Cc: Ye Ting <ting...@intel.com> Cc: Fu Siyuan <siyuan...@intel.com> Cc: Long Qin <qin.l...@intel.com> Cc: El-Haj-Mahmoud Samer <samer.el-haj-mahm...@hpe.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin...@intel.com> --- Readme.MD | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/Readme.MD b/Readme.MD index 573593e..64c696d 100644 --- a/Readme.MD +++ b/Readme.MD @@ -28,10 +28,11 @@ NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf CryptoPkg/Library/OpensslLib/OpensslLib.inf CryptoPkg/Library/OpensslLib/OpensslTlsLib.inf CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf CryptoPkg/Library/TlsLib/TlsLib.inf NetworkPkg/TlsDxe/TlsDxe.inf +NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf ``` #### HTTPS Authentication Currently, HTTPS boot feature only support server authentication with an unauthenticated client mode [RFC5246](https://tools.ietf.org/html/rfc5246). To support this mode, server CA certificate is required by Client. Private variable is used to configure this CA certificate. **EFI_SIGNATURE_LIST** format is used for this variable. In sum, the Server CA certificate must be configured first to enable HTTPS boot feature. The variable name and GUID are defined as below. ``` @@ -40,5 +41,6 @@ Currently, HTTPS boot feature only support server authentication with an unauthe 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \ } #define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" ``` +**TlsAuthConfigDxe** is a temporary driver to provide an UI to support the required certificate configuration. -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
