From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 3E35021194898
 for <edk2-devel@lists.01.org>; Fri, 23 Nov 2018 04:00:12 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 05176A403B;
 Fri, 23 Nov 2018 12:00:12 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-112.rdu2.redhat.com
 [10.10.120.112])
 by smtp.corp.redhat.com (Postfix) with ESMTP id A78FC197FE;
 Fri, 23 Nov 2018 12:00:10 +0000 (UTC)
To: Fu Siyuan <siyuan.fu@intel.com>, edk2-devel@lists.01.org
Cc: Anthony Perard <anthony.perard@citrix.com>,
 Jordan Justen <jordan.l.justen@intel.com>
References: <20181122052153.89464-1-siyuan.fu@intel.com>
 <20181122052153.89464-6-siyuan.fu@intel.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <5c2bd936-6a84-eea0-f165-3c99ba892793@redhat.com>
Date: Fri, 23 Nov 2018 13:00:09 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20181122052153.89464-6-siyuan.fu@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.38]); Fri, 23 Nov 2018 12:00:12 +0000 (UTC)
Subject: Re: [PATCH v2 5/6] OvmfPkg: Update DSC/FDF to use NetworkPkg's include fragment file.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Nov 2018 12:00:13 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 11/22/18 06:21, Fu Siyuan wrote:
> This patch updates the platform DSC/FDF files to use the include fragment
> files provided by NetworkPkg.
> The feature enabling flags in [Defines] section have been updated to use
> the NetworkPkg's terms, and the value has been overridden with the original
> default value on this platform.
>
> This patch also rename the TLS_ENABLE flag to PLATFORM_TLS_ENABLE for the
> platform specific configuration for TLS support.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Julien Grall <julien.grall@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
> ---
>
> Notes:
>     v2:
>     Rename TLS_ENABLE flag to PLATFORM_TLS_ENABLE flag for platform specific configuration for TLS support.
>
>  OvmfPkg/OvmfPkgIa32.dsc    | 75 +++++++++----------
>  OvmfPkg/OvmfPkgIa32.fdf    | 27 +------
>  OvmfPkg/OvmfPkgIa32X64.dsc | 76 +++++++++-----------
>  OvmfPkg/OvmfPkgIa32X64.fdf | 27 +------
>  OvmfPkg/OvmfPkgX64.dsc     | 75 +++++++++----------
>  OvmfPkg/OvmfPkgX64.fdf     | 27 +------
>  6 files changed, 102 insertions(+), 205 deletions(-)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index eccf34d3d1cb..adedd2240a8a 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -35,12 +35,25 @@ [Defines]
>    # -D FLAG=VALUE
>    #
>    DEFINE SECURE_BOOT_ENABLE      = FALSE
> -  DEFINE NETWORK_IP6_ENABLE      = FALSE
> -  DEFINE HTTP_BOOT_ENABLE        = FALSE
>    DEFINE SMM_REQUIRE             = FALSE
> -  DEFINE TLS_ENABLE              = FALSE
>    DEFINE TPM2_ENABLE             = FALSE
>
> +  #
> +  # PLATFORM_TLS_ENABLE flag is used to control platform specific configuration for TLS support,
> +  # which add a NULL class library instance to TlsAuthConfigDxe.inf for downloading the necessary
> +  # data from QEMU via fw_cfg.
> +  #
> +  DEFINE PLATFORM_TLS_ENABLE            = FALSE
> +  #
> +  # The NETWORK_TLS_ENABLE should always be set to FALSE since PLATFORM_TLS_ENABLE is used.
> +  #
> +  DEFINE NETWORK_TLS_ENABLE             = FALSE
> +  DEFINE NETWORK_IP6_ENABLE             = FALSE
> +  DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
> +  DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
> +  DEFINE NETWORK_IPSEC_ENABLE           = FALSE
> +!include NetworkPkg/NetworkDefines.dsc.inc
> +

Perfect. Logically, this is exactly right.

One syntactic request:

(1) Can you please rewrap the -- otherwise spot-on -- explanation of
PLATFORM_TLS_ENABLE to 80 characters? Same for the NETWORK_TLS_ENABLE
explanation.

>    #
>    # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to
>    # one of the supported values, in place of any of the convenience macros, is
> @@ -144,10 +157,6 @@ [LibraryClasses]
>    FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
>    UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf
>    SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
> -  NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf
> -  IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf
> -  UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf
> -  DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
>    UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf
>    SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.inf
>    QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
> @@ -173,7 +182,7 @@ [LibraryClasses]
>    DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
>
>    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> -!if $(TLS_ENABLE) == TRUE
> +!if $(PLATFORM_TLS_ENABLE) == TRUE
>    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
>  !else
>    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -191,11 +200,12 @@ [LibraryClasses]
>
>    TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf

(2) Please remove the TcpIoLib resolution as well. It is provided by
"NetworkPkg/NetworkLibs.dsc.inc".

>
> -!if $(HTTP_BOOT_ENABLE) == TRUE
> -  HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf
> -!endif
> +  #
> +  # Network libraries
> +  #
> +!include NetworkPkg/NetworkLibs.dsc.inc
>
> -!if $(TLS_ENABLE) == TRUE
> +!if $(PLATFORM_TLS_ENABLE) == TRUE
>    TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>  !endif
>
> @@ -442,7 +452,7 @@ [PcdsFixedAtBuild]
>  !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> -!if $(TLS_ENABLE) == FALSE
> +!if $(PLATFORM_TLS_ENABLE) == FALSE
>    # match PcdFlashNvStorageVariableSize purely for convenience
>    gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
>  !endif
> @@ -450,12 +460,12 @@ [PcdsFixedAtBuild]
>  !if $(FD_SIZE_IN_KB) == 4096
>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
> -!if $(TLS_ENABLE) == FALSE
> +!if $(PLATFORM_TLS_ENABLE) == FALSE
>    # match PcdFlashNvStorageVariableSize purely for convenience
>    gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x40000
>  !endif
>  !endif
> -!if $(TLS_ENABLE) == TRUE
> +!if $(PLATFORM_TLS_ENABLE) == TRUE
>    gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>  !endif
> @@ -504,9 +514,10 @@ [PcdsFixedAtBuild]
>    gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
>  !endif
>
> -!if $(HTTP_BOOT_ENABLE) == TRUE
> -  gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
> -!endif
> +  #
> +  # Network Pcds
> +  #
> +!include NetworkPkg/NetworkPcds.dsc.inc
>
>    gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x9E, 0x1C, 0x4F, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, 0xD1 }
>
> @@ -777,31 +788,9 @@ [Components]
>    #
>    # Network Support
>    #
> -  MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
> -  MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
> -  MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
> -  MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
> -  MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
> -  MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
> -  MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
> -  MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
> -  MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
> -  NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
> -  NetworkPkg/TcpDxe/TcpDxe.inf
> -  NetworkPkg/IScsiDxe/IScsiDxe.inf
> -!if $(NETWORK_IP6_ENABLE) == TRUE
> -  NetworkPkg/Ip6Dxe/Ip6Dxe.inf
> -  NetworkPkg/Udp6Dxe/Udp6Dxe.inf
> -  NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
> -  NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
> -!endif
> -!if $(HTTP_BOOT_ENABLE) == TRUE
> -  NetworkPkg/DnsDxe/DnsDxe.inf
> -  NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> -  NetworkPkg/HttpDxe/HttpDxe.inf
> -  NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> -!endif
> -!if $(TLS_ENABLE) == TRUE
> +!include NetworkPkg/NetworkComponents.dsc.inc
> +
> +!if $(PLATFORM_TLS_ENABLE) == TRUE
>    NetworkPkg/TlsDxe/TlsDxe.inf
>    NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>      <LibraryClasses>

(3) This is all great. What do you think of the following, in addition:
(and this is actually another comment for the NetworkPkg patch:)

We could introduce another include file, namely

  NetworkPkg/NetworkShellCommandsLib.dsc.inc

And in that file, you could provide:

  !if NETWORK_ENABLE
    !if NETWORK_IP4_ENABLE
      NULL|ShellPkg/Library/UefiShellNetwork1CommandsLib/UefiShellNetwork1CommandsLib.inf
    !endif
    !if NETWORK_IP6_ENABLE
      NULL|ShellPkg/Library/UefiShellNetwork2CommandsLib/UefiShellNetwork2CommandsLib.inf
    !endif
  !endif

Because, with the help of this file, we could retire the last remaining
instance of NETWORK_IP6_ENABLE in the OVMF DSC files:

  !if $(NETWORK_IP6_ENABLE) == TRUE
        NULL|ShellPkg/Library/UefiShellNetwork2CommandsLib/UefiShellNetwork2CommandsLib.inf
  !endif

What's your opinion?

> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index f7f9ab06bb5a..995328992ccf 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -296,31 +296,8 @@ [FV.DXEFV]
>  #
>  # Network modules
>  #
> -  INF  MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
> -  INF  MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
> -  INF  MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
> -  INF  MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
> -  INF  MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
> -  INF  MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
> -  INF  MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
> -  INF  MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
> -  INF  MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
> -  INF  NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
> -  INF  NetworkPkg/TcpDxe/TcpDxe.inf
> -  INF  NetworkPkg/IScsiDxe/IScsiDxe.inf
> -!if $(NETWORK_IP6_ENABLE) == TRUE
> -  INF  NetworkPkg/Ip6Dxe/Ip6Dxe.inf
> -  INF  NetworkPkg/Udp6Dxe/Udp6Dxe.inf
> -  INF  NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
> -  INF  NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
> -!endif
> -!if $(HTTP_BOOT_ENABLE) == TRUE
> -  INF  NetworkPkg/DnsDxe/DnsDxe.inf
> -  INF  NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> -  INF  NetworkPkg/HttpDxe/HttpDxe.inf
> -  INF  NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> -!endif
> -!if $(TLS_ENABLE) == TRUE
> +!include NetworkPkg/Network.fdf.inc
> +!if $(PLATFORM_TLS_ENABLE) == TRUE
>    INF  NetworkPkg/TlsDxe/TlsDxe.inf
>    INF  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
>  !endif

Nice.

Last request for the OvmfPkg patch:

(4) Please replace HTTP_BOOT_ENABLE and TLS_ENABLE in the "OvmfPkg/README"
file as well (there is one hit for each build flag).

Please also re-wrap any lines in the README that grow longer than 80
characters, due to the replacements.

(Regarding the Wiki, I've just filed
<https://bugzilla.tianocore.org/show_bug.cgi?id=1357> separately.)

I'm real happy about this series. :)

Thanks!
Laszlo