OvmfPkg/README: Update the network build flags

The following network build flags changed due to the inclusion of
NetworkPkg/Network.fdf.inc.

  HTTP_BOOT_ENABLE -> NETWORK_HTTP_BOOT_ENABLE
  TLS_ENABLE -> NETWORK_TLS_ENABLE

This commit also adds NETWORK_ALLOW_HTTP_CONNECTIONS to reflect the
change in OvmfPkg/OvmfPkg*.dsc.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1884
Signed-off-by: Gary Lin <glin@suse.com>
Message-Id: <20190610065509.19573-1-glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Gary Lin 2019-06-10 14:55:09 +08:00 committed by Laszlo Ersek
parent 470626624f
commit 1631bb26ae
1 changed files with 8 additions and 3 deletions

View File

@ -260,9 +260,14 @@ HTTPS Boot is an alternative solution to PXE. It replaces the tftp server
with a HTTPS server so the firmware can download the images through a trusted
and encrypted connection.
* To enable HTTPS Boot, you have to build OVMF with -D HTTP_BOOT_ENABLE and
-D TLS_ENABLE. The former brings in the HTTP stack from NetworkPkg while
the latter enables TLS support in both NetworkPkg and CryptoPkg.
* To enable HTTPS Boot, you have to build OVMF with -D NETWORK_HTTP_BOOT_ENABLE
and -D NETWORK_TLS_ENABLE. The former brings in the HTTP stack from
NetworkPkg while the latter enables TLS support in both NetworkPkg and
CryptoPkg.
If you want to exclude the unsecured HTTP connection completely, OVMF has to
be built with -D NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE so that only the HTTPS
connections will be accepted.
* By default, there is no trusted certificate. The user has to import the
certificates either manually with "Tls Auth Configuration" utility in the