On Mon, 1 Jul 2019 at 21:24, Demi Obenour <[email protected]> wrote: > > Has there been any interest in using a modern TLS library, such as mbedTLS or > BearSSL, to replace the internal crypto in iPXE? I have zero trust in iPXE’s > internal crypto and TLS/ASN.1 stacks. > > Demi
Awesome start on that email, really love the "zero trust" part. Now feel free to send patches, remember that the code should be compatible with the UBDL license: https://git.ipxe.org/ipxe.git/blob_plain/HEAD:/COPYING.UBDL Now since iPXE runs in a limited environment, do measure the footprint it takes up, Most constraining environment is pcbios mode. And are still struggling with .rom builds that must fit in 64KiB flash chips. So make sure to test those scenarios properly. There is both pros and cons of using external code, It's great if it has more features without being much larger than existing code. But I can imagine that it would cause an even larger headache in terms of having for example MS accept iPXE for EFI cross-signing. _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
