From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web09.33297.1605526923560233990 for ; Mon, 16 Nov 2020 03:42:03 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: linux.intel.com, ip: 192.55.52.93, mailfrom: maciej.rabeda@linux.intel.com) IronPort-SDR: 88uOA2gYrIdOt3E3HC6a296J7RK3F+Fm+nURqCTdRCXX7rQsakeQB6BEtvb8ucZ3qLB7bqon9H lBGUnW6/gmRA== X-IronPort-AV: E=McAfee;i="6000,8403,9806"; a="167222280" X-IronPort-AV: E=Sophos;i="5.77,482,1596524400"; d="scan'208";a="167222280" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Nov 2020 03:42:03 -0800 IronPort-SDR: IiVSV+pWtoW5vcYnPUmo4QvX3d5sHzxIecuN8oqttqiO6XG3L+vxdymnXZM5WJKdyh+T/S3Kwu d1XYRPPlziLg== X-IronPort-AV: E=Sophos;i="5.77,482,1596524400"; d="scan'208";a="543573825" Received: from mrabeda-mobl.ger.corp.intel.com (HELO [10.213.20.28]) ([10.213.20.28]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Nov 2020 03:41:58 -0800 Subject: Re: [edk2-devel] [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default To: devel@edk2.groups.io, zhichao.gao@intel.com Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Sami Mujawar , Leif Lindholm , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Michael D Kinney , Kelly Steele , Zailiang Sun , Yi Qian , Liming Gao , Jiaxin Wu , Siyuan Fu References: <20201112055558.2348-1-zhichao.gao@intel.com> <20201112055558.2348-13-zhichao.gao@intel.com> From: "Maciej Rabeda" Message-ID: <09898827-8422-5ab8-8edf-53187d2a9211@linux.intel.com> Date: Mon, 16 Nov 2020 12:41:51 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.1 MIME-Version: 1.0 In-Reply-To: <20201112055558.2348-13-zhichao.gao@intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: pl Reviewed-by: Maciej Rabeda On 12-Nov-20 06:55, Gao, Zhichao wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 > > iSCSI is using the deprecated function MD5. It is > better to make the default setting secure. If the platforms > want to use the iSCSI, they should enable it in the platforms' > dsc file and be aware they are using an function with weak > cryptography. > > Enable iSCSI in NetworkPkg.dsc for build. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Sami Mujawar > Cc: Leif Lindholm > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Cc: Michael D Kinney > Cc: Kelly Steele > Cc: Zailiang Sun > Cc: Yi Qian > Cc: Liming Gao > Cc: Maciej Rabeda > Cc: Jiaxin Wu > Cc: Siyuan Fu > Signed-off-by: Zhichao Gao > --- > NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- > NetworkPkg/NetworkPkg.dsc | 4 +++- > 2 files changed, 5 insertions(+), 3 deletions(-) > > diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc > index a442d1b157..18921d81f6 100644 > --- a/NetworkPkg/NetworkDefines.dsc.inc > +++ b/NetworkPkg/NetworkDefines.dsc.inc > @@ -17,7 +17,7 @@ > # DEFINE NETWORK_TLS_ENABLE = TRUE > # DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE > # DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE > -# DEFINE NETWORK_ISCSI_ENABLE = TRUE > +# DEFINE NETWORK_ISCSI_ENABLE = FALSE > # DEFINE NETWORK_VLAN_ENABLE = TRUE > # > # Copyright (c) 2019, Intel Corporation. All rights reserved.
> @@ -101,7 +101,7 @@ > # Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used > # since libssl is not required for iSCSI. > # > - DEFINE NETWORK_ISCSI_ENABLE = TRUE > + DEFINE NETWORK_ISCSI_ENABLE = FALSE > !endif > > !if $(NETWORK_ENABLE) == TRUE > diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc > index 716d04fdad..e508995e3a 100644 > --- a/NetworkPkg/NetworkPkg.dsc > +++ b/NetworkPkg/NetworkPkg.dsc > @@ -2,7 +2,7 @@ > # UEFI 2.4 Network Module Package for All Architectures > # > # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
> -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
> # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.
> # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -18,6 +18,8 @@ > BUILD_TARGETS = DEBUG|RELEASE|NOOPT > SKUID_IDENTIFIER = DEFAULT > > + DEFINE NETWORK_ISCSI_ENABLE = TRUE > + > [LibraryClasses] > DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf > BaseLib|MdePkg/Library/BaseLib/BaseLib.inf