On Mon, Aug 13, 2018 at 10:14:21AM +0200, Kurt Roeckx wrote: > On Mon, Aug 13, 2018 at 12:14:16AM -0700, Steve Langasek wrote: > > On Mon, Aug 13, 2018 at 09:06:27AM +0200, Kurt Roeckx wrote: > > > > Yes, because it's patched source and also there is no openssl in the > > > > archive > > > > that's built for a standalone target, which edk2 must be. See > > > > CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch for the current > > > > patch against upstream openssl source.
> > > You're actually shipping openssl 1.1.0 now, and the changelog says > > > it's now unpatched. > > Ok, I guess I should update my local git checkout ;) Still, the requirement > > for code built for a standalone target still applies. > I have no idea what standalone target means here. edk2 is firmware that runs in a VM. It cannot depend on Linux syscalls because there is no underlying kernel. The default target of Debian gcc is $nativearch-linux-gnu which means that there are allowed to be references to glibc/libgcc/Linux syscalls, including within compiler-generated code. The set of compiler flags edk2 uses to avoid these references include -fno-stack-protecton -fno-builtin. I'm not sure if there are any other build flags used that might impact the output in ways that are relevant to usability for edk2. It's possible -Os also matters, since edk2 can fail to produce a usable firmware image if it exceeds certain overall object size limits. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: PGP signature
