On 09/22/20 12:49, Ard Biesheuvel wrote: > On 9/22/20 11:23 AM, Laszlo Ersek wrote: >> On 09/22/20 11:18, Laszlo Ersek wrote: >>> In QEMU commit range 4abf70a661a5..69699f3055a5 (later fixed up in QEMU >>> commit 4318432ccd3f), Phil implemented a QEMU facility for exposing the >>> host-side TLS cipher suite configuration to OVMF. The purpose is to >>> control the permitted ciphers in the guest's UEFI HTTPS boot. This >>> complements the forwarding of the host-side crypto policy from the >>> host to >>> the guest -- the other facet was the set of CA certificates (for which >>> p11-kit patches had been upstreamed, on the host side). >>> >>> Mention the new command line options in "OvmfPkg/README". >>> >>> Cc: Ard Biesheuvel <ard.biesheu...@arm.com> >>> Cc: Gary Lin <g...@suse.com> >>> Cc: Jordan Justen <jordan.l.jus...@intel.com> >>> Cc: Philippe Mathieu-Daudé <phi...@redhat.com> >>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2852 >>> Signed-off-by: Laszlo Ersek <ler...@redhat.com> >>> Reviewed-by: Gary Lin <g...@suse.com> >>> Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com> > > Acked-by: Ard Biesheuvel <ard.biesheu...@arm.com>
Merged as commit 3f3daf893089, via <https://github.com/tianocore/edk2/pull/948>. Thanks all, Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65469): https://edk2.groups.io/g/devel/message/65469 Mute This Topic: https://groups.io/mt/77009601/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
