Hi Ard Would you please take a look at https://github.com/tianocore/edk2-staging/tree/OpenSSL30, which is our current working version? If you have any idea, please propose patch.
Also, could you please try that on ARM/AARCH64 platform to see if there is anything broken? I think those are important to make sure we have a working version for next stable tag. Thank you Yao, Jiewen > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard > Biesheuvel > Sent: Tuesday, March 14, 2023 4:45 PM > To: kra...@redhat.com > Cc: devel@edk2.groups.io; Li, Yi1 <yi1...@intel.com>; Wang, Jian J > <jian.j.w...@intel.com>; Pawel Polawski <ppola...@redhat.com>; Lu, > Xiaoyu1 <xiaoyu1...@intel.com>; Ard Biesheuvel <ardb+tianoc...@kernel.org>; > Jiang, Guomin <guomin.ji...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; > Oliver Steffen <ostef...@redhat.com>; Justen, Jordan L > <jordan.l.jus...@intel.com> > Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule > to openssl-3.0.8 > > On Tue, 14 Mar 2023 at 09:16, kra...@redhat.com <kra...@redhat.com> wrote: > > > > On Mon, Mar 13, 2023 at 03:13:28PM +0000, Li, Yi wrote: > > > Hi Gerd, > > > > > > I also have some work on Openssl3, mainly to research how to reduce the > binary size increase after the upgrade: > > > > > > https://github.com/tianocore/edk2- > staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md > > > > > > > > > > > > I really appreciate your work in this patch series, especially the clear > > > py script. > > > > > > But it seems that part of our work is repeated, if you don't mind, can > > > I merge your work into openssl3.0 Edk2Staging branch? You can find it > > > here if you're interested: > > > > Sure, that is the point of sharing it ;) > > > > github branch (which hot some updates for aarch64 meanwhile) is at > > https://github.com/kraxel/edk2/commits/openssl3 > > > > aarch64 is not working, the cpu capability probing needs some work. > > openssl seems to just try instructions and catch SIGILL. edk2 needs > > something else of course. Easiest way out would be to just provide > > dummy functions, but that would also mean we wouldn't use aes > > instructions if available ... > > > > Any hints on that from the arm camp are welcome. > > > > Yeah the SIGILL trapping is a bit nasty, but that is only used if no > implementation of getauxval() exists. > > So perhaps the cleanest way to approach this is to provide a dummy > implementation of getauxval() which only supports AT_HWCAP, and > returns the correct hwcap mask for what the CPU id registers report in > terms for ISA support for crypto extensions. > > I can code that up if you want. > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105616): https://edk2.groups.io/g/devel/message/105616 Mute This Topic: https://groups.io/mt/97576405/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
