From 99d60cbd3990fe8f5b86eaab40876fbbf9d99084 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Tue, 3 Sep 2024 22:21:23 +0200 Subject: [PATCH] ArmVirtPkg ARM: Move to MbedTls for crypto Move all BaseCryptLib resolutions for 32-bit ARM to MbedTls, which does not require a softfloat library, which can therefore be dropped from EDK2 entirely going forward. Note that this implies no TLS networking for 32-bit ARM, as this code has a direct dependency on OpenSSL, so move the TlsLib resolution to a AARCH64-only section to force the build to fail early when attempting to build 32-bit ARM targets with NETWORK_TLS_ENABLE set. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 17 ++++++++++------- ArmVirtPkg/ArmVirtQemu.dsc | 8 ++++---- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 4f35da9a2aae..04394553044b 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -87,10 +87,6 @@ # Networking Requirements !include NetworkPkg/NetworkLibs.dsc.inc -!if $(NETWORK_TLS_ENABLE) == TRUE - TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf -!endif - # # It is not possible to prevent the ARM compiler from inserting calls to intrinsic functions. @@ -155,7 +151,6 @@ !else OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf @@ -266,12 +261,20 @@ !endif VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE +[LibraryClasses.AARCH64.DXE_RUNTIME_DRIVER] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf -!endif + +[LibraryClasses.ARM.DXE_RUNTIME_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf + +[LibraryClasses.AARCH64] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf [LibraryClasses.ARM] ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf + MbedTlsLib|CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf [BuildOptions] diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 713710c49905..56512594ad59 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -102,16 +102,16 @@ [LibraryClasses.common.PEIM] ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf - -!if $(TPM2_ENABLE) == TRUE ArmMonitorLib|ArmVirtPkg/Library/ArmVirtQemuMonitorPeiLib/ArmVirtQemuMonitorPeiLib.inf - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf FdtLib|MdePkg/Library/BaseFdtLib/BaseFdtLib.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif [LibraryClasses.AARCH64.PEIM] ArmMmuLib|ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + +[LibraryClasses.ARM.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf [LibraryClasses.common.DXE_DRIVER] AcpiPlatformLib|OvmfPkg/Library/AcpiPlatformLib/DxeAcpiPlatformLib.inf