Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
ArmVirtXen is not modified because it doesn't include the edk2 network
stack.
(This change is now simpler than it would have been when TianoCore#1009
was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
fragments meanwhile, from TianoCore#1293 / commit
157a3b1aa50f.)
The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Guillaume GARDET <guillaume.gardet@arm.com>
Cc: Julien Grall <julien.grall@arm.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Guillaume Gardet <guillaume.gardet@arm.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
\r
# Networking Requirements\r
!include NetworkPkg/NetworkLibs.dsc.inc\r
+!if $(NETWORK_TLS_ENABLE) == TRUE\r
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf\r
+!endif\r
\r
\r
#\r
# CryptoPkg libraries needed by multiple firmware features\r
#\r
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf\r
+!if $(NETWORK_TLS_ENABLE) == TRUE\r
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
+!else\r
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf\r
+!endif\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
\r
#\r
!error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"\r
!endif\r
\r
-!if $(NETWORK_TLS_ENABLE) == TRUE\r
- !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"\r
-!endif\r
-\r
!include NetworkPkg/NetworkDefines.dsc.inc\r
\r
!include ArmVirtPkg/ArmVirt.dsc.inc\r
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000\r
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000\r
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800\r
+!if $(NETWORK_TLS_ENABLE) == TRUE\r
+ #\r
+ # The cumulative and individual VOLATILE variable size limits should be set\r
+ # high enough for accommodating several and/or large CA certificates.\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000\r
+!endif\r
\r
# Size of the region used by UEFI in permanent memory (Reserved 64MB)\r
gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000\r
# Networking stack\r
#\r
!include NetworkPkg/NetworkComponents.dsc.inc\r
+!if $(NETWORK_TLS_ENABLE) == TRUE\r
+ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {\r
+ <LibraryClasses>\r
+ NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf\r
+ }\r
+!endif\r
\r
#\r
# SCSI Bus and Disk Driver\r
!error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"\r
!endif\r
\r
-!if $(NETWORK_TLS_ENABLE) == TRUE\r
- !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"\r
-!endif\r
-\r
!include NetworkPkg/NetworkDefines.dsc.inc\r
\r
!include ArmVirtPkg/ArmVirt.dsc.inc\r
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000\r
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000\r
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800\r
+!if $(NETWORK_TLS_ENABLE) == TRUE\r
+ #\r
+ # The cumulative and individual VOLATILE variable size limits should be set\r
+ # high enough for accommodating several and/or large CA certificates.\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000\r
+!endif\r
\r
# Size of the region used by UEFI in permanent memory (Reserved 64MB)\r
gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000\r
# Networking stack\r
#\r
!include NetworkPkg/NetworkComponents.dsc.inc\r
+!if $(NETWORK_TLS_ENABLE) == TRUE\r
+ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {\r
+ <LibraryClasses>\r
+ NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf\r
+ }\r
+!endif\r
\r
#\r
# SCSI Bus and Disk Driver\r