From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0C69081D79 for ; Sun, 15 Jan 2017 23:01:49 -0800 (PST) Received: from nwb-ext-pat.microfocus.com ([10.120.13.103]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Mon, 16 Jan 2017 08:01:48 +0100 Received: from GaryWorkstation (nwb-a10-snat.microfocus.com [10.120.13.202]) by nwb-ext-pat.microfocus.com with ESMTP (TLS encrypted); Mon, 16 Jan 2017 06:41:06 +0000 Date: Mon, 16 Jan 2017 14:40:58 +0800 From: Gary Lin To: "Wu, Jiaxin" Cc: "edk2-devel@lists.01.org" , "Justen, Jordan L" , Laszlo Ersek , "Long, Qin" Message-ID: <20170116064058.nieuzoxlozwjqlcv@GaryWorkstation> References: <20170116041013.31545-1-glin@suse.com> <895558F6EA4E3B41AC93A00D163B727416293E11@SHSMSX103.ccr.corp.intel.com> <895558F6EA4E3B41AC93A00D163B727416293E6F@SHSMSX103.ccr.corp.intel.com> MIME-Version: 1.0 In-Reply-To: <895558F6EA4E3B41AC93A00D163B727416293E6F@SHSMSX103.ccr.corp.intel.com> User-Agent: Mutt/1.6.2 (2016-07-01) Subject: Re: [PATCH] OvmfPkg: Enable HTTPS for Ovmf X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2017 07:01:50 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Jan 16, 2017 at 06:15:08AM +0000, Wu, Jiaxin wrote: > More: TLS feature should not be limit to HTTP(S) feature. > Is there any other planned usage for TLS? > !if $(HTTP_BOOT_ENABLE) == TRUE > !if $(TLS_ENABLE) == TRUE > ... > !endif > !endif > I checked my patch again and found it'd be better to include the HTTP and TLS drivers in this way: !if $(HTTP_BOOT_ENABLE) == TRUE || $(TLS_ENABLE) == TRUE !endif !if $(TLS_ENABLE) == TRUE {TLS drivers} !endif Therefore, Enabling TLS_ENABLE also means to enable HTTP_BOOT_ENABLE. Make it less error-prone. Will send a v2 patch after your patch is merged. Thanks, Gary Lin > Best Regard! > Jiaxin > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Wu, > > Jiaxin > > Sent: Monday, January 16, 2017 1:45 PM > > To: Gary Lin ; edk2-devel@lists.01.org > > Cc: Justen, Jordan L ; Laszlo Ersek > > ; Long, Qin > > Subject: Re: [edk2] [PATCH] OvmfPkg: Enable HTTPS for Ovmf > > > > Hi Gary, > > > > Before we enable the HTTPS/TLS for OVMF, We need remove the > > 'SECURE_BOOT_ENABLE' flag control for the CryptoPkg librarie. Not only the > > secure boot feature requires the CryptoPkg libraries (e.g, OpensslLib, > > BaseCryptLib), but also ISCSI, IpSec and HTTPS/TLS features. If we not remove > > that dependency, we must set both SECURE_BOOT_ENABLE and TLS_ENABLE to > > support TLS feature. That's unreasonable. > > > > Attached patch is to remove the flag control for the CryptoPkg libraries. I > > suggest to wait that patch commit, then go ahead to enable the HTTPS for > > OVMF. > > > > Thanks, > > Jiaxin > > > > > -----Original Message----- > > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > > Gary > > > Lin > > > Sent: Monday, January 16, 2017 12:10 PM > > > To: edk2-devel@lists.01.org > > > Cc: Justen, Jordan L ; Wu, Jiaxin > > > ; Laszlo Ersek > > > Subject: [edk2] [PATCH] OvmfPkg: Enable HTTPS for Ovmf > > > > > > This commit introduces a new build option to OvmfPkg: TLS_ENABLE. > > > When setting the option, the TLS drivers will be included to support > > > HTTPS. > > > > > > NOTE: HTTP_BOOT_ENABLE is needed to enable HTTPS support since it's > > > pointless to enable TLS alone. > > > > > > Cc: Laszlo Ersek > > > Cc: Jordan Justen > > > Cc: Jiaxin Wu > > > Contributed-under: TianoCore Contribution Agreement 1.0 > > > Signed-off-by: Gary Lin > > > --- > > > OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ > > > OvmfPkg/OvmfPkgIa32.fdf | 4 ++++ > > > OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ > > > OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++ > > > OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ > > > OvmfPkg/OvmfPkgX64.fdf | 4 ++++ > > > 6 files changed, 36 insertions(+) > > > > > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > > > index e97f7f0262..363f143c68 100644 > > > --- a/OvmfPkg/OvmfPkgIa32.dsc > > > +++ b/OvmfPkg/OvmfPkgIa32.dsc > > > @@ -38,6 +38,7 @@ [Defines] > > > DEFINE NETWORK_IP6_ENABLE = FALSE > > > DEFINE HTTP_BOOT_ENABLE = FALSE > > > DEFINE SMM_REQUIRE = FALSE > > > + DEFINE TLS_ENABLE = FALSE > > > > > > [BuildOptions] > > > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > > > @@ -158,6 +159,9 @@ [LibraryClasses] > > > > > > !if $(HTTP_BOOT_ENABLE) == TRUE > > > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > > > +!if $(TLS_ENABLE) == TRUE > > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > > +!endif > > > !endif > > > > > > > > > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > > > tLib.inf > > > @@ -715,6 +719,10 @@ [Components] > > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > > NetworkPkg/HttpDxe/HttpDxe.inf > > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > > +!if $(TLS_ENABLE) == TRUE > > > + NetworkPkg/TlsDxe/TlsDxe.inf > > > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > > +!endif > > > !endif > > > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > > > diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf > > > index 34d57a6079..30c8800932 100644 > > > --- a/OvmfPkg/OvmfPkgIa32.fdf > > > +++ b/OvmfPkg/OvmfPkgIa32.fdf > > > @@ -329,6 +329,10 @@ [FV.DXEFV] > > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > > +!if $(TLS_ENABLE) == TRUE > > > + INF NetworkPkg/TlsDxe/TlsDxe.inf > > > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > > +!endif > > > !endif > > > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > > > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > > > index 8e3e04c135..f22bad309a 100644 > > > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > > > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > > > @@ -38,6 +38,7 @@ [Defines] > > > DEFINE NETWORK_IP6_ENABLE = FALSE > > > DEFINE HTTP_BOOT_ENABLE = FALSE > > > DEFINE SMM_REQUIRE = FALSE > > > + DEFINE TLS_ENABLE = FALSE > > > > > > [BuildOptions] > > > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > > > @@ -163,6 +164,9 @@ [LibraryClasses] > > > > > > !if $(HTTP_BOOT_ENABLE) == TRUE > > > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > > > +!if $(TLS_ENABLE) == TRUE > > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > > +!endif > > > !endif > > > > > > > > > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > > > tLib.inf > > > @@ -724,6 +728,10 @@ [Components.X64] > > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > > NetworkPkg/HttpDxe/HttpDxe.inf > > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > > +!if $(TLS_ENABLE) == TRUE > > > + NetworkPkg/TlsDxe/TlsDxe.inf > > > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > > +!endif > > > !endif > > > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > > > diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf > > > index df55c2b210..7bc31d42ba 100644 > > > --- a/OvmfPkg/OvmfPkgIa32X64.fdf > > > +++ b/OvmfPkg/OvmfPkgIa32X64.fdf > > > @@ -329,6 +329,10 @@ [FV.DXEFV] > > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > > +!if $(TLS_ENABLE) == TRUE > > > + INF NetworkPkg/TlsDxe/TlsDxe.inf > > > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > > +!endif > > > !endif > > > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > > > index 6ec3fe050d..8eca6fd557 100644 > > > --- a/OvmfPkg/OvmfPkgX64.dsc > > > +++ b/OvmfPkg/OvmfPkgX64.dsc > > > @@ -38,6 +38,7 @@ [Defines] > > > DEFINE NETWORK_IP6_ENABLE = FALSE > > > DEFINE HTTP_BOOT_ENABLE = FALSE > > > DEFINE SMM_REQUIRE = FALSE > > > + DEFINE TLS_ENABLE = FALSE > > > > > > [BuildOptions] > > > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > > > @@ -163,6 +164,9 @@ [LibraryClasses] > > > > > > !if $(HTTP_BOOT_ENABLE) == TRUE > > > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > > > +!if $(TLS_ENABLE) == TRUE > > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > > +!endif > > > !endif > > > > > > > > > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > > > tLib.inf > > > @@ -722,6 +726,10 @@ [Components] > > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > > NetworkPkg/HttpDxe/HttpDxe.inf > > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > > +!if $(TLS_ENABLE) == TRUE > > > + NetworkPkg/TlsDxe/TlsDxe.inf > > > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > > +!endif > > > !endif > > > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > > > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > > > index 5e2e1dfaf5..cb7ca131e8 100644 > > > --- a/OvmfPkg/OvmfPkgX64.fdf > > > +++ b/OvmfPkg/OvmfPkgX64.fdf > > > @@ -329,6 +329,10 @@ [FV.DXEFV] > > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > > +!if $(TLS_ENABLE) == TRUE > > > + INF NetworkPkg/TlsDxe/TlsDxe.inf > > > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > > +!endif > > > !endif > > > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > > > -- > > > 2.11.0 > > > > > > _______________________________________________ > > > edk2-devel mailing list > > > edk2-devel@lists.01.org > > > https://lists.01.org/mailman/listinfo/edk2-devel >