One consideration before should be build performance, to use the flag to turn 
on / off those modules, since openssl build need quite a long times.


Best Regards & Thanks,
LONG, Qin


From: Ni, Ruiyu
Sent: Friday, February 26, 2016 11:17 AM
To: Wu, Jiaxin; Long, Qin; El-Haj-Mahmoud, Samer; Ye, Ting; 
edk2-devel@lists.01.org
Cc: Fu, Siyuan
Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot 
feature.

yes. That's ideal.

Regards,
Ray

From: Wu, Jiaxin
Sent: Friday, February 26, 2016 11:09 AM
To: Ni, Ruiyu <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Long, Qin 
<qin.l...@intel.com<mailto:qin.l...@intel.com>>; El-Haj-Mahmoud, Samer 
<samer.el-haj-mahm...@hpe.com<mailto:samer.el-haj-mahm...@hpe.com>>; Ye, Ting 
<ting...@intel.com<mailto:ting...@intel.com>>; 
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Cc: Fu, Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>>
Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot 
feature.

Actually, I don't understand why we put the OpensslLib and BaseCryptLib modules 
under 'SECURE_BOOT_ENABLE'. We can enable it always. Because not only the 
SECURE_BOOT feature require these module, but also IscsiDxe and IpSecDxe 
modules also consume them.

How about we update CryptoPkg library (OpensslLib,  BaseCryptLib, OpensslTlsLib 
and TlsLib) independented  from 'SECURE_BOOT_ENABLE' flag? If so, no other 
flags required.

Thanks
jiaxin

From: Ni, Ruiyu
Sent: Friday, February 26, 2016 10:21 AM
To: Long, Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>>; Wu, Jiaxin 
<jiaxin...@intel.com<mailto:jiaxin...@intel.com>>; El-Haj-Mahmoud, Samer 
<samer.el-haj-mahm...@hpe.com<mailto:samer.el-haj-mahm...@hpe.com>>; Ye, Ting 
<ting...@intel.com<mailto:ting...@intel.com>>; 
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Cc: Fu, Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>>
Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot 
feature.


1.       Why do we need to conditionally include HTTPS_BOOT_ENABLE? Can we 
enable it by default?
Any negative impact?


2.       And also we needn't to conditionally include these library instances. 
We could include them always.
Conditionally include module only and when the module is included, the depended 
library will
be built automatically.

Regards,
Ray

From: Long, Qin
Sent: Friday, February 26, 2016 10:13 AM
To: Wu, Jiaxin <jiaxin...@intel.com<mailto:jiaxin...@intel.com>>; 
El-Haj-Mahmoud, Samer 
<samer.el-haj-mahm...@hpe.com<mailto:samer.el-haj-mahm...@hpe.com>>; Ye, Ting 
<ting...@intel.com<mailto:ting...@intel.com>>; 
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Cc: Ni, Ruiyu <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Fu, Siyuan 
<siyuan...@intel.com<mailto:siyuan...@intel.com>>
Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot 
feature.

Yeah, we know this build dependency.
But I think Ting & Samer's comments are reasonable. These are two different 
features without dependency.  Using "SECURE_BOOT_ENABLE" looks confusing.

I prefer to choose another flag for this, such as HTTPS_BOOT_ENABLE. And the 
INF could be tolerant to produce the correct makefile even if we enabled both 
two flags.


Best Regards & Thanks,
LONG, Qin

> -----Original Message-----
> From: Wu, Jiaxin
> Sent: Friday, February 26, 2016 9:59 AM
> To: El-Haj-Mahmoud, Samer; Ye, Ting; 
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> Cc: Ni, Ruiyu; Fu, Siyuan; Long, Qin
> Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot
> feature.
>
> First, I prefer to keep the OpensslTlsLib and TlsLib modules under
> SECURE_BOOT_ENABLE feature. Because these two modules are depended
> on OpensslLib module, which is related to SECURE_BOOT_ENABLE flag. If no
> this dependency,  OpensslTlsLib and TlsLib modules can't work normally.
>
>   !if $(SECURE_BOOT_ENABLE) == TRUE
>            OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
>            BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
>                       
> OpensslTlsLib|CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf
>                       TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
>
> Also, in my logic point of view, TlsDxe consumes OpenSLL library including
> BaseCryptLib, new wrapped TlsLib and OpensslTlsLib module. All of those
> module are related to SECURE_BOOT_ENABLE flag. If we keep the
> independence for TlsDxe, some unexpected error maybe happened.
>
> Qin, how about your opinion?
>
> Thanks.
> Jiaxin
>
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> > El- Haj-Mahmoud, Samer
> > Sent: Friday, February 26, 2016 9:19 AM
> > To: Ye, Ting <ting...@intel.com<mailto:ting...@intel.com>>; Wu, Jiaxin 
> > <jiaxin...@intel.com<mailto:jiaxin...@intel.com>>;
> > edk2- de...@lists.01.org<mailto:de...@lists.01.org>
> > Cc: Ni, Ruiyu <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Fu, Siyuan 
> > <siyuan...@intel.com<mailto:siyuan...@intel.com>>;
> > Long, Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>>
> > Subject: Re: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS
> > boot feature.
> >
> > I agree that HTTPs control should be independent from SecurBootEnable
> >
> >
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> > Ye, Ting
> > Sent: Thursday, February 25, 2016 7:11 PM
> > To: Wu, Jiaxin <jiaxin...@intel.com<mailto:jiaxin...@intel.com>>; 
> > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> > Cc: Ni, Ruiyu <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Fu, Siyuan 
> > <siyuan...@intel.com<mailto:siyuan...@intel.com>>;
> > Long, Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>>
> > Subject: Re: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS
> > boot feature.
> >
> > I don't recommend to control The TLS and libraries for HTTPS boot
> > features by SECURE_BOOT_ENABLE flag, since it is a totally different
> > feature. Ray, what do you think?
> >
> > Best Regards,
> > Ye Ting
> >
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> > Jiaxin Wu
> > Sent: Wednesday, February 24, 2016 4:15 PM
> > To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> > Cc: Ye, Ting <ting...@intel.com<mailto:ting...@intel.com>>; Ni, Ruiyu 
> > <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Fu,
> > Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>>; Long, Qin 
> > <qin.l...@intel.com<mailto:qin.l...@intel.com>>
> > Subject: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS
> > boot feature.
> >
> > Cc: Ye Ting <ting...@intel.com<mailto:ting...@intel.com>>
> > Cc: Fu Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>>
> > Cc: Long Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>>
> > Cc: Ruiyu Ni <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Jiaxin Wu <jiaxin...@intel.com<mailto:jiaxin...@intel.com>>
> > ---
> >  Nt32Pkg/Nt32Pkg.dsc | 8 +++++++-
> >  Nt32Pkg/Nt32Pkg.fdf | 7 ++++++-
> >  2 files changed, 13 insertions(+), 2 deletions(-)
> >
> > diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index
> > 87a08c0..da62b3a 100644
> > --- a/Nt32Pkg/Nt32Pkg.dsc
> > +++ b/Nt32Pkg/Nt32Pkg.dsc
> > @@ -2,11 +2,11 @@
> >  # EFI/Framework Emulation Platform with UEFI HII interface supported.
> >  #
> >  # The Emulation Platform can be used to debug individual modules,
> > prior to creating
> >  #    a real platform. This also provides an example for how an DSC is 
> > created.
> >  #
> > -# Copyright (c) 2006 - 2015, Intel Corporation. All rights
> > reserved.<BR>
> > +# Copyright (c) 2006 - 2016, Intel Corporation. All rights
> > +reserved.<BR>
> >  # Copyright (c) 2015, Hewlett-Packard Development Company, L.P.<BR>
> > #
> > (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>  #
> >  #    This program and the accompanying materials
> >  #    are licensed and made available under the terms and conditions of the
> > BSD License
> > @@ -137,10 +137,11 @@
> >
> >  !if $(SECURE_BOOT_ENABLE) == TRUE
> >
> > PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.
> > PlatformSecureLib|in
> > f
> >    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> >    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > +  OpensslTlsLib|CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf
> >
> >
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTp
> > mMeasurementLib.inf
> >
> > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.in
> > f
> >  !else
> >
> >
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tp
> > mMeasurementLibNull.inf
> >
> >
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL
> > ibNull.inf
> > @@ -193,10 +194,11 @@
> >
> >
> PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt
> > 32PeCoffExtraActionLib.inf
> >
> >
> ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeE
> > xtractGuidedSectionLib.inf
> >    WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
> >  !if $(SECURE_BOOT_ENABLE) == TRUE
> >    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > +  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
> >  !endif
> >
> >  [LibraryClasses.common.DXE_CORE]
> >    HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
> >
> >
> MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLi
> > b/DxeCoreMemoryAllocationLib.inf
> > @@ -444,10 +446,14 @@
> >    NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> >    NetworkPkg/DnsDxe/DnsDxe.inf
> >    NetworkPkg/HttpDxe/HttpDxe.inf
> >    NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> >
> > +!if $(SECURE_BOOT_ENABLE) == TRUE
> > +  NetworkPkg/TlsDxe/TlsDxe.inf
> > +!endif
> > +
> >    MdeModulePkg/Universal/BdsDxe/BdsDxe.inf {
> >      <LibraryClasses>
> >
> >
> NULL|MdeModulePkg/Library/BmpImageDecoderLib/BmpImageDecoderLib
> > .inf
> >    }
> >    MdeModulePkg/Application/UiApp/UiApp.inf{
> > diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf index
> > a10c12f..0c21ba6 100644
> > --- a/Nt32Pkg/Nt32Pkg.fdf
> > +++ b/Nt32Pkg/Nt32Pkg.fdf
> > @@ -1,9 +1,9 @@
> >  ## @file
> >  # This is NT32 FDF file with UEFI HII features enabled  # -#
> > Copyright (c) 2007
> > - 2015, Intel Corporation. All rights reserved.<BR>
> > +# Copyright (c) 2007 - 2016, Intel Corporation. All rights
> > +reserved.<BR>
> >  # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>  #
> >  #    This program and the accompanying materials
> >  #    are licensed and made available under the terms and conditions of the
> > BSD License
> >  #    which accompanies this distribution. The full text of the license may 
> > be
> > found at
> > @@ -260,10 +260,15 @@ INF
> > MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
> >  INF  MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
> >  INF  NetworkPkg/HttpBootDxe/HttpBootDxe.inf
> >  INF  NetworkPkg/DnsDxe/DnsDxe.inf
> >  INF  NetworkPkg/HttpDxe/HttpDxe.inf
> >  INF  NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
> > +
> > +!if $(SECURE_BOOT_ENABLE) == TRUE
> > +INF  NetworkPkg/TlsDxe/TlsDxe.inf
> > +!endif
> > +
> >
> >
> ##########################################################
> > ######################
> >  #
> >  # FILE statements are provided so that a platform integrator can
> > include  # complete EFI FFS files, as well as a method for
> > constructing FFS files  # using curly "{}" brace scoping. The
> > following three FILEs are
> > --
> > 1.9.5.msysgit.1
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> > https://lists.01.org/mailman/listinfo/edk2-devel
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> > https://lists.01.org/mailman/listinfo/edk2-devel
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> > https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to