EFI Environment

The leancrypto library is designed to run without any dependencies and thus can be used in environments like (U)EFI. To compile it for the EFI environment, configure the compilation with the following command:

meson setup build -Defi=enabled -Dpkcs7_generator=disabled -Dx509_generator=disabled
meson compile -C build
meson compile -C build pkcs7_trust_tester.efi

The PKCS#7 message generator and X.509 certificate generator are assumed to be not required and thus use POSIX service functions that are not available in EFI.

The compilation uses the GNU-EFI environment and generates:

  1. The static library leancrypto.a that could be bound into an EFI application compiled externally to the build environment.

  2. A test application in build/efi/tests/pkcs7_trust_tester.efi which is statically linked with leancrypto.a and implements the test “PKCS7 Trust Validation - PKCS#7 with trust chain” from asn1/tests/meson.build. This application is a UEFI application:

    $ file ./build/efi/tests/pkcs7_trust_tester.efi
    ./build/efi/tests/pkcs7_trust_tester.efi: PE32+ executable for EFI (application), x86-64 (stripped to external PDB), 7 sections

Naturally, all other options offered by the meson build enviornment can be toggled for EFI support as well allowing leancrypto to be configured to implement the exact algorithms required.

When programming with leancrypto in the EFI environment, the following considerations must be applied:

  • The API specified by the header files installed as part of the meson install -C build command for the user space library is applicable to the EFI environment as well.