On 04/24/18 10:35, Gary Lin wrote: > Add the new section for HTTPS Boot. > > Changes in v2: > - Fixed the typos > - Added the command for p11-kit based on Laszlo's suggestion > - Also added the efisiglist command > - Elaborated how to create the customized cipher suite list > - Mentioned the changes in QEMU in the future based on Laszlo's > suggestion > > Cc: Ard Biesheuvel <[email protected]> > Cc: Jordan Justen <[email protected]> > Cc: Laszlo Ersek <[email protected]> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Gary Lin <[email protected]> > --- > OvmfPkg/README | 88 ++++++++++++++++++++ > 1 file changed, 88 insertions(+)
Reviewed-by: Laszlo Ersek <[email protected]> [[email protected]: trivial typo fixes; update-crypto-policies URL fix] Such as: > diff --git a/OvmfPkg/README b/OvmfPkg/README > index 60545ebccfad..7415419d2dd7 100644 > --- a/OvmfPkg/README > +++ b/OvmfPkg/README > @@ -287,7 +287,7 @@ and encrypted connection. > > Please note that the certificate has to be in the DER format. > > - You can also append a certificate to the existed list with the following > + You can also append a certificate to the existing list with the following > command: > > efisiglist -i <old certdb> -a <cert file> -o <new certdb> > @@ -334,13 +334,13 @@ and encrypted connection. > > * In the future (after release 2.12), QEMU should populate both above fw_cfg > files automatically from the local host configuration, and enable the user > - to override either with dedicated options or properties > + to override either with dedicated options or properties. > > (*1) See "31.4.1 Signature Database" in UEFI specification 2.7 errata A. > (*2) p11-kit: https://github.com/p11-glue/p11-kit/ > (*3) efisiglist: > https://github.com/rhboot/pesign/blob/master/src/efisiglist.c > (*4) > https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_names_correspondence_table > -(*5) update-crypto-policies: https://github.com/nmav/fedora-crypto-policies > +(*5) update-crypto-policies: > https://gitlab.com/redhat-crypto/fedora-crypto-policies > > === OVMF Flash Layout === > Commit d3180516f31b. Thank you! Laszlo _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
