[edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC unconditionally.
James Bottomley
James.Bottomley at HansenPartnership.com
Mon May 9 13:41:02 UTC 2022
On Mon, 2022-05-09 at 12:03 +0000, Yao, Jiewen wrote:
> It is possible to switch to other crypt lib.
>
> For example, the *mbedtls* version POC can be found at
> https://github.com/jyao1/edk2/tree/DeviceSecurity/CryptoMbedTlsPkg
> The advantage is: the size is much smaller.
> The disadvantage is: some required functions are not available, such
> as PKCS7.
Perhaps as a first step, we should look at our options. I would say
missing functionality is problematic, but not necessarily a killer:
we'd have to help the chosen project develop the capability and figure
out how to maintain the fork while it was going upstream. PKCS#7 is
pretty huge, though, it's the entire Cryptographic Message Syntax so I
think us having to develop that for mbedtls makes that one a non
starter.
Other libraries could be:
wolfssl
gnutls
boringssl
LibreSSL
They all seem to do pkcs#7.
James
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89615): https://edk2.groups.io/g/devel/message/89615
Mute This Topic: https://groups.io/mt/90832153/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list