From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glin@suse.com>
Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 70A8B81CCF
 for <edk2-devel@lists.01.org>; Sun, 15 Jan 2017 22:33:19 -0800 (PST)
Received: from nwb-ext-pat.microfocus.com ([10.120.13.103])
 by smtp.nue.novell.com with ESMTP (TLS encrypted);
 Mon, 16 Jan 2017 07:33:18 +0100
Received: from GaryWorkstation (nwb-a10-snat.microfocus.com [10.120.13.202])
 by nwb-ext-pat.microfocus.com with ESMTP (TLS encrypted);
 Mon, 16 Jan 2017 06:32:45 +0000
Date: Mon, 16 Jan 2017 14:32:37 +0800
From: Gary Lin <glin@suse.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
 "Justen, Jordan L" <jordan.l.justen@intel.com>,
 Laszlo Ersek <lersek@redhat.com>, "Long, Qin" <qin.long@intel.com>
Message-ID: <20170116063237.tapblt5ildhgdrrl@GaryWorkstation>
References: <20170116041013.31545-1-glin@suse.com>
 <895558F6EA4E3B41AC93A00D163B727416293E11@SHSMSX103.ccr.corp.intel.com>
MIME-Version: 1.0
In-Reply-To: <895558F6EA4E3B41AC93A00D163B727416293E11@SHSMSX103.ccr.corp.intel.com>
User-Agent: Mutt/1.6.2 (2016-07-01)
Subject: Re: [PATCH] OvmfPkg: Enable HTTPS for Ovmf
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2017 06:33:20 -0000
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Jan 16, 2017 at 05:44:49AM +0000, Wu, Jiaxin wrote:
> Hi Gary,
> 
> Before we enable the HTTPS/TLS for OVMF, We need remove the 'SECURE_BOOT_ENABLE' flag control for the CryptoPkg librarie. Not only the secure boot feature requires the CryptoPkg libraries (e.g, OpensslLib, BaseCryptLib), but also ISCSI, IpSec and HTTPS/TLS features. If we not remove that dependency, we must set both SECURE_BOOT_ENABLE and TLS_ENABLE to support TLS feature. That's unreasonable.
> 
Ah! Right. I always enable secure boot and forgot the dependency of
CryptoPkg.

> Attached patch is to remove the flag control for the CryptoPkg libraries. I suggest to wait that patch commit, then go ahead to enable the HTTPS for OVMF.
> 
Agree. We should free CryptoPkg from Secure Boot or HTTPS first.

Thanks,

Gary Lin

> Thanks,
> Jiaxin
> 
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Gary
> > Lin
> > Sent: Monday, January 16, 2017 12:10 PM
> > To: edk2-devel@lists.01.org
> > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Wu, Jiaxin
> > <jiaxin.wu@intel.com>; Laszlo Ersek <lersek@redhat.com>
> > Subject: [edk2] [PATCH] OvmfPkg: Enable HTTPS for Ovmf
> > 
> > This commit introduces a new build option to OvmfPkg: TLS_ENABLE.
> > When setting the option, the TLS drivers will be included to support
> > HTTPS.
> > 
> > NOTE: HTTP_BOOT_ENABLE is needed to enable HTTPS support since it's
> >       pointless to enable TLS alone.
> > 
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Gary Lin <glin@suse.com>
> > ---
> >  OvmfPkg/OvmfPkgIa32.dsc    | 8 ++++++++
> >  OvmfPkg/OvmfPkgIa32.fdf    | 4 ++++
> >  OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++
> >  OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++
> >  OvmfPkg/OvmfPkgX64.dsc     | 8 ++++++++
> >  OvmfPkg/OvmfPkgX64.fdf     | 4 ++++
> >  6 files changed, 36 insertions(+)
> > 
> > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> > index e97f7f0262..363f143c68 100644
> > --- a/OvmfPkg/OvmfPkgIa32.dsc
> > +++ b/OvmfPkg/OvmfPkgIa32.dsc
> > @@ -38,6 +38,7 @@ [Defines]
> >    DEFINE NETWORK_IP6_ENABLE      = FALSE
> >    DEFINE HTTP_BOOT_ENABLE        = FALSE
> >    DEFINE SMM_REQUIRE             = FALSE
> > +  DEFINE TLS_ENABLE              = FALSE
> > 
> >  [BuildOptions]
> >    GCC:*_UNIXGCC_*_CC_FLAGS             = -DMDEPKG_NDEBUG
> > @@ -158,6 +159,9 @@ [LibraryClasses]
> > 
> >  !if $(HTTP_BOOT_ENABLE) == TRUE
> >    HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
> > +!if $(TLS_ENABLE) == TRUE
> > +  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> > +!endif
> >  !endif
> > 
> > 
> > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip
> > tLib.inf
> > @@ -715,6 +719,10 @@ [Components]
> >    NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> >    NetworkPkg/HttpDxe/HttpDxe.inf
> >    NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> > +!if $(TLS_ENABLE) == TRUE
> > +  NetworkPkg/TlsDxe/TlsDxe.inf
> > +  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> > +!endif
> >  !endif
> >    OvmfPkg/VirtioNetDxe/VirtioNet.inf
> > 
> > diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> > index 34d57a6079..30c8800932 100644
> > --- a/OvmfPkg/OvmfPkgIa32.fdf
> > +++ b/OvmfPkg/OvmfPkgIa32.fdf
> > @@ -329,6 +329,10 @@ [FV.DXEFV]
> >    INF  NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> >    INF  NetworkPkg/HttpDxe/HttpDxe.inf
> >    INF  NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> > +!if $(TLS_ENABLE) == TRUE
> > +  INF  NetworkPkg/TlsDxe/TlsDxe.inf
> > +  INF  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> > +!endif
> >  !endif
> >    INF  OvmfPkg/VirtioNetDxe/VirtioNet.inf
> > 
> > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> > index 8e3e04c135..f22bad309a 100644
> > --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> > @@ -38,6 +38,7 @@ [Defines]
> >    DEFINE NETWORK_IP6_ENABLE      = FALSE
> >    DEFINE HTTP_BOOT_ENABLE        = FALSE
> >    DEFINE SMM_REQUIRE             = FALSE
> > +  DEFINE TLS_ENABLE              = FALSE
> > 
> >  [BuildOptions]
> >    GCC:*_UNIXGCC_*_CC_FLAGS             = -DMDEPKG_NDEBUG
> > @@ -163,6 +164,9 @@ [LibraryClasses]
> > 
> >  !if $(HTTP_BOOT_ENABLE) == TRUE
> >    HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
> > +!if $(TLS_ENABLE) == TRUE
> > +  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> > +!endif
> >  !endif
> > 
> > 
> > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip
> > tLib.inf
> > @@ -724,6 +728,10 @@ [Components.X64]
> >    NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> >    NetworkPkg/HttpDxe/HttpDxe.inf
> >    NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> > +!if $(TLS_ENABLE) == TRUE
> > +  NetworkPkg/TlsDxe/TlsDxe.inf
> > +  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> > +!endif
> >  !endif
> >    OvmfPkg/VirtioNetDxe/VirtioNet.inf
> > 
> > diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
> > index df55c2b210..7bc31d42ba 100644
> > --- a/OvmfPkg/OvmfPkgIa32X64.fdf
> > +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
> > @@ -329,6 +329,10 @@ [FV.DXEFV]
> >    INF  NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> >    INF  NetworkPkg/HttpDxe/HttpDxe.inf
> >    INF  NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> > +!if $(TLS_ENABLE) == TRUE
> > +  INF  NetworkPkg/TlsDxe/TlsDxe.inf
> > +  INF  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> > +!endif
> >  !endif
> >    INF  OvmfPkg/VirtioNetDxe/VirtioNet.inf
> > 
> > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> > index 6ec3fe050d..8eca6fd557 100644
> > --- a/OvmfPkg/OvmfPkgX64.dsc
> > +++ b/OvmfPkg/OvmfPkgX64.dsc
> > @@ -38,6 +38,7 @@ [Defines]
> >    DEFINE NETWORK_IP6_ENABLE      = FALSE
> >    DEFINE HTTP_BOOT_ENABLE        = FALSE
> >    DEFINE SMM_REQUIRE             = FALSE
> > +  DEFINE TLS_ENABLE              = FALSE
> > 
> >  [BuildOptions]
> >    GCC:*_UNIXGCC_*_CC_FLAGS             = -DMDEPKG_NDEBUG
> > @@ -163,6 +164,9 @@ [LibraryClasses]
> > 
> >  !if $(HTTP_BOOT_ENABLE) == TRUE
> >    HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
> > +!if $(TLS_ENABLE) == TRUE
> > +  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> > +!endif
> >  !endif
> > 
> > 
> > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip
> > tLib.inf
> > @@ -722,6 +726,10 @@ [Components]
> >    NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> >    NetworkPkg/HttpDxe/HttpDxe.inf
> >    NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> > +!if $(TLS_ENABLE) == TRUE
> > +  NetworkPkg/TlsDxe/TlsDxe.inf
> > +  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> > +!endif
> >  !endif
> >    OvmfPkg/VirtioNetDxe/VirtioNet.inf
> > 
> > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> > index 5e2e1dfaf5..cb7ca131e8 100644
> > --- a/OvmfPkg/OvmfPkgX64.fdf
> > +++ b/OvmfPkg/OvmfPkgX64.fdf
> > @@ -329,6 +329,10 @@ [FV.DXEFV]
> >    INF  NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> >    INF  NetworkPkg/HttpDxe/HttpDxe.inf
> >    INF  NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> > +!if $(TLS_ENABLE) == TRUE
> > +  INF  NetworkPkg/TlsDxe/TlsDxe.inf
> > +  INF  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> > +!endif
> >  !endif
> >    INF  OvmfPkg/VirtioNetDxe/VirtioNet.inf
> > 
> > --
> > 2.11.0
> > 
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel