[edk2-devel] [PATCH 00/11] OvmfPkg: add Crypto Driver support
Gerd Hoffmann
kraxel at redhat.com
Fri Feb 3 15:36:54 UTC 2023
On Fri, Feb 03, 2023 at 02:33:07PM +0100, Ard Biesheuvel wrote:
> What is the point of this series? If we are trying to deduplicate
> crypto code by moving it into a dedicated driver, can we please just
> do that unconditionally, instead of doubling the size of the
> validation matrix again? Or are there reasons why one might avoid this
> crypto driver approach?
Unfortunately it is not a clear size win everywhere.
PEI jumps up in size even though I'm using the min_pei config for
CryptoPei, seems it *still* has way too much bits compiled in
(didn't look into tweaking the config yet, hints are welcome).
- 17530 TcgPei
+ 17146 TcgPei
+ 34362 Tcg2Pei
- 51066 Tcg2Pei
+ 333950 CryptoPei
SMM doesn't change much (slight increase):
+ 106662 VariableSmm
- 540818 VariableSmm
+ 479374 CryptoSmm
DXE is a clear win, three users go from > 400k to < 100k which easily
compensates for the almost 700k crypto driver:
+ 17326 TlsDxe
- 19494 TcgDxe
+ 19450 TcgDxe
+ 36682 SecurityStubDxe
+ 54630 Tcg2Dxe
- 68498 Tcg2Dxe
+ 78898 SecureBootConfigDxe
+ 121190 IScsiDxe
- 125174 IScsiDxe
- 404574 SecureBootConfigDxe
- 479414 SecurityStubDxe
- 667006 TlsDxe
+ 696298 CryptoDxe
Overall it should still be a (small) win even without looking at why PEI
is so big.
If there are no objections I happily drop the USE_CRYPTO_DRIVER option
and switch over to the crypto driver unconditionally.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99604): https://edk2.groups.io/g/devel/message/99604
Mute This Topic: https://groups.io/mt/96722233/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list