From: "Gary Lin" <glin@suse.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: edk2-devel-groups-io <devel@edk2.groups.io>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Guillaume GARDET <guillaume.gardet@arm.com>,
Julien Grall <julien.grall@arm.com>
Subject: Re: [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
Date: Fri, 28 Jun 2019 04:48:25 +0000 [thread overview]
Message-ID: <20190628044813.GB6000@GaryWorkstation> (raw)
In-Reply-To: <20190624191336.31611-1-lersek@redhat.com>
On Mon, Jun 24, 2019 at 09:13:36PM +0200, Laszlo Ersek wrote:
> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> ArmVirtXen is not modified because it doesn't include the edk2 network
> stack.
>
> (This change is now simpler than it would have been when TianoCore#1009
> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>
> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>
I tested both HTTPS IPv4 and IPv6, and it worked as expected.
The bootloader was loaded after enrolling the correct certificate, and
the firmware rejected the connection when enrolling the wrong
certificate.
Tested-by: Gary Lin <glin@suse.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>
> Notes:
> Repo: https://github.com/lersek/edk2.git
> Branch: armvirt_tls_bz1009
>
> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> 3 files changed, 35 insertions(+), 8 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index 20bf011617a1..a4ae25d982a2 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>
> # Networking Requirements
> !include NetworkPkg/NetworkLibs.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> +!endif
>
>
> #
> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> # CryptoPkg libraries needed by multiple firmware features
> #
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +!else
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +!endif
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>
> #
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index cf28478977e1..7ae6702ac1f0 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -372,6 +376,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> index 596e59739cab..3b0f04967a4b 100644
> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -356,6 +360,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> --
> 2.19.1.3.g30247aa5d201
>
>
next prev parent reply other threads:[~2019-06-28 4:48 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-24 19:13 [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* Laszlo Ersek
2019-06-25 8:50 ` Ard Biesheuvel
2019-06-25 11:22 ` [edk2-devel] " Laszlo Ersek
2019-06-25 12:01 ` Guillaume Gardet
2019-06-26 1:55 ` Gary Lin
2019-06-26 8:55 ` Laszlo Ersek
2019-06-25 14:55 ` Philippe Mathieu-Daudé
2019-06-28 4:48 ` Gary Lin [this message]
2019-06-28 16:10 ` Laszlo Ersek
2019-06-28 16:13 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190628044813.GB6000@GaryWorkstation \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox