First, I prefer to keep the OpensslTlsLib and TlsLib modules under SECURE_BOOT_ENABLE feature. Because these two modules are depended on OpensslLib module, which is related to SECURE_BOOT_ENABLE flag. If no this dependency, OpensslTlsLib and TlsLib modules can't work normally.
!if $(SECURE_BOOT_ENABLE) == TRUE OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf OpensslTlsLib|CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf Also, in my logic point of view, TlsDxe consumes OpenSLL library including BaseCryptLib, new wrapped TlsLib and OpensslTlsLib module. All of those module are related to SECURE_BOOT_ENABLE flag. If we keep the independence for TlsDxe, some unexpected error maybe happened. Qin, how about your opinion? Thanks. Jiaxin > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of El- > Haj-Mahmoud, Samer > Sent: Friday, February 26, 2016 9:19 AM > To: Ye, Ting <ting...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com>; edk2- > de...@lists.01.org > Cc: Ni, Ruiyu <ruiyu...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Long, > Qin <qin.l...@intel.com> > Subject: Re: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS > boot feature. > > I agree that HTTPs control should be independent from SecurBootEnable > > > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Ye, > Ting > Sent: Thursday, February 25, 2016 7:11 PM > To: Wu, Jiaxin <jiaxin...@intel.com>; edk2-devel@lists.01.org > Cc: Ni, Ruiyu <ruiyu...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Long, > Qin <qin.l...@intel.com> > Subject: Re: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS > boot feature. > > I don't recommend to control The TLS and libraries for HTTPS boot features > by SECURE_BOOT_ENABLE flag, since it is a totally different feature. Ray, > what do you think? > > Best Regards, > Ye Ting > > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jiaxin Wu > Sent: Wednesday, February 24, 2016 4:15 PM > To: edk2-devel@lists.01.org > Cc: Ye, Ting <ting...@intel.com>; Ni, Ruiyu <ruiyu...@intel.com>; Fu, Siyuan > <siyuan...@intel.com>; Long, Qin <qin.l...@intel.com> > Subject: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot > feature. > > Cc: Ye Ting <ting...@intel.com> > Cc: Fu Siyuan <siyuan...@intel.com> > Cc: Long Qin <qin.l...@intel.com> > Cc: Ruiyu Ni <ruiyu...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiaxin Wu <jiaxin...@intel.com> > --- > Nt32Pkg/Nt32Pkg.dsc | 8 +++++++- > Nt32Pkg/Nt32Pkg.fdf | 7 ++++++- > 2 files changed, 13 insertions(+), 2 deletions(-) > > diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index > 87a08c0..da62b3a 100644 > --- a/Nt32Pkg/Nt32Pkg.dsc > +++ b/Nt32Pkg/Nt32Pkg.dsc > @@ -2,11 +2,11 @@ > # EFI/Framework Emulation Platform with UEFI HII interface supported. > # > # The Emulation Platform can be used to debug individual modules, prior to > creating > # a real platform. This also provides an example for how an DSC is > created. > # > -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2006 - 2016, Intel Corporation. All rights > +reserved.<BR> > # Copyright (c) 2015, Hewlett-Packard Development Company, L.P.<BR> # > (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> # > # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the > BSD License > @@ -137,10 +137,11 @@ > > !if $(SECURE_BOOT_ENABLE) == TRUE > > PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.in > f > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > + OpensslTlsLib|CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf > > TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTp > mMeasurementLib.inf > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > !else > > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tp > mMeasurementLibNull.inf > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL > ibNull.inf > @@ -193,10 +194,11 @@ > > PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt > 32PeCoffExtraActionLib.inf > > ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeE > xtractGuidedSectionLib.inf > WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf > !if $(SECURE_BOOT_ENABLE) == TRUE > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > !endif > > [LibraryClasses.common.DXE_CORE] > HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf > > MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLi > b/DxeCoreMemoryAllocationLib.inf > @@ -444,10 +446,14 @@ > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > NetworkPkg/DnsDxe/DnsDxe.inf > NetworkPkg/HttpDxe/HttpDxe.inf > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > +!if $(SECURE_BOOT_ENABLE) == TRUE > + NetworkPkg/TlsDxe/TlsDxe.inf > +!endif > + > MdeModulePkg/Universal/BdsDxe/BdsDxe.inf { > <LibraryClasses> > > NULL|MdeModulePkg/Library/BmpImageDecoderLib/BmpImageDecoderLib > .inf > } > MdeModulePkg/Application/UiApp/UiApp.inf{ > diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf index > a10c12f..0c21ba6 100644 > --- a/Nt32Pkg/Nt32Pkg.fdf > +++ b/Nt32Pkg/Nt32Pkg.fdf > @@ -1,9 +1,9 @@ > ## @file > # This is NT32 FDF file with UEFI HII features enabled # -# Copyright (c) > 2007 > - 2015, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2007 - 2016, Intel Corporation. All rights > +reserved.<BR> > # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> # > # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the > BSD License > # which accompanies this distribution. The full text of the license may be > found at > @@ -260,10 +260,15 @@ INF > MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf > INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > INF NetworkPkg/DnsDxe/DnsDxe.inf > INF NetworkPkg/HttpDxe/HttpDxe.inf > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > + > +!if $(SECURE_BOOT_ENABLE) == TRUE > +INF NetworkPkg/TlsDxe/TlsDxe.inf > +!endif > + > > ########################################################## > ###################### > # > # FILE statements are provided so that a platform integrator can include # > complete EFI FFS files, as well as a method for constructing FFS files # > using > curly "{}" brace scoping. The following three FILEs are > -- > 1.9.5.msysgit.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel