As I said, I wouldn't like to review this patch in detail right now.
Just some light comments:
On 11/21/18 06:28, Fu Siyuan wrote:
> This patch updates the platform DSC/FDF files to use the include fragment
> files provided by NetworkPkg.
> The feature enabling flags in [Defines] section have been updated to use
> the NetworkPkg's terms, and the value has been overridden with the original
> default value on this platform.
>
> Cc: Jordan Justen <jordan.l.jus...@intel.com>
> Cc: Laszlo Ersek <ler...@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>
> Cc: Anthony Perard <anthony.per...@citrix.com>
> Cc: Julien Grall <julien.gr...@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Fu Siyuan <siyuan...@intel.com>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 52 ++++---------------
> OvmfPkg/OvmfPkgIa32.fdf | 25 +--------
> OvmfPkg/OvmfPkgIa32X64.dsc | 53 ++++----------------
> OvmfPkg/OvmfPkgIa32X64.fdf | 25 +--------
> OvmfPkg/OvmfPkgX64.dsc | 52 ++++---------------
> OvmfPkg/OvmfPkgX64.fdf | 25 +--------
> 6 files changed, 36 insertions(+), 196 deletions(-)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index eccf34d3d1cb..5d6ea3e67001 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -35,12 +35,21 @@ [Defines]
> # -D FLAG=VALUE
> #
> DEFINE SECURE_BOOT_ENABLE = FALSE
> - DEFINE NETWORK_IP6_ENABLE = FALSE
> - DEFINE HTTP_BOOT_ENABLE = FALSE
> DEFINE SMM_REQUIRE = FALSE
> DEFINE TLS_ENABLE = FALSE
> DEFINE TPM2_ENABLE = FALSE
>
> + DEFINE NETWORK_IP6_ENABLE = FALSE
> + #
> + # TLS_ENABLE flag is used to control platform specific configuration for
> TLS support.
> + # NETWORK_TLS_ENABLE should always be set to FALSE.
> + #
> + DEFINE NETWORK_TLS_ENABLE = FALSE
(1) Ah, OK, I understand, so basically the suggestion is that OVMF not
make use of NETWORK_TLS_ENABLE, but continue using its own TLS_ENABLE
solution.
Hmmm. I wonder if that's helpful at all. To me it seems to increase the
confusion rather than decrease it.
I guess it can work, but then we should rename TLS_ENABLE to something
better, such as "PLATFORM_TLS_ENABLE". And this comment should be more
detailed *why* we do that. (We do that because we configure the CA
certificates and the cipher suites with a null class lib instance hooked
into TlsAuthConfigDxe, which downloads the necessary data from QEMU via
fw_cfg.)
> + DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
> + DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
(2) This (i.e. NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE) is wrong. We set
PcdAllowHttpConnections to TRUE on purpose. See commit 4b2fb7986d57
("OvmfPkg: Allow HTTP connections if HTTP Boot enabled", 2017-01-23).
More after you post v2, I think.
Thanks!
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
