Thanks Ard. That is good news. We may try the patch to see if that will break X86.
Current blocking issue seems IA32 intrinsic and OVMF size. I am not sure if Gerd has any idea on that. Thank you Yao, Jiewen > -----Original Message----- > From: Ard Biesheuvel <a...@kernel.org> > Sent: Friday, June 2, 2023 5:15 PM > To: Yao, Jiewen <jiewen....@intel.com> > Cc: devel@edk2.groups.io; kra...@redhat.com; Li, Yi1 <yi1...@intel.com>; > Wang, Jian J <jian.j.w...@intel.com>; Pawel Polawski > <ppola...@redhat.com>; Lu, Xiaoyu1 <xiaoyu1...@intel.com>; Jiang, Guomin > <guomin.ji...@intel.com>; Oliver Steffen <ostef...@redhat.com>; Justen, > Jordan L <jordan.l.jus...@intel.com> > Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule > to openssl-3.0.8 > > On Fri, 2 Jun 2023 at 04:53, Yao, Jiewen <jiewen....@intel.com> wrote: > > > > Hi Ard > > Would you please take a look at https://github.com/tianocore/edk2- > staging/tree/OpenSSL30, which is our current working version? If you have any > idea, please propose patch. > > > > Also, could you please try that on ARM/AARCH64 platform to see if there is > anything broken? > > > > I think those are important to make sure we have a working version for next > stable tag. > > > > Agreed. > > With GCC5 and the tweak below [0], that branch builds OVMF/ArmVirtQemu > fine for me on {X64,AARCH64,ARM} x {DEBUG,RELEASE,NOOPT}. > > I also built DeveloperBox.dsc and DeveloperBoxMm.dsc from > edk2-platforms without problems, with SECURE_BOOT_ENABLE and > TPM2_ENABLE both set. > > Clang seemed to work fine as well, but the branch still uses CLANG3x > so we need to rebase this branch onto the latest stable tag first and > retest. > > I did only a quick boot test to check whether secure boot verification > was working, but all seemed to work fine. > > In any case, if we want to make the next stable tag, I think we should > move quickly, so that we have enough time to fix any issues that may > arise. > > > > [0] first hunk is based on 7880536fe17c2b54 in openssl upstream > > --- a/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h > +++ b/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h > @@ -177,7 +177,7 @@ typedef struct GENERAL_NAME_st { > OTHERNAME *otherName; /* otherName */ > ASN1_IA5STRING *rfc822Name; > ASN1_IA5STRING *dNSName; > - ASN1_TYPE *x400Address; > + ASN1_STRING *x400Address; > X509_NAME *directoryName; > EDIPARTYNAME *ediPartyName; > ASN1_IA5STRING *uniformResourceIdentifier; > diff --git a/CryptoPkg/Library/OpensslLib/SslExtServNull.c > b/CryptoPkg/Library/OpensslLib/SslExtServNull.c > index c256f17667668866..a736dca8b73d27d5 100644 > --- a/CryptoPkg/Library/OpensslLib/SslExtServNull.c > +++ b/CryptoPkg/Library/OpensslLib/SslExtServNull.c > @@ -177,12 +177,6 @@ int tls_parse_ctos_early_data(SSL *s, PACKET > *pkt, unsigned int context, > return 0; > } > > -static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, > - SSL_SESSION **sess) > -{ > - return SSL_TICKET_NO_DECRYPT; > -} > - > int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, > size_t chainidx) > { -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105648): https://edk2.groups.io/g/devel/message/105648 Mute This Topic: https://groups.io/mt/97576405/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
