From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ting.ye@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 6B68D82364
 for <edk2-devel@lists.01.org>; Wed, 21 Dec 2016 23:41:03 -0800 (PST)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga102.fm.intel.com with ESMTP; 21 Dec 2016 23:41:03 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,387,1477983600"; d="scan'208";a="915081109"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
 by orsmga003.jf.intel.com with ESMTP; 21 Dec 2016 23:41:02 -0800
Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Wed, 21 Dec 2016 23:41:02 -0800
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.20]) by
 SHSMSX101.ccr.corp.intel.com ([169.254.1.177]) with mapi id 14.03.0248.002;
 Thu, 22 Dec 2016 15:41:00 +0800
From: "Ye, Ting" <ting.ye@intel.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Long, Qin" <qin.long@intel.com>, "Ni, Ruiyu" <ruiyu.ni@intel.com>, "Fu,
 Siyuan" <siyuan.fu@intel.com>, "Zhang, Lubo" <lubo.zhang@intel.com>, "Thomas
 Palmer" <thomas.palmer@hpe.com>, "Yao, Jiewen" <jiewen.yao@intel.com>
Thread-Topic: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32
 platform
Thread-Index: AQHSVeDI8nctA4MCskudzqmviT4uNaEToajA
Date: Thu, 22 Dec 2016 07:40:59 +0000
Message-ID: <BC0C045B0E2A584CA4575E779FA2C12A1A8A1722@SHSMSX103.ccr.corp.intel.com>
References: <1481702685-100424-1-git-send-email-jiaxin.wu@intel.com>
In-Reply-To: <1481702685-100424-1-git-send-email-jiaxin.wu@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32 platform
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2016 07:41:03 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Ye Ting <ting.ye@intel.com>=20

-----Original Message-----
From: Wu, Jiaxin=20
Sent: Wednesday, December 14, 2016 4:05 PM
To: edk2-devel@lists.01.org
Cc: Long, Qin <qin.long@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Ye, Tin=
g <ting.ye@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Zhang, Lubo <lubo.=
zhang@intel.com>; Thomas Palmer <thomas.palmer@hpe.com>; Yao, Jiewen <jiewe=
n.yao@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
Subject: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32 platf=
orm

v2:
* Rename flag: HTTPS_BOOT_ENABLE -> TLS_ENABLE

This path is used to enable HTTPS boot feature for Nt32 platform.

Cc: Long Qin <qin.long@intel.com>
Cc: Ni Ruiyu <ruiyu.ni@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Thomas Palmer <thomas.palmer@hpe.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
 Nt32Pkg/Nt32Pkg.dsc | 15 ++++++++++++++-  Nt32Pkg/Nt32Pkg.fdf |  4 ++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index 79ab2f7..0a59e=
46 100644
--- a/Nt32Pkg/Nt32Pkg.dsc
+++ b/Nt32Pkg/Nt32Pkg.dsc
@@ -43,10 +43,17 @@
   #
   # Defines for default states.  These can be changed on the command line.
   # -D FLAG=3DVALUE
   #
   DEFINE SECURE_BOOT_ENABLE      =3D FALSE
+ =20
+  #
+  # This flag is to enable or disable TLS feature. =20
+  # These can be changed on the command line.
+  # -D FLAG=3DVALUE
+  #
+  DEFINE TLS_ENABLE      =3D TRUE
=20
 ##########################################################################=
######
 #
 # SKU Identification section - list of all SKU IDs supported by this
 #                              Platform.
@@ -189,10 +196,11 @@
   OemHookStatusCodeLib|Nt32Pkg/Library/DxeNt32OemHookStatusCodeLib/DxeNt32=
OemHookStatusCodeLib.inf
   PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt32=
PeCoffExtraActionLib.inf
   ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExt=
ractGuidedSectionLib.inf
   WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
=20
 [LibraryClasses.common.DXE_CORE]
   HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
   MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeC=
oreMemoryAllocationLib.inf
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -232,11 +240,11 @@
   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x1f
   gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareVolume|L"..\\Fv\\Nt32.fd"
   gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareBlockSize|0x10000
   gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
   gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FAL=
SE
-!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE || $(TLS_ENABLE) =3D=3D TRUE
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
 !endif
=20
 !ifndef $(USE_OLD_SHELL)
   gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5, 0x0=
4, 0x7C, 0x3E, 0x9E, 0x1C, 0x4F, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0xB4, =
0xD1 } @@ -437,10 +445,15 @@
=20
   NetworkPkg/HttpBootDxe/HttpBootDxe.inf
   NetworkPkg/DnsDxe/DnsDxe.inf
   NetworkPkg/HttpDxe/HttpDxe.inf
   NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
+  =20
+!if $(TLS_ENABLE) =3D=3D TRUE
+  NetworkPkg/TlsDxe/TlsDxe.inf
+  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
+!endif
=20
   MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
   MdeModulePkg/Application/UiApp/UiApp.inf{
     <LibraryClasses>
       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf index cf00a13..c198d=
73 100644
--- a/Nt32Pkg/Nt32Pkg.fdf
+++ b/Nt32Pkg/Nt32Pkg.fdf
@@ -260,10 +260,14 @@ INF  MdeModulePkg/Universal/Network/UefiPxeBcDxe/Uefi=
PxeBcDxe.inf
 INF  MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
 INF  NetworkPkg/HttpBootDxe/HttpBootDxe.inf
 INF  NetworkPkg/DnsDxe/DnsDxe.inf
 INF  NetworkPkg/HttpDxe/HttpDxe.inf
 INF  NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
+!if $(TLS_ENABLE) =3D=3D TRUE
+INF  NetworkPkg/TlsDxe/TlsDxe.inf
+INF  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
+!endif
 INF  MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
 ##########################################################################=
######
 #
 # FILE statements are provided so that a platform integrator can include  =
# complete EFI FFS files, as well as a method for constructing FFS files
--
1.9.5.msysgit.1