[Feature] Added SharedCrypto (drop-in replacement for BaseCryptLib)

[matthewfcarlson]

This uses a precompiled EFI's to speed up compile times when using OpenSSL and decrease space used. This approach can be used by other crypto Libraries other than OpenSSL as long as they conform to the API of BaseCryptLib.

[corthon]

Build failing? Looks like we forgot to exclude an incompatible architecture somewhere.

[corthon]

Build failing? Looks like we forgot to exclude an incompatible architecture somewhere.

Actually, I think it's the removal of /GS, so now we may have extraneous libs.

[matthewfcarlson]

I think it's the fact that we're missing BaseSecurityLib and RngLib for X64 and X86

[matthewfcarlson]

The last thing to do is investigate the tools_def.conf instead of the DSC override.

[mdkinney]

The Private/Include/Protocol directory should have one file for the DXE Protocol and another file for the SMM Protocol. The SharedProtocol.h can be removed and the DXE Protocol can contain all the contents to define the protocol. The SMM Protocol file includes the DXE Protocol file and defines the SMM GUID and a typedef for the SMM version of the protocol. See MdeModulePkg/Include/Protocol/SmmFirmwareVolumeBlock.h for an example to follow.

[mdkinney]

The use of the term 'Shared' 'SHARED' should be removed from all types, variables, functions, library, and module names. The private protocol/ppi/smm protocol are an abstraction for the CryptoPkg/Include/BaseCryptLib.h, so the name of the protocol and the modules should make this relationship obvious. Perhaps using the names listed below for includes.

The use of 'Base' in the name of the library class is unfortunate. The term 'Base' in the name of a lib instance implies module compatibility with all module types.

Private/Protocol/BaseCrypt.h
EDKII_BASE_CRYPT_PROTOCOL_GUID
EDKII_BASE_CRYPT_PROTOCOL
gEdkiiBaseCryptProtocolGuid
Private/Protocol/SmmBaseCrypt.h
EDKII_SMM_BASE_CRYPT_PROTOCOL_GUID
EDKII_SMM_BASE_CRYPT_PROTOCOL
gEdkiiSmmBaseCryptProtocolGuid
Private/Ppi/BaseCrypt.h
EDKII_PEI_BASE_CRYPT_PROTOCOL_GUID
EDKII_PEI_BASE_CRYPT_PROTOCOL
gEdkiiPeiBaseCryptProtocolGuid

Library Instances (not using keyword 'Base')
DxeCryptLibOnProtocol
SmmCryptLibOnProtocol
PeiCryptLibOnPpi

Drivers
CryptDxe
CryptSmm
CryptPei

We could define a few feature flag PCDs that select between a NULL value and function pointer value when filling in the structure of crypto services. This can reduce the number of INFs and C files.

Can we also consider making this a pull request against CryptoPkg in mu_tiano_plus?

[matthewfcarlson]

There's been some discussion about moving the PublishDrivers.py, PlatformBuild.py, and the Driver DSC out of Mu_plus. The places that make the most sense for it to move to would be a new repo that would be a submodule of mu_plus (similar to OpenSSL) or in Mu_BASECORE under Basetools since that's where our other nuget publishing tools.

One problem with moving is the eventual goal of moving it upstream to tianocore. Since they don't have anyway to resolve the nuget dependency (as of right now), we should provide the tools for anyone to build their own EFI's to use. If it's in a separate repo, that becomes an extra hurdle for someone to adopt SharedCrypto. Just something we need to be mindful of.

[matthewfcarlson]

After some discussion, we've decided to move forward with this PR. Our goal is to land this and deploy it internally for testing. We will stage a PR later that moves this into MU_TIANO_PLUS. At that point, we will restructure the NuGet packaging tools and rename the drivers and libraries to align with BaseCryptLib.

[matthewfcarlson]

Add this issue to track the comments Mike K made: microsoft/mu#59