Re: [edk2-devel] [PATCH 1/1] OvmfPkg/README: Update the network build flags

Tue, 11 Jun 2019 08:12:26 -0700 

On 06/10/19 08:55, Gary Lin wrote:
> The following network build flags changed due to the inclusion of
> NetworkPkg/Network.fdf.inc.
> 
>   HTTP_BOOT_ENABLE -> NETWORK_HTTP_BOOT_ENABLE
>   TLS_ENABLE -> NETWORK_TLS_ENABLE
> 
> This commit also adds NETWORK_ALLOW_HTTP_CONNECTIONS to reflect the
> change in OvmfPkg/OvmfPkg*.dsc.
> 
> Cc: Jordan Justen <jordan.l.jus...@intel.com>
> Cc: Laszlo Ersek <ler...@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1884
> Signed-off-by: Gary Lin <g...@suse.com>
> ---
>  OvmfPkg/README | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/OvmfPkg/README b/OvmfPkg/README
> index c014d07bfbdb..3dd28474ead4 100644
> --- a/OvmfPkg/README
> +++ b/OvmfPkg/README
> @@ -260,9 +260,14 @@ HTTPS Boot is an alternative solution to PXE. It 
> replaces the tftp server
>  with a HTTPS server so the firmware can download the images through a trusted
>  and encrypted connection.
>  
> -* To enable HTTPS Boot, you have to build OVMF with -D HTTP_BOOT_ENABLE and
> -  -D TLS_ENABLE. The former brings in the HTTP stack from NetworkPkg while
> -  the latter enables TLS support in both NetworkPkg and CryptoPkg.
> +* To enable HTTPS Boot, you have to build OVMF with -D 
> NETWORK_HTTP_BOOT_ENABLE
> +  and -D NETWORK_TLS_ENABLE. The former brings in the HTTP stack from
> +  NetworkPkg while the latter enables TLS support in both NetworkPkg and
> +  CryptoPkg.
> +
> +  If you want to exclude the unsecured HTTP connection completely, OVMF has 
> to
> +  be built with -D NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE so that only the 
> HTTPS
> +  connections will be accepted.
>  
>  * By default, there is no trusted certificate. The user has to import the
>    certificates either manually with "Tls Auth Configuration" utility in the
> 

Reviewed-by: Laszlo Ersek <ler...@redhat.com>

Pushed as commit 1631bb26ae99.

Thank you!
Laszlo

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42206): https://edk2.groups.io/g/devel/message/42206
Mute This Topic: https://groups.io/mt/32001627/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to