1. Patchew
  2. EDK2
  3. [edk2-devel] [PATCH V4 00/13] Disable the deprecated MD5 and SHA1 support
  4. View patch

[edk2-devel] [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default

Gao, Zhichao posted 13 patches 5 years, 2 months ago
[edk2-devel] [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default
Posted by Gao, Zhichao 5 years, 2 months ago 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

iSCSI is using the deprecated function MD5. It is
better to make the default setting secure. If the platforms
want to use the iSCSI, they should enable it in the platforms'
dsc file and be aware they are using an function with weak
cryptography.

Enable iSCSI in NetworkPkg.dsc for build.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Zailiang Sun <zailiang.sun@intel.com>
Cc: Yi Qian <yi.qian@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
 NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
 NetworkPkg/NetworkPkg.dsc         | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc
index a442d1b157..18921d81f6 100644
--- a/NetworkPkg/NetworkDefines.dsc.inc
+++ b/NetworkPkg/NetworkDefines.dsc.inc
@@ -17,7 +17,7 @@
 #   DEFINE NETWORK_TLS_ENABLE             = TRUE
 #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
 #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
-#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
+#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
 #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
 #
 # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
@@ -101,7 +101,7 @@
   #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
   #       since libssl is not required for iSCSI.
   #
-  DEFINE NETWORK_ISCSI_ENABLE = TRUE
+  DEFINE NETWORK_ISCSI_ENABLE = FALSE
 !endif
 
 !if $(NETWORK_ENABLE) == TRUE
diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
index 716d04fdad..e508995e3a 100644
--- a/NetworkPkg/NetworkPkg.dsc
+++ b/NetworkPkg/NetworkPkg.dsc
@@ -2,7 +2,7 @@
 # UEFI 2.4 Network Module Package for All Architectures
 #
 # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
 #    SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -18,6 +18,8 @@
   BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
   SKUID_IDENTIFIER               = DEFAULT
 
+  DEFINE NETWORK_ISCSI_ENABLE    = TRUE
+
 [LibraryClasses]
   DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
   BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
-- 
2.21.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67371): https://edk2.groups.io/g/devel/message/67371
Mute This Topic: https://groups.io/mt/78201071/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default
Posted by Laszlo Ersek 5 years, 2 months ago 
On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> iSCSI is using the deprecated function MD5. It is
> better to make the default setting secure. If the platforms
> want to use the iSCSI, they should enable it in the platforms'
> dsc file and be aware they are using an function with weak
> cryptography.
> 
> Enable iSCSI in NetworkPkg.dsc for build.
> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Zailiang Sun <zailiang.sun@intel.com>
> Cc: Yi Qian <yi.qian@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
>  NetworkPkg/NetworkPkg.dsc         | 4 +++-
>  2 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc
> index a442d1b157..18921d81f6 100644
> --- a/NetworkPkg/NetworkDefines.dsc.inc
> +++ b/NetworkPkg/NetworkDefines.dsc.inc
> @@ -17,7 +17,7 @@
>  #   DEFINE NETWORK_TLS_ENABLE             = TRUE
>  #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
>  #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> -#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
> +#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
>  #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
>  #
>  # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> @@ -101,7 +101,7 @@
>    #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
>    #       since libssl is not required for iSCSI.
>    #
> -  DEFINE NETWORK_ISCSI_ENABLE = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE = FALSE
>  !endif
>  
>  !if $(NETWORK_ENABLE) == TRUE
> diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
> index 716d04fdad..e508995e3a 100644
> --- a/NetworkPkg/NetworkPkg.dsc
> +++ b/NetworkPkg/NetworkPkg.dsc
> @@ -2,7 +2,7 @@
>  # UEFI 2.4 Network Module Package for All Architectures
>  #
>  # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
> -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
>  #    SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -18,6 +18,8 @@
>    BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
>    SKUID_IDENTIFIER               = DEFAULT
>  
> +  DEFINE NETWORK_ISCSI_ENABLE    = TRUE
> +
>  [LibraryClasses]
>    DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
>    BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67566): https://edk2.groups.io/g/devel/message/67566
Mute This Topic: https://groups.io/mt/78201071/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default
Posted by Maciej Rabeda 5 years, 2 months ago 
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>

On 12-Nov-20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
>
> iSCSI is using the deprecated function MD5. It is
> better to make the default setting secure. If the platforms
> want to use the iSCSI, they should enable it in the platforms'
> dsc file and be aware they are using an function with weak
> cryptography.
>
> Enable iSCSI in NetworkPkg.dsc for build.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Zailiang Sun <zailiang.sun@intel.com>
> Cc: Yi Qian <yi.qian@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>   NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
>   NetworkPkg/NetworkPkg.dsc         | 4 +++-
>   2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc
> index a442d1b157..18921d81f6 100644
> --- a/NetworkPkg/NetworkDefines.dsc.inc
> +++ b/NetworkPkg/NetworkDefines.dsc.inc
> @@ -17,7 +17,7 @@
>   #   DEFINE NETWORK_TLS_ENABLE             = TRUE
>   #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
>   #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> -#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
> +#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
>   #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
>   #
>   # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> @@ -101,7 +101,7 @@
>     #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
>     #       since libssl is not required for iSCSI.
>     #
> -  DEFINE NETWORK_ISCSI_ENABLE = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE = FALSE
>   !endif
>   
>   !if $(NETWORK_ENABLE) == TRUE
> diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
> index 716d04fdad..e508995e3a 100644
> --- a/NetworkPkg/NetworkPkg.dsc
> +++ b/NetworkPkg/NetworkPkg.dsc
> @@ -2,7 +2,7 @@
>   # UEFI 2.4 Network Module Package for All Architectures
>   #
>   # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
> -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>   # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
>   #    SPDX-License-Identifier: BSD-2-Clause-Patent
>   #
> @@ -18,6 +18,8 @@
>     BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
>     SKUID_IDENTIFIER               = DEFAULT
>   
> +  DEFINE NETWORK_ISCSI_ENABLE    = TRUE
> +
>   [LibraryClasses]
>     DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
>     BaseLib|MdePkg/Library/BaseLib/BaseLib.inf



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67604): https://edk2.groups.io/g/devel/message/67604
Mute This Topic: https://groups.io/mt/78201071/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default
Posted by Siyuan, Fu 5 years, 2 months ago 
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: 2020年11月12日 13:56
> To: devel@edk2.groups.io
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu,
> XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly
> <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; Qian, Yi
> <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Maciej Rabeda
> <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan
> <siyuan.fu@intel.com>
> Subject: [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> iSCSI is using the deprecated function MD5. It is
> better to make the default setting secure. If the platforms
> want to use the iSCSI, they should enable it in the platforms'
> dsc file and be aware they are using an function with weak
> cryptography.
> 
> Enable iSCSI in NetworkPkg.dsc for build.
> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Zailiang Sun <zailiang.sun@intel.com>
> Cc: Yi Qian <yi.qian@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
>  NetworkPkg/NetworkPkg.dsc         | 4 +++-
>  2 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/NetworkPkg/NetworkDefines.dsc.inc
> b/NetworkPkg/NetworkDefines.dsc.inc
> index a442d1b157..18921d81f6 100644
> --- a/NetworkPkg/NetworkDefines.dsc.inc
> +++ b/NetworkPkg/NetworkDefines.dsc.inc
> @@ -17,7 +17,7 @@
>  #   DEFINE NETWORK_TLS_ENABLE             = TRUE
>  #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
>  #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> -#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
> +#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
>  #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
>  #
>  # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> @@ -101,7 +101,7 @@
>    #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
>    #       since libssl is not required for iSCSI.
>    #
> -  DEFINE NETWORK_ISCSI_ENABLE = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE = FALSE
>  !endif
> 
>  !if $(NETWORK_ENABLE) == TRUE
> diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
> index 716d04fdad..e508995e3a 100644
> --- a/NetworkPkg/NetworkPkg.dsc
> +++ b/NetworkPkg/NetworkPkg.dsc
> @@ -2,7 +2,7 @@
>  # UEFI 2.4 Network Module Package for All Architectures
>  #
>  # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
> -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights
> reserved.<BR>
>  #    SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -18,6 +18,8 @@
>    BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
>    SKUID_IDENTIFIER               = DEFAULT
> 
> +  DEFINE NETWORK_ISCSI_ENABLE    = TRUE
> +
>  [LibraryClasses]
>    DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
>    BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> --
> 2.21.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67603): https://edk2.groups.io/g/devel/message/67603
Mute This Topic: https://groups.io/mt/78201071/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.