From nobody Mon Feb  9 20:34:54 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+56445+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+56445+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1585274208; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ZamDrAXbuKvZsc2VhuLtkBet0e4ShXQE1/fJE7n5ZnDXUIVxBUl73c26eCs3v7lodfxeMzex6fIwJYRXzYZCNmi1qNRJwRkAtVFdGgQda2gg42kLVa3+QDXQQHnRjB2TcvQ9LCAlWEw6J4MoKD+JnN2hC7iNNNnKApZMtCf4F3s=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1585274208;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=2z1hYwb/atw9gVR77VcoSwrd+tj664tshNAhg3bqH8U=;
	b=Ys3NFQ+8QQkXHr+V6lEUh9QAN6CNUFlNUc/ScEnnHcyY8AJmJFZsMK5YvtpwMjrUX5K29VFIdFZOC1xqncv3LG2+7GcRXQyyd2JFRk5S945kwKTLq7oWfaZH1PvvkQ0ZLZKNW8NT7F+Z9eyJm4X286Dae9mBs1QParORZkJfhLA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+56445+1787277+3901457@groups.io;
	dmarc=fail header.from=<zhichao.gao@intel.com> (p=none dis=none)
 header.from=<zhichao.gao@intel.com>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 1585274208364630.4241062158085;
 Thu, 26 Mar 2020 18:56:48 -0700 (PDT)
Return-Path: <bounce+27952+56445+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id WMseYY1788612xDEuf0t3mcC;
 Thu, 26 Mar 2020 18:56:48 -0700
X-Received: from mga17.intel.com (mga17.intel.com [])
 by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232
 for <devel@edk2.groups.io>;
 Thu, 26 Mar 2020 18:56:47 -0700
IronPort-SDR: 
 UHbWDvrND7JWz427ZjwgUTe3jwcpcx0U074LU90DYbblTt/uLSIhKfZbRr6YjIwXgzPWQ+Kkjz
 pBNdh0u09bKw==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Mar 2020 18:56:47 -0700
IronPort-SDR: 
 PFhgvdiZJfq1T+LzsbRWP/MVIy6cqG6SyInlze6R6yO24cMvVrN0BNS9FwQ+W4aAOzQwH+Ufcz
 pm8WxXUbmX0Q==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.72,310,1580803200";
   d="scan'208";a="447246824"
X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114])
  by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:46 -0700
From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Xiaoyu Lu <xiaoyux.lu@intel.com>
Subject: [edk2-devel] [PATCH 5/8] CryptoPkg/dec: Add pcds to avoid building
 the deprecated function
Date: Fri, 27 Mar 2020 09:56:26 +0800
Message-Id: <20200327015629.2588-6-zhichao.gao@intel.com>
In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com>
References: <20200327015629.2588-1-zhichao.gao@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com
X-Gm-Message-State: kXQPgRW6BM8c3OjL3dooUqvgx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1585274208;
 bh=t6/4WNmXtfVYzYyySfc0aQrOfKoBQSoXshlVKxFVwn4=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=TLmDhhxX1pMrVhasakQk5n9BxILOBx+IB2E5AA0VIAbOy+yf3frgfE+cwm4LNCQcdwa
 BCME+vEtc0qXmOxzXCew8Jt++LjmfuD92bkb+2S4rTzNDHGJc31U1LUvZ4H/DQsPDYM3B
 xJIwLEJuYv/tys0XGSSNrPBvZCZ6+LYvcwU=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682

Md5 and SHA1 is not secure any longer but uefi spec need to keep them
for backwards compatibility.
Add two pcds PcdMD5Enable and PcdSHA1Enable to control the function
enablement. Set the default value to false to indicate they are
deprecated.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
 CryptoPkg/CryptoPkg.dec | 11 +++++++++++
 CryptoPkg/CryptoPkg.uni | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 4d1a1368a8..4d1750839f 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -82,5 +82,16 @@
   # @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008=
, 0x00000010
   gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x0000=
0001
=20
+  ## Enable/Disable the MD5 algorithm. The MD5 is deprecated but the UEFI =
spec
+  #  want to keep it for backwards compatibility.
+  # @prompt Enable/Disable MD5 function.
+  gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable|FALSE|BOOLEAN|0x00000003
+
+  ## Enable/Disable the SHA1 algorithm. The SHA1 is deprecated but the UEF=
I spec
+  #  want to keep it for backwards compatibility. It should be set to TRUE=
 when
+  #  PcdHashApiLibPolicy enable the SHA1.
+  # @prompt Enable/Disable SHA1 function.
+  gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable|FALSE|BOOLEAN|0x00000004
+
 [UserExtensions.TianoCore."ExtraFiles"]
   CryptoPkgExtra.uni
diff --git a/CryptoPkg/CryptoPkg.uni b/CryptoPkg/CryptoPkg.uni
index 28459fcafe..8e27ebcd36 100644
--- a/CryptoPkg/CryptoPkg.uni
+++ b/CryptoPkg/CryptoPkg.uni
@@ -30,3 +30,14 @@
 #string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_PROMP=
T  #language en-US "Enable/Disable EDK II Crypto Protocol/PPI services"
=20
 #string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_HELP =
 #language en-US "Enable/Disable the families and individual services produ=
ced by the EDK II Crypto Protocols/PPIs.  The default is all services disab=
led.  This Structured PCD is associated with PCD_CRYPTO_SERVICE_FAMILY_ENAB=
LE structure that is defined in Include/Pcd/PcdCryptoServiceFamilyEnable.h."
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdMD5Enable_PROMPT  #language en-=
US "Enable/Disable the MD5 algorithm. The MD5 is deprecated but the UEFI sp=
ec\n"
+                                                                          =
    "want to keep it for backwards compatibility."
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdMD5Enable_HELP  #language en-US=
 "Enable/Disable MD5 function."
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSHA1Enable_PROMPT  #language en=
-US "Enable/Disable the SHA1 algorithm. The SHA1 is deprecated but the UEFI=
 spec\n"
+                                                                          =
    "want to keep it for backwards compatibility.It should be set to TRUE w=
hen\n"
+                                                                          =
    "PcdHashApiLibPolicy enable the SHA1."
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSHA1Enable_HELP  #language en-U=
S "Enable/Disable SHA1 function."
--=20
2.21.0.windows.1


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56445): https://edk2.groups.io/g/devel/message/56445
Mute This Topic: https://groups.io/mt/72579466/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-