ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*

Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg. ArmVirtXen is not modified because it doesn't include the edk2 network stack. (This change is now simpler than it would have been when TianoCore#1009 was originally filed, due to ArmVirtPkg consuming the NetworkPkg include fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.) The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Guillaume GARDET <guillaume.gardet@arm.com> Cc: Julien Grall <julien.grall@arm.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Guillaume Gardet <guillaume.gardet@arm.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Tested-by: Gary Lin <glin@suse.com>
author: Laszlo Ersek <lersek@redhat.com> 2019-06-24 18:30:27 +0200
committer: Laszlo Ersek <lersek@redhat.com> 2019-06-28 18:07:54 +0200
commit: ffe048a0807b56c2def74f8280d55e2aa8865c20 (patch)
tree: 19606e072ff75f6c0aeb1ead8fc5855956696f90
parent: 48fdf9a6df2c401fb8850659a67d1fbbc353d771 (diff)
download: edk2-ffe048a0807b56c2def74f8280d55e2aa8865c20.tar.gz
edk2-ffe048a0807b56c2def74f8280d55e2aa8865c20.tar.bz2
edk2-ffe048a0807b56c2def74f8280d55e2aa8865c20.zip
3 files changed, 35 insertions, 8 deletions
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 20bf011617..a4ae25d982 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -71,6 +71,9 @@
 
   # Networking Requirements
 !include NetworkPkg/NetworkLibs.dsc.inc
+!if $(NETWORK_TLS_ENABLE) == TRUE
+  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+!endif
 
 
   #
@@ -136,7 +139,11 @@
   # CryptoPkg libraries needed by multiple firmware features
   #
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
 
   #
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index cf28478977..7ae6702ac1 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -43,10 +43,6 @@
   !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
 !endif
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
-!endif
-
 !include NetworkPkg/NetworkDefines.dsc.inc
 
 !include ArmVirtPkg/ArmVirt.dsc.inc
@@ -113,6 +109,14 @@
   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+!if $(NETWORK_TLS_ENABLE) == TRUE
+  #
+  # The cumulative and individual VOLATILE variable size limits should be set
+  # high enough for accommodating several and/or large CA certificates.
+  #
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
+!endif
 
   # Size of the region used by UEFI in permanent memory (Reserved 64MB)
   gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
@@ -372,6 +376,12 @@
   # Networking stack
   #
 !include NetworkPkg/NetworkComponents.dsc.inc
+!if $(NETWORK_TLS_ENABLE) == TRUE
+  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
+    <LibraryClasses>
+      NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
+  }
+!endif
 
   #
   # SCSI Bus and Disk Driver
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 596e59739c..3b0f04967a 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -43,10 +43,6 @@
   !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
 !endif
 
-!if $(NETWORK_TLS_ENABLE) == TRUE
-  !error "NETWORK_TLS_ENABLE is tracked at <https://bugzilla.tianocore.org/show_bug.cgi?id=1009>"
-!endif
-
 !include NetworkPkg/NetworkDefines.dsc.inc
 
 !include ArmVirtPkg/ArmVirt.dsc.inc
@@ -118,6 +114,14 @@
   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x4000
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+!if $(NETWORK_TLS_ENABLE) == TRUE
+  #
+  # The cumulative and individual VOLATILE variable size limits should be set
+  # high enough for accommodating several and/or large CA certificates.
+  #
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
+!endif
 
   # Size of the region used by UEFI in permanent memory (Reserved 64MB)
   gArmPlatformTokenSpaceGuid.PcdSystemMemoryUefiRegionSize|0x04000000
@@ -356,6 +360,12 @@
   # Networking stack
   #
 !include NetworkPkg/NetworkComponents.dsc.inc
+!if $(NETWORK_TLS_ENABLE) == TRUE
+  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {
+    <LibraryClasses>
+      NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf
+  }
+!endif
 
   #
   # SCSI Bus and Disk Driver
author	Laszlo Ersek <lersek@redhat.com>	2019-06-24 18:30:27 +0200
committer	Laszlo Ersek <lersek@redhat.com>	2019-06-28 18:07:54 +0200
commit	ffe048a0807b56c2def74f8280d55e2aa8865c20 (patch)
tree	19606e072ff75f6c0aeb1ead8fc5855956696f90
parent	48fdf9a6df2c401fb8850659a67d1fbbc353d771 (diff)
download	edk2-ffe048a0807b56c2def74f8280d55e2aa8865c20.tar.gz edk2-ffe048a0807b56c2def74f8280d55e2aa8865c20.tar.bz2 edk2-ffe048a0807b56c2def74f8280d55e2aa8865c20.zip