From: Laszlo Ersek <lersek@redhat.com>
To: Fu Siyuan <siyuan.fu@intel.com>, edk2-devel@lists.01.org
Cc: Anthony Perard <anthony.perard@citrix.com>,
Jordan Justen <jordan.l.justen@intel.com>
Subject: Re: [PATCH 5/6] OvmfPkg: Update DSC/FDF to use NetworkPkg's include fragment file.
Date: Wed, 21 Nov 2018 12:07:17 +0100 [thread overview]
Message-ID: <19a413d8-c461-2f4b-9665-66c76deb4c3a@redhat.com> (raw)
In-Reply-To: <20181121052819.15744-6-siyuan.fu@intel.com>
As I said, I wouldn't like to review this patch in detail right now.
Just some light comments:
On 11/21/18 06:28, Fu Siyuan wrote:
> This patch updates the platform DSC/FDF files to use the include fragment
> files provided by NetworkPkg.
> The feature enabling flags in [Defines] section have been updated to use
> the NetworkPkg's terms, and the value has been overridden with the original
> default value on this platform.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Julien Grall <julien.grall@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 52 ++++---------------
> OvmfPkg/OvmfPkgIa32.fdf | 25 +--------
> OvmfPkg/OvmfPkgIa32X64.dsc | 53 ++++----------------
> OvmfPkg/OvmfPkgIa32X64.fdf | 25 +--------
> OvmfPkg/OvmfPkgX64.dsc | 52 ++++---------------
> OvmfPkg/OvmfPkgX64.fdf | 25 +--------
> 6 files changed, 36 insertions(+), 196 deletions(-)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index eccf34d3d1cb..5d6ea3e67001 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -35,12 +35,21 @@ [Defines]
> # -D FLAG=VALUE
> #
> DEFINE SECURE_BOOT_ENABLE = FALSE
> - DEFINE NETWORK_IP6_ENABLE = FALSE
> - DEFINE HTTP_BOOT_ENABLE = FALSE
> DEFINE SMM_REQUIRE = FALSE
> DEFINE TLS_ENABLE = FALSE
> DEFINE TPM2_ENABLE = FALSE
>
> + DEFINE NETWORK_IP6_ENABLE = FALSE
> + #
> + # TLS_ENABLE flag is used to control platform specific configuration for TLS support.
> + # NETWORK_TLS_ENABLE should always be set to FALSE.
> + #
> + DEFINE NETWORK_TLS_ENABLE = FALSE
(1) Ah, OK, I understand, so basically the suggestion is that OVMF not
make use of NETWORK_TLS_ENABLE, but continue using its own TLS_ENABLE
solution.
Hmmm. I wonder if that's helpful at all. To me it seems to increase the
confusion rather than decrease it.
I guess it can work, but then we should rename TLS_ENABLE to something
better, such as "PLATFORM_TLS_ENABLE". And this comment should be more
detailed *why* we do that. (We do that because we configure the CA
certificates and the cipher suites with a null class lib instance hooked
into TlsAuthConfigDxe, which downloads the necessary data from QEMU via
fw_cfg.)
> + DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
> + DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
(2) This (i.e. NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE) is wrong. We set
PcdAllowHttpConnections to TRUE on purpose. See commit 4b2fb7986d57
("OvmfPkg: Allow HTTP connections if HTTP Boot enabled", 2017-01-23).
More after you post v2, I think.
Thanks!
Laszlo
next prev parent reply other threads:[~2018-11-21 11:07 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-21 5:28 [PATCH 0/6] Add DSC/FDF include segment files for network stack Fu Siyuan
2018-11-21 5:28 ` [PATCH 1/6] NetworkPkg: Add DSC/FDF include segment files to NetworkPkg Fu Siyuan
2018-11-21 10:46 ` Laszlo Ersek
2018-11-21 10:56 ` Laszlo Ersek
2018-11-21 11:53 ` Fu, Siyuan
2018-11-21 15:32 ` Laszlo Ersek
2018-11-21 5:28 ` [PATCH 2/6] Nt32Pkg: Update DSC/FDF to use NetworkPkg's include fragment file Fu Siyuan
2018-11-21 5:28 ` [PATCH 3/6] ArmVirtPkg: " Fu Siyuan
2018-11-21 11:26 ` Laszlo Ersek
2018-11-21 5:28 ` [PATCH 4/6] EmulatorPkg: " Fu Siyuan
2018-11-21 5:28 ` [PATCH 5/6] OvmfPkg: " Fu Siyuan
2018-11-21 11:07 ` Laszlo Ersek [this message]
2018-11-21 5:28 ` [PATCH 6/6] Vlv2TbltDevicePkg: " Fu Siyuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19a413d8-c461-2f4b-9665-66c76deb4c3a@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox