK7xejy1j6?= =?us-ascii?Q?Lvg0+GCdnaVbX7D796BROpCsOyo66/nQLMjRSXW1EqctvNdbet+XI9Cw/r6c?= =?us-ascii?Q?6zaYQrm3qgcdFjoNdLxeOVdE91/sUy4Q4V6ebGXRISwGPLGYVV/AP5b3KKQq?= =?us-ascii?Q?vPrG6SAhI3YfIw3GAY4bOCXj4/ND5dUJJ8IiRI7IcKmOGe1i5SAQZe+Fz2gS?= =?us-ascii?Q?LT6XYlgHTXrvn5PJM8qnHUaDGRJ9xy8lrUQ0D3iLvRYzuDv8oDVeeqpm26CV?= =?us-ascii?Q?/d3NkjY42xILbTdjz6R1jHqk5nKxVJPt2reqrK2sJtGw8SnFp5uW6kRMnEoE?= =?us-ascii?Q?5rv7ZFC6rNUvNXUGIXils8fBxZPxHXj/XD+qYSag0pJiM5noP4RY6HaNDzvV?= =?us-ascii?Q?njvRqL3mswX6XV2jKsJTV2QMwB7+vYrs9wcH82bZ7BN+0eE4N2K6FGxLdrjE?= =?us-ascii?Q?lRU1VPSxn5MVTXO50ovrh9Mv4w4pAOwtIo8nmYqlgkmagRluBuSjnOvXQz4B?= =?us-ascii?Q?N1GUxxT5BetXrSboFuMjbqWfoHPVo2xpSG0MXTdgM4JfplmKm7o3hn47yI3Q?= =?us-ascii?Q?q0Uued6E/JdLaRjk6OmbRILFLjSkGeYO3PhXStJc925QkzkiJ24OWrYvEQBy?= =?us-ascii?Q?TJXyZaYkvYpcSeRvTAvIdTH0VA6M34tLrtT/DLBU+Ge4biuDy0UROHYoRv7d?= =?us-ascii?Q?16hnm4v2mBLCZwEFbT4NPt1MggvbXXe8ldMcCsoirGgvuUPs58rU20ioCCzp?= =?us-ascii?Q?gnb5MRCsPv/lu6yL8nGmewuFdruwr0736nBP4vwk5eWmZd863ykx0KmB1NqK?= =?us-ascii?Q?rbXCwOkFIZShZ7PXJkvHresxqxGV2IugW+oY/kU1queKvHxlJw3XPba9jvQQ?= =?us-ascii?Q?dIW2/NC28wQHjwNTzbc2vUik+lSLi5e8EA/kbEh6NJB6JbBHP73IQwQwftRO?= =?us-ascii?Q?/ymCt7x96YSpU3BsHR7pgTFgyKAEAyIDnskG28921uv5tLpQyJACdA4KSobh?= =?us-ascii?Q?jBwH1bF8Pix2Cuf40Neo7Pfl/+mlBLBNMRovtbitWhM+sAYmMCq22roZUWCk?= =?us-ascii?Q?JocRBBXkNowcvdo/fL/mWIuh1lcdPTw/ajKueFtPme7E7ILeGOWHHjBLtILa?= =?us-ascii?Q?EUska1dR41OigcZRVbQGhzzu0NBeB5scaIjrY2mlH6/wg2nesbHwGeM8Z2rg?= =?us-ascii?Q?eFHTN2Y6gqcMWAfHpyECvZOcvrNa5uDC7yy2STJkeE2rAYyykAiO7xsNFn/2?= =?us-ascii?Q?/q6YuK+N/nkSwlPkZnKeN78fLaHeMp7/nlH3jmv6disfo8/GloZa6A1QFj4G?= =?us-ascii?Q?oFMh6Lpo2ifDVyMSo6fIeFQCQ7WQbTEjLlLJ4AFRxg93D2zERZCqL+Jzb8GU?= =?us-ascii?Q?fjo81QEPNK2JohoqEtlHgNaa+g5qysW7Q5cuJ+qTErdqTC4ZcgOJ/0bE77mU?= =?us-ascii?Q?nOEWDjsSmY9GTU+ovjs9XHyC6amLFVz7EHR9o2cuF7wxQWSBdA/qe66QgTlb?= =?us-ascii?Q?hAmo/Ai3v9YPfbMBu5fr3jaznF8Ge6oElk3XrPSLzF40PgWWbLwyqjt943BW?= =?us-ascii?Q?X/bbzGSzfLWuNhQYkSk=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB6239.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e26c551e-aad9-4b0a-571b-08db08b9a101 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2023 03:15:56.5623 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: B9i2c+dEbWNPT0yvZqATNSRbaNwzLz5ND0/tWxbdgSS/xn5bJ6f4PYDETm6jzuJNc/AeQsHFwhXyqgrwZms/eA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB6124 Return-Path: yi1.li@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Add -DOPENSSL_NO_AUTOALGINIT flag will reduce PEI size by ~60KB, based on p= atch you attached. This flag will break PKCS7, Authenticode and Ts, but will be fine if only u= sed in PEI builds. Regards, Yi -----Original Message----- From: devel@edk2.groups.io On Behalf Of Gerd Hoffman= n Sent: Monday, February 6, 2023 4:21 PM To: Ard Biesheuvel Cc: devel@edk2.groups.io; Xu, Min M ; Ard Biesheuvel ; Michael Roth ; Yao, Jiewen= ; Wang, Jian J ; Justen, Jord= an L ; Pawel Polawski ; Oli= ver Steffen ; Tom Lendacky ; = Lu, Xiaoyu1 ; Aktas, Erdem ; J= iang, Guomin ; James Bottomley Subject: Re: [edk2-devel] [PATCH 00/11] OvmfPkg: add Crypto Driver support > > > > PEI jumps up in size even though I'm using the min_pei config=20 > > > > for CryptoPei, seems it *still* has way too much bits compiled=20 > > > > in (didn't look into tweaking the config yet, hints are welcome). > > > > > > > > + 333950 CryptoPei > > > > > > Why would we use this for PEI if the size increases? > Could we build CryptoPei with fewer algorithms built into it? Patch attached below brings it down to 211582 CryptoPei Which still is quite big for some reason ... take care, Gerd commit a0ecb20af423d4b97fd008ac05807c46dcad3a53 Author: Gerd Hoffmann Date: Mon Feb 6 08:52:41 2023 +0100 pei needs hashes only diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc b/Cry= ptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc new file mode 100644 index 000000000000..1ead17340b6c --- /dev/null +++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc @@ -0,0 +1,10 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent ## + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc b/OvmfPkg/Inc= lude/Dsc/OvmfCryptoComponents.dsc.inc index e34444dde470..3ab90d7718f5 100644 --- a/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc @@ -12,7 +12,8 @@ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc +#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc +!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc } =20 CryptoPkg/Driver/CryptoSmm.inf {