From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web12.30462.1585193365733356484 for ; Wed, 25 Mar 2020 20:29:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=cjoXoIcF; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: christopher.j.zurcher@intel.com) IronPort-SDR: KbuPSOi6s3d69+sKOHT5KbKuuuz2s3FHbc3PNXor9baRngMDS6NnZgOnSbucQbppUI5/jbEXPS XhqF+vkINkkg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2020 20:29:25 -0700 IronPort-SDR: OITgwOMxaHKdobeX/zvtYA//Wughk74OaJASB0gmuFCcrCDHK8QbHNt1BKi7d7PQdYbzj/0oCG ke24uR0Mb25g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,306,1580803200"; d="scan'208";a="293514249" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by FMSMGA003.fm.intel.com with ESMTP; 25 Mar 2020 20:29:24 -0700 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 25 Mar 2020 20:29:24 -0700 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 25 Mar 2020 20:29:24 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.168) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 25 Mar 2020 20:29:24 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OtfohpGHEsez2DXO0AG2trpF3eV+tKyqX7cSeoH8Mv3Pp1bhw/vXH7Ld+EdN4Xn4Bp5W5lXmbI9YnO7yJ/kSTAl4Lil6Kx7Tno6WDrXB9FrA1nbWtq0A3NA6sx0kYTMx4XbAcpdkPgXAEOBWh3WUU4O5NMwHMpMuuv+OCi+9M9BVHpq87d/o/c8CDs2mF1e/QmYFH0PPZH85S7/jMj70zSQulCDiA7TCQQ+kLLAQn/d0ZvcGj+57wtES8/hHCR0mIrGYfX4z0v5d2vCclgG8CiBh+IkOAN7vW3t29dhMRfveLKCdsgNH7llFOcaBmd/yOipv+mPXmTj+pBdI1ectZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GdyYUj8htKfs6MtEqBIKYU2lxY2GTVUsyZSKPBYCwI4=; b=NEzn4OpswHweBy4GhE49TFedYPL/VfGRWugGpDl7/YTrNA/p+Nh1iIc1nitTgoDmGqKl3DhCabA/lJ7KVIMatVshBZzN4fkBeD8Tw1MO5pgei9kKyJrF8MhKEwgEp5JS15y0dfd8tmg3QARqEZW8kai3RXcvrXxPdjkRCyKFTCFpyWl15GhF6KXitIgwpgFSCy+Kmn4eo/PooPOmOGPP9dvAZ3TOtp7Ay//2MrA3imHnvBxFJKO6I/M0HuGySG+AH4OENY6CMx0gomYsQeShq0nfiE/0UR18jM4NgIly8J9mNKq9p8AwJPnLondvcgDdpRyNZUeAbmUQYqNk22Pkwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GdyYUj8htKfs6MtEqBIKYU2lxY2GTVUsyZSKPBYCwI4=; b=cjoXoIcFzc8Yn6eJ6li1JuNGm9+siJC1LK5e9aXQAd4/XBdUa/0I7wyWHJsCqfwchOSpIDpdaodObq/aCfSJovDsJC+y+o5ew4DeG6VmFc5lhZSuvyXHSoQ8hEi4xrq0sEN0Fokx7M/uS1mGzPyCyHqM2EA3OqD+LhsJJoQJTeU= Received: from MWHPR1101MB2125.namprd11.prod.outlook.com (2603:10b6:301:4d::10) by MWHPR1101MB2256.namprd11.prod.outlook.com (2603:10b6:301:57::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Thu, 26 Mar 2020 03:29:22 +0000 Received: from MWHPR1101MB2125.namprd11.prod.outlook.com ([fe80::64c8:581:bf6f:77d0]) by MWHPR1101MB2125.namprd11.prod.outlook.com ([fe80::64c8:581:bf6f:77d0%10]) with mapi id 15.20.2835.025; Thu, 26 Mar 2020 03:29:22 +0000 From: "Zurcher, Christopher J" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, XiaoyuX" , Ard Biesheuvel , "david.harris4@hp.com" , "Kinney, Michael D" Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64 Thread-Topic: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64 Thread-Index: AQHWAw0aWzdiHuy2CkyTUK3Aoep296haFGIAgAAcTACAAAYooA== Date: Thu, 26 Mar 2020 03:29:22 +0000 Message-ID: References: <20200317102656.20032-1-christopher.j.zurcher@intel.com> <20200317102656.20032-2-christopher.j.zurcher@intel.com> <15FFB5A5A94CCE31.23217@groups.io> <74D8A39837DF1E4DA445A8C0B3885C503F99C64F@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503F99C86E@shsmsx102.ccr.corp.intel.com> In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503F99C86E@shsmsx102.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-reaction: no-action dlp-product: dlpe-windows x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMWQzMjBiNjktODdkOS00NDgzLTliY2EtZjg1ZWVmYjg3YTNjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoickxzMjIyRVowVWdJVVwvVTV1SXA0UjVRaDF5SllnNVdPc25VXC9Rb2I1ZDJBRmdzeWFQQmVZQ0dmakZ1U2ZJNjNCIn0= authentication-results: spf=none (sender IP is ) smtp.mailfrom=christopher.j.zurcher@intel.com; x-originating-ip: [134.134.136.213] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3792ad29-544b-4074-d333-08d7d135e05f x-ms-traffictypediagnostic: MWHPR1101MB2256: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0354B4BED2 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(366004)(136003)(396003)(346002)(376002)(39860400002)(478600001)(966005)(7696005)(186003)(71200400001)(316002)(55016002)(76116006)(52536014)(66476007)(86362001)(110136005)(9686003)(64756008)(2906002)(66446008)(8936002)(6506007)(66556008)(81166006)(81156014)(8676002)(4326008)(26005)(33656002)(54906003)(107886003)(5660300002)(66946007)(53546011);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR1101MB2256;H:MWHPR1101MB2125.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VaTdVcSrxCnZ3Gbup4QB5rfEzHO5dmSkw0TAVq1RkipPArsIpJpHMrpavel8hpiKL6Vv8EjVgB7Dup8O6PeV61QsXhmY+SObCyOd4IrHifyqLHWGLSzX0b827qLVdSyCuofr4Q+6nhCG3pbEDcufZpUkwbqyqcL3TNx554HXHDMkie93Ks3gp1Pqeek3IL+0Xs0KbPNeOgwHCVmd80L4qyt0rWzLajvYrIP+H0vxuPgurM7WBv0syt2OEjy0jagc5gI7PZLZ/1yPVWglVVD7sQJRX8f2UrEhCoHIuUrV0y8I7C6247r/L7EgyiW9g7cC7jAQ3i5rpOSWUWQx0mD4RTPWfg97SxaRzkrVCmW7G73UbQtjMBCMlorn7ZMQbS/DDVVSysQRu1sPoEoemPytVVETFFlvyuHzuZIv9+ZHVpxyzKBBdRb53LN9s4djjrZcCpE0vXsM5Rx7DY34/82A1RMteVE2MKOBd5WGzfsSsyjtyy1Kzea+qtJYQfbUlXGXXCbZKgcXWTxP8T1zQ2v5QQ== x-ms-exchange-antispam-messagedata: IreJQc6IVhk9VEeQn4j8xNcG5daklg9RLPzBAktw9hzgkZmW/ZUsNdqTRoQwdArxmPi1uKgKweekycf82bpWhXAojHkqexdvzZuXiiq1qg9+8AzNx4Dv6VbOMno7ShWnaljGfN6p9YOhw23/PCoD9w== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 3792ad29-544b-4074-d333-08d7d135e05f X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2020 03:29:22.3323 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: uL8+fvWI8JY9WLA0oqEol5+SIkxdBN+rfd6AL1rM7THpiErDN0iyvr+MWiDD6+mvv0uul8p/cR5143mXQUc5efvyHoRvutWvCiYbgCdMEIk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2256 Return-Path: christopher.j.zurcher@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Yao, Jiewen > Sent: Wednesday, March 25, 2020 20:05 > To: Zurcher, Christopher J ; > devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Ard Biesheuvel ; david.harris4@hp.com; Kinney= , > Michael D > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > instruction support for IA32 and X64 >=20 > Thanks. Comment inline: >=20 > > -----Original Message----- > > From: Zurcher, Christopher J > > Sent: Thursday, March 26, 2020 10:44 AM > > To: devel@edk2.groups.io; Yao, Jiewen > > Cc: Wang, Jian J ; Lu, XiaoyuX > ; > > Ard Biesheuvel ; david.harris4@hp.com; Kinn= ey, > > Michael D > > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > > instruction support for IA32 and X64 > > > > The specific performance improvement depends on the operation; the OS > > provisioning I mentioned in the [Patch 0/1] thread removed the hashing= as a > > bottleneck and improved the overall operation speed over 4x (saving 2.= 5 > > minutes of flashing time), but a direct SHA256 benchmark on the partic= ular > > silicon I have available showed over 12x improvement. I have not > benchmarked > > the improvements to boot time. I do not know the use case targeted by = BZ > 2507 > > so I don't know what benefit will be seen there. > [Jiewen] I guess there might be some improvement on HTTPS boot because o= f > AES-NI for TLS session. > I am just curious on the data. :-) >=20 >=20 > > > > I will look at unifying the INF files in the next patch-set and will a= lso > add the > > OpensslLibCrypto.inf case. > [Jiewen] Thanks! >=20 >=20 > > > > I have not exercised the AVX code specifically, as it is coming direct= ly > from > > OpenSSL and includes checks against the CPUID capability flags before > executing. > > I'm not entirely familiar with AVX requirements; is there a known > environment > > restriction against AVX instructions in EDK2? > [Jiewen] Yes. UEFI spec only requires to set env for XMM register. > Using other registers such as YMM or ZMM may requires special setup, and > save/restore some FPU state. > If a function containing the YMM register access and it is linked into > BaseCryptoLib, I highly recommend you run some test to make sure it can = work > correct. >=20 > Maybe I should ask more generic question: Have you validated all impacte= d > crypto lib API to make sure they still work well with this improvement? >=20 I have not. Is there an existing test suite that was used initially, or us= ed with each OpenSSL version update? Thanks, Christopher Zurcher >=20 > > > > Regarding RNG, it looks like we already have architecture-specific var= iants > of > > RdRand...? > [Jiewen] Yes. That is in RngLib. > I ask this question because I see openssl wrapper is using PMC/TSC as no= isy. > https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslL= ib/ra > nd_pool.c > Since this patch adds instruction dependency, why no use RNG instruction= as > well? >=20 >=20 > > > > There was some off-list feedback regarding the number of files require= d to > be > > checked in here. OpenSSL does not include assembler-specific > implementations > > of these files and instead relies on "perlasm" scripts which are parse= d by > a > > translation script at build time (in the normal OpenSSL build flow) to > generate > > the resulting .nasm files. The implementation I have shared here gener= ates > these > > files as part of the OpensslLib maintainer process, similar to the exi= sting > header > > files which are also generated. Since process_files.pl already require= s the > > package maintainer to have a Perl environment installed, this does not > place any > > additional burden on them. > > An alternative implementation has been proposed which would see only a > > listing/script of the required generator operations to be checked in, = and > any > > platform build which intended to utilize the native algorithms would > require a > > local Perl environment as well as any underlying environment dependenc= ies > > (such as a version check against the NASM executable) for every develo= per, > and > > additional pre-build steps to run the generator scripts. > > > > Are there any strong opinions here around adding Perl as a build > environment > > dependency vs. checking in maintainer-generated assembly "intermediate= " > build > > files? > [Jiewen] Good question. For tool, maybe Mike or Liming can answer. > And I did get similar issue with you. > I got a submodule code need using CMake and pre-processor to generate a > common include file. > How do we handle that? I look for the recommendation as well. >=20 >=20 > > > > Thanks, > > Christopher Zurcher > > > > > -----Original Message----- > > > From: devel@edk2.groups.io On Behalf Of Yao, > > Jiewen > > > Sent: Wednesday, March 25, 2020 18:23 > > > To: devel@edk2.groups.io; Yao, Jiewen ; Zurche= r, > > > Christopher J > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; > > > Eugene Cohen ; Ard Biesheuvel > > > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add nati= ve > > > instruction support for IA32 and X64 > > > > > > Some more comment: > > > > > > 3) Do you consider to enable RNG instruction as well? > > > > > > 4) I saw you added some code for AVX instruction, such as YMM regist= er. > > > Have you validated that code, to make sure it can work correctly in > current > > > environment? > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: devel@edk2.groups.io On Behalf Of Yao= , > > Jiewen > > > > Sent: Thursday, March 26, 2020 9:15 AM > > > > To: devel@edk2.groups.io; Zurcher, Christopher J > > > > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > ; > > > > Eugene Cohen ; Ard Biesheuvel > > > > > > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add na= tive > > > > instruction support for IA32 and X64 > > > > > > > > HI Christopher > > > > Thanks for the contribution. I think it is good enhancement. > > > > > > > > Do you have any data show what performance improvement we can get? > > > > Did the system boot faster with the this? Which feature ? > > > > UEFI Secure Boot? TCG Measured Boot? HTTPS boot? > > > > > > > > > > > > Comment for the code: > > > > 1) I am not sure if we need separate OpensslLibIa32 and OpensslLib= X64. > > > > Can we just define single INF, such as OpensslLibHw.inf ? > > > > > > > > 2) Do we also need add a new version for OpensslLibCrypto.inf ? > > > > > > > > > > > > > > > > Thank you > > > > Yao Jiewen > > > > > > > > > -----Original Message----- > > > > > From: devel@edk2.groups.io On Behalf Of > > Zurcher, > > > > > Christopher J > > > > > Sent: Tuesday, March 17, 2020 6:27 PM > > > > > To: devel@edk2.groups.io > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > ; > > > > > Eugene Cohen ; Ard Biesheuvel > > > > > > > Subject: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add nati= ve > > > > instruction > > > > > support for IA32 and X64 > > > > > > > > > > > > > > > > > > > > > > > > > >=20 > > >=20