Re: [edk2-devel] [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*

[Guillaume Gardet <Guillaume.Gardet@arm.com>]

Hi,


> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: 25 June 2019 13:22
> To: Gary Lin <glin@suse.com>; Guillaume Gardet
> <Guillaume.Gardet@arm.com>
> Cc: devel@edk2.groups.io; ard.biesheuvel@linaro.org; Julien Grall
> <Julien.Grall@arm.com>
> Subject: Re: [edk2-devel] [PATCH] ArmVirtPkg: handle
> NETWORK_TLS_ENABLE in ArmVirtQemu*
>
> On 06/25/19 10:50, Ard Biesheuvel wrote:
> > On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
> >>
> >> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components]
> >> settings that are related to NETWORK_TLS_ENABLE from OvmfPkg to
> ArmVirtPkg.
> >> ArmVirtXen is not modified because it doesn't include the edk2
> >> network stack.
> >>
> >> (This change is now simpler than it would have been when
> >> TianoCore#1009 was originally filed, due to ArmVirtPkg consuming the
> >> NetworkPkg include fragments meanwhile, from TianoCore#1293 /
> commit
> >> 157a3b1aa50f.)
> >>
> >> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
> >>
> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >> Cc: Gary Lin <glin@suse.com>
> >> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> >> Cc: Julien Grall <julien.grall@arm.com>
> >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> >> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> >
> > Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> Thanks!
>
> Gary, Guillaume, do you plan to follow up with T-b's? Should I wait for those
> tags before pushing the patch?

Reviewed-by: Guillaume Gardet <guillaume.gardet@arm.com>

I cannot test it right now, so feel free to push it.

Thanks,
Guillaume


>
> (I tested the patch with HTTPS boot over IPv4, before posting it.)
>
> Thanks!
> Laszlo
>
> >> Notes:
> >>     Repo:   https://github.com/lersek/edk2.git
> >>     Branch: armvirt_tls_bz1009
> >>
> >>  ArmVirtPkg/ArmVirt.dsc.inc       |  7 +++++++
> >>  ArmVirtPkg/ArmVirtQemu.dsc       | 18 ++++++++++++++----
> >>  ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> >>  3 files changed, 35 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> >> index 20bf011617a1..a4ae25d982a2 100644
> >> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> >> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -71,6 +71,9 @@ [LibraryClasses.common]
> >>
> >>    # Networking Requirements
> >>  !include NetworkPkg/NetworkLibs.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> +  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> >> +!endif
> >>
> >>
> >>    #
> >> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> >>    # CryptoPkg libraries needed by multiple firmware features
> >>    #
> >>    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> +  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >> +!else
> >>    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> >> +!endif
> >>    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> >>
> >>    #
> >> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc
> b/ArmVirtPkg/ArmVirtQemu.dsc
> >> index cf28478977e1..7ae6702ac1f0 100644
> >> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >>    !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >>  !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> -  !error "NETWORK_TLS_ENABLE is tracked at
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >>  !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >>  !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> >>    gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> +  #
> >> +  # The cumulative and individual VOLATILE variable size limits
> >> +should be set
> >> +  # high enough for accommodating several and/or large CA certificates.
> >> +  #
> >> +  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >>    # Size of the region used by UEFI in permanent memory (Reserved
> 64MB)
> >>
> >>
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x040000
> 00
> >> @@ -372,6 +376,12 @@ [Components.common]
> >>    # Networking stack
> >>    #
> >>  !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> +  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> +    <LibraryClasses>
> >> +      NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> +  }
> >> +!endif
> >>
> >>    #
> >>    # SCSI Bus and Disk Driver
> >> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> index 596e59739cab..3b0f04967a4b 100644
> >> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >>    !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >>  !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> -  !error "NETWORK_TLS_ENABLE is tracked at
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >>  !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >>  !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> >>    gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> +  #
> >> +  # The cumulative and individual VOLATILE variable size limits
> >> +should be set
> >> +  # high enough for accommodating several and/or large CA certificates.
> >> +  #
> >> +  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >>    # Size of the region used by UEFI in permanent memory (Reserved
> 64MB)
> >>
> >>
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x040000
> 00
> >> @@ -356,6 +360,12 @@ [Components.common]
> >>    # Networking stack
> >>    #
> >>  !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> +  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> +    <LibraryClasses>
> >> +      NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> +  }
> >> +!endif
> >>
> >>    #
> >>    # SCSI Bus and Disk Driver
> >> --
> >> 2.19.1.3.g30247aa5d201
> >>
> >
> > 
> >

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.