Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

microsoft / mu_crypto_release Public

Notifications You must be signed in to change notification settings
Fork 14
Star 11

Code
Issues 5
Pull requests 5
Actions
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Security
Insights

Releases
v2023.2.10

v2023.2.10

Compare

Choose a tag to compare

Loading

makubacki released this 26 Feb 20:58

1a86e7f

What's Changed

NOTE: This release should have updated the minor version since it is a breaking change.
This was not done in retrospect since the release has already been consumed in several repos.

⚠️ Breaking Changes

Migrate crypto driver files and include them in the binary @kenlautner (#66)
Change Details
## Description
Recently Openssl and its BaseCryptLib implementation were moved out of MU_BASECORE in favor of requiring a crypto binary. However, the generated files that work with the binary were left in CryptoPkg. This PR moves binary generation code to CryptoBinPkg and updates it to work from it's new location.

Changes that were made:
1. Moved the crypto driver to CryptoBinPkg and updated it to generate its files in its new location.
  NOTE: Some files in MU_BASECORE are still updated when running the python script, specifically CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c and CryptoPkg/Include/Protocol/Crypto.h. The changes are almost always a timestamp bump but you'll need to confirm that when generating new crypto binaries.
2. Added all the CryptoPkg/Driver files to the published nuget binary (excluding the temp files and the crypto generation script itself).
3. The readme was updated to better describe integration steps as well as how the crypto binary currently behaves.
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Tested locally and on the server pipeline to make sure the crypto files were correctly added to the nuget binary. Tested the generated extdep to make sure the core functionality has remained the same.

Integration Instructions

If you were previously using the crypto binary you'll need to update the paths to the extdep files.

🚀 Features & ✨ Enhancements & 🐛 Bug Fixes & 📃Documentation

Add RT DXE Shared Crypto @makubacki (#67)
Change Details
## Description
Closes #55

Primary purpose is to add Runtime DXE shared crypto. Other fixes and
updates are included. Below is a summary of the changes.

OpensslPkg/RuntimeCryptLib: Fix build issues

UefiRuntimeLib needs to be included in [LibaryClasses] to properly
link the functions. gEfiEventVirtualAddressChangeGuid is missing
in the [Guids] section.

generate_cryptodriver.py: Fix migration regression

The migration commit (455ca6b) contained an older section of code in
the DSC generation section. This restores the section to match the
contents in microsoft/mu_basecore#713.

Use SHARED_CRYPTO_PATH for the shared crypto path

In CryptoBinPkg, some files (like Crypto.inc.dsc) are used during
the build. This should come from the latest revisions in the
mu_crypto_release repo (which doesn't use the actual binaries).

In consuming repos, the ext dep could be defined anywhere. To
satisfy both of these needs and make the location more portable in
general, a build environment variable is introduced to track the
path.

In mu_crypto_release, the path will be set to "CryptoBinPkg". This
will cause its build to reference the files in the code tree. In
shared crypto consuming repos, it is set in the ext dep (during build)
to the path the binaries are placed in.

Add shared crypto Runtime DXE driver

Adds the CryptoRuntimeDxe driver, currently built for IA32 and X64,
it produces the EDK II Crypto protocol backed by runtime code buffers
so the functionality can be invoked at OS runtime.

Consuming RT DXE drivers should link an instance of BaseCryptLib
that is RT DXE compatible, like the RuntimeDxeCryptLib in
CryptoPkg.

RUNTIMEDXE_CRYPTO_SERVICES and RUNTIMEDXE_CRYPTO_ARCH should be set
in platform DSC files to a value other than "NONE" to use the driver.

Update readmes for recent changes

Refreshes content in the main repo and shared crypto readme files
to reflect recent changes and current process.
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested
- Local flavor build and assembly
- Test binaries produced on QemuQ35Pkg and QemuSbsaPkg
Integration Instructions

Use the new Runtime DXE shared crypto binaries if needed for a
platform.

Contributors

makubacki and kenlautner

Assets 2

Loading

All reactions

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.