]> git.proxmox.com Git - mirror_edk2.git/commit
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fb97626) | patch
OvmfPkg/README: HTTPS Boot: describe host-side TLS cipher suites forwarding
authorLaszlo Ersek <lersek@redhat.com>
Tue, 22 Sep 2020 09:18:27 +0000 (11:18 +0200)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Tue, 22 Sep 2020 16:27:58 +0000 (16:27 +0000)
commit3f3daf89308930e45f82ae67dd2a2d6e030bb091
tree99174cc3e6f0a016c8cbc961e1f3ced3cc53da35tree
parentfb97626fe04747ec89599dce0992def9a36e2f6bcommit | diff
OvmfPkg/README: HTTPS Boot: describe host-side TLS cipher suites forwarding

In QEMU commit range 4abf70a661a5..69699f3055a5 (later fixed up in QEMU
commit 4318432ccd3f), Phil implemented a QEMU facility for exposing the
host-side TLS cipher suite configuration to OVMF. The purpose is to
control the permitted ciphers in the guest's UEFI HTTPS boot. This
complements the forwarding of the host-side crypto policy from the host to
the guest -- the other facet was the set of CA certificates (for which
p11-kit patches had been upstreamed, on the host side).

Mention the new command line options in "OvmfPkg/README".

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Gary Lin <glin@suse.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2852
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gary Lin <glin@suse.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200922091827.12617-1-lersek@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
OvmfPkg/README diff | blob | blame | history
EFI Development Kit II mirror for PVE