From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 70A8B81CCF for ; Sun, 15 Jan 2017 22:33:19 -0800 (PST) Received: from nwb-ext-pat.microfocus.com ([10.120.13.103]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Mon, 16 Jan 2017 07:33:18 +0100 Received: from GaryWorkstation (nwb-a10-snat.microfocus.com [10.120.13.202]) by nwb-ext-pat.microfocus.com with ESMTP (TLS encrypted); Mon, 16 Jan 2017 06:32:45 +0000 Date: Mon, 16 Jan 2017 14:32:37 +0800 From: Gary Lin To: "Wu, Jiaxin" Cc: "edk2-devel@lists.01.org" , "Justen, Jordan L" , Laszlo Ersek , "Long, Qin" Message-ID: <20170116063237.tapblt5ildhgdrrl@GaryWorkstation> References: <20170116041013.31545-1-glin@suse.com> <895558F6EA4E3B41AC93A00D163B727416293E11@SHSMSX103.ccr.corp.intel.com> MIME-Version: 1.0 In-Reply-To: <895558F6EA4E3B41AC93A00D163B727416293E11@SHSMSX103.ccr.corp.intel.com> User-Agent: Mutt/1.6.2 (2016-07-01) Subject: Re: [PATCH] OvmfPkg: Enable HTTPS for Ovmf X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2017 06:33:20 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Jan 16, 2017 at 05:44:49AM +0000, Wu, Jiaxin wrote: > Hi Gary, > > Before we enable the HTTPS/TLS for OVMF, We need remove the 'SECURE_BOOT_ENABLE' flag control for the CryptoPkg librarie. Not only the secure boot feature requires the CryptoPkg libraries (e.g, OpensslLib, BaseCryptLib), but also ISCSI, IpSec and HTTPS/TLS features. If we not remove that dependency, we must set both SECURE_BOOT_ENABLE and TLS_ENABLE to support TLS feature. That's unreasonable. > Ah! Right. I always enable secure boot and forgot the dependency of CryptoPkg. > Attached patch is to remove the flag control for the CryptoPkg libraries. I suggest to wait that patch commit, then go ahead to enable the HTTPS for OVMF. > Agree. We should free CryptoPkg from Secure Boot or HTTPS first. Thanks, Gary Lin > Thanks, > Jiaxin > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Gary > > Lin > > Sent: Monday, January 16, 2017 12:10 PM > > To: edk2-devel@lists.01.org > > Cc: Justen, Jordan L ; Wu, Jiaxin > > ; Laszlo Ersek > > Subject: [edk2] [PATCH] OvmfPkg: Enable HTTPS for Ovmf > > > > This commit introduces a new build option to OvmfPkg: TLS_ENABLE. > > When setting the option, the TLS drivers will be included to support > > HTTPS. > > > > NOTE: HTTP_BOOT_ENABLE is needed to enable HTTPS support since it's > > pointless to enable TLS alone. > > > > Cc: Laszlo Ersek > > Cc: Jordan Justen > > Cc: Jiaxin Wu > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Gary Lin > > --- > > OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ > > OvmfPkg/OvmfPkgIa32.fdf | 4 ++++ > > OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ > > OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++ > > OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ > > OvmfPkg/OvmfPkgX64.fdf | 4 ++++ > > 6 files changed, 36 insertions(+) > > > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > > index e97f7f0262..363f143c68 100644 > > --- a/OvmfPkg/OvmfPkgIa32.dsc > > +++ b/OvmfPkg/OvmfPkgIa32.dsc > > @@ -38,6 +38,7 @@ [Defines] > > DEFINE NETWORK_IP6_ENABLE = FALSE > > DEFINE HTTP_BOOT_ENABLE = FALSE > > DEFINE SMM_REQUIRE = FALSE > > + DEFINE TLS_ENABLE = FALSE > > > > [BuildOptions] > > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > > @@ -158,6 +159,9 @@ [LibraryClasses] > > > > !if $(HTTP_BOOT_ENABLE) == TRUE > > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > > +!if $(TLS_ENABLE) == TRUE > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > +!endif > > !endif > > > > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > > tLib.inf > > @@ -715,6 +719,10 @@ [Components] > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > NetworkPkg/HttpDxe/HttpDxe.inf > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) == TRUE > > + NetworkPkg/TlsDxe/TlsDxe.inf > > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf > > index 34d57a6079..30c8800932 100644 > > --- a/OvmfPkg/OvmfPkgIa32.fdf > > +++ b/OvmfPkg/OvmfPkgIa32.fdf > > @@ -329,6 +329,10 @@ [FV.DXEFV] > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) == TRUE > > + INF NetworkPkg/TlsDxe/TlsDxe.inf > > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > > index 8e3e04c135..f22bad309a 100644 > > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > > @@ -38,6 +38,7 @@ [Defines] > > DEFINE NETWORK_IP6_ENABLE = FALSE > > DEFINE HTTP_BOOT_ENABLE = FALSE > > DEFINE SMM_REQUIRE = FALSE > > + DEFINE TLS_ENABLE = FALSE > > > > [BuildOptions] > > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > > @@ -163,6 +164,9 @@ [LibraryClasses] > > > > !if $(HTTP_BOOT_ENABLE) == TRUE > > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > > +!if $(TLS_ENABLE) == TRUE > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > +!endif > > !endif > > > > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > > tLib.inf > > @@ -724,6 +728,10 @@ [Components.X64] > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > NetworkPkg/HttpDxe/HttpDxe.inf > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) == TRUE > > + NetworkPkg/TlsDxe/TlsDxe.inf > > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf > > index df55c2b210..7bc31d42ba 100644 > > --- a/OvmfPkg/OvmfPkgIa32X64.fdf > > +++ b/OvmfPkg/OvmfPkgIa32X64.fdf > > @@ -329,6 +329,10 @@ [FV.DXEFV] > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) == TRUE > > + INF NetworkPkg/TlsDxe/TlsDxe.inf > > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > > index 6ec3fe050d..8eca6fd557 100644 > > --- a/OvmfPkg/OvmfPkgX64.dsc > > +++ b/OvmfPkg/OvmfPkgX64.dsc > > @@ -38,6 +38,7 @@ [Defines] > > DEFINE NETWORK_IP6_ENABLE = FALSE > > DEFINE HTTP_BOOT_ENABLE = FALSE > > DEFINE SMM_REQUIRE = FALSE > > + DEFINE TLS_ENABLE = FALSE > > > > [BuildOptions] > > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > > @@ -163,6 +164,9 @@ [LibraryClasses] > > > > !if $(HTTP_BOOT_ENABLE) == TRUE > > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > > +!if $(TLS_ENABLE) == TRUE > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > +!endif > > !endif > > > > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > > tLib.inf > > @@ -722,6 +726,10 @@ [Components] > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > NetworkPkg/HttpDxe/HttpDxe.inf > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) == TRUE > > + NetworkPkg/TlsDxe/TlsDxe.inf > > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > > index 5e2e1dfaf5..cb7ca131e8 100644 > > --- a/OvmfPkg/OvmfPkgX64.fdf > > +++ b/OvmfPkg/OvmfPkgX64.fdf > > @@ -329,6 +329,10 @@ [FV.DXEFV] > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) == TRUE > > + INF NetworkPkg/TlsDxe/TlsDxe.inf > > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > -- > > 2.11.0 > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel