summaryrefslogtreecommitdiffstats
path: root/OvmfPkg
diff options
context:
space:
mode:
authorGary Lin <glin@suse.com>2019-06-10 14:55:09 +0800
committerLaszlo Ersek <lersek@redhat.com>2019-06-11 17:09:28 +0200
commit1631bb26ae991e530d3c96fe3161ea15144b358e (patch)
treec2f477a40ec9a9f85d7548a9d7d0a2964209f246 /OvmfPkg
parent470626624fa31a1f50b82815dd330deb43e32e52 (diff)
downloadedk2-1631bb26ae991e530d3c96fe3161ea15144b358e.tar.gz
edk2-1631bb26ae991e530d3c96fe3161ea15144b358e.tar.bz2
edk2-1631bb26ae991e530d3c96fe3161ea15144b358e.zip
OvmfPkg/README: Update the network build flags
The following network build flags changed due to the inclusion of NetworkPkg/Network.fdf.inc. HTTP_BOOT_ENABLE -> NETWORK_HTTP_BOOT_ENABLE TLS_ENABLE -> NETWORK_TLS_ENABLE This commit also adds NETWORK_ALLOW_HTTP_CONNECTIONS to reflect the change in OvmfPkg/OvmfPkg*.dsc. Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1884 Signed-off-by: Gary Lin <glin@suse.com> Message-Id: <20190610065509.19573-1-glin@suse.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'OvmfPkg')
-rw-r--r--OvmfPkg/README11
1 files changed, 8 insertions, 3 deletions
diff --git a/OvmfPkg/README b/OvmfPkg/README
index c014d07bfb..3dd28474ea 100644
--- a/OvmfPkg/README
+++ b/OvmfPkg/README
@@ -260,9 +260,14 @@ HTTPS Boot is an alternative solution to PXE. It replaces the tftp server
with a HTTPS server so the firmware can download the images through a trusted
and encrypted connection.
-* To enable HTTPS Boot, you have to build OVMF with -D HTTP_BOOT_ENABLE and
- -D TLS_ENABLE. The former brings in the HTTP stack from NetworkPkg while
- the latter enables TLS support in both NetworkPkg and CryptoPkg.
+* To enable HTTPS Boot, you have to build OVMF with -D NETWORK_HTTP_BOOT_ENABLE
+ and -D NETWORK_TLS_ENABLE. The former brings in the HTTP stack from
+ NetworkPkg while the latter enables TLS support in both NetworkPkg and
+ CryptoPkg.
+
+ If you want to exclude the unsecured HTTP connection completely, OVMF has to
+ be built with -D NETWORK_ALLOW_HTTP_CONNECTIONS=FALSE so that only the HTTPS
+ connections will be accepted.
* By default, there is no trusted certificate. The user has to import the
certificates either manually with "Tls Auth Configuration" utility in the