Skip to content

microsoft/mu_crypto_release

BranchesTags

Repository files navigation

Project Mu Crypto Release

Continuous Integration Build OneCryptoPkg Host-Based Unit Tests CodeQL Coverage OpenSSL Mbed TLS

This repository hosts the cryptographic library packages for Project Mu. It decomposes the monolithic CryptoPkg into independent, backend-specific packages so that each crypto implementation can be built, tested, and maintained separately.

Repository Structure

Package Description
OneCryptoPkg Unified cross-phase crypto driver that dispatches the crypto provider.
OpensslPkg BaseCryptLib, OpensslLib, TlsLib, and supporting headers backed by OpenSSL.
MbedTlsPkg BaseCryptLib, MbedTlsLib, and supporting headers backed by Mbed TLS.

CI Setup

# One-time setup
git submodule update --init --recursive
pip install -r pip-requirements.txt

# Packages: (OpensslPkg or MbedTlsPkg)
stuart_setup    -c .pytool/CISettings.py -p <Pkg>
stuart_ci_setup -c .pytool/CISettings.py -p <Pkg> # Only required for CI
stuart_update   -c .pytool/CISettings.py -p <Pkg>

CI Building

# CI Targets: (DEBUG, RELEASE, NO-TARGET)
stuart_ci_build -c .pytool/CISettings.py -p <Pkg> -t DEBUG TOOL_CHAIN_TAG=CLANGPDB
stuart_ci_build -c .pytool/CISettings.py -p <Pkg> -t RELEASE TOOL_CHAIN_TAG=CLANGPDB

Host-Based Unit Tests

# Run host-based unit tests locally with GCC5

# Packages: (OpensslPkg, MbedTlsPkg)
stuart_ci_build -c .pytool/CISettings.py -p <Pkg> -t NOOPT -d HostUnitTestCompilerPlugin=run TOOL_CHAIN_TAG=GCC5

Note: MbedTlsPkg host-based tests are currently disabled due to known test failures. See the TODO in host-based-test-runner.yml for details.

OneCryptoPkg

For more details, see OneCryptoPkg/Docs/README.md.

OneCryptoPkg uses PlatformBuild.py (via stuart_build) instead of the CI settings file. By default, it builds both DEBUG and RELEASE targets for X64 and AARCH64.

Setup

# Clone GetDependencies() repos (MU_BASECORE, MM_SUPV, mu_plus)
stuart_ci_setup -c PlatformBuild.py

# Sync git submodules listed in .gitmodules (openssl, mbedtls)
stuart_setup  -c PlatformBuild.py

# Fetch ext_deps (NuGet, web, etc.)
stuart_update -c PlatformBuild.py

Build

# Build all targets and architectures
stuart_build -c PlatformBuild.py TOOL_CHAIN_TAG=CLANGPDB

# Build only X64 RELEASE
stuart_build -c PlatformBuild.py -a X64 -t RELEASE TOOL_CHAIN_TAG=CLANGPDB

# Build only AARCH64 DEBUG
stuart_build -c PlatformBuild.py -a AARCH64 -t DEBUG TOOL_CHAIN_TAG=CLANGPDB

Build Variants

Two variants are available:

  • Accelerated (default) — uses NASM assembly optimizations in OpenSSL.
  • Non-accelerated — pure C, no assembly. Built with the BLD_*_NON_ACCEL=TRUE flag.
# Non-accelerated build
stuart_build -c PlatformBuild.py BLD_*_NON_ACCEL=TRUE TOOL_CHAIN_TAG=CLANGPDB

Packaging

After a successful build the OneCryptoBundler plugin automatically produces Build/OneCryptoPkg/OneCrypto-Drivers.zip. To skip packaging, pass --skip-packaging:

stuart_build -c PlatformBuild.py --skip-packaging TOOL_CHAIN_TAG=CLANGPDB

Contributing

Contributions are welcome. Please see CONTRIBUTING.md for guidelines.

License

This project is licensed under the BSD-2-Clause-Patent license. See the License.txt file for details.

About

Release platform for Mu CryptoBin

Topics

crypto uefi projectmu

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

21 stars

Watchers

5 watching

Forks

19 forks
Report repository

Releases 27

v1.0.0-OneCrypto Latest
Mar 27, 2026
+ 26 releases

Packages

 
 
 

Contributors

Languages