*1) Code First Process improvement* UEFI forum approved the proposal. Mike is expected to follow up to setup the repo, but Mike is on vocation this week. *AR: Jiewen* to sync with Mike to see what is the progress.
*2) Old issue refresh - https://github.com/tianocore/edk2/issues/12561* Doug has confirmed internally with crypto expert. *AR: Doug* to propose the change. *3) Old issue refresh - https://github.com/tianocore/edk2/issues/12574* https://github.com/vathpela/silver-doodle/compare/main...no-owner-guid Doug has synced with BitLocker people. Some bitlocker features do use SignatureOwner. Need to change. It will be supported by MSFT. Firmware (EDK2) is expected to support V1 and V2 for the transition time. *AR: Peter* "new entries should prefer that format." -> "new entries should prefer the EFI_CERT_V2_X509_GUID format." *4) backlog management* https://github.com/orgs/tianocore/projects/10/views/1 Sean asked to put PR link in "Linked Pull Requests" column. Jiewen mentioned that the edk2-staging PR already referred the code first issue. The reference can be seen in github issue, but not in backlog. *AR: Sean* to check how to show the PR info in backlog. *5) Follow up for EDK2-PQC CodeFirst items* *AR: Jiewen* will work with Mike to make public UEFI spec repo ready. *AR: Each CodeFirst issue owner* needs to submit PR to the new UEFI spec repo, after it is setup. *Final Review Plan* Jiewen has made prototype in EDK2-staging, and put reference in each code first github issue. Sean mentioned MSFT also did some prototype in different way. *AR: Sean* to provide a link for MSFT Prototype as well. As such, we can cross review the possible solutions. *A backlog item will be marked as DONE, after* *A) the UEFI spec PR is reviewed and agreed.* *B) (and) the prototype status is reviewed and agreed.* Then we can go back and discuss in USST, then submit to USWG. *Call for action:* *AR: ALL* to try to integrate the prototype work, to double check if that can work as expected. ALso raise the concern if there is any. *6) edk2-crypto redesign for OneCrypto* Jiewen provided feedback to https://github.com/tianocore/tianocore-wiki.github.io/pull/8. Doug provided responses. *FIPS support* There is no plan to use FIPS openssl version, because it is difficult to use FIPS-openssl binary directly (need to implement OS stub). The expected solution is to use the edk2-crypto-FIPS binary for FIPS. EDK2 forum is just to make is FIPS-certifiable. Any vendor may choose a version to make it FIPS-certified. *Release Cadence* The maintainer may decide when to release based on need, e.g. CVE in Edk2-Crypto, CVE in OpenSSL/MbedTLS. Github action may be used to help the release process. *API Scope* It seems lots of proprietary crypto usage, such as ECC, BigBumber, Parallel Hash, AES, etc. Initial plan is to keep current BaseCryptoLib API, to ensure no impact during transition. *Feature* No code change during transition time. Any bug fix/improvement must be done after transition as a separated patch. *Transition Timeline* The plan is to do edk2-crypto transition first, then do PQC enabling. *Decision: move to EDK2-Crypto as direction agreed in this forum* *AR: Doug* to prepare patch for EDK2 and move forward. *AR: Jiewen* to help review the final proposal in EDK2. Thank you Yao, Jiewen -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#121980): https://edk2.groups.io/g/devel/message/121980 Mute This Topic: https://groups.io/mt/119525727/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
