From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruiyu.ni@intel.com>
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 50A3B81A34
 for <edk2-devel@lists.01.org>; Wed, 14 Dec 2016 00:18:56 -0800 (PST)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by orsmga104.jf.intel.com with ESMTP; 14 Dec 2016 00:18:55 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,346,1477983600"; d="scan'208";a="1098933591"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by fmsmga002.fm.intel.com with ESMTP; 14 Dec 2016 00:18:55 -0800
Received: from fmsmsx151.amr.corp.intel.com (10.18.125.4) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Wed, 14 Dec 2016 00:18:55 -0800
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 FMSMSX151.amr.corp.intel.com (10.18.125.4) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Wed, 14 Dec 2016 00:18:55 -0800
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.11]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.77]) with mapi id 14.03.0248.002;
 Wed, 14 Dec 2016 16:18:51 +0800
From: "Ni, Ruiyu" <ruiyu.ni@intel.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Long, Qin" <qin.long@intel.com>, "Ye, Ting" <ting.ye@intel.com>, "Fu,
 Siyuan" <siyuan.fu@intel.com>, "Zhang, Lubo" <lubo.zhang@intel.com>, "Thomas
 Palmer" <thomas.palmer@hpe.com>, "Yao, Jiewen" <jiewen.yao@intel.com>
Thread-Topic: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32
 platform
Thread-Index: AQHSVeDHTi3/34C24E+JCc0yWr1hCaEHGUwA
Date: Wed, 14 Dec 2016 08:18:50 +0000
Deferred-Delivery: Wed, 14 Dec 2016 08:18:00 +0000
Message-ID: <734D49CCEBEEF84792F5B80ED585239D5B83076A@SHSMSX103.ccr.corp.intel.com>
References: <1481702685-100424-1-git-send-email-jiaxin.wu@intel.com>
In-Reply-To: <1481702685-100424-1-git-send-email-jiaxin.wu@intel.com>
Accept-Language: en-US, zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32 platform
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2016 08:18:56 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

Thanks/Ray

> -----Original Message-----
> From: Wu, Jiaxin
> Sent: Wednesday, December 14, 2016 4:05 PM
> To: edk2-devel@lists.01.org
> Cc: Long, Qin <qin.long@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Ye, T=
ing
> <ting.ye@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Zhang, Lubo
> <lubo.zhang@intel.com>; Thomas Palmer <thomas.palmer@hpe.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> Subject: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32
> platform
>=20
> v2:
> * Rename flag: HTTPS_BOOT_ENABLE -> TLS_ENABLE
>=20
> This path is used to enable HTTPS boot feature for Nt32 platform.
>=20
> Cc: Long Qin <qin.long@intel.com>
> Cc: Ni Ruiyu <ruiyu.ni@intel.com>
> Cc: Ye Ting <ting.ye@intel.com>
> Cc: Fu Siyuan <siyuan.fu@intel.com>
> Cc: Zhang Lubo <lubo.zhang@intel.com>
> Cc: Thomas Palmer <thomas.palmer@hpe.com>
> Cc: Yao Jiewen <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> ---
>  Nt32Pkg/Nt32Pkg.dsc | 15 ++++++++++++++-  Nt32Pkg/Nt32Pkg.fdf |  4
> ++++
>  2 files changed, 18 insertions(+), 1 deletion(-)
>=20
> diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index
> 79ab2f7..0a59e46 100644
> --- a/Nt32Pkg/Nt32Pkg.dsc
> +++ b/Nt32Pkg/Nt32Pkg.dsc
> @@ -43,10 +43,17 @@
>    #
>    # Defines for default states.  These can be changed on the command lin=
e.
>    # -D FLAG=3DVALUE
>    #
>    DEFINE SECURE_BOOT_ENABLE      =3D FALSE
> +
> +  #
> +  # This flag is to enable or disable TLS feature.
> +  # These can be changed on the command line.
> +  # -D FLAG=3DVALUE
> +  #
> +  DEFINE TLS_ENABLE      =3D TRUE
>=20
>=20
> ##########################################################
> ######################
>  #
>  # SKU Identification section - list of all SKU IDs supported by this
>  #                              Platform.
> @@ -189,10 +196,11 @@
>=20
> OemHookStatusCodeLib|Nt32Pkg/Library/DxeNt32OemHookStatusCodeLib/
> DxeNt32OemHookStatusCodeLib.inf
>=20
> PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt
> 32PeCoffExtraActionLib.inf
>=20
> ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeE
> xtractGuidedSectionLib.inf
>    WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
>    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>=20
>  [LibraryClasses.common.DXE_CORE]
>    HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
>=20
> MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLi
> b/DxeCoreMemoryAllocationLib.inf
>    PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> @@ -232,11 +240,11 @@
>    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x1f
>=20
> gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareVolume|L"..\\Fv\\Nt32.fd"
>    gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareBlockSize|0x10000
>    gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
>=20
> gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationC
> hange|FALSE
> -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
> +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE || $(TLS_ENABLE) =3D=3D TRUE
>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>  !endif
>=20
>  !ifndef $(USE_OLD_SHELL)
>    gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5,
> 0x04, 0x7C, 0x3E, 0x9E, 0x1C, 0x4F, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0=
xB4,
> 0xD1 } @@ -437,10 +445,15 @@
>=20
>    NetworkPkg/HttpBootDxe/HttpBootDxe.inf
>    NetworkPkg/DnsDxe/DnsDxe.inf
>    NetworkPkg/HttpDxe/HttpDxe.inf
>    NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> +
> +!if $(TLS_ENABLE) =3D=3D TRUE
> +  NetworkPkg/TlsDxe/TlsDxe.inf
> +  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> +!endif
>=20
>    MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
>    MdeModulePkg/Application/UiApp/UiApp.inf{
>      <LibraryClasses>
>=20
> NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
> diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf index
> cf00a13..c198d73 100644
> --- a/Nt32Pkg/Nt32Pkg.fdf
> +++ b/Nt32Pkg/Nt32Pkg.fdf
> @@ -260,10 +260,14 @@ INF
> MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
>  INF  MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
>  INF  NetworkPkg/HttpBootDxe/HttpBootDxe.inf
>  INF  NetworkPkg/DnsDxe/DnsDxe.inf
>  INF  NetworkPkg/HttpDxe/HttpDxe.inf
>  INF  NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> +!if $(TLS_ENABLE) =3D=3D TRUE
> +INF  NetworkPkg/TlsDxe/TlsDxe.inf
> +INF  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> +!endif
>  INF
> MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuAp
> p.inf
>=20
> ##########################################################
> ######################
>  #
>  # FILE statements are provided so that a platform integrator can include=
  #
> complete EFI FFS files, as well as a method for constructing FFS files
> --
> 1.9.5.msysgit.1