From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web11.30167.1652091471358326573
 for <devel@edk2.groups.io>;
 Mon, 09 May 2022 03:17:51 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Q4RadqFb;
 spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jiewen.yao@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1652091471; x=1683627471;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:content-transfer-encoding:mime-version;
  bh=z68LeOxm7Zkh0GUwLbOatDYNVCDfKGM15a1wxLr7cSA=;
  b=Q4RadqFbxZq8Z8bPuRnWfA8fvkKaEBQ933AJQWwlQ1XppF6tZ5D68AKZ
   HRJRA1vsql4CwL6vBTZlHMWo/xpwYUyB55p68OQ1GN6qkeyfyehoKwEYX
   x5I3BK30HX0mRiTRuXAwb4+D47ox40v4GtYUJGWac3BuRMXznfgnpex51
   /TK34oIFvJidNGGpoIgmNCMO5Z18sG7TPAGjBrpz0PrsTPZKtDjCJ64+3
   POTthCWfGR+plJxbXMMf/f2wSlkGtF1WxrRhdz4m0ZT2X81jpFOeK8ex7
   b+KrjqqfHsefSA8PcgnICoU/yo61O4xh2VOeP/UZ7q2f6TsI3+ycTUp+c
   g==;
X-IronPort-AV: E=McAfee;i="6400,9594,10341"; a="248907871"
X-IronPort-AV: E=Sophos;i="5.91,211,1647327600"; 
   d="scan'208";a="248907871"
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 May 2022 03:17:50 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,211,1647327600"; 
   d="scan'208";a="893526030"
Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85])
  by fmsmga005.fm.intel.com with ESMTP; 09 May 2022 03:17:50 -0700
Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by
 fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27; Mon, 9 May 2022 03:17:49 -0700
Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by
 fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27 via Frontend Transport; Mon, 9 May 2022 03:17:49 -0700
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.171)
 by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2308.27; Mon, 9 May 2022 03:17:49 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=DKod8EOhZGAeX0ulGVV9v6NFs485JQXiTBq0i0rQSR15QXHEXWKJinxk6LZm3l0yP0hgMZtFkBMXfyQFGRPWZdtSKnS4OU92XxZWSxUXnmwmMjwkO25/ai/xVlUIYnjHe5YuPTIHblVvInm/qtuEPU4jux1BvWBWwbbV8yhT1rSx0QsCPho/767Lw6UoQWrHxdKd4ubAgMt+BuL7zajIcLuofbMIPQIR4ZbU+ilm5mbqVU4qQiHw8d5lqvVige+4CZrfnbz2hgXPaahU5TJLPGwpi9zqz+JKVwDGCBo/v/SjaAr+T7l6kpgd6CX66FXJUg1rD8nA2a0/PN9A1OAqMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=m7zSuGfABrn1lMyQIeK1D6bfUASXvTH2U3a+BoWQmQU=;
 b=WBdiFciNHeUBLFB5gm5A3RXMm991a++veyEGcWvPe/phrlKPy1Ww5DSzMH69uX9m3qV6IybvqQej1y/ztSDZzmHy9HCyP3cwZ9VgISvN/QBbDHRp7Kf7azjJcL0gELQz7LUP3GpuZUhIDcKcZ3J7BKeHhfsEYtQ2kMk+B74hKpf83IGZA31Bym7sF1YnZMUZt9NeIPFP/RALz4akd1GLkwp1Wp9/GKyOo9zTh5Hx8XzYJhdH2wpI6qWGotp7HEytUVl6aryQIeAhrGAN7WRMNcunvm1mo1h/KQgoTEk+PTUJk9nffshJyKnOTbzrgRPtSDG2FvT8ooQNdo0ss9hb5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
 by SN6PR11MB2733.namprd11.prod.outlook.com (2603:10b6:805:58::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.20; Mon, 9 May
 2022 10:17:48 +0000
Received: from MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::d55d:28c1:bfab:3dd]) by MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::d55d:28c1:bfab:3dd%5]) with mapi id 15.20.5227.023; Mon, 9 May 2022
 10:17:48 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Gerd Hoffmann <kraxel@redhat.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: Pawel Polawski <ppolawsk@redhat.com>, "Li, Yi1" <yi1.li@intel.com>, Oliver
 Steffen <osteffen@redhat.com>, "Wang, Jian J" <jian.j.wang@intel.com>, Ard
 Biesheuvel <ardb+tianocore@kernel.org>, "Jiang, Guomin"
	<guomin.jiang@intel.com>, "Lu, Xiaoyu1" <xiaoyu1.lu@intel.com>, "Justen,
 Jordan L" <jordan.l.justen@intel.com>
Subject: Re: [edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC unconditionally.
Thread-Topic: [edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC
 unconditionally.
Thread-Index: AQHYXhBMFEKLC4OMd06GIdUF/28hw60Mc8XQgAN+MQCAABNFAIAFx4JQgACKFYCAAAF/gA==
Date: Mon, 9 May 2022 10:17:48 +0000
Message-ID: <MW4PR11MB58724EBDA20EAA10F5B8F1CC8CC69@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <20220502103436.3274412-1-kraxel@redhat.com>
 <MW4PR11MB58724592EC5CAC17CD8FE28F8CC09@MW4PR11MB5872.namprd11.prod.outlook.com>
 <20220505080638.rmrw3f773rkw3ljl@sirius.home.kraxel.org>
 <20220505091536.llguh4dzozqtiiob@sirius.home.kraxel.org>
 <MW4PR11MB58729A85832816FA3FF737588CC69@MW4PR11MB5872.namprd11.prod.outlook.com>
 <20220509094511.px6cl7jtjejr4y4x@sirius.home.kraxel.org>
In-Reply-To: <20220509094511.px6cl7jtjejr4y4x@sirius.home.kraxel.org>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.6.401.20
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a715a5b7-45d8-40b2-9cad-08da31a52a9b
x-ms-traffictypediagnostic: SN6PR11MB2733:EE_
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-microsoft-antispam-prvs: <SN6PR11MB2733B5371F5AD8466BEA5C0F8CC69@SN6PR11MB2733.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jAjPibpIf51hGTMOeP6PHOJHjeLsU0lT0UbWnkpK/q1/Dt1MiXjlkVqNbrPBgeStW5SwtlkKV6iCq1t719WB24HIJVU5s9VkA/Bb2AfD+P+5nH06KxtdvhC6ejNdxIr45ayZSNHJCPXgGPcIdCYETS8w4FMHOsS4P+eV3Ff9Onhy7bCIUFfLODYDC538I5pEcf8Z1QQOTPLxjU72wxaYLE57HpbL8O9vw7i7CYq/mrvUTtZCEVg7U+tYBk4jgpdutrim1bhtIubFxv8Mb1udTkumkabmZPr/iioH711HNcpzyic9HoZj4pKHxxHLj1ewTpg6ZbYNmAvc6z9KKUmzt7w1mmm8boCwiDiE+7FEi31sQLAjN4ILc5O87JmsEX7U9TR4paJKu/Sm9zXxMEEhS8kLRtgavcPh+tkAjFSF7beYz9bYnhNFz5mAzPVTxwInxrRfw17McHTkROfCjthjvBLwL/PWHS5Km3F6gytcRdyLu/Rc1TjgoQDWm0ldUQhU9ZcIsTc5xCb5zp3CJ8+yzBSBI3UTZzIhlS16MZWWSZI4rFxPXZeiCj2jJepO5pGLnjoAUDujPHCEBcstSIdGCi3CGp/JQNYXRUjloDRWbkbM0SJeH8pCQkan+DZGuYN62FL+EjJi9jjMD6m6Wd/A7lqzUvKnRhx1Uct+iubJnhzbT968yuiWS6+voOkUBI/5XtKuMBoT25p5RygrpYmArg9U7R0zzQAba6KIc/32aYblHZ7wsw5qLDLnw7zmxI+l8LEKVAm36S69AZcWnEN+in9QIXgTcAcsxBUaQ/6PLxsZjQq0JqePeM26AaRsJjmDr1+x5D2DSVUror9H36UJMw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(66446008)(64756008)(71200400001)(9686003)(4326008)(8676002)(26005)(6506007)(53546011)(38070700005)(7696005)(8936002)(508600001)(966005)(52536014)(86362001)(33656002)(55016003)(5660300002)(83380400001)(54906003)(66476007)(186003)(2906002)(110136005)(66556008)(316002)(107886003)(122000001)(66946007)(82960400001)(76116006)(38100700002);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?rj0lbrAzfenRpa/uMML5vIV4/2SRpn0gOnc3ayb8/SLRs33UJsvdhMf3R9RN?=
 =?us-ascii?Q?tkkIrjD9ISGCihvSbsoaNvHN2R1KAND/jISF34TnuLBmwJ0eVzd9CeQXk7Cs?=
 =?us-ascii?Q?KssY+HfglPhMqY9js6ZNN3wdUr+fYBRyePc3PdPdUnssL487EtdUW4brulLT?=
 =?us-ascii?Q?/c/MAYAY2xF3100zN5EjI0RB0mZcrza0gS500XDqR6JhuxRNiCZNwhULhGO7?=
 =?us-ascii?Q?Z6PcH+Z68wKNH1NzjTPX2uEOjmbrfGiiXb3T66qOPDUwaJLqwoe47z353hxL?=
 =?us-ascii?Q?PbYnjcJVUfJKVUX8zUyb7TbLTJvdjuDyKTAhqu2CiALUSH7zWUKW1KQcfVXh?=
 =?us-ascii?Q?vxRbaNnOd8o7VPTSwOYU+fgUVpOM33mOrYjhxh6SHDzWUy7vmtRChfz/29Rq?=
 =?us-ascii?Q?qWoxImewB0j/pdUS8UJJoiozYAunRDKnLPLkIK/P7FX8kTNi5Fsttg68KWOD?=
 =?us-ascii?Q?VnFXWvX1vIV9mSGjJn4Mx4usoc/uUlpyUkLxz5xlGVImKCBqmoiGDQEcw8Ck?=
 =?us-ascii?Q?57msuImacuyADAgHwtRf7AhM9TAE+O1Ucq8Sck2vSw9uW1DN2DMDSvrsHfA7?=
 =?us-ascii?Q?qZbc+JmPuUoat0xNqjzOIAepbmkloY9KDGkc9Y13oBaTLgun50Ne+vL4SECh?=
 =?us-ascii?Q?vpG2RdqDIs4x9qviZHgbF7z0nL/3tr8AoxNYKXzrPsw2QsdT8gLPag080WPP?=
 =?us-ascii?Q?gRtYx2cZpOVYIOgj2ff8bysywRLF45uRyehlSIhz6AdQN/XEeeN+SIXFvTvC?=
 =?us-ascii?Q?su8ymnmOL85+Cjro+uYlHaKNhvKhqm4IH08wG5XHZSXxeV5fiKmag5r0pjOy?=
 =?us-ascii?Q?2QqC03f0iBe8r3gtLO53p0HFDOQj6HTxdW0wfeFbxDXRJwBTo3VhZSUZkXnM?=
 =?us-ascii?Q?mJ9/gbn6dE1uTFaHcQ/5u8CpHDSysy04Ci9lGynQS0TdMooxmyRs8kOsu1bX?=
 =?us-ascii?Q?729F6fXbwg6viU5fJSnfjVYClGVEM9E+Nq09mzrwnKbZabUC0JJsr6KnFtPP?=
 =?us-ascii?Q?rT24Bbl8SnaVFR5DiX13arvco7ORcjLMKXpCPmQGELYZyJBpP+tF5U/c5cLA?=
 =?us-ascii?Q?blexkvePXww+Snu4nGLAz9g+UkdCYwMFYqCJkmL/43+NV1GJQQ852Z2PV83Q?=
 =?us-ascii?Q?yQcR77TTBWM9HT+FdCKzyZeg6I0PbYSGususiaie7ice29A+hgcfgMk9ptcb?=
 =?us-ascii?Q?wPEzFN7uxUwHXx0r7uvURjdAfA3XMkBbVLOgwUUfk5qrJU+g2k27mesuqCHz?=
 =?us-ascii?Q?shvE7iRibyt9VK624ga9YETXcOBj4MjdAo6wPLWR8KYKbPs2LIHbts2bS4Nz?=
 =?us-ascii?Q?Vxad8aku+RcY4XhimgWs48wW0O0lq9xwNKG+35eVxo1hRP5XxJevguDv88Pj?=
 =?us-ascii?Q?MI+TpuGwSlcTjll38Pa5+cIrY+4rFE0kaeZBz2Deg0cyOE0Ow6JQRfzWj49B?=
 =?us-ascii?Q?uIBMHLJh4z0yqrq9EB7wiKYEEBcpDcQrKd+OJWkuO11/bTqz8rCm+2LqU/ek?=
 =?us-ascii?Q?Z1kFSX4M2w8pkPf7nVfelNwtac4I9kHZQXXrqrvcu7nY0PoT0f2OpoT2nv6o?=
 =?us-ascii?Q?16XAxukDkOWHv94LgeIOh62OxHvAXArlCt0OOh9Pt8aG7HRe56/JqEdLcH/Q?=
 =?us-ascii?Q?g8akWZTqWVBYC+OMOPXSCUjlItoblW42lfimH91INCr5DycFYb2Li4kPD2d9?=
 =?us-ascii?Q?EGQD60aTXQMjJthDtFZzguCQ4UFAWUcr6Fa3yH5LcjyIUJw8DtByzqFVZvyw?=
 =?us-ascii?Q?T7vs9daEZA=3D=3D?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a715a5b7-45d8-40b2-9cad-08da31a52a9b
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2022 10:17:48.0396
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yieCRA+GGJIob0lQSOrNWIEcNhitQfjY03435D3ZUcX5oSoFBxvMnUx2z0LbWGViDSKWUHHZBKjEUV/7nT16Yg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2733
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Old =3D=3D the launched platform, or the platform will be launched shortly =
where the flash size and layout are locked. It is huge risk to change the l=
ayout suddenly. And it is not practical to change the flash size. (E.g. How=
 can you change your flash size on your laptop? )
New platform usually does not have such constrain, because it may include n=
ew feature and have more size, and the layout can be tuned later.

Talking about OPENSSL3.0.

First, I support the OPENSSL 3.0 enabling plan, because we should do that b=
efore OPENSSL 1.1 end of support.
You did a great job to enable OPENSSL3.0 in https://github.com/kraxel/edk2/=
tree/openssl3. I do appreciate that effort.

However, we also have size concern on OPENSSL3.0, according to the data you=
 provided.
If we switch OPENSSL 1.1 to OPENSSL 3.0 immediately, then many platforms wi=
ll be broken due to size issue. It is not practical.

I would recommend in this way:
1) Please keep the good work to enable OPENSSL3.0 in your personal branch.
2) If you have some way to control the size, then do it. If there is no muc=
h size difference by default, then you can submit to EDKII directly.
3) If there is significant size difference, we need figure out a way to res=
olve it. As temporary step, you may choose post OPENSSL3.0 to https://githu=
b.com/tianocore/edk2-staging, which is an official location for broader eva=
luation, collaboration and enhancement.
4) As enhancement, the basic idea is to make the library configurable. As s=
uch, if the old platform does not new functionality, it can still live with=
 OPENSSL3.0.
The line is : same feature =3D=3D> same size (or minor reasonable increase)=
, new feature =3D=3D> more size.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Gerd Hoffmann <kraxel@redhat.com>
> Sent: Monday, May 9, 2022 5:45 PM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
> Cc: Pawel Polawski <ppolawsk@redhat.com>; Li, Yi1 <yi1.li@intel.com>; Oli=
ver
> Steffen <osteffen@redhat.com>; Wang, Jian J <jian.j.wang@intel.com>; Ard
> Biesheuvel <ardb+tianocore@kernel.org>; Jiang, Guomin
> <guomin.jiang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Justen, Jor=
dan
> L <jordan.l.justen@intel.com>
> Subject: Re: [edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC
> unconditionally.
>=20
> On Mon, May 09, 2022 at 01:38:35AM +0000, Yao, Jiewen wrote:
> > Thank you Gerd.
> >
> > I collected feedback from Intel BIOS team, both client and server, both=
 old
> platform and new platform.
> >
> > In general, the new platform will leave enough space for crypto improve=
ment.
> Size is not a big issue. The delta is acceptable.
> >
> > However, the old launched platforms only has limited flash space. This =
patch
> will break the current build because of size increase. Option (1) is not =
acceptable.
>=20
> Hmm.  Does that mean the old platform (what is "old" here btw?) wouldn't
> be able to do the switch to openssl3 either?
>=20
> take care,
>   Gerd