EFI Environment
The leancrypto
library is designed to run without any dependencies and thus
can be used in environments like (U)EFI. To compile it for the EFI environment,
configure the compilation with the following command:
meson setup build -Defi=enabled -Dpkcs7_generator=disabled -Dx509_generator=disabled
meson compile -C build
meson compile -C build pkcs7_trust_tester.efi
The PKCS#7 message generator and X.509 certificate generator are assumed to be not required and thus use POSIX service functions that are not available in EFI.
The compilation uses the GNU-EFI environment and generates:
-
The static library
leancrypto.a
that could be bound into an EFI application compiled externally to the build environment. -
A test application in
build/efi/tests/pkcs7_trust_tester.efi
which is statically linked withleancrypto.a
and implements the test “PKCS7 Trust Validation - PKCS#7 with trust chain” fromasn1/tests/meson.build
. This application is a UEFI application:$ file ./build/efi/tests/pkcs7_trust_tester.efi ./build/efi/tests/pkcs7_trust_tester.efi: PE32+ executable for EFI (application), x86-64 (stripped to external PDB), 7 sections
Naturally, all other options offered by the meson build enviornment can be
toggled for EFI support as well allowing leancrypto
to be configured to
implement the exact algorithms required.
When programming with leancrypto
in the EFI environment, the following
considerations must be applied:
- The API specified by the header files installed as part of the
meson install -C build
command for the user space library is applicable to the EFI environment as well.