Hi Gary, Before we enable the HTTPS/TLS for OVMF, We need remove the 'SECURE_BOOT_ENABLE' flag control for the CryptoPkg librarie. Not only the secure boot feature requires the CryptoPkg libraries (e.g, OpensslLib, BaseCryptLib), but also ISCSI, IpSec and HTTPS/TLS features. If we not remove that dependency, we must set both SECURE_BOOT_ENABLE and TLS_ENABLE to support TLS feature. That's unreasonable. Attached patch is to remove the flag control for the CryptoPkg libraries. I suggest to wait that patch commit, then go ahead to enable the HTTPS for OVMF. Thanks, Jiaxin > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Gary > Lin > Sent: Monday, January 16, 2017 12:10 PM > To: edk2-devel@lists.01.org > Cc: Justen, Jordan L ; Wu, Jiaxin > ; Laszlo Ersek > Subject: [edk2] [PATCH] OvmfPkg: Enable HTTPS for Ovmf > > This commit introduces a new build option to OvmfPkg: TLS_ENABLE. > When setting the option, the TLS drivers will be included to support > HTTPS. > > NOTE: HTTP_BOOT_ENABLE is needed to enable HTTPS support since it's > pointless to enable TLS alone. > > Cc: Laszlo Ersek > Cc: Jordan Justen > Cc: Jiaxin Wu > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Gary Lin > --- > OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ > OvmfPkg/OvmfPkgIa32.fdf | 4 ++++ > OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ > OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++ > OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ > OvmfPkg/OvmfPkgX64.fdf | 4 ++++ > 6 files changed, 36 insertions(+) > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index e97f7f0262..363f143c68 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -38,6 +38,7 @@ [Defines] > DEFINE NETWORK_IP6_ENABLE = FALSE > DEFINE HTTP_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > + DEFINE TLS_ENABLE = FALSE > > [BuildOptions] > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > @@ -158,6 +159,9 @@ [LibraryClasses] > > !if $(HTTP_BOOT_ENABLE) == TRUE > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > +!if $(TLS_ENABLE) == TRUE > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > +!endif > !endif > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > tLib.inf > @@ -715,6 +719,10 @@ [Components] > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > NetworkPkg/HttpDxe/HttpDxe.inf > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > +!if $(TLS_ENABLE) == TRUE > + NetworkPkg/TlsDxe/TlsDxe.inf > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > !endif > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf > index 34d57a6079..30c8800932 100644 > --- a/OvmfPkg/OvmfPkgIa32.fdf > +++ b/OvmfPkg/OvmfPkgIa32.fdf > @@ -329,6 +329,10 @@ [FV.DXEFV] > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > INF NetworkPkg/HttpDxe/HttpDxe.inf > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > +!if $(TLS_ENABLE) == TRUE > + INF NetworkPkg/TlsDxe/TlsDxe.inf > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > !endif > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 8e3e04c135..f22bad309a 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -38,6 +38,7 @@ [Defines] > DEFINE NETWORK_IP6_ENABLE = FALSE > DEFINE HTTP_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > + DEFINE TLS_ENABLE = FALSE > > [BuildOptions] > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > @@ -163,6 +164,9 @@ [LibraryClasses] > > !if $(HTTP_BOOT_ENABLE) == TRUE > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > +!if $(TLS_ENABLE) == TRUE > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > +!endif > !endif > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > tLib.inf > @@ -724,6 +728,10 @@ [Components.X64] > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > NetworkPkg/HttpDxe/HttpDxe.inf > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > +!if $(TLS_ENABLE) == TRUE > + NetworkPkg/TlsDxe/TlsDxe.inf > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > !endif > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf > index df55c2b210..7bc31d42ba 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.fdf > +++ b/OvmfPkg/OvmfPkgIa32X64.fdf > @@ -329,6 +329,10 @@ [FV.DXEFV] > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > INF NetworkPkg/HttpDxe/HttpDxe.inf > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > +!if $(TLS_ENABLE) == TRUE > + INF NetworkPkg/TlsDxe/TlsDxe.inf > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > !endif > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 6ec3fe050d..8eca6fd557 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -38,6 +38,7 @@ [Defines] > DEFINE NETWORK_IP6_ENABLE = FALSE > DEFINE HTTP_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > + DEFINE TLS_ENABLE = FALSE > > [BuildOptions] > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > @@ -163,6 +164,9 @@ [LibraryClasses] > > !if $(HTTP_BOOT_ENABLE) == TRUE > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > +!if $(TLS_ENABLE) == TRUE > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > +!endif > !endif > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > tLib.inf > @@ -722,6 +726,10 @@ [Components] > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > NetworkPkg/HttpDxe/HttpDxe.inf > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > +!if $(TLS_ENABLE) == TRUE > + NetworkPkg/TlsDxe/TlsDxe.inf > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > !endif > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > index 5e2e1dfaf5..cb7ca131e8 100644 > --- a/OvmfPkg/OvmfPkgX64.fdf > +++ b/OvmfPkg/OvmfPkgX64.fdf > @@ -329,6 +329,10 @@ [FV.DXEFV] > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > INF NetworkPkg/HttpDxe/HttpDxe.inf > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > +!if $(TLS_ENABLE) == TRUE > + INF NetworkPkg/TlsDxe/TlsDxe.inf > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > !endif > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > -- > 2.11.0 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel