One consideration before should be build performance, to use the flag to turn on / off those modules, since openssl build need quite a long times.
Best Regards & Thanks, LONG, Qin From: Ni, Ruiyu Sent: Friday, February 26, 2016 11:17 AM To: Wu, Jiaxin; Long, Qin; El-Haj-Mahmoud, Samer; Ye, Ting; edk2-devel@lists.01.org Cc: Fu, Siyuan Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot feature. yes. That's ideal. Regards, Ray From: Wu, Jiaxin Sent: Friday, February 26, 2016 11:09 AM To: Ni, Ruiyu <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Long, Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>>; El-Haj-Mahmoud, Samer <samer.el-haj-mahm...@hpe.com<mailto:samer.el-haj-mahm...@hpe.com>>; Ye, Ting <ting...@intel.com<mailto:ting...@intel.com>>; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Cc: Fu, Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>> Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot feature. Actually, I don't understand why we put the OpensslLib and BaseCryptLib modules under 'SECURE_BOOT_ENABLE'. We can enable it always. Because not only the SECURE_BOOT feature require these module, but also IscsiDxe and IpSecDxe modules also consume them. How about we update CryptoPkg library (OpensslLib, BaseCryptLib, OpensslTlsLib and TlsLib) independented from 'SECURE_BOOT_ENABLE' flag? If so, no other flags required. Thanks jiaxin From: Ni, Ruiyu Sent: Friday, February 26, 2016 10:21 AM To: Long, Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>>; Wu, Jiaxin <jiaxin...@intel.com<mailto:jiaxin...@intel.com>>; El-Haj-Mahmoud, Samer <samer.el-haj-mahm...@hpe.com<mailto:samer.el-haj-mahm...@hpe.com>>; Ye, Ting <ting...@intel.com<mailto:ting...@intel.com>>; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Cc: Fu, Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>> Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot feature. 1. Why do we need to conditionally include HTTPS_BOOT_ENABLE? Can we enable it by default? Any negative impact? 2. And also we needn't to conditionally include these library instances. We could include them always. Conditionally include module only and when the module is included, the depended library will be built automatically. Regards, Ray From: Long, Qin Sent: Friday, February 26, 2016 10:13 AM To: Wu, Jiaxin <jiaxin...@intel.com<mailto:jiaxin...@intel.com>>; El-Haj-Mahmoud, Samer <samer.el-haj-mahm...@hpe.com<mailto:samer.el-haj-mahm...@hpe.com>>; Ye, Ting <ting...@intel.com<mailto:ting...@intel.com>>; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Cc: Ni, Ruiyu <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Fu, Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>> Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot feature. Yeah, we know this build dependency. But I think Ting & Samer's comments are reasonable. These are two different features without dependency. Using "SECURE_BOOT_ENABLE" looks confusing. I prefer to choose another flag for this, such as HTTPS_BOOT_ENABLE. And the INF could be tolerant to produce the correct makefile even if we enabled both two flags. Best Regards & Thanks, LONG, Qin > -----Original Message----- > From: Wu, Jiaxin > Sent: Friday, February 26, 2016 9:59 AM > To: El-Haj-Mahmoud, Samer; Ye, Ting; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Cc: Ni, Ruiyu; Fu, Siyuan; Long, Qin > Subject: RE: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS boot > feature. > > First, I prefer to keep the OpensslTlsLib and TlsLib modules under > SECURE_BOOT_ENABLE feature. Because these two modules are depended > on OpensslLib module, which is related to SECURE_BOOT_ENABLE flag. If no > this dependency, OpensslTlsLib and TlsLib modules can't work normally. > > !if $(SECURE_BOOT_ENABLE) == TRUE > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > OpensslTlsLib|CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf > TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > Also, in my logic point of view, TlsDxe consumes OpenSLL library including > BaseCryptLib, new wrapped TlsLib and OpensslTlsLib module. All of those > module are related to SECURE_BOOT_ENABLE flag. If we keep the > independence for TlsDxe, some unexpected error maybe happened. > > Qin, how about your opinion? > > Thanks. > Jiaxin > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > El- Haj-Mahmoud, Samer > > Sent: Friday, February 26, 2016 9:19 AM > > To: Ye, Ting <ting...@intel.com<mailto:ting...@intel.com>>; Wu, Jiaxin > > <jiaxin...@intel.com<mailto:jiaxin...@intel.com>>; > > edk2- de...@lists.01.org<mailto:de...@lists.01.org> > > Cc: Ni, Ruiyu <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Fu, Siyuan > > <siyuan...@intel.com<mailto:siyuan...@intel.com>>; > > Long, Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>> > > Subject: Re: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS > > boot feature. > > > > I agree that HTTPs control should be independent from SecurBootEnable > > > > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > Ye, Ting > > Sent: Thursday, February 25, 2016 7:11 PM > > To: Wu, Jiaxin <jiaxin...@intel.com<mailto:jiaxin...@intel.com>>; > > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > > Cc: Ni, Ruiyu <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Fu, Siyuan > > <siyuan...@intel.com<mailto:siyuan...@intel.com>>; > > Long, Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>> > > Subject: Re: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS > > boot feature. > > > > I don't recommend to control The TLS and libraries for HTTPS boot > > features by SECURE_BOOT_ENABLE flag, since it is a totally different > > feature. Ray, what do you think? > > > > Best Regards, > > Ye Ting > > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > Jiaxin Wu > > Sent: Wednesday, February 24, 2016 4:15 PM > > To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > > Cc: Ye, Ting <ting...@intel.com<mailto:ting...@intel.com>>; Ni, Ruiyu > > <ruiyu...@intel.com<mailto:ruiyu...@intel.com>>; Fu, > > Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>>; Long, Qin > > <qin.l...@intel.com<mailto:qin.l...@intel.com>> > > Subject: [edk2] [Patch 6/6] Nt32Pkg: Enable Nt32Pkg platform HTTPS > > boot feature. > > > > Cc: Ye Ting <ting...@intel.com<mailto:ting...@intel.com>> > > Cc: Fu Siyuan <siyuan...@intel.com<mailto:siyuan...@intel.com>> > > Cc: Long Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>> > > Cc: Ruiyu Ni <ruiyu...@intel.com<mailto:ruiyu...@intel.com>> > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Jiaxin Wu <jiaxin...@intel.com<mailto:jiaxin...@intel.com>> > > --- > > Nt32Pkg/Nt32Pkg.dsc | 8 +++++++- > > Nt32Pkg/Nt32Pkg.fdf | 7 ++++++- > > 2 files changed, 13 insertions(+), 2 deletions(-) > > > > diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index > > 87a08c0..da62b3a 100644 > > --- a/Nt32Pkg/Nt32Pkg.dsc > > +++ b/Nt32Pkg/Nt32Pkg.dsc > > @@ -2,11 +2,11 @@ > > # EFI/Framework Emulation Platform with UEFI HII interface supported. > > # > > # The Emulation Platform can be used to debug individual modules, > > prior to creating > > # a real platform. This also provides an example for how an DSC is > > created. > > # > > -# Copyright (c) 2006 - 2015, Intel Corporation. All rights > > reserved.<BR> > > +# Copyright (c) 2006 - 2016, Intel Corporation. All rights > > +reserved.<BR> > > # Copyright (c) 2015, Hewlett-Packard Development Company, L.P.<BR> > > # > > (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> # > > # This program and the accompanying materials > > # are licensed and made available under the terms and conditions of the > > BSD License > > @@ -137,10 +137,11 @@ > > > > !if $(SECURE_BOOT_ENABLE) == TRUE > > > > PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib. > > PlatformSecureLib|in > > f > > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > > + OpensslTlsLib|CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf > > > > > TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTp > > mMeasurementLib.inf > > > > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.in > > f > > !else > > > > > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tp > > mMeasurementLibNull.inf > > > > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableL > > ibNull.inf > > @@ -193,10 +194,11 @@ > > > > > PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt > > 32PeCoffExtraActionLib.inf > > > > > ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeE > > xtractGuidedSectionLib.inf > > WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf > > !if $(SECURE_BOOT_ENABLE) == TRUE > > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > > !endif > > > > [LibraryClasses.common.DXE_CORE] > > HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf > > > > > MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLi > > b/DxeCoreMemoryAllocationLib.inf > > @@ -444,10 +446,14 @@ > > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > NetworkPkg/DnsDxe/DnsDxe.inf > > NetworkPkg/HttpDxe/HttpDxe.inf > > NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > > > +!if $(SECURE_BOOT_ENABLE) == TRUE > > + NetworkPkg/TlsDxe/TlsDxe.inf > > +!endif > > + > > MdeModulePkg/Universal/BdsDxe/BdsDxe.inf { > > <LibraryClasses> > > > > > NULL|MdeModulePkg/Library/BmpImageDecoderLib/BmpImageDecoderLib > > .inf > > } > > MdeModulePkg/Application/UiApp/UiApp.inf{ > > diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf index > > a10c12f..0c21ba6 100644 > > --- a/Nt32Pkg/Nt32Pkg.fdf > > +++ b/Nt32Pkg/Nt32Pkg.fdf > > @@ -1,9 +1,9 @@ > > ## @file > > # This is NT32 FDF file with UEFI HII features enabled # -# > > Copyright (c) 2007 > > - 2015, Intel Corporation. All rights reserved.<BR> > > +# Copyright (c) 2007 - 2016, Intel Corporation. All rights > > +reserved.<BR> > > # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> # > > # This program and the accompanying materials > > # are licensed and made available under the terms and conditions of the > > BSD License > > # which accompanies this distribution. The full text of the license may > > be > > found at > > @@ -260,10 +260,15 @@ INF > > MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf > > INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf > > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > > INF NetworkPkg/DnsDxe/DnsDxe.inf > > INF NetworkPkg/HttpDxe/HttpDxe.inf > > INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf > > + > > +!if $(SECURE_BOOT_ENABLE) == TRUE > > +INF NetworkPkg/TlsDxe/TlsDxe.inf > > +!endif > > + > > > > > ########################################################## > > ###################### > > # > > # FILE statements are provided so that a platform integrator can > > include # complete EFI FFS files, as well as a method for > > constructing FFS files # using curly "{}" brace scoping. The > > following three FILEs are > > -- > > 1.9.5.msysgit.1 > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > > https://lists.01.org/mailman/listinfo/edk2-devel > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > > https://lists.01.org/mailman/listinfo/edk2-devel > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel