From: "Fu, Siyuan" <siyuan.fu@intel.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Long, Qin" <qin.long@intel.com>,
"Ni, Ruiyu" <ruiyu.ni@intel.com>, "Ye, Ting" <ting.ye@intel.com>,
"Zhang, Lubo" <lubo.zhang@intel.com>,
"Thomas Palmer" <thomas.palmer@hpe.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>
Subject: Re: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32 platform
Date: Thu, 15 Dec 2016 02:40:32 +0000 [thread overview]
Message-ID: <B1FF2E9001CE9041BD10B825821D5BC58A886468@SHSMSX151.ccr.corp.intel.com> (raw)
In-Reply-To: <1481702685-100424-1-git-send-email-jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
-----Original Message-----
From: Wu, Jiaxin
Sent: 2016年12月14日 16:05
To: edk2-devel@lists.01.org
Cc: Long, Qin <qin.long@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Ye, Ting <ting.ye@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Zhang, Lubo <lubo.zhang@intel.com>; Thomas Palmer <thomas.palmer@hpe.com>; Yao, Jiewen <jiewen.yao@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
Subject: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32 platform
v2:
* Rename flag: HTTPS_BOOT_ENABLE -> TLS_ENABLE
This path is used to enable HTTPS boot feature for Nt32 platform.
Cc: Long Qin <qin.long@intel.com>
Cc: Ni Ruiyu <ruiyu.ni@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Thomas Palmer <thomas.palmer@hpe.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
Nt32Pkg/Nt32Pkg.dsc | 15 ++++++++++++++- Nt32Pkg/Nt32Pkg.fdf | 4 ++++
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index 79ab2f7..0a59e46 100644
--- a/Nt32Pkg/Nt32Pkg.dsc
+++ b/Nt32Pkg/Nt32Pkg.dsc
@@ -43,10 +43,17 @@
#
# Defines for default states. These can be changed on the command line.
# -D FLAG=VALUE
#
DEFINE SECURE_BOOT_ENABLE = FALSE
+
+ #
+ # This flag is to enable or disable TLS feature.
+ # These can be changed on the command line.
+ # -D FLAG=VALUE
+ #
+ DEFINE TLS_ENABLE = TRUE
################################################################################
#
# SKU Identification section - list of all SKU IDs supported by this
# Platform.
@@ -189,10 +196,11 @@
OemHookStatusCodeLib|Nt32Pkg/Library/DxeNt32OemHookStatusCodeLib/DxeNt32OemHookStatusCodeLib.inf
PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt32PeCoffExtraActionLib.inf
ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf
WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
[LibraryClasses.common.DXE_CORE]
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeCoreMemoryAllocationLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -232,11 +240,11 @@
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x1f
gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareVolume|L"..\\Fv\\Nt32.fd"
gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareBlockSize|0x10000
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
-!if $(SECURE_BOOT_ENABLE) == TRUE
+!if $(SECURE_BOOT_ENABLE) == TRUE || $(TLS_ENABLE) == TRUE
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
!endif
!ifndef $(USE_OLD_SHELL)
gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x04, 0x7C, 0x3E, 0x9E, 0x1C, 0x4F, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, 0xD1 } @@ -437,10 +445,15 @@
NetworkPkg/HttpBootDxe/HttpBootDxe.inf
NetworkPkg/DnsDxe/DnsDxe.inf
NetworkPkg/HttpDxe/HttpDxe.inf
NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
+
+!if $(TLS_ENABLE) == TRUE
+ NetworkPkg/TlsDxe/TlsDxe.inf
+ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
+!endif
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
MdeModulePkg/Application/UiApp/UiApp.inf{
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf index cf00a13..c198d73 100644
--- a/Nt32Pkg/Nt32Pkg.fdf
+++ b/Nt32Pkg/Nt32Pkg.fdf
@@ -260,10 +260,14 @@ INF MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
INF NetworkPkg/DnsDxe/DnsDxe.inf
INF NetworkPkg/HttpDxe/HttpDxe.inf
INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
+!if $(TLS_ENABLE) == TRUE
+INF NetworkPkg/TlsDxe/TlsDxe.inf
+INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
+!endif
INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
################################################################################
#
# FILE statements are provided so that a platform integrator can include # complete EFI FFS files, as well as a method for constructing FFS files
--
1.9.5.msysgit.1
next prev parent reply other threads:[~2016-12-15 2:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-14 8:04 [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32 platform Jiaxin Wu
2016-12-14 8:18 ` Ni, Ruiyu
2016-12-15 2:40 ` Fu, Siyuan [this message]
2016-12-15 8:15 ` Long, Qin
2016-12-22 7:40 ` Ye, Ting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B1FF2E9001CE9041BD10B825821D5BC58A886468@SHSMSX151.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox