From nobody Mon Sep 16 19:16:45 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+101318+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101318+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1679043721; cv=none;
	d=zohomail.com; s=zohoarc;
	b=CgF3QuFsaM6v2ZbFRQEle0Bs2oD+d+TebCVHWd2ROQc4pwxV3t0GyI5gwWATisWr0wvwB0iZdhnSYgBwZPAWl3cOcgSPfE2RD6fDtQWYyBZSUwQvCyti3bWXqjITSFzEO3kLzhprDErAMo/0jO9m7idF6mUJMaGkKTaPbqx53P8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1679043721;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=/FfD3DOwej74c8884HnOpMkgu2XJAoj6WfJxj2suaBI=;
	b=GshArf/41fGRR6UCBlNLPPTw0KBhsMItGhcBjKCOAPH7p88BHPnSahZqfYfCDqZgSB8l+dCAHCLJupdGs09Fryo6CJmVc8zlf0Qn/AsUBjyopLRdesr89138VxgY19ly8hqCwd0RRrZAbg/ExkU268o8P6Yic2PVVwy/munsyuE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101318+1787277+3901457@groups.io;
	dmarc=fail header.from=<wenxing.hou@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1679043721693296.8464269464671;
 Fri, 17 Mar 2023 02:02:01 -0700 (PDT)
Return-Path: <bounce+27952+101318+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id RcEbYY1788612xjIhRY4qjv6;
 Fri, 17 Mar 2023 02:02:01 -0700
X-Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web10.14911.1679043720870874677
 for <devel@edk2.groups.io>;
 Fri, 17 Mar 2023 02:02:00 -0700
X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="317871116"
X-IronPort-AV: E=Sophos;i="5.98,268,1673942400";
   d="scan'208";a="317871116"
X-Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 17 Mar 2023 02:02:00 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="926066801"
X-IronPort-AV: E=Sophos;i="5.98,268,1673942400";
   d="scan'208";a="926066801"
X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.157.39])
  by fmsmga006.fm.intel.com with ESMTP; 17 Mar 2023 02:01:59 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Wenxing Hou <wenxing.hou@intel.com>
Subject: [edk2-devel] [edk2-staging/OpenSSL11_EOL PATCH 1/7] Update
 ReadmeMbedtls
Date: Fri, 17 Mar 2023 17:00:47 +0800
Message-Id: <20230317090053.1895-2-wenxing.hou@intel.com>
In-Reply-To: <20230317090053.1895-1-wenxing.hou@intel.com>
References: <20230317090053.1895-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com
X-Gm-Message-State: 1P6s7HYPi4Qc1rXaeSIMvujhx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1679043721;
 bh=T+2ucJkCuXyigXhzgw2jdjRBGP4P308/Nzjm/+NAAxE=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=j6XpyYy07a8Ec8yueoXDvdx4C8cBWuuW9iA7Swv1JMmeeNGBGx1H0JfDAt6k+SonVu9
 3LK/qQR4klJOgwonTjFAAfIboH0O89JQyumYFHwOtf8XQ9HTAL/t1//x+ahyd875LlXTS
 skz0xyoDtOmiFMlImvElj11qw3AVW08r3Ng=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1679043723314100002
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 CryptoPkg/ReadmeMbedtls.md | 55 +++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 19 deletions(-)

diff --git a/CryptoPkg/ReadmeMbedtls.md b/CryptoPkg/ReadmeMbedtls.md
index 4b5a132fd0..39fc93028c 100644
--- a/CryptoPkg/ReadmeMbedtls.md
+++ b/CryptoPkg/ReadmeMbedtls.md
@@ -1,21 +1,18 @@
 # CryptoMbedTlsPkg(enable mbedtls for EDKII POC)
=20
-## background
+## Overview
 This POC is to explore mbedtls as a smaller alternative to OpenSSL.
=20
-## MbedTLS version
-Depend on Mbedtls 3.3.0.
-
-## MbedTLS and OpenSSL CryptoPkg size compare
+### MbedTLS and OpenSSL CryptoPkg size compare
=20
-|  Driver  | OpenSSL  | OpenSSL(no SM3 and Pkcs7) | MbedTLS |
-|  ----  | ----  | ----  | ----  |
-|  PEI  | 387Kb  | 387kb  | 162kb |
-|  PeiPreMem  | 31Kb  | WIP  | WIP |
-|  DXE  | 804Kb  | WIP  | WIP |
-|  SMM  | 558Kb  | WIP  | WIP |
+|  Driver  | OpenSSL  |  MbedTLS |
+|  ----  | ----  | ----  |
+|  PEI  | 387Kb  | 162Kb |
+|  PeiPreMem  | 31Kb  | 58Kb |
+|  DXE  | 804Kb  | 457Kb  |
+|  SMM  | 558Kb  | 444Kb  |
=20
-## Current enabling status
+### Current enabling status
=20
 |  FILE  | Build Pass  | Test Pass |
 |  ----  | ----  | ----  |
@@ -33,24 +30,44 @@ Depend on Mbedtls 3.3.0.
 | Pem/CryptPem.c  | YES | YES |
 | Pk/CryptAuthenticode.c  | WIP | WIP |
 | Pk/CryptDh.c  | YES | YES |
-| Pk/CryptEc.c  | WIP | WIP |
+| Pk/CryptEc.c  | YES | YES |
 | Pk/CryptPkcs1Oaep.c  | YES | YES |
 | Pk/CryptPkcs5Pbkdf2.c  | YES | YES |
 | Pk/CryptPkcs7Sign.c  | YES | YES |
-| Pk/CryptPkcs7VerifyBase.c  | YES | WIP |
-| Pk/CryptPkcs7VerifyCommon.c  | YES | WIP |
+| Pk/CryptPkcs7VerifyBase.c  | YES | YES |
+| Pk/CryptPkcs7VerifyCommon.c  | YES | YES |
 | Pk/CryptPkcs7VerifyEku.c  | YES | WIP |
 | Pk/CryptPkcs7VerifyEkuRuntime.c  | YES | YES |
 | Pk/CryptPkcs7VerifyRuntime.c  | YES | YES |
 | Pk/CryptRsaBasic.c  | YES | YES |
 | Pk/CryptRsaExt.c  | YES | YES |
-| Pk/CryptTs.c  | YES | YES |
-| Pk/CryptX509.c  | WIP | WIP |
-
+| Pk/CryptTs.c  | YES | WIP |
+| Pk/CryptX509.c  | YES | YES |
=20
 ## Build command
=20
    ```
    edksetup.bat Rebuild VS2019
    build -a X64 -p CryptoPkg/CryptoPkgMbedTls.dsc -DCRYPTO_IMG_TYPE=3DPEI_=
DEFAULT -t VS2019
-   ```
\ No newline at end of file
+   ```
+## Risk
+
+|  Risk  | Soluton  | Time required |
+|  ----  | ----  | ----  |
+| SM3 and SHA3 are missing in Mbedtls  | Wait Mbedtls enable SM3 and SHA3 =
| Unkown |
+| Following API implementation is WIP  | Implement API | 2 weeks |
+
+### API need to complete
+|  API  | Time required |
+|  ----  | ----  |
+| VerifyEKUsInPkcs7Signature  | 3 days |
+| AuthenticodeVerify  | 3 days |
+| EcPointSetCompressedCoordinates  | 2 days |
+| ImageTimestampVerify  | 3 days |
+
+## Timeline
+Target for 2023 Q1
+## Owner
+The branch owner: Wenxing Hou <wenxing.hou@intel.com> =20
+## MbedTls Version
+Depend on Mbedtls 3.3.0.
--=20
2.26.2.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101318): https://edk2.groups.io/g/devel/message/101318
Mute This Topic: https://groups.io/mt/97669079/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-