On Tue, 2022-05-10 at 12:40 +0200, Gerd Hoffmann wrote:
> On Mon, May 09, 2022 at 09:41:02AM -0400, James Bottomley wrote:
> > On Mon, 2022-05-09 at 12:03 +, Yao, Jiewen wrote:
> > > It is possible to switch to other crypt lib.
> > >
> > > For example, the *mbedtls* version POC can be found at
--Original Message-
> From: kra...@redhat.com
> Sent: Tuesday, May 10, 2022 6:40 PM
> To: James Bottomley
> Cc: devel@edk2.groups.io; Yao, Jiewen ; Pawel
> Polawski ; Li, Yi1 ; Oliver Steffen
> ; Wang, Jian J ; Ard Biesheuvel
> ; Jiang, Guomin ; Lu,
> Xiaoyu1 ; Ju
On Mon, May 09, 2022 at 09:41:02AM -0400, James Bottomley wrote:
> On Mon, 2022-05-09 at 12:03 +, Yao, Jiewen wrote:
> > It is possible to switch to other crypt lib.
> >
> > For example, the *mbedtls* version POC can be found at
> > https://github.com/jyao1/edk2/tree/DeviceSecurity/CryptoMbed
On Mon, 2022-05-09 at 12:03 +, Yao, Jiewen wrote:
> It is possible to switch to other crypt lib.
>
> For example, the *mbedtls* version POC can be found at
> https://github.com/jyao1/edk2/tree/DeviceSecurity/CryptoMbedTlsPkg
> The advantage is: the size is much smaller.
> The disadvantage is:
8 PM
> > To: devel@edk2.groups.io; kra...@redhat.com; Yao, Jiewen
> >
> > Cc: Pawel Polawski ; Li, Yi1 ;
> Oliver
> > Steffen ; Wang, Jian J ; Ard
> > Biesheuvel ; Jiang, Guomin
> > ; Lu, Xiaoyu1 ; Justen,
> Jordan
> > L
> > Sub
Ard
> Biesheuvel ; Jiang, Guomin
> ; Lu, Xiaoyu1 ; Justen, Jordan
> L
> Subject: Re: [edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC
> unconditionally.
>
> On Mon, 2022-05-09 at 13:27 +0200, Gerd Hoffmann wrote:
> [...]
> > > 1) Please keep the good work to ena
On Mon, 2022-05-09 at 13:27 +0200, Gerd Hoffmann wrote:
[...]
> > 1) Please keep the good work to enable OPENSSL3.0 in your personal
> > branch.
> > 2) If you have some way to control the size, then do it. If there
> > is no much size difference by default, then you can submit to EDKII
> > directly
Hi,
> Old == the launched platform, or the platform will be launched shortly
> where the flash size and layout are locked.
So everything you can buy today.
> It is huge risk to change the layout suddenly. And it is not practical
> to change the flash size. (E.g. How can you change your flash
22 5:45 PM
> To: devel@edk2.groups.io; Yao, Jiewen
> Cc: Pawel Polawski ; Li, Yi1 ; Oliver
> Steffen ; Wang, Jian J ; Ard
> Biesheuvel ; Jiang, Guomin
> ; Lu, Xiaoyu1 ; Justen, Jordan
> L
> Subject: Re: [edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC
> unconditionally.
On Mon, May 09, 2022 at 01:38:35AM +, Yao, Jiewen wrote:
> Thank you Gerd.
>
> I collected feedback from Intel BIOS team, both client and server, both old
> platform and new platform.
>
> In general, the new platform will leave enough space for crypto improvement.
> Size is not a big issue.
dan L
> Subject: Re: [edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC
> unconditionally.
>
> Hi,
>
> > > I am not convinced that "EC is hard requirement for EDKII" just because
> > > "EC
> is a hard requirement for TLS 1.3". My reason
Hi,
> > I am not convinced that "EC is hard requirement for EDKII" just because "EC
> > is a hard requirement for TLS 1.3". My reason below:
> > A) TLS1.3 is only for DXE, but enabling ECC unconditionally may impact
> > PEI/DXE. (Unless size of PEI/SMM is unchanged).
>
> Well, the PcdEcEnable
Hi,
> However, I do have concern for crypto package to enable ECC *unconditionally*.
> I am not convinced that "EC is hard requirement for EDKII" just because "EC
> is a hard requirement for TLS 1.3". My reason below:
> A) TLS1.3 is only for DXE, but enabling ECC unconditionally may impact
> P
Hi Gerd
Thanks for the patch. Some initial thought:
I have no concern on OVMF package update. We can update if we want.
However, I do have concern for crypto package to enable ECC *unconditionally*.
I am not convinced that "EC is hard requirement for EDKII" just because "EC is
a hard requirement
Re-opening the elliptic curves debate after running into the recent
openssl changes. The current implementation is IMHO rather messy.
It adds manual changes to a auto-generated files, which will make
any updates a rather hard and error-prone process.
I see two possible options how we can move for
15 matches
Mail list logo
