with a HTTPS server so the firmware can download the images through a trusted\r
and encrypted connection.\r
\r
-* To enable HTTPS Boot, you have to build OVMF with -D HTTP_BOOT_ENABLE and\r
- -D TLS_ENABLE. The former brings in the HTTP stack from NetworkPkg while\r
- the latter enables TLS support in both NetworkPkg and CryptoPkg.\r
+* To enable HTTPS Boot, you have to build OVMF with -D NETWORK_HTTP_BOOT_ENABLE\r
+ and -D NETWORK_TLS_ENABLE. The former brings in the HTTP stack from\r
+ NetworkPkg while the latter enables TLS support in both NetworkPkg and\r
+ CryptoPkg.\r
+\r
+ If you want to exclude the unsecured HTTP connection completely, OVMF has to\r
+ be built with -D NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE so that only the HTTPS\r
+ connections will be accepted.\r
\r
* By default, there is no trusted certificate. The user has to import the\r
certificates either manually with "Tls Auth Configuration" utility in the\r