docs/specs/fw_cfg.txt | 13 ++- include/crypto/tls-cipher-suites.h | 39 +++++++++ include/hw/nvram/fw_cfg.h | 43 ++++++++++ crypto/tls-cipher-suites.c | 126 +++++++++++++++++++++++++++++ hw/nvram/fw_cfg.c | 35 ++++++++ softmmu/vl.c | 37 ++++++--- crypto/Makefile.objs | 1 + crypto/trace-events | 5 ++ qemu-options.hx | 37 +++++++++ 9 files changed, 326 insertions(+), 10 deletions(-) create mode 100644 include/crypto/tls-cipher-suites.h create mode 100644 crypto/tls-cipher-suites.c
Hi, This series has 3 parts: - First we add the tls-cipher-suites object - We add the ability to QOM objects to produce data consumable by the fw_cfg device, - Then we let the tls-cipher-suites object implement the FW_CFG_DATA_GENERATOR interface. This is required by EDK2 'HTTPS Boot' feature [*] to tell the guest which TLS ciphers it can use. Since v9: - intent to address Daniel suggestions, rewrite of crypto/* code Since v8: - addressed Laszlo review comments (reword/typos) Since v7: - addressed Laszlo review comments Since v6: - addressed Laszlo & Daniel review comments Since v5: - Complete rewrite after chatting with Daniel Berrangé Since v4: - Addressed Laszlo comments (see patch#1 description) Since v3: - Addressed Markus' comments (do not care about heap) Since v2: - Split of Since v1: - Addressed Michael and Laszlo comments. Phil. $ git backport-diff -u v9 Key: [----] : patches are identical [####] : number of functional differences between upstream/downstream patch [down] : patch is downstream-only The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively 001/5:[0139] [FC] 'crypto: Add tls-cipher-suites object' 002/5:[0052] [FC] 'hw/nvram/fw_cfg: Add the FW_CFG_DATA_GENERATOR interface' 003/5:[0010] [FC] 'softmmu/vl: Let -fw_cfg option take a 'gen_id' argument' 004/5:[----] [--] 'softmmu/vl: Allow -fw_cfg 'gen_id' option to use the 'etc/' namespace' 005/5:[0018] [FC] 'crypto/tls-cipher-suites: Produce fw_cfg consumable blob' [*]: https://github.com/tianocore/edk2/blob/master/OvmfPkg/README v9: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg04046.html v8: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02428.html v7: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg08050.html v6: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05448.html v5: https://lists.gnu.org/archive/html/qemu-devel/2019-06/msg04525.html v4: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg04300.html v3: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg02965.html v2: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg02522.html v1: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg01598.html Philippe Mathieu-Daudé (5): crypto: Add tls-cipher-suites object hw/nvram/fw_cfg: Add the FW_CFG_DATA_GENERATOR interface softmmu/vl: Let -fw_cfg option take a 'gen_id' argument softmmu/vl: Allow -fw_cfg 'gen_id' option to use the 'etc/' namespace crypto/tls-cipher-suites: Produce fw_cfg consumable blob docs/specs/fw_cfg.txt | 13 ++- include/crypto/tls-cipher-suites.h | 39 +++++++++ include/hw/nvram/fw_cfg.h | 43 ++++++++++ crypto/tls-cipher-suites.c | 126 +++++++++++++++++++++++++++++ hw/nvram/fw_cfg.c | 35 ++++++++ softmmu/vl.c | 37 ++++++--- crypto/Makefile.objs | 1 + crypto/trace-events | 5 ++ qemu-options.hx | 37 +++++++++ 9 files changed, 326 insertions(+), 10 deletions(-) create mode 100644 include/crypto/tls-cipher-suites.h create mode 100644 crypto/tls-cipher-suites.c -- 2.21.3
On 6/23/20 7:27 PM, Philippe Mathieu-Daudé wrote: > Hi, > > This series has 3 parts: > > - First we add the tls-cipher-suites object > > - We add the ability to QOM objects to produce data > consumable by the fw_cfg device, > > - Then we let the tls-cipher-suites object implement > the FW_CFG_DATA_GENERATOR interface. > > This is required by EDK2 'HTTPS Boot' feature [*] to tell > the guest which TLS ciphers it can use. > > Since v9: > - intent to address Daniel suggestions, rewrite of crypto/* code I forgot to explain the huge diff due to the rewrite. Daniel suggested to simplify the API by returning a GByteArray: https://www.mail-archive.com/qemu-devel@nongnu.org/msg712887.html https://www.mail-archive.com/qemu-devel@nongnu.org/msg712923.html > $ git backport-diff -u v9 > Key: > [----] : patches are identical > [####] : number of functional differences between upstream/downstream patch > [down] : patch is downstream-only > The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively > > 001/5:[0139] [FC] 'crypto: Add tls-cipher-suites object' > 002/5:[0052] [FC] 'hw/nvram/fw_cfg: Add the FW_CFG_DATA_GENERATOR interface' > 003/5:[0010] [FC] 'softmmu/vl: Let -fw_cfg option take a 'gen_id' argument' > 004/5:[----] [--] 'softmmu/vl: Allow -fw_cfg 'gen_id' option to use the 'etc/' namespace' > 005/5:[0018] [FC] 'crypto/tls-cipher-suites: Produce fw_cfg consumable blob'
On Tue, Jun 23, 2020 at 07:27:21PM +0200, Philippe Mathieu-Daudé wrote: > Hi, > > This series has 3 parts: > > - First we add the tls-cipher-suites object > > - We add the ability to QOM objects to produce data > consumable by the fw_cfg device, > > - Then we let the tls-cipher-suites object implement > the FW_CFG_DATA_GENERATOR interface. > > This is required by EDK2 'HTTPS Boot' feature [*] to tell > the guest which TLS ciphers it can use. On my crypto side, the series is ready to merge. The code is split 50/50 between crypto subsystem and firmware subsystem, so the question is who wants to merge it ? If Laszlo wants to merge it, then consider the whole series to have Acked-by: Daniel P. Berrangé <berrange@redhat.com> If Laszlo wants me to merge it, then I'll just wait for him to give his Ack. Soft-freeze is fast approaching in less than a week... Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 7/1/20 12:31 PM, Daniel P. Berrangé wrote: > On Tue, Jun 23, 2020 at 07:27:21PM +0200, Philippe Mathieu-Daudé wrote: >> Hi, >> >> This series has 3 parts: >> >> - First we add the tls-cipher-suites object >> >> - We add the ability to QOM objects to produce data >> consumable by the fw_cfg device, >> >> - Then we let the tls-cipher-suites object implement >> the FW_CFG_DATA_GENERATOR interface. >> >> This is required by EDK2 'HTTPS Boot' feature [*] to tell >> the guest which TLS ciphers it can use. > > On my crypto side, the series is ready to merge. > > The code is split 50/50 between crypto subsystem and firmware > subsystem, so the question is who wants to merge it ? > > If Laszlo wants to merge it, then consider the whole series > to have Acked-by: Daniel P. Berrangé <berrange@redhat.com> Thanks! > > If Laszlo wants me to merge it, then I'll just wait for him > to give his Ack. > > Soft-freeze is fast approaching in less than a week... Yes, but Laszlo isn't available until tomorrow. I prefer to wait until Friday for his feedback first. If he is too busy, then your help is obviously welcomed! Thanks, Phil.
On 07/01/20 12:31, Daniel P. Berrangé wrote: > On Tue, Jun 23, 2020 at 07:27:21PM +0200, Philippe Mathieu-Daudé wrote: >> Hi, >> >> This series has 3 parts: >> >> - First we add the tls-cipher-suites object >> >> - We add the ability to QOM objects to produce data >> consumable by the fw_cfg device, >> >> - Then we let the tls-cipher-suites object implement >> the FW_CFG_DATA_GENERATOR interface. >> >> This is required by EDK2 'HTTPS Boot' feature [*] to tell >> the guest which TLS ciphers it can use. > > On my crypto side, the series is ready to merge. > > The code is split 50/50 between crypto subsystem and firmware > subsystem, so the question is who wants to merge it ? > > If Laszlo wants to merge it, then consider the whole series > to have Acked-by: Daniel P. Berrangé <berrange@redhat.com> > > If Laszlo wants me to merge it, then I'll just wait for him > to give his Ack. > > Soft-freeze is fast approaching in less than a week... We should let Phil send a pull request. :) Thanks! Laszlo
On Thu, Jul 02, 2020 at 01:00:02PM +0200, Laszlo Ersek wrote: > On 07/01/20 12:31, Daniel P. Berrangé wrote: > > On Tue, Jun 23, 2020 at 07:27:21PM +0200, Philippe Mathieu-Daudé wrote: > >> Hi, > >> > >> This series has 3 parts: > >> > >> - First we add the tls-cipher-suites object > >> > >> - We add the ability to QOM objects to produce data > >> consumable by the fw_cfg device, > >> > >> - Then we let the tls-cipher-suites object implement > >> the FW_CFG_DATA_GENERATOR interface. > >> > >> This is required by EDK2 'HTTPS Boot' feature [*] to tell > >> the guest which TLS ciphers it can use. > > > > On my crypto side, the series is ready to merge. > > > > The code is split 50/50 between crypto subsystem and firmware > > subsystem, so the question is who wants to merge it ? > > > > If Laszlo wants to merge it, then consider the whole series > > to have Acked-by: Daniel P. Berrangé <berrange@redhat.com> > > > > If Laszlo wants me to merge it, then I'll just wait for him > > to give his Ack. > > > > Soft-freeze is fast approaching in less than a week... > > We should let Phil send a pull request. :) Fine by me. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 7/2/20 1:01 PM, Daniel P. Berrangé wrote: > On Thu, Jul 02, 2020 at 01:00:02PM +0200, Laszlo Ersek wrote: >> On 07/01/20 12:31, Daniel P. Berrangé wrote: >>> On Tue, Jun 23, 2020 at 07:27:21PM +0200, Philippe Mathieu-Daudé wrote: >>>> Hi, >>>> >>>> This series has 3 parts: >>>> >>>> - First we add the tls-cipher-suites object >>>> >>>> - We add the ability to QOM objects to produce data >>>> consumable by the fw_cfg device, >>>> >>>> - Then we let the tls-cipher-suites object implement >>>> the FW_CFG_DATA_GENERATOR interface. >>>> >>>> This is required by EDK2 'HTTPS Boot' feature [*] to tell >>>> the guest which TLS ciphers it can use. >>> >>> On my crypto side, the series is ready to merge. >>> >>> The code is split 50/50 between crypto subsystem and firmware >>> subsystem, so the question is who wants to merge it ? >>> >>> If Laszlo wants to merge it, then consider the whole series >>> to have Acked-by: Daniel P. Berrangé <berrange@redhat.com> >>> >>> If Laszlo wants me to merge it, then I'll just wait for him >>> to give his Ack. >>> >>> Soft-freeze is fast approaching in less than a week... >> >> We should let Phil send a pull request. :) > > Fine by me. OK will do, thank to both of you!
© 2016 - 2024 Red Hat, Inc.