From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qin.long@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 645E981E9C
 for <edk2-devel@lists.01.org>; Thu, 15 Dec 2016 00:16:01 -0800 (PST)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga102.fm.intel.com with ESMTP; 15 Dec 2016 00:16:00 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,351,1477983600"; d="scan'208";a="1072306440"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
 by orsmga001.jf.intel.com with ESMTP; 15 Dec 2016 00:16:00 -0800
Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 15 Dec 2016 00:16:00 -0800
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.11]) by
 SHSMSX152.ccr.corp.intel.com ([169.254.6.235]) with mapi id 14.03.0248.002;
 Thu, 15 Dec 2016 16:15:57 +0800
From: "Long, Qin" <qin.long@intel.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Ni, Ruiyu" <ruiyu.ni@intel.com>, "Ye, Ting" <ting.ye@intel.com>, "Fu,
 Siyuan" <siyuan.fu@intel.com>, "Zhang, Lubo" <lubo.zhang@intel.com>, "Thomas
 Palmer" <thomas.palmer@hpe.com>, "Yao, Jiewen" <jiewen.yao@intel.com>
Thread-Topic: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32
 platform
Thread-Index: AQHSVeDHLV0IR3pRo0WY9J+ZOYBm3qEIqs9A
Date: Thu, 15 Dec 2016 08:15:57 +0000
Message-ID: <BF2CCE9263284D428840004653A28B6E53F3DD48@SHSMSX103.ccr.corp.intel.com>
References: <1481702685-100424-1-git-send-email-jiaxin.wu@intel.com>
In-Reply-To: <1481702685-100424-1-git-send-email-jiaxin.wu@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32 platform
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 08:16:01 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Qin Long <qin.long@intel.com>


> -----Original Message-----
> From: Wu, Jiaxin
> Sent: Wednesday, December 14, 2016 4:05 PM
> To: edk2-devel@lists.01.org
> Cc: Long, Qin; Ni, Ruiyu; Ye, Ting; Fu, Siyuan; Zhang, Lubo; Thomas Palme=
r;
> Yao, Jiewen; Wu, Jiaxin
> Subject: [PATCH v2 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32
> platform
>=20
> v2:
> * Rename flag: HTTPS_BOOT_ENABLE -> TLS_ENABLE
>=20
> This path is used to enable HTTPS boot feature for Nt32 platform.
>=20
> Cc: Long Qin <qin.long@intel.com>
> Cc: Ni Ruiyu <ruiyu.ni@intel.com>
> Cc: Ye Ting <ting.ye@intel.com>
> Cc: Fu Siyuan <siyuan.fu@intel.com>
> Cc: Zhang Lubo <lubo.zhang@intel.com>
> Cc: Thomas Palmer <thomas.palmer@hpe.com>
> Cc: Yao Jiewen <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> ---
>  Nt32Pkg/Nt32Pkg.dsc | 15 ++++++++++++++-  Nt32Pkg/Nt32Pkg.fdf |  4
> ++++
>  2 files changed, 18 insertions(+), 1 deletion(-)
>=20
> diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index
> 79ab2f7..0a59e46 100644
> --- a/Nt32Pkg/Nt32Pkg.dsc
> +++ b/Nt32Pkg/Nt32Pkg.dsc
> @@ -43,10 +43,17 @@
>    #
>    # Defines for default states.  These can be changed on the command lin=
e.
>    # -D FLAG=3DVALUE
>    #
>    DEFINE SECURE_BOOT_ENABLE      =3D FALSE
> +
> +  #
> +  # This flag is to enable or disable TLS feature.
> +  # These can be changed on the command line.
> +  # -D FLAG=3DVALUE
> +  #
> +  DEFINE TLS_ENABLE      =3D TRUE
>=20
>=20
> ##########################################################
> ######################
>  #
>  # SKU Identification section - list of all SKU IDs supported by this
>  #                              Platform.
> @@ -189,10 +196,11 @@
>=20
> OemHookStatusCodeLib|Nt32Pkg/Library/DxeNt32OemHookStatusCodeLib/
> DxeNt32OemHookStatusCodeLib.inf
>=20
> PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt
> 32PeCoffExtraActionLib.inf
>=20
> ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeE
> xtractGuidedSectionLib.inf
>    WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
>    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>=20
>  [LibraryClasses.common.DXE_CORE]
>    HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
>=20
> MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLi
> b/DxeCoreMemoryAllocationLib.inf
>    PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> @@ -232,11 +240,11 @@
>    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x1f
>=20
> gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareVolume|L"..\\Fv\\Nt32.fd"
>    gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareBlockSize|0x10000
>    gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
>=20
> gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationC
> hange|FALSE
> -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
> +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE || $(TLS_ENABLE) =3D=3D TRUE
>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>  !endif
>=20
>  !ifndef $(USE_OLD_SHELL)
>    gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdShellFile|{ 0x83, 0xA5,
> 0x04, 0x7C, 0x3E, 0x9E, 0x1C, 0x4F, 0xAD, 0x65, 0xE0, 0x52, 0x68, 0xD0, 0=
xB4,
> 0xD1 } @@ -437,10 +445,15 @@
>=20
>    NetworkPkg/HttpBootDxe/HttpBootDxe.inf
>    NetworkPkg/DnsDxe/DnsDxe.inf
>    NetworkPkg/HttpDxe/HttpDxe.inf
>    NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> +
> +!if $(TLS_ENABLE) =3D=3D TRUE
> +  NetworkPkg/TlsDxe/TlsDxe.inf
> +  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> +!endif
>=20
>    MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
>    MdeModulePkg/Application/UiApp/UiApp.inf{
>      <LibraryClasses>
>=20
> NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
> diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf index
> cf00a13..c198d73 100644
> --- a/Nt32Pkg/Nt32Pkg.fdf
> +++ b/Nt32Pkg/Nt32Pkg.fdf
> @@ -260,10 +260,14 @@ INF
> MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
>  INF  MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
>  INF  NetworkPkg/HttpBootDxe/HttpBootDxe.inf
>  INF  NetworkPkg/DnsDxe/DnsDxe.inf
>  INF  NetworkPkg/HttpDxe/HttpDxe.inf
>  INF  NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> +!if $(TLS_ENABLE) =3D=3D TRUE
> +INF  NetworkPkg/TlsDxe/TlsDxe.inf
> +INF  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> +!endif
>  INF
> MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuAp
> p.inf
>=20
> ##########################################################
> ######################
>  #
>  # FILE statements are provided so that a platform integrator can include=
  #
> complete EFI FFS files, as well as a method for constructing FFS files
> --
> 1.9.5.msysgit.1