1. Patchew
  2. EDK2
  3. [edk2-devel] [PATCH 00/22] [edk2-staging] CryptoPkg/openssl: switch to openssl-3.0
  4. View patch

[edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8

Gerd Hoffmann posted 22 patches 2 years, 11 months ago
[edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Gerd Hoffmann 2 years, 11 months ago 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 CryptoPkg/Library/OpensslLib/openssl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
index 830bf8e1e474..31157bc0b46e 160000
--- a/CryptoPkg/Library/OpensslLib/openssl
+++ b/CryptoPkg/Library/OpensslLib/openssl
@@ -1 +1 @@
-Subproject commit 830bf8e1e4749ad65c51b6a1d0d769ae689404ba
+Subproject commit 31157bc0b46e04227b8468d3e6915e4d0332777c
-- 
2.39.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101061): https://edk2.groups.io/g/devel/message/101061
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Li, Yi 2 years, 11 months ago 
Hi Gerd,

I also have some work on Openssl3, mainly to research how to reduce the binary size increase after the upgrade:

https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md



I really appreciate your work in this patch series, especially the clear py script.

But it seems that part of our work is repeated, if you don't mind, can I merge your work into openssl3.0 Edk2Staging branch? You can find it here if you're interested:

https://github.com/tianocore/edk2-staging/pull/358

Thanks,
Yi



-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd Hoffmann
Sent: Monday, March 13, 2023 4:30 PM
To: devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Pawel Polawski <ppolawsk@redhat.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Jiang, Guomin <guomin.jiang@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>; Oliver Steffen <osteffen@redhat.com>; Justen, Jordan L <jordan.l.justen@intel.com>
Subject: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8



Signed-off-by: Gerd Hoffmann <kraxel@redhat.com<mailto:kraxel@redhat.com>>

---

CryptoPkg/Library/OpensslLib/openssl | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)



diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl

index 830bf8e1e474..31157bc0b46e 160000

--- a/CryptoPkg/Library/OpensslLib/openssl

+++ b/CryptoPkg/Library/OpensslLib/openssl

@@ -1 +1 @@

-Subproject commit 830bf8e1e4749ad65c51b6a1d0d769ae689404ba

+Subproject commit 31157bc0b46e04227b8468d3e6915e4d0332777c

--

2.39.2














-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101100): https://edk2.groups.io/g/devel/message/101100
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Gerd Hoffmann 2 years, 11 months ago 
On Mon, Mar 13, 2023 at 03:13:28PM +0000, Li, Yi wrote:
> Hi Gerd,
> 
> I also have some work on Openssl3, mainly to research how to reduce the binary size increase after the upgrade:
> 
> https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md
> 
> 
> 
> I really appreciate your work in this patch series, especially the clear py script.
> 
> But it seems that part of our work is repeated, if you don't mind, can
> I merge your work into openssl3.0 Edk2Staging branch? You can find it
> here if you're interested:

Sure, that is the point of sharing it ;)

github branch (which hot some updates for aarch64 meanwhile) is at
https://github.com/kraxel/edk2/commits/openssl3

aarch64 is not working, the cpu capability probing needs some work.
openssl seems to just try instructions and catch SIGILL.  edk2 needs
something else of course.  Easiest way out would be to just provide
dummy functions, but that would also mean we wouldn't use aes
instructions if available ...

Any hints on that from the arm camp are welcome.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101157): https://edk2.groups.io/g/devel/message/101157
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Ard Biesheuvel 2 years, 11 months ago 
On Tue, 14 Mar 2023 at 09:16, kraxel@redhat.com <kraxel@redhat.com> wrote:
>
> On Mon, Mar 13, 2023 at 03:13:28PM +0000, Li, Yi wrote:
> > Hi Gerd,
> >
> > I also have some work on Openssl3, mainly to research how to reduce the binary size increase after the upgrade:
> >
> > https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md
> >
> >
> >
> > I really appreciate your work in this patch series, especially the clear py script.
> >
> > But it seems that part of our work is repeated, if you don't mind, can
> > I merge your work into openssl3.0 Edk2Staging branch? You can find it
> > here if you're interested:
>
> Sure, that is the point of sharing it ;)
>
> github branch (which hot some updates for aarch64 meanwhile) is at
> https://github.com/kraxel/edk2/commits/openssl3
>
> aarch64 is not working, the cpu capability probing needs some work.
> openssl seems to just try instructions and catch SIGILL.  edk2 needs
> something else of course.  Easiest way out would be to just provide
> dummy functions, but that would also mean we wouldn't use aes
> instructions if available ...
>
> Any hints on that from the arm camp are welcome.
>

Yeah the SIGILL trapping is a bit nasty, but that is only used if no
implementation of getauxval() exists.

So perhaps the cleanest way to approach this is to provide a dummy
implementation of getauxval() which only supports AT_HWCAP, and
returns the correct hwcap mask for what the CPU id registers report in
terms for ISA support for crypto extensions.

I can code that up if you want.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101159): https://edk2.groups.io/g/devel/message/101159
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Yao, Jiewen 2 years, 8 months ago 
Hi Ard
Would you please take a look at https://github.com/tianocore/edk2-staging/tree/OpenSSL30, which is our current working version? If you have any idea, please propose patch.

Also, could you please try that on ARM/AARCH64 platform to see if there is anything broken?

I think those are important to make sure we have a working version for next stable tag.

Thank you
Yao, Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard
> Biesheuvel
> Sent: Tuesday, March 14, 2023 4:45 PM
> To: kraxel@redhat.com
> Cc: devel@edk2.groups.io; Li, Yi1 <yi1.li@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Pawel Polawski <ppolawsk@redhat.com>; Lu,
> Xiaoyu1 <xiaoyu1.lu@intel.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Jiang, Guomin <guomin.jiang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Oliver Steffen <osteffen@redhat.com>; Justen, Jordan L
> <jordan.l.justen@intel.com>
> Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule
> to openssl-3.0.8
> 
> On Tue, 14 Mar 2023 at 09:16, kraxel@redhat.com <kraxel@redhat.com> wrote:
> >
> > On Mon, Mar 13, 2023 at 03:13:28PM +0000, Li, Yi wrote:
> > > Hi Gerd,
> > >
> > > I also have some work on Openssl3, mainly to research how to reduce the
> binary size increase after the upgrade:
> > >
> > > https://github.com/tianocore/edk2-
> staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md
> > >
> > >
> > >
> > > I really appreciate your work in this patch series, especially the clear py script.
> > >
> > > But it seems that part of our work is repeated, if you don't mind, can
> > > I merge your work into openssl3.0 Edk2Staging branch? You can find it
> > > here if you're interested:
> >
> > Sure, that is the point of sharing it ;)
> >
> > github branch (which hot some updates for aarch64 meanwhile) is at
> > https://github.com/kraxel/edk2/commits/openssl3
> >
> > aarch64 is not working, the cpu capability probing needs some work.
> > openssl seems to just try instructions and catch SIGILL.  edk2 needs
> > something else of course.  Easiest way out would be to just provide
> > dummy functions, but that would also mean we wouldn't use aes
> > instructions if available ...
> >
> > Any hints on that from the arm camp are welcome.
> >
> 
> Yeah the SIGILL trapping is a bit nasty, but that is only used if no
> implementation of getauxval() exists.
> 
> So perhaps the cleanest way to approach this is to provide a dummy
> implementation of getauxval() which only supports AT_HWCAP, and
> returns the correct hwcap mask for what the CPU id registers report in
> terms for ISA support for crypto extensions.
> 
> I can code that up if you want.
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105616): https://edk2.groups.io/g/devel/message/105616
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Ard Biesheuvel 2 years, 8 months ago 
On Fri, 2 Jun 2023 at 04:53, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Hi Ard
> Would you please take a look at https://github.com/tianocore/edk2-staging/tree/OpenSSL30, which is our current working version? If you have any idea, please propose patch.
>
> Also, could you please try that on ARM/AARCH64 platform to see if there is anything broken?
>
> I think those are important to make sure we have a working version for next stable tag.
>

Agreed.

With GCC5 and the tweak below [0], that branch builds OVMF/ArmVirtQemu
fine for me on {X64,AARCH64,ARM} x {DEBUG,RELEASE,NOOPT}.

I also built DeveloperBox.dsc and DeveloperBoxMm.dsc from
edk2-platforms without problems, with SECURE_BOOT_ENABLE and
TPM2_ENABLE both set.

Clang seemed to work fine as well, but the branch still uses CLANG3x
so we need to rebase this branch onto the latest stable tag first and
retest.

I did only a quick boot test to check whether secure boot verification
was working, but all seemed to work fine.

In any case, if we want to make the next stable tag, I think we should
move quickly, so that we have enough time to fix any issues that may
arise.



[0] first hunk is based on 7880536fe17c2b54 in openssl upstream

--- a/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
+++ b/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
@@ -177,7 +177,7 @@ typedef struct GENERAL_NAME_st {
         OTHERNAME *otherName;   /* otherName */
         ASN1_IA5STRING *rfc822Name;
         ASN1_IA5STRING *dNSName;
-        ASN1_TYPE *x400Address;
+        ASN1_STRING *x400Address;
         X509_NAME *directoryName;
         EDIPARTYNAME *ediPartyName;
         ASN1_IA5STRING *uniformResourceIdentifier;
diff --git a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
index c256f17667668866..a736dca8b73d27d5 100644
--- a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
+++ b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
@@ -177,12 +177,6 @@ int tls_parse_ctos_early_data(SSL *s, PACKET
*pkt, unsigned int context,
     return 0;
 }

-static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
-                                                 SSL_SESSION **sess)
-{
-    return SSL_TICKET_NO_DECRYPT;
-}
-
 int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                        size_t chainidx)
 {


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105641): https://edk2.groups.io/g/devel/message/105641
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Li, Yi 2 years, 6 months ago 
Hi Ard,

Your feedback already integrated to latest patch series:  [PATCH V2 00/29] CryptoPkg: Update OpenSSL submodule to 3.0.9
Thanks for your review, let me know if you have any feedback.

Regards,
Yi

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard Biesheuvel
Sent: Friday, June 2, 2023 5:15 PM
To: Yao, Jiewen <jiewen.yao@intel.com>
Cc: devel@edk2.groups.io; kraxel@redhat.com; Li, Yi1 <yi1.li@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Pawel Polawski <ppolawsk@redhat.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Oliver Steffen <osteffen@redhat.com>; Justen, Jordan L <jordan.l.justen@intel.com>
Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8

On Fri, 2 Jun 2023 at 04:53, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Hi Ard
> Would you please take a look at https://github.com/tianocore/edk2-staging/tree/OpenSSL30, which is our current working version? If you have any idea, please propose patch.
>
> Also, could you please try that on ARM/AARCH64 platform to see if there is anything broken?
>
> I think those are important to make sure we have a working version for next stable tag.
>

Agreed.

With GCC5 and the tweak below [0], that branch builds OVMF/ArmVirtQemu fine for me on {X64,AARCH64,ARM} x {DEBUG,RELEASE,NOOPT}.

I also built DeveloperBox.dsc and DeveloperBoxMm.dsc from edk2-platforms without problems, with SECURE_BOOT_ENABLE and TPM2_ENABLE both set.

Clang seemed to work fine as well, but the branch still uses CLANG3x so we need to rebase this branch onto the latest stable tag first and retest.

I did only a quick boot test to check whether secure boot verification was working, but all seemed to work fine.

In any case, if we want to make the next stable tag, I think we should move quickly, so that we have enough time to fix any issues that may arise.



[0] first hunk is based on 7880536fe17c2b54 in openssl upstream

--- a/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
+++ b/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
@@ -177,7 +177,7 @@ typedef struct GENERAL_NAME_st {
         OTHERNAME *otherName;   /* otherName */
         ASN1_IA5STRING *rfc822Name;
         ASN1_IA5STRING *dNSName;
-        ASN1_TYPE *x400Address;
+        ASN1_STRING *x400Address;
         X509_NAME *directoryName;
         EDIPARTYNAME *ediPartyName;
         ASN1_IA5STRING *uniformResourceIdentifier; diff --git a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
index c256f17667668866..a736dca8b73d27d5 100644
--- a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
+++ b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
@@ -177,12 +177,6 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
     return 0;
 }

-static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
-                                                 SSL_SESSION **sess)
-{
-    return SSL_TICKET_NO_DECRYPT;
-}
-
 int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                        size_t chainidx)  {







-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107511): https://edk2.groups.io/g/devel/message/107511
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Yao, Jiewen 2 years, 8 months ago 
Thanks Ard. That is good news.
We may try the patch to see if that will break X86.

Current blocking issue seems IA32 intrinsic and OVMF size. I am not sure if Gerd has any idea on that.

Thank you
Yao, Jiewen

> -----Original Message-----
> From: Ard Biesheuvel <ardb@kernel.org>
> Sent: Friday, June 2, 2023 5:15 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>
> Cc: devel@edk2.groups.io; kraxel@redhat.com; Li, Yi1 <yi1.li@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Pawel Polawski
> <ppolawsk@redhat.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin
> <guomin.jiang@intel.com>; Oliver Steffen <osteffen@redhat.com>; Justen,
> Jordan L <jordan.l.justen@intel.com>
> Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule
> to openssl-3.0.8
> 
> On Fri, 2 Jun 2023 at 04:53, Yao, Jiewen <jiewen.yao@intel.com> wrote:
> >
> > Hi Ard
> > Would you please take a look at https://github.com/tianocore/edk2-
> staging/tree/OpenSSL30, which is our current working version? If you have any
> idea, please propose patch.
> >
> > Also, could you please try that on ARM/AARCH64 platform to see if there is
> anything broken?
> >
> > I think those are important to make sure we have a working version for next
> stable tag.
> >
> 
> Agreed.
> 
> With GCC5 and the tweak below [0], that branch builds OVMF/ArmVirtQemu
> fine for me on {X64,AARCH64,ARM} x {DEBUG,RELEASE,NOOPT}.
> 
> I also built DeveloperBox.dsc and DeveloperBoxMm.dsc from
> edk2-platforms without problems, with SECURE_BOOT_ENABLE and
> TPM2_ENABLE both set.
> 
> Clang seemed to work fine as well, but the branch still uses CLANG3x
> so we need to rebase this branch onto the latest stable tag first and
> retest.
> 
> I did only a quick boot test to check whether secure boot verification
> was working, but all seemed to work fine.
> 
> In any case, if we want to make the next stable tag, I think we should
> move quickly, so that we have enough time to fix any issues that may
> arise.
> 
> 
> 
> [0] first hunk is based on 7880536fe17c2b54 in openssl upstream
> 
> --- a/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
> +++ b/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
> @@ -177,7 +177,7 @@ typedef struct GENERAL_NAME_st {
>          OTHERNAME *otherName;   /* otherName */
>          ASN1_IA5STRING *rfc822Name;
>          ASN1_IA5STRING *dNSName;
> -        ASN1_TYPE *x400Address;
> +        ASN1_STRING *x400Address;
>          X509_NAME *directoryName;
>          EDIPARTYNAME *ediPartyName;
>          ASN1_IA5STRING *uniformResourceIdentifier;
> diff --git a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> index c256f17667668866..a736dca8b73d27d5 100644
> --- a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> +++ b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
> @@ -177,12 +177,6 @@ int tls_parse_ctos_early_data(SSL *s, PACKET
> *pkt, unsigned int context,
>      return 0;
>  }
> 
> -static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
> -                                                 SSL_SESSION **sess)
> -{
> -    return SSL_TICKET_NO_DECRYPT;
> -}
> -
>  int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
>                         size_t chainidx)
>  {


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105648): https://edk2.groups.io/g/devel/message/105648
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Gerd Hoffmann 2 years, 7 months ago 
On Fri, Jun 02, 2023 at 02:29:11PM +0000, Yao, Jiewen wrote:
> Thanks Ard. That is good news.
> We may try the patch to see if that will break X86.
> 
> Current blocking issue seems IA32 intrinsic and OVMF size. I am not sure if Gerd has any idea on that.

Size is NOOPT only I guess?  Problem is the effect of LTO is limited
with optimization turned off.  So building openssllib with moderate
optimizations (-O1) is one option (works for gcc).  Or just skip the
NOOPT test builds in case openssl is included.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106159): https://edk2.groups.io/g/devel/message/106159
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Li, Yi 2 years, 7 months ago 
Right. We already skipped this build with VS2019, I tend to skip the GCC NOOPT build also.
https://edk2.groups.io/g/devel/topic/99477984#106001

Regards,
Yi


-----Original Message-----
From: kraxel@redhat.com <kraxel@redhat.com> 
Sent: Monday, June 19, 2023 4:12 PM
To: Yao, Jiewen <jiewen.yao@intel.com>
Cc: Ard Biesheuvel <ardb@kernel.org>; devel@edk2.groups.io; Li, Yi1 <yi1.li@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Pawel Polawski <ppolawsk@redhat.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Oliver Steffen <osteffen@redhat.com>; Justen, Jordan L <jordan.l.justen@intel.com>
Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8

On Fri, Jun 02, 2023 at 02:29:11PM +0000, Yao, Jiewen wrote:
> Thanks Ard. That is good news.
> We may try the patch to see if that will break X86.
> 
> Current blocking issue seems IA32 intrinsic and OVMF size. I am not sure if Gerd has any idea on that.

Size is NOOPT only I guess?  Problem is the effect of LTO is limited with optimization turned off.  So building openssllib with moderate optimizations (-O1) is one option (works for gcc).  Or just skip the NOOPT test builds in case openssl is included.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106160): https://edk2.groups.io/g/devel/message/106160
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8
Posted by Gerd Hoffmann 2 years, 11 months ago 
  Hi,

> Yeah the SIGILL trapping is a bit nasty, but that is only used if no
> implementation of getauxval() exists.
> 
> So perhaps the cleanest way to approach this is to provide a dummy
> implementation of getauxval() which only supports AT_HWCAP, and
> returns the correct hwcap mask for what the CPU id registers report in
> terms for ISA support for crypto extensions.
> 
> I can code that up if you want.

Getting crypto/armcap.c even compile on edk2 will be a challenge I
think.  So I'd rather exclude it, and add a OPENSSL_cpuid_setup()
aarch64 implementation to edk2 and copy over the 10 lines which
map HWCAP -> OPENSSL_armcap_P.  That'll be alot easier than adding
dummy stubs for siglongjmp, sigaction & friends.

A hwcap query function would be helpful nevertheless.

thanks & take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101160): https://edk2.groups.io/g/devel/message/101160
Mute This Topic: https://groups.io/mt/97576405/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.