The OpensslLibNoSsl library instance (which does not contain libssl functions) is sufficient for the Secure Boot feature. It would not be sufficient for HTTPS booting (which requires TLS), but in ArmVirtPkg, we don't even enable plaintext HTTP booting for the time being.
Ease security analsysis by excluding libssl functionality from the OpensslLib instance we use. Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Cc: Tomas Hoger <tho...@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <ler...@redhat.com> --- ArmVirtPkg/ArmVirt.dsc.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 43699cb9bdd6..407b9b66dfe6 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -136,7 +136,7 @@ [LibraryClasses.common] # !if $(SECURE_BOOT_ENABLE) == TRUE IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibNoSsl.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf -- 2.9.3 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel