[edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0
Gerd Hoffmann
kraxel at redhat.com
Fri Jan 21 08:30:35 UTC 2022
> > No changes in SEC and PEI.
> [Jiewen] Do you mean the Crypto consumer in PEI has no size difference? Such as
> https://github.com/tianocore/edk2/tree/master/SecurityPkg/Tcg/Tcg2Pei ,
> https://github.com/tianocore/edk2/tree/master/SecurityPkg/FvReportPei ,
> https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg/Universal/RecoveryModuleLoadPei linking https://github.com/tianocore/edk2/tree/master/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256.
PEI has this (OvmfIa32X64Pkg build):
7062 TpmMmioSevDecryptPei
7830 StatusCodeHandlerPei
7902 ReportStatusCodeRouterPei
8470 FaultTolerantWritePei
9734 SmmAccessPei
11206 Tcg2ConfigPei
11842 PeiVariable
14730 Tcg2PlatformPei
17274 TcgPei
18438 S3Resume2Pei
18682 DxeIpl
18938 PcdPeim
38014 CpuMpPei
39554 PlatformPei
45050 PeiCore
49274 Tcg2Pei
No size change for Tcg2Pei.
The other modules are not there. Seems they are related to firmware
updates. We don't have that on ovmf as we can simply update the
firmware image files on the host machine ...
Is there some target I could use to test-build those modules?
> > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
> > symbol __allmul
> > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
> > symbol __aulldiv
> > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
> > symbol __aulldvrm
> > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
> > symbol __ftol2_sse
> >
> > Those symbols look like they reference helper functions to do 64bit math
> > on 32bit architecture. Any hints how to fix that?
> [Jiewen] Please add them to https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/IntrinsicLib
Any hints where I could get them? Given this happens on windows builds
it's probably somewhere in the microsoft standard C library? Is that
available as open source somewhere?
> > (3) Some NOOPT builds are failing due to the size growing ...
> [Jiewen] Size becomes big challenge...
> Have you tried to use https://github.com/tianocore/edk2/tree/master/CryptoPkg/Driver solution?
Seems the idea is to have only one openssl copy in the dxe image by
calling a protocol instead of linking a lib. Makes sense.
Is this documented somewhere? Is there some easy way to use that as
drop-in replacement? Or do we have to change all crypto users to call
the driver instead of linking the lib?
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#85896): https://edk2.groups.io/g/devel/message/85896
Mute This Topic: https://groups.io/mt/87479913/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list