Laszlo Ersek ba9c8a8ccb OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for HTTPS boot ... Read the list of trusted cipher suites from fw_cfg and to store it to EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE. The fw_cfg file will be formatted by the "update-crypto-policies" utility on the host side, so that the host settings take effect in guest HTTPS boot as well. QEMU forwards the file intact to the firmware. The contents are forwarded by NetworkPkg/HttpDxe (in TlsConfigCipherList()) to NetworkPkg/TlsDxe (TlsSetSessionData()) and TlsLib (TlsSetCipherList()). Note: the development of the "update-crypto-policies" feature is underway at this time. Meanwhile the following script can be used to generate the binary file for fw_cfg: export LC_ALL=C openssl ciphers -V \ | sed -r -n \ -e 's/^ *0x([0-9A-F]{2}),0x([0-9A-F]{2}) - .*$/\\\\x\1 \\\\x\2/p' \ | xargs -r -- printf -- '%b' > ciphers.bin Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Ching-Pang Lin <glin@suse.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Gary Lin <glin@suse.com> Tested-by: Gary Lin <glin@suse.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> [lersek@redhat.com: update commit msg and add script as requested by Gary] [lersek@redhat.com: update commit msg as requested by Jiaxin]		2018-04-13 14:05:10 +02:00
..
TlsAuthConfigLib.c	OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for HTTPS boot	2018-04-13 14:05:10 +02:00
TlsAuthConfigLib.inf	OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for HTTPS boot	2018-04-13 14:05:10 +02:00