On Tue, 2016-02-23 at 21:57 +0100, Laszlo Ersek wrote: > > I'm testing David's patches from his repo referenced above, master branch, > commits > > 1 81009e3cff24 CryptoPkg: Use OpenSSL include directory directly > 2 8a40ff734a1e CryptoPkg/OpensslLib: Include complete copy of > opensslconf.h > 3 d8b5c31bed60 CryptoPkg/OpensslLib: Update OpenSSL patch > 4 b68dc8e0bb53 CryptoPkg/OpensslLib: Automatically configure OpenSSL > and generate file list > 5 61e047fb19dd CryptoPkg: Support building with OpenSSL HEAD > (1.1.0-devel) > 6 1e89cb2399ba CryptoPkg: Abuse internal headers to make OpenSSL HEAD > build work > > First of all, I built it for: > - OvmfPkg/OvmfIa32.dsc > - OvmfPkg/OvmfIa32X64.dsc > - OvmfPkg/OvmfX64.dsc > - ArmVirtPkg/ArmVirtQemu.dsc (AARCH64 architecture) > > The builds complete for the first three DSC files, but it fails for the last > one: > > > .../Build/ArmVirtQemu-AARCH64/DEBUG_GCC48/AARCH64/CryptoPkg/Library/OpensslLib/OpensslLib/OUTPUT/OpensslLib.lib(poly1305.obj): > > In function `poly1305_blocks': > > .../CryptoPkg/Library/OpensslLib/openssl/crypto/poly1305/poly1305.c:194: > > undefined reference to `__multi3' > > .../CryptoPkg/Library/OpensslLib/openssl/crypto/poly1305/poly1305.c:195: > > undefined reference to `__multi3' > > .../CryptoPkg/Library/OpensslLib/openssl/crypto/poly1305/poly1305.c:196: > > undefined reference to `__multi3' > > .../CryptoPkg/Library/OpensslLib/openssl/crypto/poly1305/poly1305.c:197: > > undefined reference to `__multi3'
That's easily fixed by adding no-poly1305 to my process_files.sh script. I've pushed a new version to my edk2.git tree with that change. I've also updated the 1.0.2f-based patch, now that the PKCS7_verify() regression has actually been fixed upstream (for 1.0.2g). We have now merged *everything* from our EDKII_openssl-1.0.2f patch into upstream OpenSSL HEAD, and our own patch can be *entirely* represented as backports of existing commits from 1.1. > Anyway, for runtime testing, I used the OvmfIa32X64 build: > > > (1a) Enroll keys, and confirm SB being active in the Fedora guest, > > using my current build. > > (1b) Rebuild the firmware binary with your patches & instructions. Do > > not touch the VM's varstore. > > (1c) Confirm SB is still active in the Fedora guest. > > This step failed, with the OVMF debug output ending with: > > > Booting Fedora > > FSOpen: Open '\EFI\fedora\shim.efi' Success > > > > ASSERT_EFI_ERROR (Status = Invalid Parameter) > > ASSERT > > .../MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c(819): > > !EFI_ERROR (Status) > > I didn't continue testing after this point. OK, thanks very much for testing this. It sounds like there's a new issue in OpenSSL HEAD that needs fixing, and I'm going to need to reproduce that myself to see what's going on. Would you mind talking me through the setup above, please? To enroll keys, I assume I need to start with a version of qemu that can support running OVMF from a writeable flash chip, so it can store NV vars? Also, if you could test just the antepenultimate commit a35e4359d in what I've just pushed — which is all the build system improvements but still using OpenSSL 1.0.2f — that would also be very much appreciated. Thanks again! -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
