a701ea0fe1
This patch is to drop "--remote" option from the original suggested
submodule update command ("$ git submodule update --recursive
--remote") in HOWTO document.
"--remote" option will integrate changes from the upstream subproject
with the submodules's "current HEAD", instead of using the edk2
superproject's "recorded SHA-1".
It is important here for the edk2 consumers to updating the working
tree of the submodules to match the commit / release tag that the
superproject expects. So removing "--remote" option to fix this
documentation issue here.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
55 lines
2.9 KiB
Plaintext
55 lines
2.9 KiB
Plaintext
|
|
=============================================================================
|
|
Introduction
|
|
=============================================================================
|
|
OpenSSL is a well-known open source implementation of SSL/TLS protocols.
|
|
The core library implements the cryptographic and SSL/TLS functions and
|
|
also provides various utility functions. The OpenSSL library is widely used
|
|
in variety of security products development as base crypto provider.
|
|
(See http://www.openssl.org/ for more information about OpenSSL).
|
|
UEFI (Unified Extensible Firmware Interface) is a specification detailing
|
|
the interfaces between OS and platform firmware. Several security features
|
|
were introduced (e.g. Authenticated Variable Service, Driver Signing, etc)
|
|
from UEFI 2.2 (http://www.uefi.org/). These security features highly depend
|
|
on the cryptography.
|
|
This HOWTO documents OpenSSL building under UEFI/EDKII environment.
|
|
|
|
=============================================================================
|
|
OpenSSL-Version
|
|
=============================================================================
|
|
EDKII supports building with the latest release of OpenSSL.
|
|
The latest official release is OpenSSL-1.1.0g (Released at 2017-Nov-02).
|
|
NOTE: Only latest release version was fully validated.
|
|
And no guarantees on build & functionality if using other versions.
|
|
|
|
=============================================================================
|
|
HOW to Install OpenSSL for UEFI Building
|
|
=============================================================================
|
|
OpenSSL repository was added as one submodule of EDKII project.
|
|
|
|
The user can use the following commands to clone both main EDKII repo and
|
|
openssl submodule:
|
|
1) Add the "--recursive" flag to the git clone command:
|
|
$ git clone --recursive https://github.com/tianocore/edk2
|
|
or
|
|
2) Manually initialize and update the submodules after the clone operation
|
|
on main project:
|
|
$ git clone https://github.com/tianocore/edk2
|
|
$ git submodule update --init --recursive
|
|
|
|
And use the following combined commands to pull the remote submodule updates
|
|
(e.g. Updating the new supported OpenSSL release tag):
|
|
$ git pull --recurse-submodules && \
|
|
git submodule update --recursive
|
|
|
|
=============================================================================
|
|
About process_files.pl
|
|
=============================================================================
|
|
"process_files.pl" is one Perl script which runs the OpenSSL Configure,
|
|
then processes the resulting file list into our local OpensslLib.inf and
|
|
OpensslLibCrypto.inf.
|
|
This only needs to be done once by the maintainer / developer when
|
|
updating to a new version of OpenSSL (or changing options, etc.).
|
|
Normal users do not need do this, since the results are already stored in
|
|
the EDKII git repository for them.
|