Hi, Laszlo
This PCD is introduced for security consideration, it's not to include/exclude
the whole HTTP boot feature, but to allow/deny unsecured HTTP connection. So
If this PCD is true, both HTTP(http://...) and HTTPS(https://...) are
allowed.
If this PCD is false, only HTTPS connection is allowed, HTTP is
forbidden.
The default is false (HTTPS) only.
For you question, if the new PCD is set to false, and OVFM is built with -D
HTTP_BOOT_ENABLE. All these drivers will still be included in the FD image, but
only HTTPS connection could be establishment. In other words, attempt to boot
from a URL like "http://server/boot.efi"; will be failed.
Siyuan
-----Original Message-----
From: edk2-devel [mailto:[email protected]] On Behalf Of Laszlo
Ersek
Sent: 2017年1月12日 18:23
To: Wu, Jiaxin <[email protected]>; [email protected]
Cc: Ye, Ting <[email protected]>; Ni, Ruiyu <[email protected]>; Fu, Siyuan
<[email protected]>; Gary Ching-Pang Lin <[email protected]>
Subject: Re: [edk2] [Patch 0/2] Enable the HTTP switch
On 01/12/17 09:52, Jiaxin Wu wrote:
> If the value of PcdHttpEnable is TRUE, HTTP is enabled. Both the
> "http://"; and "https://"; schemes are acceptable. Otherwise, HTTP is
> disabled. The "http://"; scheme will be denied.
>
> Cc: Ye Ting <[email protected]>
> Cc: Fu Siyuan <[email protected]>
> Cc: Ruiyu Ni <[email protected]>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin <[email protected]>
>
> Jiaxin Wu (2):
> NetworkPkg: Add PCD to enable the HTTP switch
> Nt32Pkg.dsc: Add HTTP_ENABLE flag
>
> NetworkPkg/HttpBootDxe/HttpBootClient.c | 20 +++++++-
> NetworkPkg/HttpBootDxe/HttpBootConfig.c | 81 ++++++++++++++++++++------------
> NetworkPkg/HttpBootDxe/HttpBootDxe.inf | 5 +-
> NetworkPkg/HttpBootDxe/HttpBootSupport.c | 53 ++++++++++++++++++++-
> NetworkPkg/HttpBootDxe/HttpBootSupport.h | 17 ++++++-
> NetworkPkg/HttpDxe/HttpDxe.inf | 5 +-
> NetworkPkg/HttpDxe/HttpImpl.c | 12 ++++-
> NetworkPkg/NetworkPkg.dec | 8 +++-
> Nt32Pkg/Nt32Pkg.dsc | 9 ++++
> 9 files changed, 173 insertions(+), 37 deletions(-)
>
What is the reasoning behind this change? If a platform doesn't want to support
HTTP booting, it can just exclude the drivers from the build.
Put differently, what use do HttpBootDxe and HttpDxe have if the PCD is set to
FALSE (which is the default)?
I'm asking because OVMF already has a HTTP_BOOT_ENABLE build flag, and it
controls the inclusion of all of:
NetworkPkg/DnsDxe/DnsDxe.inf
NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
NetworkPkg/HttpDxe/HttpDxe.inf
NetworkPkg/HttpBootDxe/HttpBootDxe.inf
So what will this NetworkPkg change mean for OVMF, if OVMF is built with -D
HTTP_BOOT_ENABLE?
Thanks
Laszlo
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
