On 12/18/14 11:38, Gary Ching-Pang Lin wrote: > On Thu, Dec 18, 2014 at 11:20:49AM +0100, Laszlo Ersek wrote: >> On 12/18/14 10:38, Gary Ching-Pang Lin wrote: >> >>> NetworkPkg/IScsiDxe is a bit different. It requires BaseCryptLib while >>> the one in MdeModulePkg doesn't need the library, so a few more changes >>> are needed. >> >> Interesting. The BaseCryptLib class is resolved in the OVMF DSC files: >> >> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf >> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf >> >> but only for $(SECURE_BOOT_ENABLE) == TRUE. >> >> So perhaps you'll have to further distinguish the NetworkPkg/IScsiDxe >> inclusion -- even for IPv6, go with the MdeModulePkg one, unless secure >> boot is also enabled. >> >> One user of BaseCryptLib is IScsiCHAP.c in NetworkPkg/IScsiDxe... This >> module probably supports more authentication mechanisms than the one in >> MdeModulePkg, and might require OpenSSL (via BaseCryptLib) for encryption. >> >> So, we could decide if we want to enable (require) OpenSSL >> (BaseCryptLib) in OVMF just for enabling NetworkPkg/IScsiDxe. I think >> probably not. My suggestion is to tie NetworkPkg/IScsiDxe to >> (NETWORK_IP6_ENABLE && SECURE_BOOT_ENABLE), even though the crypto >> client code in NetworkPkg/IScsiDxe is probably not related to secure boot. >> >> It's just that NetworkPkg/IScsiDxe alone doesn't warrant a standalone >> dependency on OpenSSL in my opinion, for OVMF. Secure Boot support >> certainly does, and if that's already being requested, then >> NetworkPkg/IScsiDxe can utilize it too (if NETWORK_IP6_ENABLE). >> > I agree. But what if someone just wants to enable Secure Boot? > If we use (NETWORK_IP6_ENABLE && SECURE_BOOT_ENABLE), it actually makes > IPv6 a requirement for Secure Boot and looks weird.
No, that's not what I meant. I meant something like this: --------------------------------- diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 6c38081..50581ae 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -521,10 +521,24 @@ MdeModulePkg/Universal/Network/Ip4ConfigDxe/Ip4ConfigDxe.inf MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf - MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf +!if $(NETWORK_IP6_ENABLE) == TRUE + NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf + NetworkPkg/Ip6Dxe/Ip6Dxe.inf + NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf + NetworkPkg/TcpDxe/TcpDxe.inf + NetworkPkg/Udp6Dxe/Udp6Dxe.inf + NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf +!if $(SECURE_BOOT_ENABLE) == TRUE + NetworkPkg/IScsiDxe/IScsiDxe.inf +!else + MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf +!endif +!else + MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf +!endif OvmfPkg/VirtioNetDxe/VirtioNet.inf # --------------------------------- Thanks, Laszlo ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
