* [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
@ 2019-06-24 19:13 Laszlo Ersek
2019-06-25 8:50 ` Ard Biesheuvel
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Laszlo Ersek @ 2019-06-24 19:13 UTC (permalink / raw)
To: edk2-devel-groups-io
Cc: Ard Biesheuvel, Gary Lin, Guillaume GARDET, Julien Grall
Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
ArmVirtXen is not modified because it doesn't include the edk2 network
stack.
(This change is now simpler than it would have been when TianoCore#1009
was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Guillaume GARDET <guillaume.gardet@arm.com>
Cc: Julien Grall <julien.grall@arm.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Notes:
Repo: https://github.com/lersek/edk2.git
Branch: armvirt_tls_bz1009
ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
3 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 20bf011617a1..a4ae25d982a2 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -71,6 +71,9 @@ [LibraryClasses.common]
# Networking Requirements
!include NetworkPkg/NetworkLibs.dsc.inc
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+!endif
#
@@ -136,7 +139,11 @@ [LibraryClasses.common]
# CryptoPkg libraries needed by multiple firmware features
#
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
#
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index cf28478977e1..7ae6702ac1f0 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -43,10 +43,6 @@ [Defines]
!error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
!endif
-!if $(NETWORK_TLS_ENABLE) == TRUE
- !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
-!endif
-
!include NetworkPkg/NetworkDefines.dsc.inc
!include ArmVirtPkg/ArmVirt.dsc.inc
@@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ #
+ # The cumulative and individual VOLATILE variable size limits should be set
+ # high enough for accommodating several and/or large CA certificates.
+ #
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
+!endif
# Size of the region used by UEFI in permanent memory (Reserved 64MB)
gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
@@ -372,6 +376,12 @@ [Components.common]
# Networking stack
#
!include NetworkPkg/NetworkComponents.dsc.inc
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
+ <LibraryClasses>
+ NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
+ }
+!endif
#
# SCSI Bus and Disk Driver
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 596e59739cab..3b0f04967a4b 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -43,10 +43,6 @@ [Defines]
!error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
!endif
-!if $(NETWORK_TLS_ENABLE) == TRUE
- !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
-!endif
-
!include NetworkPkg/NetworkDefines.dsc.inc
!include ArmVirtPkg/ArmVirt.dsc.inc
@@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ #
+ # The cumulative and individual VOLATILE variable size limits should be set
+ # high enough for accommodating several and/or large CA certificates.
+ #
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
+!endif
# Size of the region used by UEFI in permanent memory (Reserved 64MB)
gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
@@ -356,6 +360,12 @@ [Components.common]
# Networking stack
#
!include NetworkPkg/NetworkComponents.dsc.inc
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
+ <LibraryClasses>
+ NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
+ }
+!endif
#
# SCSI Bus and Disk Driver
--
2.19.1.3.g30247aa5d201
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
2019-06-24 19:13 [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* Laszlo Ersek
@ 2019-06-25 8:50 ` Ard Biesheuvel
2019-06-25 11:22 ` [edk2-devel] " Laszlo Ersek
2019-06-25 14:55 ` Philippe Mathieu-Daudé
` (2 subsequent siblings)
3 siblings, 1 reply; 10+ messages in thread
From: Ard Biesheuvel @ 2019-06-25 8:50 UTC (permalink / raw)
To: Laszlo Ersek
Cc: edk2-devel-groups-io, Gary Lin, Guillaume GARDET, Julien Grall
On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
>
> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> ArmVirtXen is not modified because it doesn't include the edk2 network
> stack.
>
> (This change is now simpler than it would have been when TianoCore#1009
> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>
> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>
> Notes:
> Repo: https://github.com/lersek/edk2.git
> Branch: armvirt_tls_bz1009
>
> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> 3 files changed, 35 insertions(+), 8 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index 20bf011617a1..a4ae25d982a2 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>
> # Networking Requirements
> !include NetworkPkg/NetworkLibs.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> +!endif
>
>
> #
> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> # CryptoPkg libraries needed by multiple firmware features
> #
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +!else
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +!endif
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>
> #
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index cf28478977e1..7ae6702ac1f0 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -372,6 +376,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> index 596e59739cab..3b0f04967a4b 100644
> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -356,6 +360,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> --
> 2.19.1.3.g30247aa5d201
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
2019-06-25 8:50 ` Ard Biesheuvel
@ 2019-06-25 11:22 ` Laszlo Ersek
2019-06-25 12:01 ` Guillaume Gardet
2019-06-26 1:55 ` Gary Lin
0 siblings, 2 replies; 10+ messages in thread
From: Laszlo Ersek @ 2019-06-25 11:22 UTC (permalink / raw)
To: Gary Lin, Guillaume GARDET; +Cc: devel, ard.biesheuvel, Julien Grall
On 06/25/19 10:50, Ard Biesheuvel wrote:
> On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
>>
>> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
>> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
>> ArmVirtXen is not modified because it doesn't include the edk2 network
>> stack.
>>
>> (This change is now simpler than it would have been when TianoCore#1009
>> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
>> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>>
>> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Gary Lin <glin@suse.com>
>> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
>> Cc: Julien Grall <julien.grall@arm.com>
>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>
> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Thanks!
Gary, Guillaume, do you plan to follow up with T-b's? Should I wait for
those tags before pushing the patch?
(I tested the patch with HTTPS boot over IPv4, before posting it.)
Thanks!
Laszlo
>> Notes:
>> Repo: https://github.com/lersek/edk2.git
>> Branch: armvirt_tls_bz1009
>>
>> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
>> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
>> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
>> 3 files changed, 35 insertions(+), 8 deletions(-)
>>
>> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
>> index 20bf011617a1..a4ae25d982a2 100644
>> --- a/ArmVirtPkg/ArmVirt.dsc.inc
>> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>>
>> # Networking Requirements
>> !include NetworkPkg/NetworkLibs.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>> +!endif
>>
>>
>> #
>> @@ -136,7 +139,11 @@ [LibraryClasses.common]
>> # CryptoPkg libraries needed by multiple firmware features
>> #
>> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
>> +!else
>> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
>> +!endif
>> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>>
>> #
>> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
>> index cf28478977e1..7ae6702ac1f0 100644
>> --- a/ArmVirtPkg/ArmVirtQemu.dsc
>> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
>> @@ -43,10 +43,6 @@ [Defines]
>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>> !endif
>>
>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>> -!endif
>> -
>> !include NetworkPkg/NetworkDefines.dsc.inc
>>
>> !include ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + #
>> + # The cumulative and individual VOLATILE variable size limits should be set
>> + # high enough for accommodating several and/or large CA certificates.
>> + #
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>> +!endif
>>
>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>> @@ -372,6 +376,12 @@ [Components.common]
>> # Networking stack
>> #
>> !include NetworkPkg/NetworkComponents.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>> + <LibraryClasses>
>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>> + }
>> +!endif
>>
>> #
>> # SCSI Bus and Disk Driver
>> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> index 596e59739cab..3b0f04967a4b 100644
>> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> @@ -43,10 +43,6 @@ [Defines]
>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>> !endif
>>
>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>> -!endif
>> -
>> !include NetworkPkg/NetworkDefines.dsc.inc
>>
>> !include ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + #
>> + # The cumulative and individual VOLATILE variable size limits should be set
>> + # high enough for accommodating several and/or large CA certificates.
>> + #
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>> +!endif
>>
>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>> @@ -356,6 +360,12 @@ [Components.common]
>> # Networking stack
>> #
>> !include NetworkPkg/NetworkComponents.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>> + <LibraryClasses>
>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>> + }
>> +!endif
>>
>> #
>> # SCSI Bus and Disk Driver
>> --
>> 2.19.1.3.g30247aa5d201
>>
>
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
2019-06-25 11:22 ` [edk2-devel] " Laszlo Ersek
@ 2019-06-25 12:01 ` Guillaume Gardet
2019-06-26 1:55 ` Gary Lin
1 sibling, 0 replies; 10+ messages in thread
From: Guillaume Gardet @ 2019-06-25 12:01 UTC (permalink / raw)
To: Laszlo Ersek, Gary Lin
Cc: devel@edk2.groups.io, ard.biesheuvel@linaro.org, Julien Grall
Hi,
> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: 25 June 2019 13:22
> To: Gary Lin <glin@suse.com>; Guillaume Gardet
> <Guillaume.Gardet@arm.com>
> Cc: devel@edk2.groups.io; ard.biesheuvel@linaro.org; Julien Grall
> <Julien.Grall@arm.com>
> Subject: Re: [edk2-devel] [PATCH] ArmVirtPkg: handle
> NETWORK_TLS_ENABLE in ArmVirtQemu*
>
> On 06/25/19 10:50, Ard Biesheuvel wrote:
> > On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
> >>
> >> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components]
> >> settings that are related to NETWORK_TLS_ENABLE from OvmfPkg to
> ArmVirtPkg.
> >> ArmVirtXen is not modified because it doesn't include the edk2
> >> network stack.
> >>
> >> (This change is now simpler than it would have been when
> >> TianoCore#1009 was originally filed, due to ArmVirtPkg consuming the
> >> NetworkPkg include fragments meanwhile, from TianoCore#1293 /
> commit
> >> 157a3b1aa50f.)
> >>
> >> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
> >>
> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >> Cc: Gary Lin <glin@suse.com>
> >> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> >> Cc: Julien Grall <julien.grall@arm.com>
> >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> >> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> >
> > Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> Thanks!
>
> Gary, Guillaume, do you plan to follow up with T-b's? Should I wait for those
> tags before pushing the patch?
Reviewed-by: Guillaume Gardet <guillaume.gardet@arm.com>
I cannot test it right now, so feel free to push it.
Thanks,
Guillaume
>
> (I tested the patch with HTTPS boot over IPv4, before posting it.)
>
> Thanks!
> Laszlo
>
> >> Notes:
> >> Repo: https://github.com/lersek/edk2.git
> >> Branch: armvirt_tls_bz1009
> >>
> >> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> >> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> >> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> >> 3 files changed, 35 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> >> index 20bf011617a1..a4ae25d982a2 100644
> >> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> >> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -71,6 +71,9 @@ [LibraryClasses.common]
> >>
> >> # Networking Requirements
> >> !include NetworkPkg/NetworkLibs.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> >> +!endif
> >>
> >>
> >> #
> >> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> >> # CryptoPkg libraries needed by multiple firmware features
> >> #
> >> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >> +!else
> >> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> >> +!endif
> >> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> >>
> >> #
> >> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc
> b/ArmVirtPkg/ArmVirtQemu.dsc
> >> index cf28478977e1..7ae6702ac1f0 100644
> >> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >> !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> - !error "NETWORK_TLS_ENABLE is tracked at
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >> !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >> !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> >> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + #
> >> + # The cumulative and individual VOLATILE variable size limits
> >> +should be set
> >> + # high enough for accommodating several and/or large CA certificates.
> >> + #
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >> # Size of the region used by UEFI in permanent memory (Reserved
> 64MB)
> >>
> >>
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x040000
> 00
> >> @@ -372,6 +376,12 @@ [Components.common]
> >> # Networking stack
> >> #
> >> !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> + <LibraryClasses>
> >> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> + }
> >> +!endif
> >>
> >> #
> >> # SCSI Bus and Disk Driver
> >> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> index 596e59739cab..3b0f04967a4b 100644
> >> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >> !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> - !error "NETWORK_TLS_ENABLE is tracked at
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >> !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >> !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> >> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + #
> >> + # The cumulative and individual VOLATILE variable size limits
> >> +should be set
> >> + # high enough for accommodating several and/or large CA certificates.
> >> + #
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >> # Size of the region used by UEFI in permanent memory (Reserved
> 64MB)
> >>
> >>
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x040000
> 00
> >> @@ -356,6 +360,12 @@ [Components.common]
> >> # Networking stack
> >> #
> >> !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> + <LibraryClasses>
> >> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> + }
> >> +!endif
> >>
> >> #
> >> # SCSI Bus and Disk Driver
> >> --
> >> 2.19.1.3.g30247aa5d201
> >>
> >
> >
> >
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
2019-06-24 19:13 [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* Laszlo Ersek
2019-06-25 8:50 ` Ard Biesheuvel
@ 2019-06-25 14:55 ` Philippe Mathieu-Daudé
2019-06-28 4:48 ` Gary Lin
2019-06-28 16:13 ` Laszlo Ersek
3 siblings, 0 replies; 10+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-06-25 14:55 UTC (permalink / raw)
To: devel, lersek; +Cc: Ard Biesheuvel, Gary Lin, Guillaume GARDET, Julien Grall
On 6/24/19 9:13 PM, Laszlo Ersek wrote:
> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> ArmVirtXen is not modified because it doesn't include the edk2 network
> stack.
>
> (This change is now simpler than it would have been when TianoCore#1009
> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>
> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>
> Notes:
> Repo: https://github.com/lersek/edk2.git
> Branch: armvirt_tls_bz1009
>
> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> 3 files changed, 35 insertions(+), 8 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index 20bf011617a1..a4ae25d982a2 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>
> # Networking Requirements
> !include NetworkPkg/NetworkLibs.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> +!endif
>
>
> #
> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> # CryptoPkg libraries needed by multiple firmware features
> #
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +!else
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +!endif
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>
> #
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index cf28478977e1..7ae6702ac1f0 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -372,6 +376,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> index 596e59739cab..3b0f04967a4b 100644
> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -356,6 +360,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
2019-06-25 11:22 ` [edk2-devel] " Laszlo Ersek
2019-06-25 12:01 ` Guillaume Gardet
@ 2019-06-26 1:55 ` Gary Lin
2019-06-26 8:55 ` Laszlo Ersek
1 sibling, 1 reply; 10+ messages in thread
From: Gary Lin @ 2019-06-26 1:55 UTC (permalink / raw)
To: devel, lersek; +Cc: Guillaume GARDET, ard.biesheuvel, Julien Grall
On Tue, Jun 25, 2019 at 01:22:16PM +0200, Laszlo Ersek wrote:
> On 06/25/19 10:50, Ard Biesheuvel wrote:
> > On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
> >>
> >> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> >> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> >> ArmVirtXen is not modified because it doesn't include the edk2 network
> >> stack.
> >>
> >> (This change is now simpler than it would have been when TianoCore#1009
> >> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> >> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
> >>
> >> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
> >>
> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >> Cc: Gary Lin <glin@suse.com>
> >> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> >> Cc: Julien Grall <julien.grall@arm.com>
> >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> >> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> >
> > Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> Thanks!
>
> Gary, Guillaume, do you plan to follow up with T-b's? Should I wait for
> those tags before pushing the patch?
>
Hi Laszlo,
I'm currently busy with something else. If you can wait, I could do the
test this Friday.
Gary Lin
> (I tested the patch with HTTPS boot over IPv4, before posting it.)
>
> Thanks!
> Laszlo
>
> >> Notes:
> >> Repo: https://github.com/lersek/edk2.git
> >> Branch: armvirt_tls_bz1009
> >>
> >> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> >> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> >> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> >> 3 files changed, 35 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> >> index 20bf011617a1..a4ae25d982a2 100644
> >> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> >> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -71,6 +71,9 @@ [LibraryClasses.common]
> >>
> >> # Networking Requirements
> >> !include NetworkPkg/NetworkLibs.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> >> +!endif
> >>
> >>
> >> #
> >> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> >> # CryptoPkg libraries needed by multiple firmware features
> >> #
> >> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >> +!else
> >> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> >> +!endif
> >> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> >>
> >> #
> >> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> >> index cf28478977e1..7ae6702ac1f0 100644
> >> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >> !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >> !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >> !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> >> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + #
> >> + # The cumulative and individual VOLATILE variable size limits should be set
> >> + # high enough for accommodating several and/or large CA certificates.
> >> + #
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> >> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> >> @@ -372,6 +376,12 @@ [Components.common]
> >> # Networking stack
> >> #
> >> !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> + <LibraryClasses>
> >> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> + }
> >> +!endif
> >>
> >> #
> >> # SCSI Bus and Disk Driver
> >> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> index 596e59739cab..3b0f04967a4b 100644
> >> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >> !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >> !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >> !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> >> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + #
> >> + # The cumulative and individual VOLATILE variable size limits should be set
> >> + # high enough for accommodating several and/or large CA certificates.
> >> + #
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> >> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> >> @@ -356,6 +360,12 @@ [Components.common]
> >> # Networking stack
> >> #
> >> !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> + <LibraryClasses>
> >> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> + }
> >> +!endif
> >>
> >> #
> >> # SCSI Bus and Disk Driver
> >> --
> >> 2.19.1.3.g30247aa5d201
> >>
> >
> >
> >
>
>
>
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
2019-06-26 1:55 ` Gary Lin
@ 2019-06-26 8:55 ` Laszlo Ersek
0 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek @ 2019-06-26 8:55 UTC (permalink / raw)
To: Gary Lin, devel; +Cc: Guillaume GARDET, ard.biesheuvel, Julien Grall
On 06/26/19 03:55, Gary Lin wrote:
> On Tue, Jun 25, 2019 at 01:22:16PM +0200, Laszlo Ersek wrote:
>> On 06/25/19 10:50, Ard Biesheuvel wrote:
>>> On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
>>>>
>>>> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
>>>> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
>>>> ArmVirtXen is not modified because it doesn't include the edk2 network
>>>> stack.
>>>>
>>>> (This change is now simpler than it would have been when TianoCore#1009
>>>> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
>>>> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>>>>
>>>> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>>>>
>>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>> Cc: Gary Lin <glin@suse.com>
>>>> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
>>>> Cc: Julien Grall <julien.grall@arm.com>
>>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
>>>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>>>
>>> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>
>> Thanks!
>>
>> Gary, Guillaume, do you plan to follow up with T-b's? Should I wait for
>> those tags before pushing the patch?
>>
> Hi Laszlo,
>
> I'm currently busy with something else. If you can wait, I could do the
> test this Friday.
I'll wait; I appreciate testing.
Thank you!
Laszlo
>
> Gary Lin
>
>> (I tested the patch with HTTPS boot over IPv4, before posting it.)
>>
>> Thanks!
>> Laszlo
>>
>>>> Notes:
>>>> Repo: https://github.com/lersek/edk2.git
>>>> Branch: armvirt_tls_bz1009
>>>>
>>>> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
>>>> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
>>>> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
>>>> 3 files changed, 35 insertions(+), 8 deletions(-)
>>>>
>>>> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
>>>> index 20bf011617a1..a4ae25d982a2 100644
>>>> --- a/ArmVirtPkg/ArmVirt.dsc.inc
>>>> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
>>>> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>>>>
>>>> # Networking Requirements
>>>> !include NetworkPkg/NetworkLibs.dsc.inc
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>>>> +!endif
>>>>
>>>>
>>>> #
>>>> @@ -136,7 +139,11 @@ [LibraryClasses.common]
>>>> # CryptoPkg libraries needed by multiple firmware features
>>>> #
>>>> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
>>>> +!else
>>>> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
>>>> +!endif
>>>> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>>>>
>>>> #
>>>> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
>>>> index cf28478977e1..7ae6702ac1f0 100644
>>>> --- a/ArmVirtPkg/ArmVirtQemu.dsc
>>>> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
>>>> @@ -43,10 +43,6 @@ [Defines]
>>>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>>>> !endif
>>>>
>>>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>>>> -!endif
>>>> -
>>>> !include NetworkPkg/NetworkDefines.dsc.inc
>>>>
>>>> !include ArmVirtPkg/ArmVirt.dsc.inc
>>>> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
>>>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + #
>>>> + # The cumulative and individual VOLATILE variable size limits should be set
>>>> + # high enough for accommodating several and/or large CA certificates.
>>>> + #
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>>>> +!endif
>>>>
>>>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>>>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>>>> @@ -372,6 +376,12 @@ [Components.common]
>>>> # Networking stack
>>>> #
>>>> !include NetworkPkg/NetworkComponents.dsc.inc
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>>>> + <LibraryClasses>
>>>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>>>> + }
>>>> +!endif
>>>>
>>>> #
>>>> # SCSI Bus and Disk Driver
>>>> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>>>> index 596e59739cab..3b0f04967a4b 100644
>>>> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
>>>> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>>>> @@ -43,10 +43,6 @@ [Defines]
>>>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>>>> !endif
>>>>
>>>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>>>> -!endif
>>>> -
>>>> !include NetworkPkg/NetworkDefines.dsc.inc
>>>>
>>>> !include ArmVirtPkg/ArmVirt.dsc.inc
>>>> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
>>>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + #
>>>> + # The cumulative and individual VOLATILE variable size limits should be set
>>>> + # high enough for accommodating several and/or large CA certificates.
>>>> + #
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>>>> +!endif
>>>>
>>>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>>>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>>>> @@ -356,6 +360,12 @@ [Components.common]
>>>> # Networking stack
>>>> #
>>>> !include NetworkPkg/NetworkComponents.dsc.inc
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>>>> + <LibraryClasses>
>>>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>>>> + }
>>>> +!endif
>>>>
>>>> #
>>>> # SCSI Bus and Disk Driver
>>>> --
>>>> 2.19.1.3.g30247aa5d201
>>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
2019-06-24 19:13 [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* Laszlo Ersek
2019-06-25 8:50 ` Ard Biesheuvel
2019-06-25 14:55 ` Philippe Mathieu-Daudé
@ 2019-06-28 4:48 ` Gary Lin
2019-06-28 16:10 ` [edk2-devel] " Laszlo Ersek
2019-06-28 16:13 ` Laszlo Ersek
3 siblings, 1 reply; 10+ messages in thread
From: Gary Lin @ 2019-06-28 4:48 UTC (permalink / raw)
To: Laszlo Ersek
Cc: edk2-devel-groups-io, Ard Biesheuvel, Guillaume GARDET,
Julien Grall
On Mon, Jun 24, 2019 at 09:13:36PM +0200, Laszlo Ersek wrote:
> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> ArmVirtXen is not modified because it doesn't include the edk2 network
> stack.
>
> (This change is now simpler than it would have been when TianoCore#1009
> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>
> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>
I tested both HTTPS IPv4 and IPv6, and it worked as expected.
The bootloader was loaded after enrolling the correct certificate, and
the firmware rejected the connection when enrolling the wrong
certificate.
Tested-by: Gary Lin <glin@suse.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>
> Notes:
> Repo: https://github.com/lersek/edk2.git
> Branch: armvirt_tls_bz1009
>
> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> 3 files changed, 35 insertions(+), 8 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index 20bf011617a1..a4ae25d982a2 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>
> # Networking Requirements
> !include NetworkPkg/NetworkLibs.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> +!endif
>
>
> #
> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> # CryptoPkg libraries needed by multiple firmware features
> #
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +!else
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +!endif
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>
> #
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index cf28478977e1..7ae6702ac1f0 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -372,6 +376,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> index 596e59739cab..3b0f04967a4b 100644
> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -356,6 +360,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> --
> 2.19.1.3.g30247aa5d201
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
2019-06-28 4:48 ` Gary Lin
@ 2019-06-28 16:10 ` Laszlo Ersek
0 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek @ 2019-06-28 16:10 UTC (permalink / raw)
To: devel, glin; +Cc: Ard Biesheuvel, Guillaume GARDET, Julien Grall
On 06/28/19 06:48, Gary Lin wrote:
> On Mon, Jun 24, 2019 at 09:13:36PM +0200, Laszlo Ersek wrote:
>> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
>> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
>> ArmVirtXen is not modified because it doesn't include the edk2 network
>> stack.
>>
>> (This change is now simpler than it would have been when TianoCore#1009
>> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
>> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>>
>> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>>
> I tested both HTTPS IPv4 and IPv6, and it worked as expected.
> The bootloader was loaded after enrolling the correct certificate, and
> the firmware rejected the connection when enrolling the wrong
> certificate.
>
> Tested-by: Gary Lin <glin@suse.com>
Awesome, thanks!
Laszlo
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Gary Lin <glin@suse.com>
>> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
>> Cc: Julien Grall <julien.grall@arm.com>
>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>> ---
>>
>> Notes:
>> Repo: https://github.com/lersek/edk2.git
>> Branch: armvirt_tls_bz1009
>>
>> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
>> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
>> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
>> 3 files changed, 35 insertions(+), 8 deletions(-)
>>
>> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
>> index 20bf011617a1..a4ae25d982a2 100644
>> --- a/ArmVirtPkg/ArmVirt.dsc.inc
>> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>>
>> # Networking Requirements
>> !include NetworkPkg/NetworkLibs.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>> +!endif
>>
>>
>> #
>> @@ -136,7 +139,11 @@ [LibraryClasses.common]
>> # CryptoPkg libraries needed by multiple firmware features
>> #
>> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
>> +!else
>> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
>> +!endif
>> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>>
>> #
>> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
>> index cf28478977e1..7ae6702ac1f0 100644
>> --- a/ArmVirtPkg/ArmVirtQemu.dsc
>> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
>> @@ -43,10 +43,6 @@ [Defines]
>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>> !endif
>>
>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>> -!endif
>> -
>> !include NetworkPkg/NetworkDefines.dsc.inc
>>
>> !include ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + #
>> + # The cumulative and individual VOLATILE variable size limits should be set
>> + # high enough for accommodating several and/or large CA certificates.
>> + #
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>> +!endif
>>
>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>> @@ -372,6 +376,12 @@ [Components.common]
>> # Networking stack
>> #
>> !include NetworkPkg/NetworkComponents.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>> + <LibraryClasses>
>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>> + }
>> +!endif
>>
>> #
>> # SCSI Bus and Disk Driver
>> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> index 596e59739cab..3b0f04967a4b 100644
>> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> @@ -43,10 +43,6 @@ [Defines]
>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>> !endif
>>
>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>> -!endif
>> -
>> !include NetworkPkg/NetworkDefines.dsc.inc
>>
>> !include ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + #
>> + # The cumulative and individual VOLATILE variable size limits should be set
>> + # high enough for accommodating several and/or large CA certificates.
>> + #
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>> +!endif
>>
>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>> @@ -356,6 +360,12 @@ [Components.common]
>> # Networking stack
>> #
>> !include NetworkPkg/NetworkComponents.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>> + <LibraryClasses>
>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>> + }
>> +!endif
>>
>> #
>> # SCSI Bus and Disk Driver
>> --
>> 2.19.1.3.g30247aa5d201
>>
>>
>
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
2019-06-24 19:13 [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* Laszlo Ersek
` (2 preceding siblings ...)
2019-06-28 4:48 ` Gary Lin
@ 2019-06-28 16:13 ` Laszlo Ersek
3 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek @ 2019-06-28 16:13 UTC (permalink / raw)
To: edk2-devel-groups-io
Cc: Ard Biesheuvel, Gary Lin, Guillaume GARDET, Julien Grall,
Philippe Mathieu-Daudé
On 06/24/19 21:13, Laszlo Ersek wrote:
> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> ArmVirtXen is not modified because it doesn't include the edk2 network
> stack.
>
> (This change is now simpler than it would have been when TianoCore#1009
> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>
> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>
> Notes:
> Repo: https://github.com/lersek/edk2.git
> Branch: armvirt_tls_bz1009
>
> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> 3 files changed, 35 insertions(+), 8 deletions(-)
Thank you all for the feedback, I've pushed the patch as commit
ffe048a0807b.
Laszlo
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2019-06-28 16:13 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-24 19:13 [PATCH] ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* Laszlo Ersek
2019-06-25 8:50 ` Ard Biesheuvel
2019-06-25 11:22 ` [edk2-devel] " Laszlo Ersek
2019-06-25 12:01 ` Guillaume Gardet
2019-06-26 1:55 ` Gary Lin
2019-06-26 8:55 ` Laszlo Ersek
2019-06-25 14:55 ` Philippe Mathieu-Daudé
2019-06-28 4:48 ` Gary Lin
2019-06-28 16:10 ` [edk2-devel] " Laszlo Ersek
2019-06-28 16:13 ` Laszlo Ersek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox