On 06/10/19 08:55, Gary Lin wrote: > The following network build flags changed due to the inclusion of > NetworkPkg/Network.fdf.inc. > > HTTP_BOOT_ENABLE -> NETWORK_HTTP_BOOT_ENABLE > TLS_ENABLE -> NETWORK_TLS_ENABLE > > This commit also adds NETWORK_ALLOW_HTTP_CONNECTIONS to reflect the > change in OvmfPkg/OvmfPkg*.dsc. > > Cc: Jordan Justen <jordan.l.jus...@intel.com> > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1884 > Signed-off-by: Gary Lin <g...@suse.com> > --- > OvmfPkg/README | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/OvmfPkg/README b/OvmfPkg/README > index c014d07bfbdb..3dd28474ead4 100644 > --- a/OvmfPkg/README > +++ b/OvmfPkg/README > @@ -260,9 +260,14 @@ HTTPS Boot is an alternative solution to PXE. It > replaces the tftp server > with a HTTPS server so the firmware can download the images through a trusted > and encrypted connection. > > -* To enable HTTPS Boot, you have to build OVMF with -D HTTP_BOOT_ENABLE and > - -D TLS_ENABLE. The former brings in the HTTP stack from NetworkPkg while > - the latter enables TLS support in both NetworkPkg and CryptoPkg. > +* To enable HTTPS Boot, you have to build OVMF with -D > NETWORK_HTTP_BOOT_ENABLE > + and -D NETWORK_TLS_ENABLE. The former brings in the HTTP stack from > + NetworkPkg while the latter enables TLS support in both NetworkPkg and > + CryptoPkg. > + > + If you want to exclude the unsecured HTTP connection completely, OVMF has > to > + be built with -D NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE so that only the > HTTPS > + connections will be accepted. > > * By default, there is no trusted certificate. The user has to import the > certificates either manually with "Tls Auth Configuration" utility in the >
Reviewed-by: Laszlo Ersek <ler...@redhat.com> Pushed as commit 1631bb26ae99. Thank you! Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42206): https://edk2.groups.io/g/devel/message/42206 Mute This Topic: https://groups.io/mt/32001627/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-