OvmfPkg/README: Update the network build flags

The following network build flags changed due to the inclusion of
NetworkPkg/Network.fdf.inc.

  HTTP_BOOT_ENABLE -> NETWORK_HTTP_BOOT_ENABLE
  TLS_ENABLE -> NETWORK_TLS_ENABLE

This commit also adds NETWORK_ALLOW_HTTP_CONNECTIONS to reflect the
change in OvmfPkg/OvmfPkg*.dsc.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1884
Signed-off-by: Gary Lin <glin@suse.com>
Message-Id: <20190610065509.19573-1-glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>

1 files changed, 8 insertions, 3 deletions

diff --git a/OvmfPkg/README b/OvmfPkg/README
index c014d07bfb..3dd28474ea 100644
--- a/OvmfPkg/README
+++ b/OvmfPkg/README
@@ -260,9 +260,14 @@ HTTPS Boot is an alternative solution to PXE. It replaces the tftp server
 with a HTTPS server so the firmware can download the images through a trusted

 and encrypted connection.

 

-* To enable HTTPS Boot, you have to build OVMF with -D HTTP_BOOT_ENABLE and

-  -D TLS_ENABLE. The former brings in the HTTP stack from NetworkPkg while

-  the latter enables TLS support in both NetworkPkg and CryptoPkg.

+* To enable HTTPS Boot, you have to build OVMF with -D NETWORK_HTTP_BOOT_ENABLE

+  and -D NETWORK_TLS_ENABLE. The former brings in the HTTP stack from

+  NetworkPkg while the latter enables TLS support in both NetworkPkg and

+  CryptoPkg.

+

+  If you want to exclude the unsecured HTTP connection completely, OVMF has to

+  be built with -D NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE so that only the HTTPS

+  connections will be accepted.

 

 * By default, there is no trusted certificate. The user has to import the

   certificates either manually with "Tls Auth Configuration" utility in the