[edk2-devel] [PATCH V2 1/7] NetworkPkg/Defines: Make iSCSI disable as default

Gao, Zhichao zhichao.gao at intel.com
Thu Oct 29 02:34:56 UTC 2020 

Sure. I would do it. I am thinking using Network.dsc.inc instead of others inc's combination. But there may be a question: the default Network.dsc.inc would only cover below build:
Components.IA32, Components.X64, Components.ARM, Components.AARCH64, Components.RISCV64
I am not sure if the above would match ArmVirt and Ovmf's requirements.

Thanks,
Zhichao

> -----Original Message-----
> From: Laszlo Ersek <lersek at redhat.com>
> Sent: Tuesday, October 27, 2020 6:48 PM
> To: Gao, Zhichao <zhichao.gao at intel.com>; devel at edk2.groups.io
> Cc: Justen, Jordan L <jordan.l.justen at intel.com>; Ard Biesheuvel
> <ard.biesheuvel at arm.com>; Sami Mujawar <sami.mujawar at arm.com>; Leif
> Lindholm <leif at nuviainc.com>; Yao, Jiewen <jiewen.yao at intel.com>; Wang, Jian
> J <jian.j.wang at intel.com>; Lu, XiaoyuX <xiaoyux.lu at intel.com>; Jiang, Guomin
> <guomin.jiang at intel.com>; Kinney, Michael D <michael.d.kinney at intel.com>;
> Steele, Kelly <kelly.steele at intel.com>; Sun, Zailiang <zailiang.sun at intel.com>;
> Qian, Yi <yi.qian at intel.com>; Liming Gao <gaoliming at byosoft.com.cn>; Maciej
> Rabeda <maciej.rabeda at linux.intel.com>; Wu, Jiaxin <jiaxin.wu at intel.com>; Fu,
> Siyuan <siyuan.fu at intel.com>
> Subject: Re: [PATCH V2 1/7] NetworkPkg/Defines: Make iSCSI disable as default
> 
> Hi Zhichao,
> 
> thanks for the CC, I appreciate it. Please see my comments below.
> 
> On 10/27/20 03:42, Zhichao Gao wrote:
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> >
> > iSCSI is using the undeprecated function MD5. It is better to make the
> > default setting secure. If the platforms want to use the iSCSI, they
> > should enable it in the platforms'
> > dsc file and be aware they are using an unsafe function.
> >
> > Cc: Jordan Justen <jordan.l.justen at intel.com>
> > Cc: Laszlo Ersek <lersek at redhat.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel at arm.com>
> > Cc: Sami Mujawar <sami.mujawar at arm.com>
> > Cc: Leif Lindholm <leif at nuviainc.com>
> > Cc: Jiewen Yao <jiewen.yao at intel.com>
> > Cc: Jian J Wang <jian.j.wang at intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu at intel.com>
> > Cc: Guomin Jiang <guomin.jiang at intel.com>
> > Cc: Michael D Kinney <michael.d.kinney at intel.com>
> > Cc: Kelly Steele <kelly.steele at intel.com>
> > Cc: Zailiang Sun <zailiang.sun at intel.com>
> > Cc: Yi Qian <yi.qian at intel.com>
> > Cc: Liming Gao <gaoliming at byosoft.com.cn>
> > Cc: Maciej Rabeda <maciej.rabeda at linux.intel.com>
> > Cc: Jiaxin Wu <jiaxin.wu at intel.com>
> > Cc: Siyuan Fu <siyuan.fu at intel.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao at intel.com>
> > ---
> >  NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/NetworkPkg/NetworkDefines.dsc.inc
> > b/NetworkPkg/NetworkDefines.dsc.inc
> > index a442d1b157..18921d81f6 100644
> > --- a/NetworkPkg/NetworkDefines.dsc.inc
> > +++ b/NetworkPkg/NetworkDefines.dsc.inc
> > @@ -17,7 +17,7 @@
> >  #   DEFINE NETWORK_TLS_ENABLE             = TRUE
> >  #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
> >  #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> > -#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
> > +#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
> >  #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
> >  #
> >  # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> @@
> > -101,7 +101,7 @@
> >    #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
> >    #       since libssl is not required for iSCSI.
> >    #
> > -  DEFINE NETWORK_ISCSI_ENABLE = TRUE
> > +  DEFINE NETWORK_ISCSI_ENABLE = FALSE
> >  !endif
> >
> >  !if $(NETWORK_ENABLE) == TRUE
> >
> 
> I know of people that use iSCSI with the ArmVirtQemu and OVMF platforms.
> 
> Please prepend two patches to this series (that is, the v3 series should begin with
> these two patches below):
> 
> (1) locate "NETWORK_ALLOW_HTTP_CONNECTIONS" in the files:
> 
> - ArmVirtPkg/ArmVirtQemu.dsc
> - ArmVirtPkg/ArmVirtQemuKernel.dsc
> 
> and explicitly enable NETWORK_ISCSI_ENABLE in the same place.
> 
> (2) Please do the same for the following files, in a separate patch:
> 
> - OvmfPkg/Bhyve/BhyveX64.dsc
> - OvmfPkg/OvmfPkgIa32.dsc
> - OvmfPkg/OvmfPkgIa32X64.dsc
> - OvmfPkg/OvmfPkgX64.dsc
> - OvmfPkg/OvmfXen.dsc
> 
> Thanks!
> Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#66722): https://edk2.groups.io/g/devel/message/66722
Mute This Topic: https://groups.io/mt/77831674/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list