Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>
> -----Original Message-----
> From: Laszlo Ersek <ler...@redhat.com>
> Sent: Friday, November 4, 2022 5:02 AM
> To: devel@edk2.groups.io; ler...@redhat.com
> Cc: Zurcher, Christopher <christopher.zurc...@microsoft.com>; Jiang, Guomin
> <guomin.ji...@intel.com>; Wang, Jian J
> <jian.j.w...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; Kinney, Michael
> D <michael.d.kin...@intel.com>; Lu, Xiaoyu1
> <xiaoyu1...@intel.com>
> Subject: [PATCH v2] CryptoPkg/Readme.md: typo and grammar fixes
>
> Commit 244ce33bdd2f ("CryptoPkg: Add Readme.md", 2022-10-24) had added the
> long-awaited documentation on the dynamic crypto services. Fix some of the
> typos and arguable grammar errors in "Readme.md". A few light
> clarifications are also snuck in.
>
> Cc: Christopher Zurcher <christopher.zurc...@microsoft.com>
> Cc: Guomin Jiang <guomin.ji...@intel.com>
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Michael D Kinney <michael.d.kin...@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1...@intel.com>
> Signed-off-by: Laszlo Ersek <ler...@redhat.com>
> ---
>
> Notes:
> v2:
>
> - URL:
>
> https://pagure.io/lersek/edk2/c/8d7b26bfb6a1?branch=cryptopkg_readme_typos_v2
>
> - v1 was at:
> -
> https://listman.redhat.com/archives/edk2-devel-archive/2022-November/055153.html
> - msgid <20221102093637.9132-1-ler...@redhat.com>
>
> - keep referring to the singular HashApiLib algorithm that
> PcdHashApiLibPolicy exposes for configuration in singular [Mike]
>
> - still fix the duplicated "to" typo
>
> - range-diff against v1 (i.e., first hunk dropped, second hunk updated):
>
> > 1: a7269f170437 ! 1: 8d7b26bfb6a1 CryptoPkg/Readme.md: typo and
> grammar fixes
> > @@ -94,18 +94,11 @@
> > ```
> > [LibraryClasses.common.DXE_RUNTIME_DRIVER]
> > @@
> > - ### PCD Configuration Settings
> > -
> > - There are 2 PCD settings that are used to configure cryptographic
> services.
> > --`PcdHashApiLibPolicy` is used to configure the hash algorithm
> provided by the
> > -+`PcdHashApiLibPolicy` is used to configure the hash algorithms
> provided by the
> > - BaseHashApiLib library instance. `PcdCryptoServiceFamilyEnable`
> is used to
> > - configure the cryptographic services supported by the CryptoPei,
> CryptoDxe,
> > and CryptoSmm modules.
> >
> > * `gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy` - This PCD
> indicates the
> > - HASH algorithm to to use in the BaseHashApiLib to calculate
> hash of data. The
> > -+ HASH algorithms to use in the BaseHashApiLib to calculate hash
> of data. The
> > ++ HASH algorithm to use in the BaseHashApiLib to calculate hash
> of data. The
> > default hashing algorithm for BaseHashApiLib is set to
> HASH_ALG_SHA256.
> > | Setting | Algorithm |
> > |------------|------------------|
>
> CryptoPkg/Readme.md | 46 ++++++++++----------
> 1 file changed, 23 insertions(+), 23 deletions(-)
>
> diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md
> index 946aa1e99e7d..067465b8eb7d 100644
> --- a/CryptoPkg/Readme.md
> +++ b/CryptoPkg/Readme.md
> @@ -39,7 +39,7 @@ provides the smallest overall firmware overhead.
>
> ## Statically Linking Cryptographic Services
>
> -The figure below shows an example of a firmware modules that requires the
> use of
> +The figure below shows an example of a firmware module that requires the use
> of
> cryptographic services. The cryptographic services are provided by three
> library
> classes called BaseCryptLib, TlsLib, and HashApiLib. These library classes
> are
> implemented using APIs from the OpenSSL project that are abstracted by the
> @@ -49,7 +49,7 @@ full C runtime library for firmware components. Instead,
> the CryptoPkg includes
> the smallest subset of services required to build the OpenSSL project in the
> private library class called IntrinsicLib.
>
> -The CryptoPkg provides several instances if the BaseCryptLib and OpensslLib
> with
> +The CryptoPkg provides several instances of the BaseCryptLib and OpensslLib
> with
> different cryptographic service features and performance optimizations. The
> platform developer must select the correct instances based on cryptographic
> service requirements in each UEFI/PI firmware phase (SEC, PEI, DXE, UEFI,
> @@ -97,9 +97,9 @@ linking is not available for SEC or UEFI RT modules.
>
> The EDK II modules/libraries that require cryptographic services use the same
> BaseCryptLib/TlsLib/HashApiLib APIs. This means no source changes are
> required
> -to use static linking or dynamic linking. It is a platform configuration
> options
> -to select static linking or dynamic linking. This choice can be make
> globally,
> -per firmware module type, or individual modules.
> +to use static linking or dynamic linking. It is a platform configuration
> option
> +to select static linking or dynamic linking. This choice can be made
> globally,
> +per firmware module type, or for individual modules.
>
> ```
> +===================+ +===================+ +===================+
> @@ -159,7 +159,7 @@ The table below provides a summary of the supported
> cryptographic services. It
> indicates if the family or service is deprecated or recommended to not be
> used.
> It also shows which *CryptLib library instances support the family or
> service.
> If a cell is blank then the service or family is always disabled and the
> -`PcdCryptoServiceFamilyEnable` settings for that family or service is
> ignored.
> +`PcdCryptoServiceFamilyEnable` setting for that family or service is ignored.
> If the cell is not blank, then the service or family is configurable using
> `PcdCryptoServiceFamilyEnable` as long as the correct OpensslLib or TlsLib is
> also configured.
> @@ -234,10 +234,10 @@ phases (SEC, PEI, DXE, UEFI, SMM, UEFI RT).
>
> The following table can be used to help select the best OpensslLib instance
> for
> each phase. The Size column only shows the estimated size increase for a
> -compressed IA32/X64 modules that uses the cryptographic services with
> +compressed IA32/X64 module that uses the cryptographic services with
> `OpensslLib.inf` as the baseline size. The actual size increase depends on
> the
> specific set of enabled cryptographic services. If ECC services are not
> -required, then size can be reduced by using OpensslLib.inf instead of
> +required, then the size can be reduced by using OpensslLib.inf instead of
> `OpensslLibFull.inf`. Performance optimization requires a size increase.
>
> | OpensslLib Instance | SSL | ECC | Perf Opt | CPU Arch | Size |
> @@ -371,10 +371,10 @@ settings.
>
> ### UEFI Runtime Driver Library Mappings
>
> -UEFI Runtime Drivers only supports static linking of cryptographic services.
> -The following library mappings are recommended for UEFI Runtime Drivers. It
> uses
> -the runtime specific version of the BaseCryptLib and the null version of the
> -TlsLib because TLS services are not typically used in runtime.
> +UEFI Runtime Drivers only support static linking of cryptographic services.
> +The following library mappings are recommended for UEFI Runtime Drivers. They
> +use the runtime specific version of the BaseCryptLib and the null version of
> the
> +TlsLib because TLS services are not typically used at runtime.
>
> ```
> [LibraryClasses.common.DXE_RUNTIME_DRIVER]
> @@ -394,7 +394,7 @@ configure the cryptographic services supported by the
> CryptoPei, CryptoDxe,
> and CryptoSmm modules.
>
> * `gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy` - This PCD indicates the
> - HASH algorithm to to use in the BaseHashApiLib to calculate hash of data.
> The
> + HASH algorithm to use in the BaseHashApiLib to calculate hash of data. The
> default hashing algorithm for BaseHashApiLib is set to HASH_ALG_SHA256.
> | Setting | Algorithm |
> |------------|------------------|
> @@ -407,8 +407,8 @@ and CryptoSmm modules.
> * `gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable` - Enable/Disable
> the families and individual services produced by the EDK II Crypto
> Protocols/PPIs. The default is all services disabled. This Structured PCD
> is
> - associated with `PCD_CRYPTO_SERVICE_FAMILY_ENABLE` structure that defined
> in
> - `Include/Pcd/PcdCryptoServiceFamilyEnable.h`.
> + associated with the `PCD_CRYPTO_SERVICE_FAMILY_ENABLE` structure that is
> + defined in `Include/Pcd/PcdCryptoServiceFamilyEnable.h`.
>
> There are three layers of priority that determine if a specific family or
> individual cryptographic service is actually enabled in the CryptoPei,
> @@ -420,15 +420,15 @@ and CryptoSmm modules.
> OpensslLib instance linked, then the service is always disabled.
> 2) BaseCryptLib instance selection.
> * CryptoPei is always linked with the PeiCryptLib instance of the
> - BaseCryptLib library class. The table above have a column for the
> + BaseCryptLib library class. The table above has a column for the
> PeiCryptLib. If the family or service is blank, then that family or
> service is always disabled.
> * CryptoDxe is always linked with the BaseCryptLib instance of the
> - BaseCryptLib library class. The table above have a column for the
> + BaseCryptLib library class. The table above has a column for the
> BaseCryptLib. If the family or service is blank, then that family or
> service is always disabled.
> * CryptoSmm is always linked with the SmmCryptLib instance of the
> - BaseCryptLib library class. The table above have a column for the
> + BaseCryptLib library class. The table above has a column for the
> SmmCryptLib. If the family or service is blank, then that family or
> service is always disabled.
> 3) If a family or service is enabled in the OpensslLib instance and it is
> @@ -438,11 +438,11 @@ and CryptoSmm modules.
> bit fields for each family of services. All of the families are
> disabled
> by default. An entire family of services can be enabled by setting the
> family field to the value `PCD_CRYPTO_SERVICE_ENABLE_FAMILY`.
> Individual
> - services can be enabled by setting a single service name to `TRUE`.
> - Settings listed later in the DSC file have priority over settings
> earlier
> - in the DSC file, so it is legal for an entire family to be enabled
> first
> - and then a few individual services disabled by setting the service
> name to
> - `FALSE`.
> + services can be enabled by setting a single service name (bit) to
> `TRUE`.
> + Settings listed later in the DSC file have priority over settings
> listed
> + earlier in the DSC file, so it is valid for an entire family to be
> enabled
> + first and then for a few individual services to be disabled by setting
> + those service names to `FALSE`.
>
> #### Common PEI PcdCryptoServiceFamilyEnable Settings
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95959): https://edk2.groups.io/g/devel/message/95959
Mute This Topic: https://groups.io/mt/94803700/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
