audk/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt


=============================================================================
                             Introduction
=============================================================================
  OpenSSL is a well-known open source implementation of SSL/TLS protocols.
The core library implements the cryptographic and SSL/TLS functions and
also provides various utility functions. The OpenSSL library is widely used
in variety of security products development as base crypto provider.
(See http://www.openssl.org/ for more information about OpenSSL).
  UEFI (Unified Extensible Firmware Interface) is a specification detailing
the interfaces between OS and platform firmware. Several security features
were introduced (e.g. Authenticated Variable Service, Driver Signing, etc)
from UEFI 2.2 (http://www.uefi.org/). These security features highly depend
on the cryptography.
  This HOWTO documents OpenSSL building under UEFI/EDKII environment.

=============================================================================
                             OpenSSL-Version
=============================================================================
  EDKII supports building with the latest release of OpenSSL.
  NOTE: Only latest release version was fully validated.
        And no guarantees on build & functionality if using other versions.

=============================================================================
                      HOW to Install OpenSSL for UEFI Building
=============================================================================
  OpenSSL repository was added as one submodule of EDKII project.

  The user can use the following commands to clone both main EDKII repo and
openssl submodule:
  1) Add the "--recursive" flag to the git clone command:
     $ git clone --recursive https://github.com/tianocore/edk2
or
  2) Manually initialize and update the submodules after the clone operation
     on main project:
     $ git clone https://github.com/tianocore/edk2
     $ git submodule update --init --recursive

  And use the following combined commands to pull the remote submodule updates
(e.g. Updating the new supported OpenSSL release tag):
     $ git pull --recurse-submodules && \
       git submodule update --recursive

=============================================================================
                      About process_files.pl
=============================================================================
  "process_files.pl" is one Perl script which runs the OpenSSL Configure,
then processes the resulting file list into our local OpensslLib.inf and
OpensslLibCrypto.inf.
  This only needs to be done once by the maintainer / developer when
updating to a new version of OpenSSL (or changing options, etc.).
Normal users do not need do this, since the results are already stored in
the EDKII git repository for them.
CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document. Add one new OpenSSL-HOWTO.txt to introduce how to clone / download the latest OpenSSL release source for build. ALso update buildinf.h to reflect the latest update time. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Gary Lin <glin@suse.com> Tested-by: Gary Lin <glin@suse.com> 2017-03-23 13:06:00 +01:00
			`=============================================================================`
			`Introduction`
			`=============================================================================`
			`OpenSSL is a well-known open source implementation of SSL/TLS protocols.`
			`The core library implements the cryptographic and SSL/TLS functions and`
			`also provides various utility functions. The OpenSSL library is widely used`
			`in variety of security products development as base crypto provider.`
			`(See http://www.openssl.org/ for more information about OpenSSL).`
			`UEFI (Unified Extensible Firmware Interface) is a specification detailing`
			`the interfaces between OS and platform firmware. Several security features`
			`were introduced (e.g. Authenticated Variable Service, Driver Signing, etc)`
			`from UEFI 2.2 (http://www.uefi.org/). These security features highly depend`
			`on the cryptography.`
			`This HOWTO documents OpenSSL building under UEFI/EDKII environment.`

			`=============================================================================`
			`OpenSSL-Version`
			`=============================================================================`
			`EDKII supports building with the latest release of OpenSSL.`
			`NOTE: Only latest release version was fully validated.`
			`And no guarantees on build & functionality if using other versions.`

			`=============================================================================`
			`HOW to Install OpenSSL for UEFI Building`
			`=============================================================================`
CryptoPkg: Adding OpenSSL as one submodule of EDKII repo A submodule allows to keep another Git repository in a subdirectory of main repository. The submodule repository has its own history, which does not interfere with the history of the current repository. This can be used to have external dependencies such as third party libraries. After the extra patch for EDKII-OpenSSL build was removed, OpenSSL can be one typical submodule use case in EDKII project. This patch adds the openssl git repository into EDKII project as one submodule. One .gitmodules file will be generated with the submodule info: [submodule "CryptoPkg/Library/OpensslLib/openssl"] path = CryptoPkg/Library/OpensslLib/openssl url = https://github.com/openssl/openssl The user can use the following command to clone both main EDKII repo and openssl submodule: 1) Add the "--recursive" flag to their git clone command: $ git clone --recursive https://github.com/tianocore/edk2 or 2) Manually initialize and the submodules after the clone operation: $ git clone https://github.com/tianocore/edk2 $ git submodule update -–init -–recursive For Pull operations, "git pull" will not update the submodule repository. So the following combined commands can be used to pull the remote submodule updates (e.g. Updating to new supported OpenSSL release) $ git pull –-recurse-submodules && \ git submodule update -–recursive --remote Cc: Ye Ting <ting.ye@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> 2018-01-16 08:03:05 +01:00			`OpenSSL repository was added as one submodule of EDKII project.`
CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document. Add one new OpenSSL-HOWTO.txt to introduce how to clone / download the latest OpenSSL release source for build. ALso update buildinf.h to reflect the latest update time. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Gary Lin <glin@suse.com> Tested-by: Gary Lin <glin@suse.com> 2017-03-23 13:06:00 +01:00
CryptoPkg: Adding OpenSSL as one submodule of EDKII repo A submodule allows to keep another Git repository in a subdirectory of main repository. The submodule repository has its own history, which does not interfere with the history of the current repository. This can be used to have external dependencies such as third party libraries. After the extra patch for EDKII-OpenSSL build was removed, OpenSSL can be one typical submodule use case in EDKII project. This patch adds the openssl git repository into EDKII project as one submodule. One .gitmodules file will be generated with the submodule info: [submodule "CryptoPkg/Library/OpensslLib/openssl"] path = CryptoPkg/Library/OpensslLib/openssl url = https://github.com/openssl/openssl The user can use the following command to clone both main EDKII repo and openssl submodule: 1) Add the "--recursive" flag to their git clone command: $ git clone --recursive https://github.com/tianocore/edk2 or 2) Manually initialize and the submodules after the clone operation: $ git clone https://github.com/tianocore/edk2 $ git submodule update -–init -–recursive For Pull operations, "git pull" will not update the submodule repository. So the following combined commands can be used to pull the remote submodule updates (e.g. Updating to new supported OpenSSL release) $ git pull –-recurse-submodules && \ git submodule update -–recursive --remote Cc: Ye Ting <ting.ye@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> 2018-01-16 08:03:05 +01:00			`The user can use the following commands to clone both main EDKII repo and`
			`openssl submodule:`
			`1) Add the "--recursive" flag to the git clone command:`
			`$ git clone --recursive https://github.com/tianocore/edk2`
			`or`
			`2) Manually initialize and update the submodules after the clone operation`
			`on main project:`
			`$ git clone https://github.com/tianocore/edk2`
			`$ git submodule update --init --recursive`

			`And use the following combined commands to pull the remote submodule updates`
			`(e.g. Updating the new supported OpenSSL release tag):`
			`$ git pull --recurse-submodules && \`
CryptoPkg/OpensslLib: Fix the documentation about submodule update This patch is to drop "--remote" option from the original suggested submodule update command ("$ git submodule update --recursive --remote") in HOWTO document. "--remote" option will integrate changes from the upstream subproject with the submodules's "current HEAD", instead of using the edk2 superproject's "recorded SHA-1". It is important here for the edk2 consumers to updating the working tree of the submodules to match the commit / release tag that the superproject expects. So removing "--remote" option to fix this documentation issue here. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.long@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> 2018-04-12 04:50:30 +02:00			`git submodule update --recursive`
CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document. Add one new OpenSSL-HOWTO.txt to introduce how to clone / download the latest OpenSSL release source for build. ALso update buildinf.h to reflect the latest update time. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Gary Lin <glin@suse.com> Tested-by: Gary Lin <glin@suse.com> 2017-03-23 13:06:00 +01:00
			`=============================================================================`
			`About process_files.pl`
			`=============================================================================`
			`"process_files.pl" is one Perl script which runs the OpenSSL Configure,`
			`then processes the resulting file list into our local OpensslLib.inf and`
			`OpensslLibCrypto.inf.`
			`This only needs to be done once by the maintainer / developer when`
			`updating to a new version of OpenSSL (or changing options, etc.).`
			`Normal users do not need do this, since the results are already stored in`
			`the EDKII git repository for them.`