From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EA6D581CCE for ; Sun, 15 Jan 2017 22:15:13 -0800 (PST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga103.jf.intel.com with ESMTP; 15 Jan 2017 22:15:13 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,237,1477983600"; d="scan'208";a="1113243978" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga002.fm.intel.com with ESMTP; 15 Jan 2017 22:15:13 -0800 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 15 Jan 2017 22:15:13 -0800 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 15 Jan 2017 22:15:13 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.20]) by shsmsx102.ccr.corp.intel.com ([169.254.2.88]) with mapi id 14.03.0248.002; Mon, 16 Jan 2017 14:15:09 +0800 From: "Wu, Jiaxin" To: "Wu, Jiaxin" , Gary Lin , "edk2-devel@lists.01.org" CC: "Justen, Jordan L" , Laszlo Ersek , "Long, Qin" Thread-Topic: [edk2] [PATCH] OvmfPkg: Enable HTTPS for Ovmf Thread-Index: AQHSb66fEusTISOjy0C6eN1ivRZeEKE6kAFAgAAK+mA= Date: Mon, 16 Jan 2017 06:15:08 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B727416293E6F@SHSMSX103.ccr.corp.intel.com> References: <20170116041013.31545-1-glin@suse.com> <895558F6EA4E3B41AC93A00D163B727416293E11@SHSMSX103.ccr.corp.intel.com> In-Reply-To: <895558F6EA4E3B41AC93A00D163B727416293E11@SHSMSX103.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYTNmNTlmZDktZjk0Yi00YzQ2LWE5MDEtMzI5MGQ5YjkyNmUwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX1BVQkxJQyJ9XX1dfSwiU3ViamVjdExhYmVscyI6W10sIlRNQ1ZlcnNpb24iOiIxNS45LjYuNiIsIlRydXN0ZWRMYWJlbEhhc2giOiI1UFcwcmxtdFdaOHYyUEZidHIzbXU1YnNXdWxEQkVrZVVrTEtNUEk5QnRRPSJ9 x-ctpclassification: CTP_PUBLIC x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] OvmfPkg: Enable HTTPS for Ovmf X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2017 06:15:14 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable More: TLS feature should not be limit to HTTP(S) feature. !if $(HTTP_BOOT_ENABLE) =3D=3D TRUE !if $(TLS_ENABLE) =3D=3D TRUE ... !endif !endif Best Regard! Jiaxin > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Wu= , > Jiaxin > Sent: Monday, January 16, 2017 1:45 PM > To: Gary Lin ; edk2-devel@lists.01.org > Cc: Justen, Jordan L ; Laszlo Ersek > ; Long, Qin > Subject: Re: [edk2] [PATCH] OvmfPkg: Enable HTTPS for Ovmf >=20 > Hi Gary, >=20 > Before we enable the HTTPS/TLS for OVMF, We need remove the > 'SECURE_BOOT_ENABLE' flag control for the CryptoPkg librarie. Not only th= e > secure boot feature requires the CryptoPkg libraries (e.g, OpensslLib, > BaseCryptLib), but also ISCSI, IpSec and HTTPS/TLS features. If we not re= move > that dependency, we must set both SECURE_BOOT_ENABLE and TLS_ENABLE to > support TLS feature. That's unreasonable. >=20 > Attached patch is to remove the flag control for the CryptoPkg libraries.= I > suggest to wait that patch commit, then go ahead to enable the HTTPS for > OVMF. >=20 > Thanks, > Jiaxin >=20 > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Gary > > Lin > > Sent: Monday, January 16, 2017 12:10 PM > > To: edk2-devel@lists.01.org > > Cc: Justen, Jordan L ; Wu, Jiaxin > > ; Laszlo Ersek > > Subject: [edk2] [PATCH] OvmfPkg: Enable HTTPS for Ovmf > > > > This commit introduces a new build option to OvmfPkg: TLS_ENABLE. > > When setting the option, the TLS drivers will be included to support > > HTTPS. > > > > NOTE: HTTP_BOOT_ENABLE is needed to enable HTTPS support since it's > > pointless to enable TLS alone. > > > > Cc: Laszlo Ersek > > Cc: Jordan Justen > > Cc: Jiaxin Wu > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Gary Lin > > --- > > OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ > > OvmfPkg/OvmfPkgIa32.fdf | 4 ++++ > > OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ > > OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++ > > OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ > > OvmfPkg/OvmfPkgX64.fdf | 4 ++++ > > 6 files changed, 36 insertions(+) > > > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > > index e97f7f0262..363f143c68 100644 > > --- a/OvmfPkg/OvmfPkgIa32.dsc > > +++ b/OvmfPkg/OvmfPkgIa32.dsc > > @@ -38,6 +38,7 @@ [Defines] > > DEFINE NETWORK_IP6_ENABLE =3D FALSE > > DEFINE HTTP_BOOT_ENABLE =3D FALSE > > DEFINE SMM_REQUIRE =3D FALSE > > + DEFINE TLS_ENABLE =3D FALSE > > > > [BuildOptions] > > GCC:*_UNIXGCC_*_CC_FLAGS =3D -DMDEPKG_NDEBUG > > @@ -158,6 +159,9 @@ [LibraryClasses] > > > > !if $(HTTP_BOOT_ENABLE) =3D=3D TRUE > > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > > +!if $(TLS_ENABLE) =3D=3D TRUE > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > +!endif > > !endif > > > > > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > > tLib.inf > > @@ -715,6 +719,10 @@ [Components] > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > NetworkPkg/HttpDxe/HttpDxe.inf > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) =3D=3D TRUE > > + NetworkPkg/TlsDxe/TlsDxe.inf > > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf > > index 34d57a6079..30c8800932 100644 > > --- a/OvmfPkg/OvmfPkgIa32.fdf > > +++ b/OvmfPkg/OvmfPkgIa32.fdf > > @@ -329,6 +329,10 @@ [FV.DXEFV] > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) =3D=3D TRUE > > + INF NetworkPkg/TlsDxe/TlsDxe.inf > > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > > index 8e3e04c135..f22bad309a 100644 > > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > > @@ -38,6 +38,7 @@ [Defines] > > DEFINE NETWORK_IP6_ENABLE =3D FALSE > > DEFINE HTTP_BOOT_ENABLE =3D FALSE > > DEFINE SMM_REQUIRE =3D FALSE > > + DEFINE TLS_ENABLE =3D FALSE > > > > [BuildOptions] > > GCC:*_UNIXGCC_*_CC_FLAGS =3D -DMDEPKG_NDEBUG > > @@ -163,6 +164,9 @@ [LibraryClasses] > > > > !if $(HTTP_BOOT_ENABLE) =3D=3D TRUE > > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > > +!if $(TLS_ENABLE) =3D=3D TRUE > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > +!endif > > !endif > > > > > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > > tLib.inf > > @@ -724,6 +728,10 @@ [Components.X64] > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > NetworkPkg/HttpDxe/HttpDxe.inf > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) =3D=3D TRUE > > + NetworkPkg/TlsDxe/TlsDxe.inf > > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf > > index df55c2b210..7bc31d42ba 100644 > > --- a/OvmfPkg/OvmfPkgIa32X64.fdf > > +++ b/OvmfPkg/OvmfPkgIa32X64.fdf > > @@ -329,6 +329,10 @@ [FV.DXEFV] > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) =3D=3D TRUE > > + INF NetworkPkg/TlsDxe/TlsDxe.inf > > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > > index 6ec3fe050d..8eca6fd557 100644 > > --- a/OvmfPkg/OvmfPkgX64.dsc > > +++ b/OvmfPkg/OvmfPkgX64.dsc > > @@ -38,6 +38,7 @@ [Defines] > > DEFINE NETWORK_IP6_ENABLE =3D FALSE > > DEFINE HTTP_BOOT_ENABLE =3D FALSE > > DEFINE SMM_REQUIRE =3D FALSE > > + DEFINE TLS_ENABLE =3D FALSE > > > > [BuildOptions] > > GCC:*_UNIXGCC_*_CC_FLAGS =3D -DMDEPKG_NDEBUG > > @@ -163,6 +164,9 @@ [LibraryClasses] > > > > !if $(HTTP_BOOT_ENABLE) =3D=3D TRUE > > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > > +!if $(TLS_ENABLE) =3D=3D TRUE > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > +!endif > > !endif > > > > > > > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip > > tLib.inf > > @@ -722,6 +726,10 @@ [Components] > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > NetworkPkg/HttpDxe/HttpDxe.inf > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) =3D=3D TRUE > > + NetworkPkg/TlsDxe/TlsDxe.inf > > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > > index 5e2e1dfaf5..cb7ca131e8 100644 > > --- a/OvmfPkg/OvmfPkgX64.fdf > > +++ b/OvmfPkg/OvmfPkgX64.fdf > > @@ -329,6 +329,10 @@ [FV.DXEFV] > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > +!if $(TLS_ENABLE) =3D=3D TRUE > > + INF NetworkPkg/TlsDxe/TlsDxe.inf > > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > > +!endif > > !endif > > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > > > -- > > 2.11.0 > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel