From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 8FD5C81BA1
 for <edk2-devel@ml01.01.org>; Tue, 17 Jan 2017 00:53:54 -0800 (PST)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
 (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 583D58553D;
 Tue, 17 Jan 2017 08:53:55 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-70.phx2.redhat.com
 [10.3.116.70])
 by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 v0H8rror030478; Tue, 17 Jan 2017 03:53:54 -0500
To: Jiaxin Wu <jiaxin.wu@intel.com>, edk2-devel@ml01.01.org
References: <1484623992-52988-1-git-send-email-jiaxin.wu@intel.com>
 <1484623992-52988-2-git-send-email-jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>, Fu Siyuan <siyuan.fu@intel.com>,
 Kinney Michael D <michael.d.kinney@intel.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <38c2b4d0-fea4-a3b3-a939-8f9c6fafc6d7@redhat.com>
Date: Tue, 17 Jan 2017 09:53:52 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <1484623992-52988-2-git-send-email-jiaxin.wu@intel.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.28]); Tue, 17 Jan 2017 08:53:55 +0000 (UTC)
Subject: Re: [PATCH v2 1/2] NetworkPkg: Add PCD to enable the HTTP connections switch
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 08:53:54 -0000
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit

On 01/17/17 04:33, Jiaxin Wu wrote:
> v2:
> * Rename the PCD to PcdAllowHttpConnections.
> * Refine the PCD descriptions.
> 
> If the value of PcdAllowHttpConnections is TRUE, HTTP connections is
> allowed. Both the "https://" and "http://" URI schemes are permitted.
> Otherwise, HTTP connections is denied. Only the "https://" URI scheme
> is permitted.
> 
> Cc: Ye Ting <ting.ye@intel.com>
> Cc: Fu Siyuan <siyuan.fu@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Kinney Michael D <michael.d.kinney@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> ---
>  NetworkPkg/HttpBootDxe/HttpBootClient.c  | 20 +++++++-
>  NetworkPkg/HttpBootDxe/HttpBootConfig.c  | 81 ++++++++++++++++++++------------
>  NetworkPkg/HttpBootDxe/HttpBootDxe.inf   |  5 +-
>  NetworkPkg/HttpBootDxe/HttpBootSupport.c | 53 ++++++++++++++++++++-
>  NetworkPkg/HttpBootDxe/HttpBootSupport.h | 17 ++++++-
>  NetworkPkg/HttpDxe/HttpDxe.inf           |  5 +-
>  NetworkPkg/HttpDxe/HttpImpl.c            | 12 ++++-
>  NetworkPkg/NetworkPkg.dec                |  8 +++-
>  8 files changed, 164 insertions(+), 37 deletions(-)

[snip]

> diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
> index 24d45f4..d51f816 100644
> --- a/NetworkPkg/NetworkPkg.dec
> +++ b/NetworkPkg/NetworkPkg.dec
> @@ -2,11 +2,11 @@
>  # Network Package.
>  #
>  # This package provides network modules that conform to UEFI 2.4 specification.
>  #
>  # (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
> -# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
>  #
>  # This program and the accompanying materials are licensed and made available under
>  # the terms and conditions of the BSD License which accompanies this distribution.
>  # The full text of the license may be found at
>  # http://opensource.org/licenses/bsd-license.php
> @@ -77,10 +77,16 @@
>  
>    ## Private Key's size.
>    # @Prompt Private Key's size.
>    gEfiNetworkPkgTokenSpaceGuid.PcdIpsecUefiCertificateKeySize|0x3d5|UINT32|0x00000006
>  
> +  ## Indicates whether HTTP connections (i.e., unsecured) are permitted or not.
> +  # TRUE  - HTTP connections is allowed. Both the "https://" and "http://" URI schemes are permitted.
> +  # FALSE - HTTP connections is denied. Only the "https://" URI scheme is permitted.
> +  # @Prompt Indicates whether HTTP connections are permitted or not.
> +  gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|FALSE|BOOLEAN|0x00000008
> +
>  [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
>    ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).
>    # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
>    # 04 = UUID-Based DHCPv6 Unique Identifier (DUID-UUID)
>    # 02 = DUID Assigned by Vendor Based on Enterprise Number [DUID-EN] (not supported)
> 

Minor nit: I suggest replacing

  connections is

with

  connections are

in the commit message and in the code. (I count four instances in
total.) It can be done when you commit / push the patch.

Other than that, this looks good to me, from a client platform's
perspective.

Acked-by: Laszlo Ersek <lersek@redhat.com>

Thanks!
Laszlo