On Thu, Dec 18, 2014 at 11:20:49AM +0100, Laszlo Ersek wrote: > On 12/18/14 10:38, Gary Ching-Pang Lin wrote: > > > NetworkPkg/IScsiDxe is a bit different. It requires BaseCryptLib while > > the one in MdeModulePkg doesn't need the library, so a few more changes > > are needed. > > Interesting. The BaseCryptLib class is resolved in the OVMF DSC files: > > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > but only for $(SECURE_BOOT_ENABLE) == TRUE. > > So perhaps you'll have to further distinguish the NetworkPkg/IScsiDxe > inclusion -- even for IPv6, go with the MdeModulePkg one, unless secure > boot is also enabled. > > One user of BaseCryptLib is IScsiCHAP.c in NetworkPkg/IScsiDxe... This > module probably supports more authentication mechanisms than the one in > MdeModulePkg, and might require OpenSSL (via BaseCryptLib) for encryption. > > So, we could decide if we want to enable (require) OpenSSL > (BaseCryptLib) in OVMF just for enabling NetworkPkg/IScsiDxe. I think > probably not. My suggestion is to tie NetworkPkg/IScsiDxe to > (NETWORK_IP6_ENABLE && SECURE_BOOT_ENABLE), even though the crypto > client code in NetworkPkg/IScsiDxe is probably not related to secure boot. > > It's just that NetworkPkg/IScsiDxe alone doesn't warrant a standalone > dependency on OpenSSL in my opinion, for OVMF. Secure Boot support > certainly does, and if that's already being requested, then > NetworkPkg/IScsiDxe can utilize it too (if NETWORK_IP6_ENABLE). > I agree. But what if someone just wants to enable Secure Boot? If we use (NETWORK_IP6_ENABLE && SECURE_BOOT_ENABLE), it actually makes IPv6 a requirement for Secure Boot and looks weird.
Maybe we could add a new flag, says ISCSI_IP6_ENABLE, to isolate IScsiDxe from the other IPv6 drivers? Thanks, Gary Lin ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
