On Fri, Feb 3, 2023 at 4:28 PM Gerd Hoffmann <[email protected]> wrote: > > Hi, > > > > Unfortunately it is not a clear size win everywhere. > > > > > > PEI jumps up in size even though I'm using the min_pei config for > > > CryptoPei, seems it *still* has way too much bits compiled in > > > (didn't look into tweaking the config yet, hints are welcome). > > > > > > - 17530 TcgPei > > > + 17146 TcgPei > > > + 34362 Tcg2Pei > > > - 51066 Tcg2Pei > > > + 333950 CryptoPei > > > > Why would we use this for PEI if the size increases? > > When using the crypto driver I'd prefer to do it everywhere and > don't mix+match things. > > Background is that I'm hoping the crypto driver abstraction can also > help to have alternative drivers using other crypto libraries without > creating a huge mess in CryptoPkg. Specifically add openssl-3 as an > option. openssl-11 goes EOL later this year (Nov IIRC). Switch to > openssl-3 unconditionally has been vetoed by Intel due to the size > increase v3 brings. So I'm looking for options here ...
Seriously? Intel is blocking UP TO DATE NOT VULNERABLE OPENSSL because it doesn't fit their flash due to all the cra- value add? This is insane by many standards. Your freaking *CRYPTO LIBRARY* goes EOL and people are still concerned about size. Stellar job, Intel. Hopefully everyone gets their horrific custom network stack heartbled to death. Or someone finds yet another Secure Boot exploit. -- Pedro -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99617): https://edk2.groups.io/g/devel/message/99617 Mute This Topic: https://groups.io/mt/96722233/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
