First, I prefer to keep the OpensslTlsLib and TlsLib modules under
SECURE_BOOT_ENABLE feature. Because these two modules are depended on
OpensslLib module, which is related to SECURE_BOOT_ENABLE flag. If no this
dependency, OpensslTlsLib and TlsLib modules can't work normally.
!if $(SECURE_BOOT_ENABLE) == TRUE
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
OpensslTlsLib|CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
Also, in my logic point of view, TlsDxe consumes OpenSLL library including
BaseCryptLib, new wrapped TlsLib and OpensslTlsLib module. All of those module
are related to SECURE_BOOT_ENABLE flag. If we keep the independence for TlsDxe,
some unexpected error maybe happened.
Qin, how about your opinion?
Thanks.
Jiaxin
> -----Original Message-----
> From: edk2-devel [mailto:[email protected]] On Behalf Of El-
> Haj-Mahmoud, Samer
> Sent: Friday, February 26, 2016 9:19 AM
> To: Ye, Ting <[email protected]>; Wu, Jiaxin <[email protected]>; edk2-
> [email protected]
> Cc: Ni, Ruiyu <[email protected]>; Fu, Siyuan <[email protected]>; Long,
> Qin <[email protected]>
> Subject: Re: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS
> boot feature.
>
> I agree that HTTPs control should be independent from SecurBootEnable
>
>
> -----Original Message-----
> From: edk2-devel [mailto:[email protected]] On Behalf Of Ye,
> Ting
> Sent: Thursday, February 25, 2016 7:11 PM
> To: Wu, Jiaxin <[email protected]>; [email protected]
> Cc: Ni, Ruiyu <[email protected]>; Fu, Siyuan <[email protected]>; Long,
> Qin <[email protected]>
> Subject: Re: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS
> boot feature.
>
> I don't recommend to control The TLS and libraries for HTTPS boot features
> by SECURE_BOOT_ENABLE flag, since it is a totally different feature. Ray,
> what do you think?
>
> Best Regards,
> Ye Ting
>
> -----Original Message-----
> From: edk2-devel [mailto:[email protected]] On Behalf Of
> Jiaxin Wu
> Sent: Wednesday, February 24, 2016 4:15 PM
> To: [email protected]
> Cc: Ye, Ting <[email protected]>; Ni, Ruiyu <[email protected]>; Fu, Siyuan
> <[email protected]>; Long, Qin <[email protected]>
> Subject: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot
> feature.
>
> Cc: Ye Ting <[email protected]>
> Cc: Fu Siyuan <[email protected]>
> Cc: Long Qin <[email protected]>
> Cc: Ruiyu Ni <[email protected]>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiaxin Wu <[email protected]>
> ---
> Nt32Pkg/Nt32Pkg.dsc | 8 +++++++-
> Nt32Pkg/Nt32Pkg.fdf | 7 ++++++-
> 2 files changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index
> 87a08c0..da62b3a 100644
> --- a/Nt32Pkg/Nt32Pkg.dsc
> +++ b/Nt32Pkg/Nt32Pkg.dsc
> @@ -2,11 +2,11 @@
> # EFI/Framework Emulation Platform with UEFI HII interface supported.
> #
> # The Emulation Platform can be used to debug individual modules, prior to
> creating
> # a real platform. This also provides an example for how an DSC is
> created.
> #
> -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2006 - 2016, Intel Corporation. All rights
> +reserved.<BR>
> # Copyright (c) 2015, Hewlett-Packard Development Company, L.P.<BR> #
> (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> #
> # This program and the accompanying materials
> # are licensed and made available under the terms and conditions of the
> BSD License
> @@ -137,10 +137,11 @@
>
> !if $(SECURE_BOOT_ENABLE) == TRUE
>
> PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.in
> f
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> + OpensslTlsLib|CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf
>
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTp
> mMeasurementLib.inf
> AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> !else
>
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tp
> mMeasurementLibNull.inf
>
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL
> ibNull.inf
> @@ -193,10 +194,11 @@
>
> PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt
> 32PeCoffExtraActionLib.inf
>
> ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeE
> xtractGuidedSectionLib.inf
> WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
> !if $(SECURE_BOOT_ENABLE) == TRUE
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> !endif
>
> [LibraryClasses.common.DXE_CORE]
> HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
>
> MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLi
> b/DxeCoreMemoryAllocationLib.inf
> @@ -444,10 +446,14 @@
> NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> NetworkPkg/DnsDxe/DnsDxe.inf
> NetworkPkg/HttpDxe/HttpDxe.inf
> NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
>
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> + NetworkPkg/TlsDxe/TlsDxe.inf
> +!endif
> +
> MdeModulePkg/Universal/BdsDxe/BdsDxe.inf {
> <LibraryClasses>
>
> NULL|MdeModulePkg/Library/BmpImageDecoderLib/BmpImageDecoderLib
> .inf
> }
> MdeModulePkg/Application/UiApp/UiApp.inf{
> diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf index
> a10c12f..0c21ba6 100644
> --- a/Nt32Pkg/Nt32Pkg.fdf
> +++ b/Nt32Pkg/Nt32Pkg.fdf
> @@ -1,9 +1,9 @@
> ## @file
> # This is NT32 FDF file with UEFI HII features enabled # -# Copyright (c)
> 2007
> - 2015, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2007 - 2016, Intel Corporation. All rights
> +reserved.<BR>
> # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> #
> # This program and the accompanying materials
> # are licensed and made available under the terms and conditions of the
> BSD License
> # which accompanies this distribution. The full text of the license may be
> found at
> @@ -260,10 +260,15 @@ INF
> MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
> INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
> INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> INF NetworkPkg/DnsDxe/DnsDxe.inf
> INF NetworkPkg/HttpDxe/HttpDxe.inf
> INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> +
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> +INF NetworkPkg/TlsDxe/TlsDxe.inf
> +!endif
> +
>
> ##########################################################
> ######################
> #
> # FILE statements are provided so that a platform integrator can include #
> complete EFI FFS files, as well as a method for constructing FFS files #
> using
> curly "{}" brace scoping. The following three FILEs are
> --
> 1.9.5.msysgit.1
>
> _______________________________________________
> edk2-devel mailing list
> [email protected]
> https://lists.01.org/mailman/listinfo/edk2-devel
> _______________________________________________
> edk2-devel mailing list
> [email protected]
> https://lists.01.org/mailman/listinfo/edk2-devel
> _______________________________________________
> edk2-devel mailing list
> [email protected]
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
