microsoft / mu_crypto_release Goto Github PK
View Code? Open in Web Editor NEWRelease platform for Mu CryptoBin
License: Other
Release platform for Mu CryptoBin
License: Other
Builds results for AARCH64 using the VS2022 toolchain don't meet expectations. Many memory sections instead of the two expected.
Additionally when testing issues are ran into.
- OS(s): Windows
- Tool Chain(s): VS2022
- Targets Impacted: AARCH64 crypto reliant platforms
Top of release/202302
Low
I will fix it
No maintainer feedback needed
No response
We don't have a direct shared crypto replacement for RuntimeCryptoLib
at the moment.
Feature tracks adding a path for Runtime DXE drivers (like VariableRuntimeDxe
) to also use shared crypto. This is important since the previous RuntimeCryptLib
library instance was remove from CryptoPkg
recently alongside the openssl
submodule.
Support shared crypto with Runtime DXE.
No response
Medium
I will implement the feature
No maintainer feedback needed
No response
Our current crypto implementation is based on openssl and has been for years. Unfortunately, we've had some issues continuing to use Openssl for this purpose such as:
For these reasons we're exploring different sources for our underlying crypto implementation. Any findings/updates will be posted here.
Currently the code to generate the shared crypto driver lives in MU_BASECORE. It makes sense to consolidate it with the actual crypto implementations in this repo.
No response
Low
I will implement the feature
No maintainer feedback needed
No response
Currently all crypto functionality in project MU is found in the CryptoPkg in MU_BASECORE and is free to reference for anyone consuming it. To reach our goal of having everyone move to our Shared Crypto binary system we're moving the functional crypto implementations into this repo where we'll build the binaries.
Migrate the MbedTLS submodule and BaseCryptLib implementation of it to this repo.
No response
Medium
I will implement the feature
No maintainer feedback needed
No response
With Crypto being such a critical path in firmware it makes sense to add code coverage to the binary. This will provide the benefit of confidence in our binaries functionality.
Add code coverage testing and results to the binary build pipeline.
No response
High
I will implement the feature
No maintainer feedback needed
No response
changes to the crypto protocol must not break compatibility and should allow a caller of a different version to still work (with limited functions). The simplest method of achieving this to only allow changes added to the end.
only add functions to end
put tooling in place to enforce this
No response
Medium
Someone else needs to implement the feature
No maintainer feedback needed
No response
Flavors allowed a creator to trim the functionality to match their needs but flavors added significant complexity and inconsistency to the crypto provider. As we look to scale the crypto binary out more broadly the complexity and incompatibility of flavors is not worth the savings.
remove flavors and provide more consistent api
No response
Low
Someone else needs to implement the feature
No maintainer feedback needed
No response
The build documentation (and scripts like SingleFlavorBuild.py) currently focus on building CryptoBinPkg. The build process for OpensslPkg needs to be documented.
Someone else needs to make the change
No maintainer feedback needed
No response
Check the functionality of our currently published crypto binaries. Confirm if everything behaves as expected or if there are adjustments necessary in terms of the crypto functions supported in our different flavors.
Possible issues: Lack of SHA384 and SHA512 support in the STANDARD flavor binary. CONFIRMED
VariableSmm.c calls VariableWriteServiceInitializeSmm
which eventually leads to calling AuthVariableLibInitialize
which calls
SHA384 and SHA512 context functions.
The BaseCryptLibUnitTestApp was being run in mu_tiano_platforms using crypto source code from MU_BASECORE/CryptoPkg. With the source backed instance of BaseCryptLib removed, mu_tiano_platforms will solely integrate crypto from the shared crypto binary.
The instances of BaseCryptLib that support dynamic interfaces (i.e. the PPI/Protocol) do not support all of the functions tested by BaseCryptLibUnitTestApp. Also, it would be ideal to test crypto binaries as part of their release flow.
Run BaseCryptLibUnitTestApp in mu_crypto_release on PRs and releases.
No response
Low
Someone else needs to implement the feature
No maintainer feedback needed
No response
Currently the Shared crypto binaries produced are only availble for PEI, DXE and SMM. With growing interest in Standalone MM having a binary for it makes sense.
No response
Medium
Someone else needs to implement the feature
No maintainer feedback needed
No response
With the sweeping repo changes it's important to make sure we're still able to generate new crypto binaries with all the changes. If there are issues with the process fixes will be necessary.
Because we moved the different crypto implementations into mu_crypto_release we need to integrate edk2 changes into this repo.
Have a document that describes the integration process. Additionally it might make sense to clean up the commit history to make integration easier.
No response
Low
I will implement the feature
No maintainer feedback needed
No response
Enabling additional crypto algorithms can change the PCR measurements and/or effect measured boot. Check if enabling SHA384 and SHA512 algorithms cause such changes.
Hi,
On some specific platforms it is impossible to use a custom trustzone environment or Arm's TFA or Smm. As a result, platforms wishing to use VariableRuntimeDxe need to take a dependency on AuthVariableLib and thus a runtime implementation of BaseCryptLib. While the implementation of a runtime BaseCryptLib provider as well as a CryptoRuntimeDxe was made available recently, CryptoRuntimeDxe is not built for aarch64 and it is impossible for such platforms to continue using VariableRuntimeDxe with AuthVariableServices due to changes that removed BaseCryptLib from the basecore repository.
Please provide a pre-built binary of CryptoRuntimeDxe for AArch64, solving above scenario as well as inf files pointing towards non existent efi binaries in the current nuget package.
No response
Medium
Someone else needs to implement the feature
No maintainer feedback needed
No response
We're currently using openssl 1.1.1 for our binary generation and it's no longer supported as of September 2023.
We'll need to move to openssl 3.0 and update our crypto implementations to match it.
Create a shared crypto guide to describe how to ingest the SHARED CRYPTO binaries. This needs to include what random libraries are included as well as flags and debug library expectations.
I will make the change
No maintainer feedback needed
No response
Add PR gates to build the code.
PR gates should bulid all code expected to succeed in the release pipeline, optionally run tests, and report status to the PR.
No response
Low
Someone else needs to implement the feature
No maintainer feedback needed
No response
The release from this repo includes various crypto flavors. The functionality included in each flavor is key integration information needed for consumers to include the proper binaries in a platform firmware.
Ideally, this would be in a markdown table in the main readme (similar to the crypto family service table here).
Someone else needs to make the change
No maintainer feedback needed
No response
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.