[edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0

Gerd Hoffmann kraxel at redhat.com
Fri Jan 21 08:30:35 UTC 2022 

> > No changes in SEC and PEI.
> [Jiewen] Do you mean the Crypto consumer in PEI has no size difference? Such as
> https://github.com/tianocore/edk2/tree/master/SecurityPkg/Tcg/Tcg2Pei ,
> https://github.com/tianocore/edk2/tree/master/SecurityPkg/FvReportPei ,
> https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg/Universal/RecoveryModuleLoadPei linking https://github.com/tianocore/edk2/tree/master/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256.

PEI has this (OvmfIa32X64Pkg build):

    7062 TpmMmioSevDecryptPei
    7830 StatusCodeHandlerPei
    7902 ReportStatusCodeRouterPei
    8470 FaultTolerantWritePei
    9734 SmmAccessPei
   11206 Tcg2ConfigPei
   11842 PeiVariable
   14730 Tcg2PlatformPei
   17274 TcgPei
   18438 S3Resume2Pei
   18682 DxeIpl
   18938 PcdPeim
   38014 CpuMpPei
   39554 PlatformPei
   45050 PeiCore
   49274 Tcg2Pei

No size change for Tcg2Pei.

The other modules are not there.  Seems they are related to firmware
updates.  We don't have that on ovmf as we can simply update the
firmware image files on the host machine ...

Is there some target I could use to test-build those modules?

> > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
> > symbol __allmul
> > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
> > symbol __aulldiv
> > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
> > symbol __aulldvrm
> > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
> > symbol __ftol2_sse
> > 
> > Those symbols look like they reference helper functions to do 64bit math
> > on 32bit architecture.  Any hints how to fix that?
> [Jiewen] Please add them to https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/IntrinsicLib

Any hints where I could get them?  Given this happens on windows builds
it's probably somewhere in the microsoft standard C library?  Is that
available as open source somewhere?

> > (3) Some NOOPT builds are failing due to the size growing ...
> [Jiewen] Size becomes big challenge...
> Have you tried to use https://github.com/tianocore/edk2/tree/master/CryptoPkg/Driver solution?

Seems the idea is to have only one openssl copy in the dxe image by
calling a protocol instead of linking a lib.  Makes sense.

Is this documented somewhere?  Is there some easy way to use that as
drop-in replacement?  Or do we have to change all crypto users to call
the driver instead of linking the lib?

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#85896): https://edk2.groups.io/g/devel/message/85896
Mute This Topic: https://groups.io/mt/87479913/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list