CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53


=============================================================================
                             Introduction
=============================================================================
  OpenSSL is a well-known open source implementation of SSL/TLS protocols.
The core library implements the cryptographic and SSL/TLS functions and
also provides various utility functions. The OpenSSL library is widely used
in variety of security products development as base crypto provider.
(See http://www.openssl.org/ for more information about OpenSSL).
  UEFI (Unified Extensible Firmware Interface) is a specification detailing
the interfaces between OS and platform firmware. Several security features
were introduced (e.g. Authenticated Variable Service, Driver Signing, etc)
from UEFI 2.2 (http://www.uefi.org/). These security features highly depend
on the cryptography.
  This HOWTO documents OpenSSL building under UEFI/EDKII environment.

=============================================================================
                             OpenSSL-Version
=============================================================================
  EDKII supports building with the latest release of OpenSSL.
  The latest official release is OpenSSL-1.1.0g (Released at 2017-Nov-02).
  NOTE: Only latest release version was fully validated.
        And no guarantees on build & functionality if using other versions.

=============================================================================
                      HOW to Install OpenSSL for UEFI Building
=============================================================================
1. Clone the latest official OpenSSL release into the directory
     CryptoPkg/Library/OpensslLib/openssl/

   Use OpenSSL-1.1.0g release as one example:
     (OpenSSL_1_1_0g below is the tag name for the OpenSSL-1.1.0g release)
     > cd CryptoPkg/Library/OpensslLib
     > git clone -b OpenSSL_1_1_0g https://github.com/openssl/openssl openssl
     or
     > git clone https://github.com/openssl/openssl openssl
     > git checkout OpenSSL_1_1_0g
Or
2. Download the latest OpenSSL release package from the official website:
     https://www.openssl.org/source/
   and unpack the OpenSSL source into:
     CryptoPkg/Library/OpensslLib/openssl/

=============================================================================
                      About process_files.pl
=============================================================================
  "process_files.pl" is one Perl script which runs the OpenSSL Configure,
then processes the resulting file list into our local OpensslLib.inf and
OpensslLibCrypto.inf.
  This only needs to be done once by the maintainer / developer when
updating to a new version of OpenSSL (or changing options, etc.).
Normal users do not need do this, since the results are already stored in
the EDKII git repository for them.