From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web11.2857.1675502738884401807 for ; Sat, 04 Feb 2023 01:25:39 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=hK1sr/Xw; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1675502738; x=1707038738; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=q90dNhZWVez6QHcVE4ENzNDol9kkAmE7nW3TCtwqtio=; b=hK1sr/XwDwNsT/LIOh0M9FpwbIay45HWA0xL//BiZK1qSdabX3QnXSn8 S/KoVIR+VCbBaItIsvwsx94nU6TqzCMJiJ+GRQSzABPgRRfE4Y0i11yQE Yg7V4WP2rK2NuBGe8KpnfXARUkvoMnPGjdDGmAgbdH/Hqmj1oBqt9x81C um1FuPmfVoEq1EqzqvEyPLqNCongRicPV8/TyMKZOb+O263lAN+2buGaU 5kPa+589YpFzGUPsZvwWj5OIGqcWC8zFm5bA/DdYo+AY1mJqtBRpRsO74 0ogXFO4+DvOtgK2/XHu3h3KRERCBDAl7JapzdPwUpxC2lWOdz9G0wDalx A==; X-IronPort-AV: E=McAfee;i="6500,9779,10610"; a="331060313" X-IronPort-AV: E=Sophos;i="5.97,272,1669104000"; d="scan'208,217";a="331060313" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Feb 2023 01:25:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10610"; a="994763611" X-IronPort-AV: E=Sophos;i="5.97,272,1669104000"; d="scan'208,217";a="994763611" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmsmga005.fm.intel.com with ESMTP; 04 Feb 2023 01:25:37 -0800 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Sat, 4 Feb 2023 01:25:37 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Sat, 4 Feb 2023 01:25:37 -0800 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.104) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Sat, 4 Feb 2023 01:25:37 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TwDYJY0Inxa5NXI209o+itHH7uEsn84HMAQfoAW2IFoCULhcdABfiDK8F+C7qGhJlyeLU+8q8hOCZi5XmKHe8pc5ImX/nd39Wflf8RByD8+fOG+eL+n2qRonDz3BwHmUyAowptfu/LQWx5YIq2+FCavv59s0/Fndfx5TAv2yXvwLUZMxhr4rqyP73Ja8vcA+cZIPyOtmJX7Ob0zi+u8pSC4KSeFjJFvgZIfl2V6gkUY29ytT7S5SNXuZQm83F8pFsRCm2SvS8b7KlkR0D9C/Vw7lQstOVTWXSV28/ZZx3+3BtZs6KeFGyFyun3cyyVvzL2homyr4zR7h3LZFt92eGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7KGBBTeAOhGBjiV3KUh7zhIqPQ9FdsX0bRhCQFKOERs=; b=bJr2QAzc2QbTg6/PjTP89+XnZwgKM89DbjL03id6gijvDHuXYoyF17xl/N+jU9SkWgIHPL1xlQyVNIegqwTkvUs0MiLRLacrmlfDtNi/kDSMiAdY/kCDu5TVyhd26qYkDkAcaTbdflFKHWIjFB4Z5PN0kwHMa5Ur3dC/Iqsw7M228Tt6S5OeNjcts3VApZgd6+jaiS/301in7BWalyEeSolbbXfWo+cmbJLaQNoDKcEbqnzbGIyg4VclCCtVIMQt7YLZuucPvk80wSpFxeWdP1AHRkwvCEsD5SzuNYAZPAPRv24IH6qU/NqlTR8quLCjqLR0qOT7ad+Xepw6Nv4/Cw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by DM4PR11MB6017.namprd11.prod.outlook.com (2603:10b6:8:5c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.27; Sat, 4 Feb 2023 09:25:30 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::96f4:ad8:3fb9:b60d]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::96f4:ad8:3fb9:b60d%7]) with mapi id 15.20.6064.032; Sat, 4 Feb 2023 09:25:30 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" Subject: [RFC] [staging/CryptoLibrary] Openssl1.1 replacement proposal Thread-Topic: [RFC] [staging/CryptoLibrary] Openssl1.1 replacement proposal Thread-Index: Adk4csuO07OjcS6ETc6HFXunhAS8NwAB5MAQ Date: Sat, 4 Feb 2023 09:25:29 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|DM4PR11MB6017:EE_ x-ms-office365-filtering-correlation-id: 8a22cab6-097e-45d4-6ccd-08db0691c210 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: fhLRpX3TfyVZXfMF/w9kTbB7f+BfDmU5wAqvL7WjISrbWCp3xd/hBjbXo8M3xpciMlRsp0K+VGN5ZxtfOtAldtv4GvSLMEAYfpcTrwF3FNdLh4XZjHRLiWSbAXeeTcuTQK3yGflIdDivAYxnBYrqrHPiO1yUUBqdo4JhV8VgYGmXci7/wOiFpaCDWz5ljN6U6Mmd9qsafgtUF2I9bdAMjft5hYeWwISTrwXDJWgHuX9EFGIqjkVIXfNJ5gBA49cU7RWNocY8pcjbS8PLKMrhOrjvGQ4x0D839jP7bL9/M6ZRzS4hZ9N17aI/D++EV6v7paRYEuSRopfVTIequMkmqbPFz1q9mj8IiRhX0PL/SQWoDdRzRDAvfMRGVDRZeQxLfHHHJh+OxmsgXxWoTNfR0OgrGa1VXVqw1vwoZpIZWcKj2zRTGv/PGf2OVOWWcNeX3AQWRVEHa2Z680iS5zWqIkLVE/KrYfBSCD6T/1sVZW151wc3jtW4yaPy47WCYRhP9FNMA++IX6M4VRww+hTRh2eck34XUYy3gYRjngqOygpLpPx7m5NbwVHKJHXnsg45e7nQ8ZXq0d6Ys/96gr+lAGcW9uVlfpGkCdHZMZsxX9QldAVfG4+nWbYdtoz/VGejmOuJ2cXSVru2u09cd9/td0TwOBU3ft8A/hylveqvJ351+ZOQ+v41Zuww6K/CkMTJqOrjqVKwAUgh7SZ1nhjeY2Z5LN2F4Mzpw9nnCpF+1cw3ljc/UvGgrIrpgqC6rA1u0O7BuJQGoij0P4vfb2fetg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(136003)(376002)(346002)(39860400002)(396003)(366004)(451199018)(166002)(41300700001)(38070700005)(86362001)(6916009)(66574015)(66556008)(316002)(76116006)(38100700002)(55016003)(8676002)(122000001)(82960400001)(66446008)(83380400001)(66946007)(66476007)(6506007)(186003)(966005)(5660300002)(9326002)(33656002)(478600001)(52536014)(64756008)(71200400001)(8936002)(9686003)(7696005)(2906002)(2940100002)(26005)(66899018);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?i8SFl7mgJUlAXIQYiS5CkN3n38zp2JltAFffd3JfD/TCz3nDga7o2JLk84?= =?iso-8859-1?Q?fkyd5OXHk6B89SiCUplQCqdruZAP3mFvk1HFFR+NzLmHMzQRg67H9S/E9t?= =?iso-8859-1?Q?9yshDkeFsesg7OqKuEkfqWrFIu6UVObqpElMnKTIFOVRTu7OhREqygopDT?= =?iso-8859-1?Q?qD2BjhxCV7oW6K9ONQXtQXW0chzgn6/byFqEYwRZxp9zTAEZcN2Fuo2zf3?= =?iso-8859-1?Q?NqMImJH9pIL7Ne4u1uqVUE+eH3IQkLq7udlrU5DRfXlz9XeiuyfYU8/ee7?= =?iso-8859-1?Q?GccL1kxFpSTPmYifEdTXosDOIjKn3PxU2tjFUsd1XcRTv90TArZ/wgD1+A?= =?iso-8859-1?Q?MMN2T0jGIyZrjOOHdYtv5mn0bAtpWvAAwjcxLJQ6VGJVbQZqdDk9ZJxUqr?= =?iso-8859-1?Q?0NNGHDvgRzy6V51qyghmZfZnLMvyXrwwOacOlxdbZ0vw+PfGBvElJCvN6G?= =?iso-8859-1?Q?9XeLULznpEicr9FV4NdTwx0/MbxUEcJTOdp2ffa/t7hx92cIZ2UeuwcIo+?= =?iso-8859-1?Q?oMEtrlOIF9BEMxI6urh3tRR8agIcOYM+HZ7MKAIicYXMeUFIVCkVx0vRJC?= =?iso-8859-1?Q?RSTgs7qZmUPVjSOu+AxBaVI0OJoR7FiPTgU6eMNCaVxLW4CoT3CLPY9Xiy?= =?iso-8859-1?Q?p8Oi3ZnUZoPS4zGy67SsL+bFPxQ3hVgnGhUiUfOGpwsRAoW7/WRY7oQrzv?= =?iso-8859-1?Q?t6VtN1pB9lwgBLvEEMwuHemTwVq7g0A/Ta/njReN/8a1dUZZPuDn3QpyQL?= =?iso-8859-1?Q?JKOP4A36y5HoCnFGD1QYSa/MZfVHrpTw19ksi/URK8lZscE1JCaDbw2QqO?= =?iso-8859-1?Q?5pIyS1G8Z1hUqEgHLNVa/dUW8H+lYi/nzuMgrkp4IW+Xb/4elLlqBFeNli?= =?iso-8859-1?Q?6Npt8aBPqtPPN2tmWAgjl2LPiitJpkqxVD0CxfSzZdgm26NZ4bSJhBVyAf?= =?iso-8859-1?Q?MDHvcAjmQCJNxmGTQdJ+hegmfbRW8KqTE2vGIfu6okPfvFNv6d0Diz4aE/?= =?iso-8859-1?Q?UQDTWBumktcRV/popvU106ByI1vUPI9DQtq5Pu8V62uCruqDD7bWo6tUlT?= =?iso-8859-1?Q?FqJolfNgvoaEMvKkbu6v5ukaBNCv9pZcOEZRvpqtYzFw2DhDL44uLYepfe?= =?iso-8859-1?Q?P6XX/4QujqPM6qtfvBF6jvmcKuabunLwY1qDvo2sGSgpl65t/vop/JhU3c?= =?iso-8859-1?Q?R782H8VZu3eD/Ins/dpLPITL4cbC7g67c37ntyUqB6BovX7Fd6qpPf8osj?= =?iso-8859-1?Q?0s0hHFqunXw/7a1AOftu21O8Y8c9APQVR4Bwm+gfsDDGF2+kUkIgAK2OXC?= =?iso-8859-1?Q?D7NLGnCY3xTR1tnHss547Zi17GCvWeQ4CbChqtLxThoeuTGCQZknWtqVOT?= =?iso-8859-1?Q?r+pNvKjrxv8VhpQyG8BJnfbCoa24aHs3zDtw5zP+F9qLE1FhcRiODwdu1f?= =?iso-8859-1?Q?ccnkX+w3JN26GAULizT4Cdvc1a9oCMeOlVdSQjfpOu1SWyAUxePQtXJp6N?= =?iso-8859-1?Q?iK+mpsboutdrvc5X6lmnupz8yRo4TZvs74sWIErKGWmDm0LL9phqKlIv5O?= =?iso-8859-1?Q?8I1wBEYxGmWFjRpt9QeEclvWPrSXMr6lwnEzZPXIhB/oF2UfKB7O3lc7sX?= =?iso-8859-1?Q?mpnHdCIrlNjgDLj0SDrhichFxc/JO7Q0MD?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8a22cab6-097e-45d4-6ccd-08db0691c210 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Feb 2023 09:25:29.8312 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pC0GsSABYh8UCFitgQgXb//1b/F/lpNDSOQG3/I0gYJhWQeBzZq33+bBaJxAqyFaOPIaa6dIc9FEBJvLuzrVRg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6017 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MW4PR11MB58721619F00F0D9E3D47F7698CD49MW4PR11MB5872namp_" --_000_MW4PR11MB58721619F00F0D9E3D47F7698CD49MW4PR11MB5872namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello I would like to give a proposal for the openssl 1.1 replacement in EDKII co= mmunity. [Problem Statement] Openssl 1.1 is about to EOL at September, 2023. We need find replacement. Bugzilla: 1. Openssl3.0: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3466 2. MbedTls: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 [POC result] 1. The natural successor is Openssl 3.0. However, it brings size issue according to the POC evaluation - https://edk= 2.groups.io/g/devel/topic/87479913. The concern is that: The size of flash is fixed. If we na=EFve replace it d= irectly, the existing platforms may be broken immediately. 2. The alternative is MbedTls, which is much smaller. However, there is feature gap, e.g. PKCS7 is not there. 3. At same time, we evaluated other crypto library. A. Intel-IPP: https://software.intel.com/en-us/intel-ipp , https://github.c= om/intel/ipp-crypto (Apache license) - CON: Only crypto primitive, no certi= ficate, no TLS B. Libsodium: https://doc.libsodium.org/, https://github.com/jedisct1/libso= dium (ISC license) - CON: Only crypto primitive, no certificate, no TLS C: BoringSSL: https://github.com/google/boringssl (ISC license) - CON: Goog= le only project. It says: "We don't recommend that third parties depend upo= n it." D: WolfSSL: https://www.wolfssl.com/, https://github.com/wolfSSL/wolfssl (G= PL license) - CON: GPL License issue. E: BearSSL: https://bearssl.org/ (MIT license) - CON: Current version is 0.= 6. It is now considered beta-quality software. [Proposal] 1. Let's put *Openssl 3.0 POC* to *edk2-staging*, and continue the research= on how to reduce the size. It is possible that we may need add MACRO to Openssl 3.0 to reduce the size= . We can do POC and submit to openssl community. 2. Let's put *MbedTls POC* to *edk2-staging*, and continue the research on = how to add missing features. 3. If 1 or 2 can success, we can replace openssl 1.1 with one crypto lib. If both 1 and 2 fail, we may use *dual-crypto module*. For example: mbedtls= for PEI and openssl3.0 for DXE. The source code size will become larger, more time to download the tree. 4. We need control the quality of Openssl 1.1 replacement to avoid regressi= on. I propose the check-in criteria below: A) Size delta < +10% B) No API change. C) All existing crypto usages in EDKII are covered, including: UEFI Secure Boot - image verification/auth variable update (PKCS7) TCG Trusted Boot (SHA2/SM3) UEFI/PI FMP Capsule (PKCS7/PKCS1-v1.5-RSA) HTTPs Boot (TLS 1.2/1.3) BIOS Password (PKCS5-PBKDF) iSCSI (SHA2) HDD Password (SHA2) Hash2Dxe (SHA2) Pkcs7Verify (PKCS7) D) All crypto APIs in EDKII are covered besides above use case, including: SHA3-ParallelHash HMAC/HKDF ECC E) All crypto test need pass. Please review and provide your feedback. [Misc] I would like to clarify my position on the original openssl 3.0 path, to av= oid the misunderstanding: A) I never expressed a desire to retain the OpenSSL 1.1. (I am sorry, if I = did not say that clearly.) B) I raised the concern that *current OpenSSL 3.0 patch requires more impro= vement*, because it will increase the size and break the existing platform. It has no difference with other comment I give in the EDKII. If we want to = check in, we need resolve the concern and ensure it can still work with exi= sting platform. Last but not least, I would like to suggest *again* that we maintain *a civ= il and healthy community environment*. (Thanks, Ard) NOTE: All EDKII maintainers are doing volunteer work here. We are using dev= elopment mailing list. Let's focus on technical topic. If anyone has any constructive technical idea, feel free to express your op= inion, and we are happy to listen and discuss. Any collaboration, patch submission, and validation are more than welcome. This is not a small work. We need all EDK-II community people's help to dea= l with this OpenSSL 1.1 EOL. Thank you Yao, Jiewen --_000_MW4PR11MB58721619F00F0D9E3D47F7698CD49MW4PR11MB5872namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello

I would like to give a proposal for the openssl 1.1 = replacement in EDKII community.

 

[Problem Statement]

Openssl 1.1 is about to EOL at September, 2023. We n= eed find replacement.

 

Bugzilla:

1. Openssl3.0: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3466

2. MbedTls: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177

 

[POC result]

1. The natural successor is Openssl 3.0.<= /p>

However, it brings size issue according to the POC e= valuation - https://edk2.grou= ps.io/g/devel/topic/87479913.

The concern is that: The size of flash is fixed. If = we na=EFve replace it directly, the existing platforms may be broken immedi= ately.

 

2. The alternative is MbedTls, which is much smaller= .

However, there is feature gap, e.g. PKCS7 is not the= re.

 

3. At same time, we evaluated other crypto library.<= o:p>

A. Intel-IPP: https://software.intel.com/en-us/intel-ipp , https://github.com/intel/ipp-crypto (Apache license) - CON: Only crypto= primitive, no certificate, no TLS

B. Libsodium: https://doc.libsodium.org/, https://github.com/jedisc= t1/libsodium (ISC license) - CON: Only crypto primitive, no certificate= , no TLS

C: BoringSSL: https://github.com/google/boringssl (ISC license) – CON: Google o= nly project. It says: “We don't recommend that third parties depend u= pon it.”

D: WolfSSL: htt= ps://www.wolfssl.com/, https://github.com/wolfSSL/w= olfssl (GPL license) - CON: GPL License issue.

E: BearSSL: https:/= /bearssl.org/ (MIT license) – CON: Current version is 0.6. It is = now considered beta-quality software.

 

[Proposal]

1. Let’s put *Openssl 3.0 POC* to *e= dk2-staging*, and continue the research on how to reduce the size.=

It is possible that we may need add MACRO to Openssl= 3.0 to reduce the size. We can do POC and submit to openssl community.

 

2. Let’s put *MbedTls POC* to *edk2-= staging*, and continue the research on how to add missing features.

 

3. If 1 or 2 can success, we can replace openssl 1.1= with one crypto lib.

If both 1 and 2 fail, we may use *dual-crypto mod= ule*. For example: mbedtls for PEI and openssl3.0 for DXE.

The source code size will become larger, more time t= o download the tree.

 

4. We need control the quality of Openssl 1.1 replac= ement to avoid regression.

I propose the check-in criteria below:

A) Size delta < +10%

B) No API change.

C) All existing crypto usages in EDKII are covered, = including:

UEFI Secure Boot - image= verification/auth variable update (PKCS7)

TCG Trusted Boot (SHA2/S= M3)

UEFI/PI FMP Capsule (PKC= S7/PKCS1-v1.5-RSA)

HTTPs Boot (TLS 1.2/1.3)=

BIOS Password (PKCS5-PBK= DF)

iSCSI (SHA2)<= /p>

HDD Password (SHA2)=

Hash2Dxe (SHA2)

Pkcs7Verify (PKCS7)=

D) All crypto APIs in EDKII are covered besides abov= e use case, including:

SHA3-ParallelHash

HMAC/HKDF

ECC

E) All crypto test need pass.

 

Please review and provide your feedback. =

 

 

[Misc]

I would like to clarify my position on the original = openssl 3.0 path, to avoid the misunderstanding:

A) I never expressed a desire to retain the OpenSSL = 1.1. (I am sorry, if I did not say that clearly.)

B) I raised the concern that *current OpenSSL 3.0= patch requires more improvement*, because it will increase the size an= d break the existing platform.

It has no difference with other comment I give in th= e EDKII. If we want to check in, we need resolve the concern and ensure it = can still work with existing platform.

 

 

Last but not least, I would like to suggest *agai= n* that we maintain *a civil and healthy community environment*.= (Thanks, Ard)

NOTE: All EDKII maintainers are doing volunteer work= here. We are using development mailing list. Let’s focus on technica= l topic.

If anyone has any constructive technical idea, feel = free to express your opinion, and we are happy to listen and discuss.<= /o:p>

Any collaboration, patch submission, and validation = are more than welcome.

 

This is not a small work. We need all EDK-II communi= ty people’s help to deal with this OpenSSL 1.1 EOL.

 

Thank you

Yao, Jiewen

 

--_000_MW4PR11MB58721619F00F0D9E3D47F7698CD49MW4PR11MB5872namp_--