From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.7425.1642927289141272702 for ; Sun, 23 Jan 2022 00:41:29 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=nKGBidz7; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642927289; x=1674463289; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=B7W+MeUFGCgJvMDDdYunWyrkROt4A54gdnXcxgAh/fU=; b=nKGBidz7fv4rlGKMl0LnXvV6buRCS8QcZK2emtJFf5IGc3XeqOMwpBht WdH7JWSmUpTe+axIZlRr2T/6B9CTiLQPYZaEu5cbhx4ge6iHcTya3+WU5 U0woiga4I4WodDtx0M4Fa0E32zdJKDvmQrn1nQs0LLW6dyWe2PWeTanvh lGkpgnuTFZgaXRQtLc+bW4jyGzuDMt3GwGe/GoFnOk3/GkwQ094VDOufy ItFDPeDBXYMnxA45gmrgUa/+e6206CrZl3XRxnup7vwIszwCl/8l+Owny FcXXjljX8WbD9dNzw8YxDWbXU5ZE1OM6n1rMNG35kHoIAWZD/1tDaM6gS A==; X-IronPort-AV: E=McAfee;i="6200,9189,10235"; a="226552109" X-IronPort-AV: E=Sophos;i="5.88,309,1635231600"; d="scan'208";a="226552109" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2022 00:41:28 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,309,1635231600"; d="scan'208";a="531791804" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga007.fm.intel.com with ESMTP; 23 Jan 2022 00:41:27 -0800 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Sun, 23 Jan 2022 00:41:27 -0800 Received: from orsmsx605.amr.corp.intel.com (10.22.229.18) by ORSMSX608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Sun, 23 Jan 2022 00:41:27 -0800 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Sun, 23 Jan 2022 00:41:27 -0800 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.45) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Sun, 23 Jan 2022 00:41:26 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SqUy1q9tjIUM81tW3uX1z72B0vKiSVCrtolJ/sOZH1YgBwlHaqvPCIxBKTzTluWOsI7HUqf/WQBwu+rb9ReN3BtpJ2yWDCVBWVE30UqTC7nJt8Y/M8UfpVmF8dIxZXynV1QPOtrAAPB6iHOaxEuKsmjm8Vpiu/L986A/RleC7sD4QTd9OihSlGns3BheExXMj6wNoobdt6Zrwewh15izWOQwk2p/Gd+6AR24Vq5e/N1WWsiGsjXNtRn230rY2Wxi3v4ooAX3PhaNCaArVfTGrgEUMYecsrmNtZ8EHdQffC0GWGS0U+An9zd6VWZotsdjwxwS3neyYc/Lrg6gP1gr4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OMlD6kLLIjfEjcczXqS951PahVfBQtsNJ9ewfx+45IY=; b=l1SQF94SQFAi1JIOMs44zuUBiUFGzaccqVU4BA6JITFezwgm8nvlWcg7u0DUPIlRU+bwyQuSKreAVMZNjIyQw/8h/WpzNhBu/Z+s8gs1FhpnFu4SlXbY7ZkSPPMeGC4YqR9x5bFcU5Z0LvwZ+NNs7zOE55/XPQTQuReX4NDdXr6VBzQuFhHjvf8BZbmHBzphDgLeRwspedBUohQrSOyOjPx3ddOhgNbsyePXPHDYzk1VzgNSqeJTuPG+R93agcwYGfpqrADoQoV1ys92pvlamjiLuyuOwsFPe/CMd1Jxso93nR1fMocDc2UoLqIEHL0xtuihmFfFBC6vsdljdgAb7w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by BN6PR11MB4163.namprd11.prod.outlook.com (2603:10b6:405:7f::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.10; Sun, 23 Jan 2022 08:41:24 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::b8a9:e4f7:e037:771b]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::b8a9:e4f7:e037:771b%8]) with mapi id 15.20.4909.017; Sun, 23 Jan 2022 08:41:24 +0000 From: "Yao, Jiewen" To: "kraxel@redhat.com" CC: "devel@edk2.groups.io" , "Kinney, Michael D" , "Wang, Jian J" , "Jiang, Guomin" , Pawel Polawski , "Lu, XiaoyuX" Subject: Re: [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0 Thread-Topic: [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0 Thread-Index: AQHX6GCcrSX+iLuApUagd2b7DY3nF6wg9g8AgAABa2CARmd9gIABhH+AgASOG4CAAydc4A== Date: Sun, 23 Jan 2022 08:41:24 +0000 Message-ID: References: <20211203160748.866150-1-kraxel@redhat.com> <20220117114627.ji5cyqxkca6bmiaf@sirius.home.kraxel.org> <20220121083035.dsqzu3akshonliza@sirius.home.kraxel.org> In-Reply-To: <20220121083035.dsqzu3akshonliza@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.200.16 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8376e84a-9751-4c6e-7350-08d9de4c237b x-ms-traffictypediagnostic: BN6PR11MB4163:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: uFYXSep/EOTpT8xXJUqpMZ94WLjIVSBu+TYekUcxoyP6djTrCv9Sr6GvqunDCyVj0CAl+ehoSYr+1Rel38jxT1WMeAwCIQIc3sc1rrf4+mtIKtHKi3Bd8YMmM0OsFKqAOTc/l7fllPLKmofGMFFljeIN6SNu0LxiOo37GkOTjbI5cexnp0djMnbGeV2LYECFzDbe+OPmOUajOFRhlv6zDRmuuNtJ3OMkXsRUlcTUe1l1pawOCqEkQyt6kBHHnJDQ1KhUhKonhwnO8pHAdT+P5WHBzglUxzoqAudFu19/EvaFhEdJzGh8+s9c/RcL5fO/g9Uq1fqispsg3DfHYQ3BRgqrNhyjlWAGZ3+F/G6hpmx2r5EOILV3grlGdZBCc7lnrlOm6m6DvdMfB5m4SfULZhYhh9FM96HzPbQ4pSzg6t4s7/5LJu3YLszqCAIwbSebdGLNz7u0xZnGpeK6xAznOMLw4h67L24yJJ0AAWI7yfRNbwOip7aB4oFW5qlCnDk1ekjk3sCDPPUhXyV3vzhsie9QVFii3d9nx9K540WH/OZoeuJbp5kh9+Ax6dwJ+nyK4q6KmGWupGk9VyAVe47wiBQm3XMwpr0qK0uLRwD11UlQvDSI1rGfN0q8qGecKbVCSFfOZtdhrUtYfzOftGG2KWROAhrHp/KBcCn1Z5S8093VVs9QeivJ44XON6j4PHoZX2md2/+gVG21ILfj10hjuGHrdVQidFZeR0EW4PH+iiMZBXuMj9kZstRJVzGhiA0oThb6cD/xj9lJRvjakS1B0L4K+A6DVPolhFqdlNcJv8ZH+UHacFHEHQgbfLwKcyHYC/GU2S1H9l118hh27URohw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(33656002)(19627235002)(66946007)(66476007)(66556008)(64756008)(107886003)(66446008)(4326008)(8676002)(2906002)(54906003)(52536014)(38070700005)(508600001)(55016003)(966005)(15650500001)(316002)(45080400002)(9686003)(8936002)(6916009)(71200400001)(82960400001)(122000001)(38100700002)(86362001)(26005)(186003)(76116006)(83380400001)(53546011)(6506007)(5660300002)(7696005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?+KmcmMcNVo5fPLUkF/MJLs8Mwjd+mdxEG5RhbVUc+Cf8AIFQ8mNWtt5voRWR?= =?us-ascii?Q?3SWTLI6O/h9tk9m9yVqGkrEZ9m5W/E2A+qHnfMI0q3O8JKhfAtflgSq6fGdH?= =?us-ascii?Q?4XmDrhx1enh6501I950s+8a8hUrTiDoJouZSvEP0rmYLTO/M0pQzXy6iqlPs?= =?us-ascii?Q?CojJXSduvfepLuTMqp5afpY+BQ1xxpgLuHJpzvlKM8Yh5ywNj3f9Hqw1yzvu?= =?us-ascii?Q?lrwjlcSkS4kDotTPDCxyiVGN7y8KLz+uHSSwdiCjKjjjbYeEuz4y04xyZZci?= =?us-ascii?Q?DJtrilI8Wkk4NhwnShoiOkM9CkFnrsVo7U97o4fbR4ZqkgFY3Ri3Z0dEzqIo?= =?us-ascii?Q?/T5jeGhUYldJoJAvdM/rGtjq/HymY82f66zTI2AyNog2o+8lirzPOijVJ8P6?= =?us-ascii?Q?VzaV8TnLoU4lbU6rIz5Lwjtdn3jTQJYhAhdWjrq0Xf7F+BN/ed7jUxRi3C+D?= =?us-ascii?Q?PZq4RGn40QKR+m7qP6EAdgIJZ6SYx7J+OMYvLQfIHtMNxlOeXJipeUkfJSSZ?= =?us-ascii?Q?lNsP3bWBy6ACpi1VbNVYXd8HGHFJIRedCGDIwo/D2Uii+AtLQovtL2UXQY3p?= =?us-ascii?Q?UBB8KpeRePV6Vcp+Wlu2JxqeczGmBimVJu6mJxAOptJcmv4qI1rudUmht7km?= =?us-ascii?Q?EL3f/7fEJTjPYNfztGIGFFzMJEda0askTQbAeyAZ+UVMMbeZytMayh6Oosm4?= =?us-ascii?Q?HKFVPqkOIRfLeEwN6hkesdsEqHPt/GlBfVFDer8I+WSmGjMpIMR7v6pCJu69?= =?us-ascii?Q?KYooiqezESp3tgdejRqQQv8hzQ11/J1HkL9nSAMvJ/aRNqHddXyVM1aIKd95?= =?us-ascii?Q?1hn0tLSdLOBMnLmX9mRBW/jMqg6VPNSyIsnNIgOF9FqzwKYClIPfOT+D51LR?= =?us-ascii?Q?dWHVgPUlOrx9K5kintl6FPb1cWO9mIQTq4w8tx3DIQATZoYwO53+b1+CgTD9?= =?us-ascii?Q?WklVcW7DtGa0LtowbOao7fzaCGLJrNeKv/T/HEAF9afdKyXzGKdyRX6L9owr?= =?us-ascii?Q?dJMeh+p64j6muBEgD2rQpcMesP1tMV1hsSuCpW/RNXpJyDSVD4RzPWW+cEkJ?= =?us-ascii?Q?D4jyjWbvBOYr6wDuq5+twA95pPsj9+7fuR93ncYNZnm62avdLtRswsYWC5LK?= =?us-ascii?Q?Z0+1dtGsbLRcz0kH9nNCgl4LWQnibXBKjcPGkHOmefrvhjsjO+ZfvX1IuIYY?= =?us-ascii?Q?THmS3pwP0y9UzhfCAFOND7Jn97RorzqwafTrjoo3SEzAh9WEWeHL0XVV/ChR?= =?us-ascii?Q?+KXL03nsVWxeUt39jR3xXE6XNmKKGhPyHPDVGBkg+x3i5ih6Okcos2WEFQjj?= =?us-ascii?Q?KtYbA6wfpFFBlr26sk2iVhqTHOV1ju5lnOo9LgceZbYb3McrM7rMlYZQtl1Y?= =?us-ascii?Q?lOrPYx5JSzQaxmgCaKu8/+eB61HY2ApRc/PPgXwHOPC8kaRluBiSXlh/2Yrg?= =?us-ascii?Q?WqDrMMoTZ8U7zK1GuPcNle87ZLDjP0fsjCLG8n/F/0A8tDGdVbhTR0z1DLzY?= =?us-ascii?Q?u+G6FqxMl/9bPmdx28Gc7W0LrTOTMgyioD0T299iIo7bmNj91mpNsdq0n/qP?= =?us-ascii?Q?875o9pYxd1GqOTNOY4S/fofYDlWRDrIOwnd7MNP8rT72t5brh5jlKu8TKyeL?= =?us-ascii?Q?gJ7X6Wl1zPxZPJ0zx2b85Cw=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8376e84a-9751-4c6e-7350-08d9de4c237b X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2022 08:41:24.2871 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nK3y9gD339H169yPHi8hJqf6QGVWuQk6Y/ELjCyOiXJ/+7qbDLRrosYjXfke3XNj/JfKHhrupqZwoRvUNTKiDw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB4163 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: kraxel@redhat.com > Sent: Friday, January 21, 2022 4:31 PM > To: Yao, Jiewen > Cc: devel@edk2.groups.io; Kinney, Michael D ; > Wang, Jian J ; Jiang, Guomin > ; Pawel Polawski ; Lu, > XiaoyuX > Subject: Re: [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl > submodule to v3.0 >=20 > > > No changes in SEC and PEI. > > [Jiewen] Do you mean the Crypto consumer in PEI has no size difference?= Such > as > > https://github.com/tianocore/edk2/tree/master/SecurityPkg/Tcg/Tcg2Pei , > > https://github.com/tianocore/edk2/tree/master/SecurityPkg/FvReportPei , > > > https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg/Universal/= R > ecoveryModuleLoadPei linking > https://github.com/tianocore/edk2/tree/master/SecurityPkg/Library/FmpAuth= e > nticationLibRsa2048Sha256. >=20 > PEI has this (OvmfIa32X64Pkg build): >=20 > 7062 TpmMmioSevDecryptPei > 7830 StatusCodeHandlerPei > 7902 ReportStatusCodeRouterPei > 8470 FaultTolerantWritePei > 9734 SmmAccessPei > 11206 Tcg2ConfigPei > 11842 PeiVariable > 14730 Tcg2PlatformPei > 17274 TcgPei > 18438 S3Resume2Pei > 18682 DxeIpl > 18938 PcdPeim > 38014 CpuMpPei > 39554 PlatformPei > 45050 PeiCore > 49274 Tcg2Pei >=20 > No size change for Tcg2Pei. >=20 > The other modules are not there. Seems they are related to firmware > updates. We don't have that on ovmf as we can simply update the > firmware image files on the host machine ... >=20 > Is there some target I could use to test-build those modules? [Jiewen] You can just build the corresponding pkg, such as SecurityPkg, Sig= nedCapsulePkg. >=20 > > > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved = external > > > symbol __allmul > > > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved = external > > > symbol __aulldiv > > > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolve= d > external > > > symbol __aulldvrm > > > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolve= d > external > > > symbol __ftol2_sse > > > > > > Those symbols look like they reference helper functions to do 64bit m= ath > > > on 32bit architecture. Any hints how to fix that? > > [Jiewen] Please add them to > https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/Intrinsic= Lib >=20 > Any hints where I could get them? Given this happens on windows builds > it's probably somewhere in the microsoft standard C library? Is that > available as open source somewhere? >=20 > > > (3) Some NOOPT builds are failing due to the size growing ... > > [Jiewen] Size becomes big challenge... > > Have you tried to use > https://github.com/tianocore/edk2/tree/master/CryptoPkg/Driver solution? >=20 > Seems the idea is to have only one openssl copy in the dxe image by > calling a protocol instead of linking a lib. Makes sense. >=20 > Is this documented somewhere? Is there some easy way to use that as > drop-in replacement? Or do we have to change all crypto users to call > the driver instead of linking the lib? >=20 > take care, > Gerd