On 02/29/16 02:37, Jiaxin Wu wrote: > v2: > *Update to remove 'SECURE_BOOT_ENABLE' flag for all library defined > in CryptoPkg. > > This path is used to enable HTTPS boot feature. > > Cc: Ye Ting <[email protected]> > Cc: Fu Siyuan <[email protected]> > Cc: Long Qin <[email protected]> > Cc: Ruiyu Ni <[email protected]> > Cc: El-Haj-Mahmoud Samer <[email protected]> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiaxin Wu <[email protected]> > --- > Nt32Pkg/Nt32Pkg.dsc | 15 ++++++--------- > Nt32Pkg/Nt32Pkg.fdf | 4 +++- > 2 files changed, 9 insertions(+), 10 deletions(-) > > diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc > index 87a08c0..d297812 100644 > --- a/Nt32Pkg/Nt32Pkg.dsc > +++ b/Nt32Pkg/Nt32Pkg.dsc > @@ -2,11 +2,11 @@ > # EFI/Framework Emulation Platform with UEFI HII interface supported. > # > # The Emulation Platform can be used to debug individual modules, prior to > creating > # a real platform. This also provides an example for how an DSC is > created. > # > -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR> > # Copyright (c) 2015, Hewlett-Packard Development Company, L.P.<BR> > # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> > # > # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the > BSD License > @@ -132,15 +132,16 @@ > > DebugPrintErrorLevelLib|MdeModulePkg/Library/DxeDebugPrintErrorLevelLib/DxeDebugPrintErrorLevelLib.inf > > PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf > DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > + OpensslTlsLib|CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf > > !if $(SECURE_BOOT_ENABLE) == TRUE > PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf > - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > > TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > !else > > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf > @@ -174,13 +175,11 @@ > > OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf > > [LibraryClasses.common.PEIM] > PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > > OemHookStatusCodeLib|Nt32Pkg/Library/PeiNt32OemHookStatusCodeLib/PeiNt32OemHookStatusCodeLib.inf > -!if $(SECURE_BOOT_ENABLE) == TRUE > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > -!endif > > [LibraryClasses.common] > # > # DXE phase common > # > @@ -191,13 +190,12 @@ > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf > > OemHookStatusCodeLib|Nt32Pkg/Library/DxeNt32OemHookStatusCodeLib/DxeNt32OemHookStatusCodeLib.inf > > PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt32PeCoffExtraActionLib.inf > > ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf > WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf > -!if $(SECURE_BOOT_ENABLE) == TRUE > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > -!endif > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > [LibraryClasses.common.DXE_CORE] > HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf > > MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeCoreMemoryAllocationLib.inf > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf > @@ -214,13 +212,11 @@ > > [LibraryClasses.common.DXE_RUNTIME_DRIVER] > # > # Runtime > # > -!if $(SECURE_BOOT_ENABLE) == TRUE > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > -!endif > > > ################################################################################ > # > # Pcd Section - list of all EDK II PCD Entries defined by this Platform > # > @@ -443,10 +439,11 @@ > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > NetworkPkg/DnsDxe/DnsDxe.inf > NetworkPkg/HttpDxe/HttpDxe.inf > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > + NetworkPkg/TlsDxe/TlsDxe.inf > > MdeModulePkg/Universal/BdsDxe/BdsDxe.inf { > <LibraryClasses> > NULL|MdeModulePkg/Library/BmpImageDecoderLib/BmpImageDecoderLib.inf > } > diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf > index a10c12f..aa10ae8 100644 > --- a/Nt32Pkg/Nt32Pkg.fdf > +++ b/Nt32Pkg/Nt32Pkg.fdf > @@ -1,9 +1,9 @@ > ## @file > # This is NT32 FDF file with UEFI HII features enabled > # > -# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR> > # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> > # > # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the > BSD License > # which accompanies this distribution. The full text of the license may > be found at > @@ -260,10 +260,12 @@ INF > MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf > INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > INF NetworkPkg/DnsDxe/DnsDxe.inf > INF NetworkPkg/HttpDxe/HttpDxe.inf > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > +INF NetworkPkg/TlsDxe/TlsDxe.inf > + > > ################################################################################ > # > # FILE statements are provided so that a platform integrator can include > # complete EFI FFS files, as well as a method for constructing FFS files > # using curly "{}" brace scoping. The following three FILEs are >
I remember that it was suggested that HTTPS boot be made independent of SECURE_BOOT_ENABLE, since these were two separate features. However, I think the above patch will make Nt32Pkg impossible to build without adding OpenSSL to the tree. Is that intentional? Should we perhaps introduce a new build flag, like HTTPS_BOOT_ENABLE? Then the OpenSSL-dependent libraries would be resolved for HTTPS_BOOT_ENABLE || SECURE_BOOT_ENABLE, and the TLS driver would only depend on HTTPS_BOOT_ENABLE. Just an idea. Thanks Laszlo _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
