ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++ ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++---- ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++---- 3 files changed, 35 insertions(+), 8 deletions(-)
Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
ArmVirtXen is not modified because it doesn't include the edk2 network
stack.
(This change is now simpler than it would have been when TianoCore#1009
was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Guillaume GARDET <guillaume.gardet@arm.com>
Cc: Julien Grall <julien.grall@arm.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Notes:
Repo: https://github.com/lersek/edk2.git
Branch: armvirt_tls_bz1009
ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
3 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 20bf011617a1..a4ae25d982a2 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -71,6 +71,9 @@ [LibraryClasses.common]
# Networking Requirements
!include NetworkPkg/NetworkLibs.dsc.inc
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+!endif
#
@@ -136,7 +139,11 @@ [LibraryClasses.common]
# CryptoPkg libraries needed by multiple firmware features
#
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
#
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index cf28478977e1..7ae6702ac1f0 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -43,10 +43,6 @@ [Defines]
!error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
!endif
-!if $(NETWORK_TLS_ENABLE) == TRUE
- !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
-!endif
-
!include NetworkPkg/NetworkDefines.dsc.inc
!include ArmVirtPkg/ArmVirt.dsc.inc
@@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ #
+ # The cumulative and individual VOLATILE variable size limits should be set
+ # high enough for accommodating several and/or large CA certificates.
+ #
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
+!endif
# Size of the region used by UEFI in permanent memory (Reserved 64MB)
gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
@@ -372,6 +376,12 @@ [Components.common]
# Networking stack
#
!include NetworkPkg/NetworkComponents.dsc.inc
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
+ <LibraryClasses>
+ NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
+ }
+!endif
#
# SCSI Bus and Disk Driver
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 596e59739cab..3b0f04967a4b 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -43,10 +43,6 @@ [Defines]
!error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
!endif
-!if $(NETWORK_TLS_ENABLE) == TRUE
- !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
-!endif
-
!include NetworkPkg/NetworkDefines.dsc.inc
!include ArmVirtPkg/ArmVirt.dsc.inc
@@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ #
+ # The cumulative and individual VOLATILE variable size limits should be set
+ # high enough for accommodating several and/or large CA certificates.
+ #
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
+!endif
# Size of the region used by UEFI in permanent memory (Reserved 64MB)
gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
@@ -356,6 +360,12 @@ [Components.common]
# Networking stack
#
!include NetworkPkg/NetworkComponents.dsc.inc
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
+ <LibraryClasses>
+ NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
+ }
+!endif
#
# SCSI Bus and Disk Driver
--
2.19.1.3.g30247aa5d201
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42754): https://edk2.groups.io/g/devel/message/42754
Mute This Topic: https://groups.io/mt/32195878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
>
> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> ArmVirtXen is not modified because it doesn't include the edk2 network
> stack.
>
> (This change is now simpler than it would have been when TianoCore#1009
> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>
> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>
> Notes:
> Repo: https://github.com/lersek/edk2.git
> Branch: armvirt_tls_bz1009
>
> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> 3 files changed, 35 insertions(+), 8 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index 20bf011617a1..a4ae25d982a2 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>
> # Networking Requirements
> !include NetworkPkg/NetworkLibs.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> +!endif
>
>
> #
> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> # CryptoPkg libraries needed by multiple firmware features
> #
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +!else
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +!endif
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>
> #
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index cf28478977e1..7ae6702ac1f0 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -372,6 +376,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> index 596e59739cab..3b0f04967a4b 100644
> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -356,6 +360,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> --
> 2.19.1.3.g30247aa5d201
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42797): https://edk2.groups.io/g/devel/message/42797
Mute This Topic: https://groups.io/mt/32195878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On 06/25/19 10:50, Ard Biesheuvel wrote:
> On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
>>
>> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
>> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
>> ArmVirtXen is not modified because it doesn't include the edk2 network
>> stack.
>>
>> (This change is now simpler than it would have been when TianoCore#1009
>> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
>> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>>
>> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Gary Lin <glin@suse.com>
>> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
>> Cc: Julien Grall <julien.grall@arm.com>
>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>
> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Thanks!
Gary, Guillaume, do you plan to follow up with T-b's? Should I wait for
those tags before pushing the patch?
(I tested the patch with HTTPS boot over IPv4, before posting it.)
Thanks!
Laszlo
>> Notes:
>> Repo: https://github.com/lersek/edk2.git
>> Branch: armvirt_tls_bz1009
>>
>> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
>> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
>> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
>> 3 files changed, 35 insertions(+), 8 deletions(-)
>>
>> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
>> index 20bf011617a1..a4ae25d982a2 100644
>> --- a/ArmVirtPkg/ArmVirt.dsc.inc
>> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>>
>> # Networking Requirements
>> !include NetworkPkg/NetworkLibs.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>> +!endif
>>
>>
>> #
>> @@ -136,7 +139,11 @@ [LibraryClasses.common]
>> # CryptoPkg libraries needed by multiple firmware features
>> #
>> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
>> +!else
>> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
>> +!endif
>> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>>
>> #
>> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
>> index cf28478977e1..7ae6702ac1f0 100644
>> --- a/ArmVirtPkg/ArmVirtQemu.dsc
>> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
>> @@ -43,10 +43,6 @@ [Defines]
>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>> !endif
>>
>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>> -!endif
>> -
>> !include NetworkPkg/NetworkDefines.dsc.inc
>>
>> !include ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + #
>> + # The cumulative and individual VOLATILE variable size limits should be set
>> + # high enough for accommodating several and/or large CA certificates.
>> + #
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>> +!endif
>>
>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>> @@ -372,6 +376,12 @@ [Components.common]
>> # Networking stack
>> #
>> !include NetworkPkg/NetworkComponents.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>> + <LibraryClasses>
>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>> + }
>> +!endif
>>
>> #
>> # SCSI Bus and Disk Driver
>> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> index 596e59739cab..3b0f04967a4b 100644
>> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> @@ -43,10 +43,6 @@ [Defines]
>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>> !endif
>>
>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>> -!endif
>> -
>> !include NetworkPkg/NetworkDefines.dsc.inc
>>
>> !include ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + #
>> + # The cumulative and individual VOLATILE variable size limits should be set
>> + # high enough for accommodating several and/or large CA certificates.
>> + #
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>> +!endif
>>
>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>> @@ -356,6 +360,12 @@ [Components.common]
>> # Networking stack
>> #
>> !include NetworkPkg/NetworkComponents.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>> + <LibraryClasses>
>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>> + }
>> +!endif
>>
>> #
>> # SCSI Bus and Disk Driver
>> --
>> 2.19.1.3.g30247aa5d201
>>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42808): https://edk2.groups.io/g/devel/message/42808
Mute This Topic: https://groups.io/mt/32195878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Hi,
> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: 25 June 2019 13:22
> To: Gary Lin <glin@suse.com>; Guillaume Gardet
> <Guillaume.Gardet@arm.com>
> Cc: devel@edk2.groups.io; ard.biesheuvel@linaro.org; Julien Grall
> <Julien.Grall@arm.com>
> Subject: Re: [edk2-devel] [PATCH] ArmVirtPkg: handle
> NETWORK_TLS_ENABLE in ArmVirtQemu*
>
> On 06/25/19 10:50, Ard Biesheuvel wrote:
> > On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
> >>
> >> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components]
> >> settings that are related to NETWORK_TLS_ENABLE from OvmfPkg to
> ArmVirtPkg.
> >> ArmVirtXen is not modified because it doesn't include the edk2
> >> network stack.
> >>
> >> (This change is now simpler than it would have been when
> >> TianoCore#1009 was originally filed, due to ArmVirtPkg consuming the
> >> NetworkPkg include fragments meanwhile, from TianoCore#1293 /
> commit
> >> 157a3b1aa50f.)
> >>
> >> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
> >>
> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >> Cc: Gary Lin <glin@suse.com>
> >> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> >> Cc: Julien Grall <julien.grall@arm.com>
> >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> >> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> >
> > Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> Thanks!
>
> Gary, Guillaume, do you plan to follow up with T-b's? Should I wait for those
> tags before pushing the patch?
Reviewed-by: Guillaume Gardet <guillaume.gardet@arm.com>
I cannot test it right now, so feel free to push it.
Thanks,
Guillaume
>
> (I tested the patch with HTTPS boot over IPv4, before posting it.)
>
> Thanks!
> Laszlo
>
> >> Notes:
> >> Repo: https://github.com/lersek/edk2.git
> >> Branch: armvirt_tls_bz1009
> >>
> >> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> >> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> >> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> >> 3 files changed, 35 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> >> index 20bf011617a1..a4ae25d982a2 100644
> >> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> >> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -71,6 +71,9 @@ [LibraryClasses.common]
> >>
> >> # Networking Requirements
> >> !include NetworkPkg/NetworkLibs.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> >> +!endif
> >>
> >>
> >> #
> >> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> >> # CryptoPkg libraries needed by multiple firmware features
> >> #
> >> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >> +!else
> >> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> >> +!endif
> >> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> >>
> >> #
> >> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc
> b/ArmVirtPkg/ArmVirtQemu.dsc
> >> index cf28478977e1..7ae6702ac1f0 100644
> >> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >> !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> - !error "NETWORK_TLS_ENABLE is tracked at
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >> !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >> !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> >> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + #
> >> + # The cumulative and individual VOLATILE variable size limits
> >> +should be set
> >> + # high enough for accommodating several and/or large CA certificates.
> >> + #
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >> # Size of the region used by UEFI in permanent memory (Reserved
> 64MB)
> >>
> >>
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x040000
> 00
> >> @@ -372,6 +376,12 @@ [Components.common]
> >> # Networking stack
> >> #
> >> !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> + <LibraryClasses>
> >> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> + }
> >> +!endif
> >>
> >> #
> >> # SCSI Bus and Disk Driver
> >> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> index 596e59739cab..3b0f04967a4b 100644
> >> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >> !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> - !error "NETWORK_TLS_ENABLE is tracked at
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >> !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >> !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> >> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + #
> >> + # The cumulative and individual VOLATILE variable size limits
> >> +should be set
> >> + # high enough for accommodating several and/or large CA certificates.
> >> + #
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >> # Size of the region used by UEFI in permanent memory (Reserved
> 64MB)
> >>
> >>
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x040000
> 00
> >> @@ -356,6 +360,12 @@ [Components.common]
> >> # Networking stack
> >> #
> >> !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> + <LibraryClasses>
> >> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> + }
> >> +!endif
> >>
> >> #
> >> # SCSI Bus and Disk Driver
> >> --
> >> 2.19.1.3.g30247aa5d201
> >>
> >
> >
> >
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42822): https://edk2.groups.io/g/devel/message/42822
Mute This Topic: https://groups.io/mt/32195878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On Tue, Jun 25, 2019 at 01:22:16PM +0200, Laszlo Ersek wrote:
> On 06/25/19 10:50, Ard Biesheuvel wrote:
> > On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
> >>
> >> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> >> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> >> ArmVirtXen is not modified because it doesn't include the edk2 network
> >> stack.
> >>
> >> (This change is now simpler than it would have been when TianoCore#1009
> >> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> >> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
> >>
> >> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
> >>
> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >> Cc: Gary Lin <glin@suse.com>
> >> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> >> Cc: Julien Grall <julien.grall@arm.com>
> >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> >> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> >
> > Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> Thanks!
>
> Gary, Guillaume, do you plan to follow up with T-b's? Should I wait for
> those tags before pushing the patch?
>
Hi Laszlo,
I'm currently busy with something else. If you can wait, I could do the
test this Friday.
Gary Lin
> (I tested the patch with HTTPS boot over IPv4, before posting it.)
>
> Thanks!
> Laszlo
>
> >> Notes:
> >> Repo: https://github.com/lersek/edk2.git
> >> Branch: armvirt_tls_bz1009
> >>
> >> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> >> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> >> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> >> 3 files changed, 35 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> >> index 20bf011617a1..a4ae25d982a2 100644
> >> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> >> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -71,6 +71,9 @@ [LibraryClasses.common]
> >>
> >> # Networking Requirements
> >> !include NetworkPkg/NetworkLibs.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> >> +!endif
> >>
> >>
> >> #
> >> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> >> # CryptoPkg libraries needed by multiple firmware features
> >> #
> >> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >> +!else
> >> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> >> +!endif
> >> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> >>
> >> #
> >> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> >> index cf28478977e1..7ae6702ac1f0 100644
> >> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >> !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >> !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >> !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> >> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + #
> >> + # The cumulative and individual VOLATILE variable size limits should be set
> >> + # high enough for accommodating several and/or large CA certificates.
> >> + #
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> >> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> >> @@ -372,6 +376,12 @@ [Components.common]
> >> # Networking stack
> >> #
> >> !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> + <LibraryClasses>
> >> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> + }
> >> +!endif
> >>
> >> #
> >> # SCSI Bus and Disk Driver
> >> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> index 596e59739cab..3b0f04967a4b 100644
> >> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> >> @@ -43,10 +43,6 @@ [Defines]
> >> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> >> !endif
> >>
> >> -!if $(NETWORK_TLS_ENABLE) == TRUE
> >> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> >> -!endif
> >> -
> >> !include NetworkPkg/NetworkDefines.dsc.inc
> >>
> >> !include ArmVirtPkg/ArmVirt.dsc.inc
> >> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> >> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + #
> >> + # The cumulative and individual VOLATILE variable size limits should be set
> >> + # high enough for accommodating several and/or large CA certificates.
> >> + #
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> >> +!endif
> >>
> >> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> >> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> >> @@ -356,6 +360,12 @@ [Components.common]
> >> # Networking stack
> >> #
> >> !include NetworkPkg/NetworkComponents.dsc.inc
> >> +!if $(NETWORK_TLS_ENABLE) == TRUE
> >> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> >> + <LibraryClasses>
> >> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> >> + }
> >> +!endif
> >>
> >> #
> >> # SCSI Bus and Disk Driver
> >> --
> >> 2.19.1.3.g30247aa5d201
> >>
> >
> >
> >
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42851): https://edk2.groups.io/g/devel/message/42851
Mute This Topic: https://groups.io/mt/32195878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On 06/26/19 03:55, Gary Lin wrote:
> On Tue, Jun 25, 2019 at 01:22:16PM +0200, Laszlo Ersek wrote:
>> On 06/25/19 10:50, Ard Biesheuvel wrote:
>>> On Mon, 24 Jun 2019 at 21:13, Laszlo Ersek <lersek@redhat.com> wrote:
>>>>
>>>> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
>>>> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
>>>> ArmVirtXen is not modified because it doesn't include the edk2 network
>>>> stack.
>>>>
>>>> (This change is now simpler than it would have been when TianoCore#1009
>>>> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
>>>> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>>>>
>>>> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>>>>
>>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>> Cc: Gary Lin <glin@suse.com>
>>>> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
>>>> Cc: Julien Grall <julien.grall@arm.com>
>>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
>>>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>>>
>>> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>
>> Thanks!
>>
>> Gary, Guillaume, do you plan to follow up with T-b's? Should I wait for
>> those tags before pushing the patch?
>>
> Hi Laszlo,
>
> I'm currently busy with something else. If you can wait, I could do the
> test this Friday.
I'll wait; I appreciate testing.
Thank you!
Laszlo
>
> Gary Lin
>
>> (I tested the patch with HTTPS boot over IPv4, before posting it.)
>>
>> Thanks!
>> Laszlo
>>
>>>> Notes:
>>>> Repo: https://github.com/lersek/edk2.git
>>>> Branch: armvirt_tls_bz1009
>>>>
>>>> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
>>>> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
>>>> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
>>>> 3 files changed, 35 insertions(+), 8 deletions(-)
>>>>
>>>> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
>>>> index 20bf011617a1..a4ae25d982a2 100644
>>>> --- a/ArmVirtPkg/ArmVirt.dsc.inc
>>>> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
>>>> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>>>>
>>>> # Networking Requirements
>>>> !include NetworkPkg/NetworkLibs.dsc.inc
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>>>> +!endif
>>>>
>>>>
>>>> #
>>>> @@ -136,7 +139,11 @@ [LibraryClasses.common]
>>>> # CryptoPkg libraries needed by multiple firmware features
>>>> #
>>>> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
>>>> +!else
>>>> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
>>>> +!endif
>>>> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>>>>
>>>> #
>>>> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
>>>> index cf28478977e1..7ae6702ac1f0 100644
>>>> --- a/ArmVirtPkg/ArmVirtQemu.dsc
>>>> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
>>>> @@ -43,10 +43,6 @@ [Defines]
>>>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>>>> !endif
>>>>
>>>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>>>> -!endif
>>>> -
>>>> !include NetworkPkg/NetworkDefines.dsc.inc
>>>>
>>>> !include ArmVirtPkg/ArmVirt.dsc.inc
>>>> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
>>>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + #
>>>> + # The cumulative and individual VOLATILE variable size limits should be set
>>>> + # high enough for accommodating several and/or large CA certificates.
>>>> + #
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>>>> +!endif
>>>>
>>>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>>>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>>>> @@ -372,6 +376,12 @@ [Components.common]
>>>> # Networking stack
>>>> #
>>>> !include NetworkPkg/NetworkComponents.dsc.inc
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>>>> + <LibraryClasses>
>>>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>>>> + }
>>>> +!endif
>>>>
>>>> #
>>>> # SCSI Bus and Disk Driver
>>>> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>>>> index 596e59739cab..3b0f04967a4b 100644
>>>> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
>>>> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>>>> @@ -43,10 +43,6 @@ [Defines]
>>>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>>>> !endif
>>>>
>>>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>>>> -!endif
>>>> -
>>>> !include NetworkPkg/NetworkDefines.dsc.inc
>>>>
>>>> !include ArmVirtPkg/ArmVirt.dsc.inc
>>>> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
>>>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + #
>>>> + # The cumulative and individual VOLATILE variable size limits should be set
>>>> + # high enough for accommodating several and/or large CA certificates.
>>>> + #
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>>>> +!endif
>>>>
>>>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>>>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>>>> @@ -356,6 +360,12 @@ [Components.common]
>>>> # Networking stack
>>>> #
>>>> !include NetworkPkg/NetworkComponents.dsc.inc
>>>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>>>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>>>> + <LibraryClasses>
>>>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>>>> + }
>>>> +!endif
>>>>
>>>> #
>>>> # SCSI Bus and Disk Driver
>>>> --
>>>> 2.19.1.3.g30247aa5d201
>>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42879): https://edk2.groups.io/g/devel/message/42879
Mute This Topic: https://groups.io/mt/32195878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On 6/24/19 9:13 PM, Laszlo Ersek wrote:
> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> ArmVirtXen is not modified because it doesn't include the edk2 network
> stack.
>
> (This change is now simpler than it would have been when TianoCore#1009
> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>
> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>
> Notes:
> Repo: https://github.com/lersek/edk2.git
> Branch: armvirt_tls_bz1009
>
> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> 3 files changed, 35 insertions(+), 8 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index 20bf011617a1..a4ae25d982a2 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>
> # Networking Requirements
> !include NetworkPkg/NetworkLibs.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> +!endif
>
>
> #
> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> # CryptoPkg libraries needed by multiple firmware features
> #
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +!else
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +!endif
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>
> #
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index cf28478977e1..7ae6702ac1f0 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -372,6 +376,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> index 596e59739cab..3b0f04967a4b 100644
> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -356,6 +360,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42830): https://edk2.groups.io/g/devel/message/42830
Mute This Topic: https://groups.io/mt/32195878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On Mon, Jun 24, 2019 at 09:13:36PM +0200, Laszlo Ersek wrote:
> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
> ArmVirtXen is not modified because it doesn't include the edk2 network
> stack.
>
> (This change is now simpler than it would have been when TianoCore#1009
> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>
> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>
I tested both HTTPS IPv4 and IPv6, and it worked as expected.
The bootloader was loaded after enrolling the correct certificate, and
the firmware rejected the connection when enrolling the wrong
certificate.
Tested-by: Gary Lin <glin@suse.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>
> Notes:
> Repo: https://github.com/lersek/edk2.git
> Branch: armvirt_tls_bz1009
>
> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
> 3 files changed, 35 insertions(+), 8 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index 20bf011617a1..a4ae25d982a2 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>
> # Networking Requirements
> !include NetworkPkg/NetworkLibs.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> +!endif
>
>
> #
> @@ -136,7 +139,11 @@ [LibraryClasses.common]
> # CryptoPkg libraries needed by multiple firmware features
> #
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +!else
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +!endif
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>
> #
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index cf28478977e1..7ae6702ac1f0 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -372,6 +376,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> index 596e59739cab..3b0f04967a4b 100644
> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> @@ -43,10 +43,6 @@ [Defines]
> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> !endif
>
> -!if $(NETWORK_TLS_ENABLE) == TRUE
> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
> -!endif
> -
> !include NetworkPkg/NetworkDefines.dsc.inc
>
> !include ArmVirtPkg/ArmVirt.dsc.inc
> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + #
> + # The cumulative and individual VOLATILE variable size limits should be set
> + # high enough for accommodating several and/or large CA certificates.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
> +!endif
>
> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
> @@ -356,6 +360,12 @@ [Components.common]
> # Networking stack
> #
> !include NetworkPkg/NetworkComponents.dsc.inc
> +!if $(NETWORK_TLS_ENABLE) == TRUE
> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
> + <LibraryClasses>
> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
> + }
> +!endif
>
> #
> # SCSI Bus and Disk Driver
> --
> 2.19.1.3.g30247aa5d201
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42972): https://edk2.groups.io/g/devel/message/42972
Mute This Topic: https://groups.io/mt/32195878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On 06/28/19 06:48, Gary Lin wrote:
> On Mon, Jun 24, 2019 at 09:13:36PM +0200, Laszlo Ersek wrote:
>> Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
>> that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
>> ArmVirtXen is not modified because it doesn't include the edk2 network
>> stack.
>>
>> (This change is now simpler than it would have been when TianoCore#1009
>> was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
>> fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
>>
>> The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
>>
> I tested both HTTPS IPv4 and IPv6, and it worked as expected.
> The bootloader was loaded after enrolling the correct certificate, and
> the firmware rejected the connection when enrolling the wrong
> certificate.
>
> Tested-by: Gary Lin <glin@suse.com>
Awesome, thanks!
Laszlo
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Gary Lin <glin@suse.com>
>> Cc: Guillaume GARDET <guillaume.gardet@arm.com>
>> Cc: Julien Grall <julien.grall@arm.com>
>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>> ---
>>
>> Notes:
>> Repo: https://github.com/lersek/edk2.git
>> Branch: armvirt_tls_bz1009
>>
>> ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
>> ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++----
>> ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++----
>> 3 files changed, 35 insertions(+), 8 deletions(-)
>>
>> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
>> index 20bf011617a1..a4ae25d982a2 100644
>> --- a/ArmVirtPkg/ArmVirt.dsc.inc
>> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -71,6 +71,9 @@ [LibraryClasses.common]
>>
>> # Networking Requirements
>> !include NetworkPkg/NetworkLibs.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>> +!endif
>>
>>
>> #
>> @@ -136,7 +139,11 @@ [LibraryClasses.common]
>> # CryptoPkg libraries needed by multiple firmware features
>> #
>> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
>> +!else
>> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
>> +!endif
>> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>>
>> #
>> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
>> index cf28478977e1..7ae6702ac1f0 100644
>> --- a/ArmVirtPkg/ArmVirtQemu.dsc
>> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
>> @@ -43,10 +43,6 @@ [Defines]
>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>> !endif
>>
>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>> -!endif
>> -
>> !include NetworkPkg/NetworkDefines.dsc.inc
>>
>> !include ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -113,6 +109,14 @@ [PcdsFixedAtBuild.common]
>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + #
>> + # The cumulative and individual VOLATILE variable size limits should be set
>> + # high enough for accommodating several and/or large CA certificates.
>> + #
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>> +!endif
>>
>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>> @@ -372,6 +376,12 @@ [Components.common]
>> # Networking stack
>> #
>> !include NetworkPkg/NetworkComponents.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>> + <LibraryClasses>
>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>> + }
>> +!endif
>>
>> #
>> # SCSI Bus and Disk Driver
>> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> index 596e59739cab..3b0f04967a4b 100644
>> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>> @@ -43,10 +43,6 @@ [Defines]
>> !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
>> !endif
>>
>> -!if $(NETWORK_TLS_ENABLE) == TRUE
>> - !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
>> -!endif
>> -
>> !include NetworkPkg/NetworkDefines.dsc.inc
>>
>> !include ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -118,6 +114,14 @@ [PcdsFixedAtBuild.common]
>> gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + #
>> + # The cumulative and individual VOLATILE variable size limits should be set
>> + # high enough for accommodating several and/or large CA certificates.
>> + #
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>> +!endif
>>
>> # Size of the region used by UEFI in permanent memory (Reserved 64MB)
>> gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
>> @@ -356,6 +360,12 @@ [Components.common]
>> # Networking stack
>> #
>> !include NetworkPkg/NetworkComponents.dsc.inc
>> +!if $(NETWORK_TLS_ENABLE) == TRUE
>> + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
>> + <LibraryClasses>
>> + NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
>> + }
>> +!endif
>>
>> #
>> # SCSI Bus and Disk Driver
>> --
>> 2.19.1.3.g30247aa5d201
>>
>>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#43029): https://edk2.groups.io/g/devel/message/43029
Mute This Topic: https://groups.io/mt/32195878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On 06/24/19 21:13, Laszlo Ersek wrote: > Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings > that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg. > ArmVirtXen is not modified because it doesn't include the edk2 network > stack. > > (This change is now simpler than it would have been when TianoCore#1009 > was originally filed, due to ArmVirtPkg consuming the NetworkPkg include > fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.) > > The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply. > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Gary Lin <glin@suse.com> > Cc: Guillaume GARDET <guillaume.gardet@arm.com> > Cc: Julien Grall <julien.grall@arm.com> > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009 > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > --- > > Notes: > Repo: https://github.com/lersek/edk2.git > Branch: armvirt_tls_bz1009 > > ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++ > ArmVirtPkg/ArmVirtQemu.dsc | 18 ++++++++++++++---- > ArmVirtPkg/ArmVirtQemuKernel.dsc | 18 ++++++++++++++---- > 3 files changed, 35 insertions(+), 8 deletions(-) Thank you all for the feedback, I've pushed the patch as commit ffe048a0807b. Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#43030): https://edk2.groups.io/g/devel/message/43030 Mute This Topic: https://groups.io/mt/32195878/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.