[edk2] [staging/HTTPS-TLS][PATCH 1/2] Readme.MD: Clarify the feature support scope

Tue, 16 Aug 2016 00:20:18 -0700 

Cc: Palmer Thomas <thomas.pal...@hpe.com>
Cc: Long Qin <qin.l...@intel.com>
Cc: Ye Ting <ting...@intel.com>
Cc: Fu Siyuan <siyuan...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin...@intel.com>
---
 Readme.MD | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Readme.MD b/Readme.MD
index 2411042..389935e 100644
--- a/Readme.MD
+++ b/Readme.MD
@@ -31,11 +31,17 @@ CryptoPkg/Library/TlsLib/TlsLib.inf
 NetworkPkg/TlsDxe/TlsDxe.inf
 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
 ```
 
 #### HTTPS Authentication
-Currently, HTTPS boot feature only support server authentication with an 
unauthenticated client mode [RFC5246](https://tools.ietf.org/html/rfc5246). To 
support this mode, server CA certificate is required by Client. Private 
variable is used to configure this CA certificate. **EFI_SIGNATURE_LIST** 
format is used for this variable. In sum, the Server CA certificate must be 
configured first to enable HTTPS boot feature. The variable name and GUID are 
defined as below.
+TLS supports three authentication modes 
([RFC5246](https://tools.ietf.org/html/rfc5246)):
+```
+1. Total anonymity: the server and client won???t authenticate each other.
+2. One-way authentication: server authentication with an unauthenticated 
client.
+3. Two-way authentication: authentication of both parties.
+```
+Currently, HTTPS boot feature only support server authentication with an 
unauthenticated client mode. Others are not in our current feature support 
scope. To support one-way authentication mode, server CA certificate is 
required by Client. Private variable is used to configure this CA certificate. 
**EFI_SIGNATURE_LIST** format is used for this variable. In sum, the Server CA 
certificate must be configured first to enable HTTPS boot feature. The variable 
name and GUID are defined as below.
 ```
 #define EFI_TLS_CA_CERTIFICATE_GUID \
   { \
     0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 
0xae } \
   }
-- 
1.9.5.msysgit.1


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to