From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web11.149995.1680750043559852411 for ; Wed, 05 Apr 2023 20:00:43 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=bbYNP9Yp; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1680750043; x=1712286043; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=q7tOAht0pmSW/Hj8fcbFlVWVCQ9/UOMfBmJqGJSHJ2Y=; b=bbYNP9YpkiFUOJg/JUielzmMoVfG+qmkD0M+DwQHsb57T+1gZqOB7UQs +WNUKtyUt/G4bdfi21v/RzeDzbiybOSGIPOek73vXgr/6h5YRdcOf1Xmv 1XwXX2YCrvvqbwdLt9uqZnXaIRGFXVWp4gaIQ3PSPJFRt2+meq3yXoekM VSQOPHG9C2MxB1wyDO4NRqTQHV7JAkl3FrLhSKTy9RhWIYXX9Wy0LWaUo 7Jc3XLFp6ypM9DIAHtvfM1SYWdGZ/lIXdJgKJslNJKSqf+VO/LzDvf/Cw 0F3HQPLRNYF/r7RhjHjBE5WzRCHMCdbesz66XRz9S4LdtFGKheU7RfarN w==; X-IronPort-AV: E=McAfee;i="6600,9927,10671"; a="326663963" X-IronPort-AV: E=Sophos;i="5.98,322,1673942400"; d="scan'208";a="326663963" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Apr 2023 20:00:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10671"; a="933050622" X-IronPort-AV: E=Sophos;i="5.98,322,1673942400"; d="scan'208";a="933050622" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga006.fm.intel.com with ESMTP; 05 Apr 2023 20:00:41 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Wed, 5 Apr 2023 20:00:41 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Wed, 5 Apr 2023 20:00:40 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21 via Frontend Transport; Wed, 5 Apr 2023 20:00:40 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.104) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.21; Wed, 5 Apr 2023 20:00:40 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IHa+ryuQOSO0/FK5MtYmU46b6okpg79SlW9MuBfaSmNDo7t6V+/JhtgUtCOUZBqaqpDsPuO62J3YNLVW4EY2Cg/rrFRCxr2G0toCGxf1J43udjluQG1F/5Zuy8PKemlcjFATupi2SDRtpGPIa74pzZgdlDGuOtxZs+JJ+nVjJA3652IfuPS7FJZAsp0+oqaZ9d+fvwZfH6PQ+UoIWH02xKLvtncC+yC041wHqK/ritoD4TvYlBnFdERlQ8d7CVaN5GLaq6XyBYu8kS/hYFeEAo+Yw5PpZG5o6yE8FfpmoownimvUfiCkJCsfNnde4vU4Cet58bCVt6Npd4R/jYxIng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HvpNnR02nKHhrVnGvmvvRd/UDPJ+360sjIKyomIYQp4=; b=htFueAeT7aOz3kClduOHTqqKwypEXHrWMnfOq86HMHD+XxHKrrBGbl6cSeD1F9Y33MSrnPN1DbwIk/ekmu5zunhN2fTgoKJxRtIoCEMtW2jsd45fG2ucBioEH5+dsITbVjTYygDQmXsFEDADdCvlzTSQzwadXEvt+X53V3mZCHOXLz7hm48c6p4g+zfOhIGFY76+vMOx4N8KcFNnRPiErSGpCiZk5FeCMszkgx8Kyh2FUtske6r3iTfzZLjKdDpinJYPaebapEnNT7YyWXf2Z8UDPDhE2IES8pjrolwJyLs4AoEv6SEryXuPDi8JnSAmT1dt4kOYJmw80XSoKijBEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by PH7PR11MB7098.namprd11.prod.outlook.com (2603:10b6:510:20d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.35; Thu, 6 Apr 2023 03:00:38 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::c0c0:4b46:1dd4:80d6]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::c0c0:4b46:1dd4:80d6%7]) with mapi id 15.20.6254.033; Thu, 6 Apr 2023 03:00:38 +0000 From: "Yao, Jiewen" To: Leif Lindholm , "devel@edk2.groups.io" , "kraxel@redhat.com" CC: "Yao, Jiewen" Subject: Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL Thread-Topic: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL Thread-Index: AdlnXyn7hizB2a7ASD61RZBr2MRu3AAVBlSAAA5nvYAAERVhUA== Date: Thu, 6 Apr 2023 03:00:38 +0000 Message-ID: References: <4pzqsrlxnn56lgzehoibgiovzhzsgsclibbajptc6u2ajtdf2p@45etglgtly7z> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|PH7PR11MB7098:EE_ x-ms-office365-filtering-correlation-id: cb7444e2-b93f-4f3a-d645-08db364b198b x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0+uvv4XOiqPbeGOyjPRnKViKpqdUXFU8NSEyO69TWhyJy6XfR1xMMx9fk/lyybnv8+WHkFaKADGDsuldPdz1gwneEyNK4JFazmrdVV3bvIQCVRCBjtRSqzq764wI4htumKPLCvu6wTFhhumnWAuRcYX318/LufjcpgI2QeQPRgJE4ySweSuB8mTEDbohyyBiLC6HSWeGb7padCFnDdZ/jd+zj0KxrAb0eX51KRARw80fQ2YqFUdZ9EJnCbHEep3+4gybNNrPS7xnCFsYlrm0XuCFCcO7wf8Kcr+C4vr3ug8MnQEy3L5S7LqkAFxw4oo2xxdei2WmUiPvOjrtWE4HXTGzdTJI1ka5/ZtmR0z+jPFx8Ci2hbPrizj8b4Rq1Qrk4Zxh2QNqUXai3Q6jcjng8DW0hjhpgkX4+j/Ztcilu5zLTxbn+NGAhZ+/HOgmPiLzX9vK97hLEBpCLmQAH2SOO1UyvJ4G5d/tsGzmua7wSyEFuWFRW5T4nJPiv0uG244IsBaWn3HcwhQ6Ez9Xm+oI618QZj5Xv53M7PVSOFkX0dD+6z1r4cD43m7rSR3A8FXlprTRt7DuqlyzVdcPpLYYXYrTX6ZDlL6pA4XMwkn8qSQn6uxT/JgIpN3UbvGS/3hdDoRwRNwyAF2KldKZtzMdcg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(39860400002)(346002)(376002)(136003)(366004)(396003)(451199021)(966005)(5660300002)(55016003)(82960400001)(478600001)(33656002)(122000001)(38100700002)(110136005)(76116006)(66946007)(66556008)(66476007)(8676002)(86362001)(64756008)(4326008)(66446008)(316002)(38070700005)(41300700001)(7696005)(8936002)(71200400001)(52536014)(186003)(26005)(6506007)(9686003)(2906002)(107886003)(53546011)(83380400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?TMQX1UN+w4hSxfMGl8L7KI2yr2hQxaMTyxdcY75t8nHFCDXfxzQ0WXi2WX4I?= =?us-ascii?Q?105sPJasFpThkhuhzjbAX7YiuFbvDHMGxEcrFS2bek/EaUkoZ2D7JPScXhi1?= =?us-ascii?Q?lxIef5iBK/4XMxeDFx1vI66nT9CJrw0qZ9naJObQRhGFbTtVxcmF+8s5Ydnt?= =?us-ascii?Q?uZGsxwK4UlQZs042/n8O4Sb6mKZtc9kInLTk+mCFShxgsMvSWs67NEXt2oTM?= =?us-ascii?Q?MvgCuKRUDtQ9WRZa2Mn6PeZ4kY9ZLixgVIMfYr0J+jf0Vz66biJ92cUaENk4?= =?us-ascii?Q?W80AqjA8IH5cLtD9wEuTP5wcTG/dA5h64z8S3y5/C0SqZGn3ikMWSUQN6kbp?= =?us-ascii?Q?eJPUllJZgmHN7qczLZbFbooFunhPBzBNxy6eYPq1f52r4CRDN0x8guI81Vaa?= =?us-ascii?Q?9uZ0oFeOjsr4cFejzROhDsW53DK015xTDkuQsE1jkoTY/r/XNJ/yX+BVv3FN?= =?us-ascii?Q?kzwVzuhLs1gN7sgIjB/8LB7cJMNHC67UMvbZyFjv0P6svljwGDwVdNDqHhx2?= =?us-ascii?Q?SXh0m/bzGzio8SPtZoHcfQxd0vIi7iuU1xlG7+bPZIf8Nt362W4LZfn4yLh4?= =?us-ascii?Q?O51x4ApTuHFfa7T/jiqrpYnzQx8V9ZZYkFQ/yLRH9C6LSrPirmPMRekWYzpI?= =?us-ascii?Q?I7B9EsFtxyggYVOL2rsoC/8/VqWI6031XEkFrpYFGJk8mB17ABH5+u1qvfGS?= =?us-ascii?Q?hg+3BqI6Pu649pvwb8yDfJ7g2tJP+rah2LEx74SynBusvjiiWhq7yfIGaTHJ?= =?us-ascii?Q?4rKDIM0wV9235RGrV2OHPtVM4BcvA+QA3/vrR7WWvYgK4Z7R0c7Jb8A1Vrge?= =?us-ascii?Q?ra+9RO0QccfNsP9+lzSCw/fKu4vo77dghWSPdQR7a1OGUIIMR+594ywaYTsl?= =?us-ascii?Q?bi5/UHxw4EGZ1+m8fK369Y4LXobuoi5DiTIFqRVWZ2E/8BDpN7Faaiu9W1VI?= =?us-ascii?Q?pQDjf4P+VjRmqdYbMqiBDS1/C/VyGYPL6wApo1nPv8BTvfIR8XDFj6RFjYRr?= =?us-ascii?Q?d++ZF7S/ANn+vUSgfCki1d+3U8Zg8ZyK7eVC8JV2FtybHXBKUaANs0KN7ujo?= =?us-ascii?Q?ir7qS0qwPFtEoOdEw+PHk1qHJzW8cyHTT2djy1U8d/rgM+0KVYX91dnXw9aN?= =?us-ascii?Q?AyPZMYGP3U6Tbo7GJ6eh/vrckVFRudcN0Y4qQdQJ3UNhF9gMyZRFxJtALFr6?= =?us-ascii?Q?pQiMOh/udlaKbMYLE1LyWnf5ZX8OASP6jLJ62G3HOZvngKl4YQeDDUMaGK4E?= =?us-ascii?Q?0kDCI85B/8WxaTyxdaPe4vrP+7MGtFBnxrnN+QPsGabeU/A9dlnR9jGpOT+Q?= =?us-ascii?Q?+81EUtq0GRwkp2ApGEPb0oRcVhKvUQyCA5TQ/28ulgAzCQQ7+G2vllFQqYpq?= =?us-ascii?Q?JYgOMwDH5vFH45QSPMrqR/DfDlNhE9V8iycKcESiK6Yz0NBGQek6ACZXrcpG?= =?us-ascii?Q?i5/R9gDTs3nPAcZXTfQZAz6O2t8zdkhRmHGK8g9DX4A8tgZQs2RUEMRVaFwK?= =?us-ascii?Q?wVPP855laZHTRVeWEGoC19ITeoVhGMZl0SZY860rdf4sh6RDYcm4d7EDV2RE?= =?us-ascii?Q?XnsWwpf7tI3Hdhclv2PLEQoY8ba66dh68RMEywSz?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: cb7444e2-b93f-4f3a-d645-08db364b198b X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2023 03:00:38.1612 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: UVg1VtQgPe4+SHuFdWQRDNnQAH8IDF4Z7l/+lxjgeOrIaZheT7muSHEq/UR4EuMflV8gusPS46PbsFyxiyFoPg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB7098 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks Leif. Your understanding is right. The openssl fork will be used by edk2-staging repo only. The openssl fork will NOT be by edk2 repo. Creating project specific fork is not unique. For example, we already have other fork in tianocore - https://github.com/t= ianocore/rust For example, we already have fork for openssl - https://github.com/open-qua= ntum-safe/openssl The idea here is similar. Thank you Yao, Jiewen > -----Original Message----- > From: Leif Lindholm > Sent: Thursday, April 6, 2023 2:32 AM > To: devel@edk2.groups.io; kraxel@redhat.com > Cc: Yao, Jiewen > Subject: Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo= to > Tianocore to support OpenSSL11_EOL >=20 > On Wed, Apr 05, 2023 at 13:39:21 +0200, Gerd Hoffmann wrote: > > On Wed, Apr 05, 2023 at 01:37:23AM +0000, Yao, Jiewen wrote: > > > Hi > > > This is follow up for the "Openssl1.1 replacement proposal" > https://edk2.groups.io/g/devel/topic/96741156. > > > openssl 3.0 POC result is shown at https://github.com/tianocore/edk2- > staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md > > > The size increase is reduced to ~10%. > > > > > > In order to achieve maximum size optimization for openssl 3.0, we > > > updated openssl 3.0 branch and recorded to > > > https://github.com/liyi77/openssl/tree/openssl-3.0-POC. > > > To help the community review and feedback the openssl 3.0 change > > > and plan to openssl upstream in the future, we should avoid > > > personal branch usage. > > > > I fail to see the point. To get the openssl changes merged upstream > > you needed engage with the openssl community, and I don't see how a > > tianocore openssl repository helps with that. >=20 > Here is my understanding: > - There is a concern that this change may break existing use-cases, > and the proposal is to collate current state of work - undergoing > upstreaming to openssl - so that the tianocore community (and > downstream consumers) can start testing it with minimal amount of > faff. > - There is *no* plan for the edk2 repository to switch to using this > submodule. >=20 > If that understanding is correct, as long as the README.md is updated > to clearly state that this repository is for integration and > verification purposes only - at the very top - I think this is a good > thing. >=20 > / > Leif