1. Patchew
  2. EDK2
  3. [edk2-devel] [edk2-staging/OpenSSL11_EOL PATCH 0/7] Enable MbedTLS for CryptoPkg update Mar 17
  4. View patch

[edk2-devel] [edk2-staging/OpenSSL11_EOL PATCH 1/7] Update ReadmeMbedtls

Wenxing Hou posted 7 patches 1 year, 5 months ago
[edk2-devel] [edk2-staging/OpenSSL11_EOL PATCH 1/7] Update ReadmeMbedtls
Posted by Wenxing Hou 1 year, 5 months ago 
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 CryptoPkg/ReadmeMbedtls.md | 55 +++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 19 deletions(-)

diff --git a/CryptoPkg/ReadmeMbedtls.md b/CryptoPkg/ReadmeMbedtls.md
index 4b5a132fd0..39fc93028c 100644
--- a/CryptoPkg/ReadmeMbedtls.md
+++ b/CryptoPkg/ReadmeMbedtls.md
@@ -1,21 +1,18 @@
 # CryptoMbedTlsPkg(enable mbedtls for EDKII POC)
 
-## background
+## Overview
 This POC is to explore mbedtls as a smaller alternative to OpenSSL.
 
-## MbedTLS version
-Depend on Mbedtls 3.3.0.
-
-## MbedTLS and OpenSSL CryptoPkg size compare
+### MbedTLS and OpenSSL CryptoPkg size compare
 
-|  Driver  | OpenSSL  | OpenSSL(no SM3 and Pkcs7) | MbedTLS |
-|  ----  | ----  | ----  | ----  |
-|  PEI  | 387Kb  | 387kb  | 162kb |
-|  PeiPreMem  | 31Kb  | WIP  | WIP |
-|  DXE  | 804Kb  | WIP  | WIP |
-|  SMM  | 558Kb  | WIP  | WIP |
+|  Driver  | OpenSSL  |  MbedTLS |
+|  ----  | ----  | ----  |
+|  PEI  | 387Kb  | 162Kb |
+|  PeiPreMem  | 31Kb  | 58Kb |
+|  DXE  | 804Kb  | 457Kb  |
+|  SMM  | 558Kb  | 444Kb  |
 
-## Current enabling status
+### Current enabling status
 
 |  FILE  | Build Pass  | Test Pass |
 |  ----  | ----  | ----  |
@@ -33,24 +30,44 @@ Depend on Mbedtls 3.3.0.
 | Pem/CryptPem.c  | YES | YES |
 | Pk/CryptAuthenticode.c  | WIP | WIP |
 | Pk/CryptDh.c  | YES | YES |
-| Pk/CryptEc.c  | WIP | WIP |
+| Pk/CryptEc.c  | YES | YES |
 | Pk/CryptPkcs1Oaep.c  | YES | YES |
 | Pk/CryptPkcs5Pbkdf2.c  | YES | YES |
 | Pk/CryptPkcs7Sign.c  | YES | YES |
-| Pk/CryptPkcs7VerifyBase.c  | YES | WIP |
-| Pk/CryptPkcs7VerifyCommon.c  | YES | WIP |
+| Pk/CryptPkcs7VerifyBase.c  | YES | YES |
+| Pk/CryptPkcs7VerifyCommon.c  | YES | YES |
 | Pk/CryptPkcs7VerifyEku.c  | YES | WIP |
 | Pk/CryptPkcs7VerifyEkuRuntime.c  | YES | YES |
 | Pk/CryptPkcs7VerifyRuntime.c  | YES | YES |
 | Pk/CryptRsaBasic.c  | YES | YES |
 | Pk/CryptRsaExt.c  | YES | YES |
-| Pk/CryptTs.c  | YES | YES |
-| Pk/CryptX509.c  | WIP | WIP |
-
+| Pk/CryptTs.c  | YES | WIP |
+| Pk/CryptX509.c  | YES | YES |
 
 ## Build command
 
    ```
    edksetup.bat Rebuild VS2019
    build -a X64 -p CryptoPkg/CryptoPkgMbedTls.dsc -DCRYPTO_IMG_TYPE=PEI_DEFAULT -t VS2019
-   ```
\ No newline at end of file
+   ```
+## Risk
+
+|  Risk  | Soluton  | Time required |
+|  ----  | ----  | ----  |
+| SM3 and SHA3 are missing in Mbedtls  | Wait Mbedtls enable SM3 and SHA3 | Unkown |
+| Following API implementation is WIP  | Implement API | 2 weeks |
+
+### API need to complete
+|  API  | Time required |
+|  ----  | ----  |
+| VerifyEKUsInPkcs7Signature  | 3 days |
+| AuthenticodeVerify  | 3 days |
+| EcPointSetCompressedCoordinates  | 2 days |
+| ImageTimestampVerify  | 3 days |
+
+## Timeline
+Target for 2023 Q1
+## Owner
+The branch owner: Wenxing Hou <wenxing.hou@intel.com>  
+## MbedTls Version
+Depend on Mbedtls 3.3.0.
-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101318): https://edk2.groups.io/g/devel/message/101318
Mute This Topic: https://groups.io/mt/97669079/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.