[edk2-devel] [PATCH] UefiPayloadPkg: Add CryptoDxe driver to UefiPayload
From: PaytonX Hsieh REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3979 Add macro CRYPTO_ENABLE to decide to build CryptoDxe into UPL. Drviers can locate protocol instead of building openssl lib into drivers. This can reduce the binary size that UPL required. Cc: Guo Dong Cc: Ray Ni Cc: James Lu Cc: Gua Guo Signed-off-by: PaytonX Hsieh --- UefiPayloadPkg/UefiPayloadPkg.dsc | 42 +++ UefiPayloadPkg/UefiPayloadPkg.fdf | 3 +++ 2 files changed, 45 insertions(+) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index cfcf38578d..782635431b 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -36,6 +36,7 @@ DEFINE PLATFORM_BOOT_TIMEOUT= 3 DEFINE ABOVE_4G_MEMORY = TRUE DEFINE BOOT_MANAGER_ESCAPE = FALSE + DEFINE CRYPTO_ENABLE= FALSE DEFINE SD_MMC_TIMEOUT = 100 # # SBL: UEFI payload for Slim Bootloader @@ -180,8 +181,13 @@ CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf DxeHobListLib|UefiPayloadPkg/Library/DxeHobListLib/DxeHobListLib.inf +!if $(CRYPTO_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf +!else BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf +!endif IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf @@ -412,6 +418,31 @@ gUefiPayloadPkgTokenSpaceGuid.PcdBootManagerEscape|$(BOOT_MANAGER_ESCAPE) gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|180 +!if $(CRYPTO_ENABLE) == TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY +!endif + [PcdsPatchableInModule.X64] gPcAtChipsetPkgTokenSpaceGuid.PcdRtcIndexRegister|$(RTC_INDEX_REGISTER) gPcAtChipsetPkgTokenSpaceGuid.PcdRtcTargetRegiste
Re: [edk2-devel] [PATCH] UefiPayloadPkg: Add CryptoDxe driver to UefiPayload
Can we always enable CRYPTO_ENABLE? If yes, can we remove the macro? > -Original Message- > From: Hsieh, PaytonX > Sent: Thursday, July 7, 2022 10:35 AM > To: devel@edk2.groups.io > Cc: Hsieh, PaytonX ; Dong, Guo ; > Ni, Ray ; Lu, > James ; Guo, Gua > Subject: [PATCH] UefiPayloadPkg: Add CryptoDxe driver to UefiPayload > > From: PaytonX Hsieh > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3979 > > Add macro CRYPTO_ENABLE to decide to build CryptoDxe into UPL. > Drviers can locate protocol instead of building openssl lib into drivers. > This can reduce the binary size that UPL required. > > Cc: Guo Dong > Cc: Ray Ni > Cc: James Lu > Cc: Gua Guo > Signed-off-by: PaytonX Hsieh > --- > UefiPayloadPkg/UefiPayloadPkg.dsc | 42 +++ > UefiPayloadPkg/UefiPayloadPkg.fdf | 3 +++ > 2 files changed, 45 insertions(+) > > diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc > b/UefiPayloadPkg/UefiPayloadPkg.dsc > index cfcf38578d..782635431b 100644 > --- a/UefiPayloadPkg/UefiPayloadPkg.dsc > +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc > @@ -36,6 +36,7 @@ >DEFINE PLATFORM_BOOT_TIMEOUT= 3 > >DEFINE ABOVE_4G_MEMORY = TRUE > >DEFINE BOOT_MANAGER_ESCAPE = FALSE > > + DEFINE CRYPTO_ENABLE= FALSE > >DEFINE SD_MMC_TIMEOUT = 100 > ># > ># SBL: UEFI payload for Slim Bootloader > > @@ -180,8 +181,13 @@ > > CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf > >SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf > >DxeHobListLib|UefiPayloadPkg/Library/DxeHobListLib/DxeHobListLib.inf > > +!if $(CRYPTO_ENABLE) == TRUE > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf > > + TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf > > +!else > >BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > >TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > +!endif > >IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > >OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > >RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf > > @@ -412,6 +418,31 @@ >gUefiPayloadPkgTokenSpaceGuid.PcdBootManagerEscape|$(BOOT_MANAGER_ESCAPE) > >gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|180 > > > > +!if $(CRYPTO_ENABLE) == TRUE > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize > | TRUE > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init >| TRUE > > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt > | TRUE > > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt > | TRUE > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family >| > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoSer