On 02/07/2019 04:59, Demi M. Obenour wrote:> I am in no position to send
patches right now, not least because I have
no ability to test them unless I can do so entirely in QEMU.
You can do so entirely in Linux userspace, no need for even a VM.
Now since iPXE runs in a limited environment, do measure the footprint
it takes up,
Most constraining environment is pcbios mode.
And are still struggling with .rom builds that must fit in 64KiB flash chips.
So make sure to test those scenarios properly.
One option would be to compress the code using a slow but efficient
compression algorithm.
It's already compressed using xz.
* Very small code size (<=25kB last I checked).
A quick test compile shows that the whole BearSSL codebase is around
700kB. What can actually fit in that quoted 25kB "minimal" build?
There are multiple missing features in BearSSL that you would need to
reimplement, the most obvious of which are that BearSSL does not support
entropy generation, code signature verification, or X.509 certificate
revocation checks.
Michael
_______________________________________________
ipxe-devel mailing list
[email protected]
https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
