From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: devel@edk2.groups.io
Cc: Jordan Justen <jordan.l.justen@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Ard Biesheuvel <ard.biesheuvel@arm.com>,
Sami Mujawar <sami.mujawar@arm.com>,
Leif Lindholm <leif@nuviainc.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>,
Xiaoyu Lu <xiaoyux.lu@intel.com>,
Guomin Jiang <guomin.jiang@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Kelly Steele <kelly.steele@intel.com>,
Zailiang Sun <zailiang.sun@intel.com>,
Yi Qian <yi.qian@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Maciej Rabeda <maciej.rabeda@linux.intel.com>,
Jiaxin Wu <jiaxin.wu@intel.com>, Siyuan Fu <siyuan.fu@intel.com>
Subject: [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default
Date: Thu, 12 Nov 2020 13:55:57 +0800 [thread overview]
Message-ID: <20201112055558.2348-13-zhichao.gao@intel.com> (raw)
In-Reply-To: <20201112055558.2348-1-zhichao.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
iSCSI is using the deprecated function MD5. It is
better to make the default setting secure. If the platforms
want to use the iSCSI, they should enable it in the platforms'
dsc file and be aware they are using an function with weak
cryptography.
Enable iSCSI in NetworkPkg.dsc for build.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Zailiang Sun <zailiang.sun@intel.com>
Cc: Yi Qian <yi.qian@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
NetworkPkg/NetworkPkg.dsc | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc
index a442d1b157..18921d81f6 100644
--- a/NetworkPkg/NetworkDefines.dsc.inc
+++ b/NetworkPkg/NetworkDefines.dsc.inc
@@ -17,7 +17,7 @@
# DEFINE NETWORK_TLS_ENABLE = TRUE
# DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
# DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
-# DEFINE NETWORK_ISCSI_ENABLE = TRUE
+# DEFINE NETWORK_ISCSI_ENABLE = FALSE
# DEFINE NETWORK_VLAN_ENABLE = TRUE
#
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
@@ -101,7 +101,7 @@
# Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
# since libssl is not required for iSCSI.
#
- DEFINE NETWORK_ISCSI_ENABLE = TRUE
+ DEFINE NETWORK_ISCSI_ENABLE = FALSE
!endif
!if $(NETWORK_ENABLE) == TRUE
diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
index 716d04fdad..e508995e3a 100644
--- a/NetworkPkg/NetworkPkg.dsc
+++ b/NetworkPkg/NetworkPkg.dsc
@@ -2,7 +2,7 @@
# UEFI 2.4 Network Module Package for All Architectures
#
# (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -18,6 +18,8 @@
BUILD_TARGETS = DEBUG|RELEASE|NOOPT
SKUID_IDENTIFIER = DEFAULT
+ DEFINE NETWORK_ISCSI_ENABLE = TRUE
+
[LibraryClasses]
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
--
2.21.0.windows.1
next prev parent reply other threads:[~2020-11-12 5:56 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-12 5:55 [PATCH V4 00/13] Disable the deprecated MD5 and SHA1 support Gao, Zhichao
2020-11-12 5:55 ` [PATCH V4 01/13] SecurityPkg/Hash2DxeCrypto: Remove MD5 support Gao, Zhichao
2020-11-12 5:55 ` [PATCH V4 02/13] SecurityPkg/Hash2DxeCrypto: Remove SHA1 support Gao, Zhichao
2020-11-12 5:55 ` [PATCH V4 03/13] CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 Gao, Zhichao
2020-11-13 23:39 ` [edk2-devel] " Laszlo Ersek
2020-11-12 5:55 ` [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI Gao, Zhichao
2020-11-13 23:47 ` [edk2-devel] " Laszlo Ersek
2020-11-16 1:21 ` Gao, Zhichao
[not found] ` <MWHPR11MB164718420D1E60E229266536F6E30@MWHPR11MB1647.namprd11.prod.outlook.com>
[not found] ` <3b9ad361-40be-509b-93e7-2b9062082b00@linux.intel.com>
2020-11-17 0:56 ` Gao, Zhichao
2020-11-16 5:50 ` Siyuan, Fu
2020-11-12 5:55 ` [PATCH V4 05/13] ArmVirtPkg/ArmVirtQemu.dsc: " Gao, Zhichao
2020-11-13 23:52 ` [edk2-devel] " Laszlo Ersek
2020-11-12 5:55 ` [PATCH V4 06/13] ArmVirtPkg/ArmVirtQemuKernel.dsc: " Gao, Zhichao
2020-11-13 23:53 ` [edk2-devel] " Laszlo Ersek
2020-11-12 5:55 ` [PATCH V4 07/13] OvmfPkg/OvmfPkgIa32.dsc: " Gao, Zhichao
2020-11-13 23:58 ` [edk2-devel] " Laszlo Ersek
2020-11-12 5:55 ` [PATCH V4 08/13] OvmfPkg/OvmfPkgIa32X64.dsc: " Gao, Zhichao
2020-11-14 0:03 ` [edk2-devel] " Laszlo Ersek
2020-11-12 5:55 ` [PATCH V4 09/13] OvmfPkg/OvmfPkgX64.dsc: " Gao, Zhichao
2020-11-14 0:03 ` [edk2-devel] " Laszlo Ersek
2020-11-12 5:55 ` [PATCH V4 10/13] OvmfPkg/OvmfXen.dsc: " Gao, Zhichao
2020-11-14 0:06 ` [edk2-devel] " Laszlo Ersek
2020-11-12 5:55 ` [PATCH V4 11/13] OvmfPkg/BhyveX64.dsc: " Gao, Zhichao
2020-11-14 0:12 ` [edk2-devel] " Laszlo Ersek
2020-11-12 5:55 ` Gao, Zhichao [this message]
2020-11-14 0:17 ` [edk2-devel] [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default Laszlo Ersek
2020-11-16 5:50 ` Siyuan, Fu
2020-11-16 11:41 ` [edk2-devel] " Maciej Rabeda
2020-11-12 5:55 ` [PATCH V4 13/13] CryptoPkg: Make the MD5 disable as default for security Gao, Zhichao
[not found] ` <1646AD0BC52F0534.414@groups.io>
2020-11-13 11:02 ` [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI Gao, Zhichao
2020-11-17 19:16 ` [edk2-devel] [PATCH V4 00/13] Disable the deprecated MD5 and SHA1 support Laszlo Ersek
2020-11-17 19:28 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201112055558.2348-13-zhichao.gao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox