The following network build flags changed due to the inclusion of
NetworkPkg/Network.fdf.inc.
HTTP_BOOT_ENABLE -> NETWORK_HTTP_BOOT_ENABLE
TLS_ENABLE -> NETWORK_TLS_ENABLE
This commit also adds NETWORK_ALLOW_HTTP_CONNECTIONS to reflect the
change in OvmfPkg/OvmfPkg*.dsc.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1884
Signed-off-by: Gary Lin <glin@suse.com>
Message-Id: <
20190610065509.19573-1-glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
with a HTTPS server so the firmware can download the images through a trusted\r
and encrypted connection.\r
\r
with a HTTPS server so the firmware can download the images through a trusted\r
and encrypted connection.\r
\r
-* To enable HTTPS Boot, you have to build OVMF with -D HTTP_BOOT_ENABLE and\r
- -D TLS_ENABLE. The former brings in the HTTP stack from NetworkPkg while\r
- the latter enables TLS support in both NetworkPkg and CryptoPkg.\r
+* To enable HTTPS Boot, you have to build OVMF with -D NETWORK_HTTP_BOOT_ENABLE\r
+ and -D NETWORK_TLS_ENABLE. The former brings in the HTTP stack from\r
+ NetworkPkg while the latter enables TLS support in both NetworkPkg and\r
+ CryptoPkg.\r
+\r
+ If you want to exclude the unsecured HTTP connection completely, OVMF has to\r
+ be built with -D NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE so that only the HTTPS\r
+ connections will be accepted.\r
\r
* By default, there is no trusted certificate. The user has to import the\r
certificates either manually with "Tls Auth Configuration" utility in the\r
\r
* By default, there is no trusted certificate. The user has to import the\r
certificates either manually with "Tls Auth Configuration" utility in the\r