From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C141A2117B552 for ; Wed, 21 Nov 2018 03:07:19 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 49E113086259; Wed, 21 Nov 2018 11:07:19 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-240.rdu2.redhat.com [10.10.120.240]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3D5AB5F7DB; Wed, 21 Nov 2018 11:07:18 +0000 (UTC) To: Fu Siyuan , edk2-devel@lists.01.org Cc: Anthony Perard , Jordan Justen References: <20181121052819.15744-1-siyuan.fu@intel.com> <20181121052819.15744-6-siyuan.fu@intel.com> From: Laszlo Ersek Message-ID: <19a413d8-c461-2f4b-9665-66c76deb4c3a@redhat.com> Date: Wed, 21 Nov 2018 12:07:17 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20181121052819.15744-6-siyuan.fu@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Wed, 21 Nov 2018 11:07:19 +0000 (UTC) Subject: Re: [PATCH 5/6] OvmfPkg: Update DSC/FDF to use NetworkPkg's include fragment file. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2018 11:07:20 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit As I said, I wouldn't like to review this patch in detail right now. Just some light comments: On 11/21/18 06:28, Fu Siyuan wrote: > This patch updates the platform DSC/FDF files to use the include fragment > files provided by NetworkPkg. > The feature enabling flags in [Defines] section have been updated to use > the NetworkPkg's terms, and the value has been overridden with the original > default value on this platform. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Anthony Perard > Cc: Julien Grall > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Fu Siyuan > --- > OvmfPkg/OvmfPkgIa32.dsc | 52 ++++--------------- > OvmfPkg/OvmfPkgIa32.fdf | 25 +-------- > OvmfPkg/OvmfPkgIa32X64.dsc | 53 ++++---------------- > OvmfPkg/OvmfPkgIa32X64.fdf | 25 +-------- > OvmfPkg/OvmfPkgX64.dsc | 52 ++++--------------- > OvmfPkg/OvmfPkgX64.fdf | 25 +-------- > 6 files changed, 36 insertions(+), 196 deletions(-) > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index eccf34d3d1cb..5d6ea3e67001 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -35,12 +35,21 @@ [Defines] > # -D FLAG=VALUE > # > DEFINE SECURE_BOOT_ENABLE = FALSE > - DEFINE NETWORK_IP6_ENABLE = FALSE > - DEFINE HTTP_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > DEFINE TLS_ENABLE = FALSE > DEFINE TPM2_ENABLE = FALSE > > + DEFINE NETWORK_IP6_ENABLE = FALSE > + # > + # TLS_ENABLE flag is used to control platform specific configuration for TLS support. > + # NETWORK_TLS_ENABLE should always be set to FALSE. > + # > + DEFINE NETWORK_TLS_ENABLE = FALSE (1) Ah, OK, I understand, so basically the suggestion is that OVMF not make use of NETWORK_TLS_ENABLE, but continue using its own TLS_ENABLE solution. Hmmm. I wonder if that's helpful at all. To me it seems to increase the confusion rather than decrease it. I guess it can work, but then we should rename TLS_ENABLE to something better, such as "PLATFORM_TLS_ENABLE". And this comment should be more detailed *why* we do that. (We do that because we configure the CA certificates and the cipher suites with a null class lib instance hooked into TlsAuthConfigDxe, which downloads the necessary data from QEMU via fw_cfg.) > + DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE > + DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE (2) This (i.e. NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE) is wrong. We set PcdAllowHttpConnections to TRUE on purpose. See commit 4b2fb7986d57 ("OvmfPkg: Allow HTTP connections if HTTP Boot enabled", 2017-01-23). More after you post v2, I think. Thanks! Laszlo