mirror of https://github.com/acidanthera/audk.git
OvmfPkg/README: Update the network build flags
The following network build flags changed due to the inclusion of NetworkPkg/Network.fdf.inc. HTTP_BOOT_ENABLE -> NETWORK_HTTP_BOOT_ENABLE TLS_ENABLE -> NETWORK_TLS_ENABLE This commit also adds NETWORK_ALLOW_HTTP_CONNECTIONS to reflect the change in OvmfPkg/OvmfPkg*.dsc. Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1884 Signed-off-by: Gary Lin <glin@suse.com> Message-Id: <20190610065509.19573-1-glin@suse.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
parent
470626624f
commit
1631bb26ae
|
@ -260,9 +260,14 @@ HTTPS Boot is an alternative solution to PXE. It replaces the tftp server
|
||||||
with a HTTPS server so the firmware can download the images through a trusted
|
with a HTTPS server so the firmware can download the images through a trusted
|
||||||
and encrypted connection.
|
and encrypted connection.
|
||||||
|
|
||||||
* To enable HTTPS Boot, you have to build OVMF with -D HTTP_BOOT_ENABLE and
|
* To enable HTTPS Boot, you have to build OVMF with -D NETWORK_HTTP_BOOT_ENABLE
|
||||||
-D TLS_ENABLE. The former brings in the HTTP stack from NetworkPkg while
|
and -D NETWORK_TLS_ENABLE. The former brings in the HTTP stack from
|
||||||
the latter enables TLS support in both NetworkPkg and CryptoPkg.
|
NetworkPkg while the latter enables TLS support in both NetworkPkg and
|
||||||
|
CryptoPkg.
|
||||||
|
|
||||||
|
If you want to exclude the unsecured HTTP connection completely, OVMF has to
|
||||||
|
be built with -D NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE so that only the HTTPS
|
||||||
|
connections will be accepted.
|
||||||
|
|
||||||
* By default, there is no trusted certificate. The user has to import the
|
* By default, there is no trusted certificate. The user has to import the
|
||||||
certificates either manually with "Tls Auth Configuration" utility in the
|
certificates either manually with "Tls Auth Configuration" utility in the
|
||||||
|
|
Loading…
Reference in New Issue