[edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC unconditionally.
Yao, Jiewen
jiewen.yao at intel.com
Mon May 9 10:17:48 UTC 2022
Old == the launched platform, or the platform will be launched shortly where the flash size and layout are locked. It is huge risk to change the layout suddenly. And it is not practical to change the flash size. (E.g. How can you change your flash size on your laptop? )
New platform usually does not have such constrain, because it may include new feature and have more size, and the layout can be tuned later.
Talking about OPENSSL3.0.
First, I support the OPENSSL 3.0 enabling plan, because we should do that before OPENSSL 1.1 end of support.
You did a great job to enable OPENSSL3.0 in https://github.com/kraxel/edk2/tree/openssl3. I do appreciate that effort.
However, we also have size concern on OPENSSL3.0, according to the data you provided.
If we switch OPENSSL 1.1 to OPENSSL 3.0 immediately, then many platforms will be broken due to size issue. It is not practical.
I would recommend in this way:
1) Please keep the good work to enable OPENSSL3.0 in your personal branch.
2) If you have some way to control the size, then do it. If there is no much size difference by default, then you can submit to EDKII directly.
3) If there is significant size difference, we need figure out a way to resolve it. As temporary step, you may choose post OPENSSL3.0 to https://github.com/tianocore/edk2-staging, which is an official location for broader evaluation, collaboration and enhancement.
4) As enhancement, the basic idea is to make the library configurable. As such, if the old platform does not new functionality, it can still live with OPENSSL3.0.
The line is : same feature ==> same size (or minor reasonable increase), new feature ==> more size.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Gerd Hoffmann <kraxel at redhat.com>
> Sent: Monday, May 9, 2022 5:45 PM
> To: devel at edk2.groups.io; Yao, Jiewen <jiewen.yao at intel.com>
> Cc: Pawel Polawski <ppolawsk at redhat.com>; Li, Yi1 <yi1.li at intel.com>; Oliver
> Steffen <osteffen at redhat.com>; Wang, Jian J <jian.j.wang at intel.com>; Ard
> Biesheuvel <ardb+tianocore at kernel.org>; Jiang, Guomin
> <guomin.jiang at intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu at intel.com>; Justen, Jordan
> L <jordan.l.justen at intel.com>
> Subject: Re: [edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC
> unconditionally.
>
> On Mon, May 09, 2022 at 01:38:35AM +0000, Yao, Jiewen wrote:
> > Thank you Gerd.
> >
> > I collected feedback from Intel BIOS team, both client and server, both old
> platform and new platform.
> >
> > In general, the new platform will leave enough space for crypto improvement.
> Size is not a big issue. The delta is acceptable.
> >
> > However, the old launched platforms only has limited flash space. This patch
> will break the current build because of size increase. Option (1) is not acceptable.
>
> Hmm. Does that mean the old platform (what is "old" here btw?) wouldn't
> be able to do the switch to openssl3 either?
>
> take care,
> Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89607): https://edk2.groups.io/g/devel/message/89607
Mute This Topic: https://groups.io/mt/90832153/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list