[edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Laszlo Ersek
lersek at redhat.com
Thu May 16 18:53:17 UTC 2019
On 05/16/19 09:54, Xiaoyu Lu wrote:
> This series is also available at:
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b_v4
>
> Changes:
>
> (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading OpenSSL
>
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
> crypto/store/* are excluded.
> crypto/rand/randfile.c is excluded.
>
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
> Disable warnings for buiding OpenSSL_1_1_1b
>
> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>
> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
> The biggest change is use TSC as entropy source
> If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
>
> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>
>
> Verification done for this series:
> * Https boot in OvmfPkg.
> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
>
> Important notice:
> Nt32Pkg doesn't support TimerLib
>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
> So it will failed in Nt32Pkg.
I did some minimal functional testing, as follows:
- built OvmfPkgIa32X64.dsc with -D SMM_REQUIRE -D SECURE_BOOT_ENABLE
- with SB pre-enabled in an existing VM, the firmware continued to
reject an unsigned UEFI app
- in the same config, the firmware continued to accept a correctly
signed UEFI boot loader (the Fedora OS was booted OK)
- with SB disabled afresh (deleting PK through SecureBootConfigDxe),
both of the above binaries were accepted
- in the same SB-disabled state, OvmfPkg/EnrollDefaultKeys was possible
to invoke from the UEFI shell, and it successfully re-enabled SB (with
the effects described in the prior section).
So this part looks good.
Thanks
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#40824): https://edk2.groups.io/g/devel/message/40824
Mute This Topic: https://groups.io/mt/31638503/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list