On Mon, 2022-05-09 at 12:03 +0000, Yao, Jiewen wrote: > It is possible to switch to other crypt lib. > > For example, the *mbedtls* version POC can be found at > https://github.com/jyao1/edk2/tree/DeviceSecurity/CryptoMbedTlsPkg > The advantage is: the size is much smaller. > The disadvantage is: some required functions are not available, such > as PKCS7.
Perhaps as a first step, we should look at our options. I would say missing functionality is problematic, but not necessarily a killer: we'd have to help the chosen project develop the capability and figure out how to maintain the fork while it was going upstream. PKCS#7 is pretty huge, though, it's the entire Cryptographic Message Syntax so I think us having to develop that for mbedtls makes that one a non starter. Other libraries could be: wolfssl gnutls boringssl LibreSSL They all seem to do pkcs#7. James -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89615): https://edk2.groups.io/g/devel/message/89615 Mute This Topic: https://groups.io/mt/90832153/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
