Thank you! Good result. Comment below: > -----Original Message----- > From: kra...@redhat.com <kra...@redhat.com> > Sent: Monday, January 17, 2022 7:46 PM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com> > Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Wang, Jian J > <jian.j.w...@intel.com>; Jiang, Guomin <guomin.ji...@intel.com>; Pawel > Polawski <ppola...@redhat.com>; Lu, XiaoyuX <xiaoyux...@intel.com> > Subject: Re: [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl > submodule to v3.0 > > Hi, > > I've continued working on this over the last weeks. Time for a status > update. All applies to the latest tree, sneak preview is here: > https://github.com/kraxel/edk2/commits/openssl3 > > > Also, assuming you have done enough test, would you please provide: > > 1) size difference, Including PEI, SMM, DXE. > > No changes in SEC and PEI. [Jiewen] Do you mean the Crypto consumer in PEI has no size difference? Such as https://github.com/tianocore/edk2/tree/master/SecurityPkg/Tcg/Tcg2Pei , https://github.com/tianocore/edk2/tree/master/SecurityPkg/FvReportPei , https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg/Universal/RecoveryModuleLoadPei linking https://github.com/tianocore/edk2/tree/master/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256.
DXE: > > openssl 1.1 > - 399582 SecureBootConfigDxe > - 472182 SecurityStubDxe > - 532626 VariableSmm > - 656382 TlsDxe > > openssl 3.0 > + 809886 SecureBootConfigDxe > + 912310 SecurityStubDxe > + 970898 VariableSmm > + 1125758 TlsDxe > > Most of that seems to come from some openssl core changes (the new > 'provider' concept) and I don't see an easy way to cut that down. > > That is with the same feature set we have right now (i.e. no elliptic > curves and thus no TLS 1.3 support). [Jiewen] It almost doubles the size, which will becomes a big challenge for openssl3.0 adoption. > > > 2) performance difference, Including PEI, SMM, DXE. > > Suggestions how to measure that? [Jiewen] Please just write an app to call the crypto API, multiple times. https://github.com/tianocore/edk2/tree/master/CryptoPkg/Test/UnitTest/Library/BaseCryptLib I think we can focus on SHA256/RSA2048 + AES, which is used in secure boot, and HTTPS boot. > > > 3) what unit test you have done (such as each crypto API) > > CryptoPkg/UnitTest passes. [Jiewen] Good enough. > > > 4) what system test you have done (such as secure boot, trusted boot) > > Secure boot works. > TlsDxe (boot from https server) works. > TPM not tested yet. [Jiewen] Good enough. TPM only includes HASH. I am not too worry about that. > > > I still have a bunch of failures in CI, for some of them I'm not sure > how to handle them best: > > (1) 32-bit builds on windows fail: > > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external > symbol __allmul > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external > symbol __aulldiv > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved > external > symbol __aulldvrm > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved > external > symbol __ftol2_sse > > Those symbols look like they reference helper functions to do 64bit math > on 32bit architecture. Any hints how to fix that? [Jiewen] Please add them to https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/IntrinsicLib > > > (2) va_arg is not working with floats due to SEE being disabled: > > INFO - > /home/vsts/work/1/s/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bio_pri > nt.c:265:28: error: SSE register argument with SSE disabled > INFO - fvalue = va_arg(args, LDOUBLE); > > I can't see a way to fix that given that va_arg typically refers to a > compiler builtin so I don't think there is a way to declare that a > EFIAPI function to change the calling convention. Not all builds fail > though, possibly because the compiler inlines with optimization turned > on. > > Suggestions anyone? [Jiewen] This seems infrastructure issue. Any suggestion, Mike ? > > > (3) Some NOOPT builds are failing due to the size growing ... [Jiewen] Size becomes big challenge... Have you tried to use https://github.com/tianocore/edk2/tree/master/CryptoPkg/Driver solution? > > > take care, > Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#85781): https://edk2.groups.io/g/devel/message/85781 Mute This Topic: https://groups.io/mt/87479913/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
