[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-ppc] [PATCH v2 16/18] hw/firmware: Add Edk2Crypto and edk2_add
From: |
Eric Blake |
Subject: |
Re: [Qemu-ppc] [PATCH v2 16/18] hw/firmware: Add Edk2Crypto and edk2_add_host_crypto_policy() |
Date: |
Thu, 7 Mar 2019 20:16:24 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 |
On 3/7/19 7:32 PM, Philippe Mathieu-Daudé wrote:
> The Edk2Crypto object is used to hold configuration values specific
> to EDK2.
>
> The edk2_add_host_crypto_policy() function loads crypto policies
> from the host, and register them as fw_cfg named file items.
> So far only the 'https' policy is supported.
>
> An usercase example is the 'HTTPS Boof' feature of OVMF [*].
s/An/A/ since "user" is a pronounced or hard 'u' (English is funny, but
the rule of thumb is you add the consonant only before a soft u, and not
a pronounced one; as in "give an umbrella to a unicorn")
>
> Usage example:
>
> $ qemu-system-x86_64 \
> -object edk2_crypto,id=https,\
Might as well use --object (both spellings work for qemu, but since
--object is the only spelling for qemu-img/qemu-nbd, being consistent
between the lot is useful).
> ciphers=/etc/crypto-policies/back-ends/openssl.config,\
> cacerts=/etc/pki/ca-trust/extracted/edk2/cacerts.bin
(I really should follow through on my threat to teach QemuOpts to ignore
whitespace after ','; but for this commit message, it's obvious the
indentation has to be stripped for the command line to be valid)
>
> (On Fedora these files are provided by the ca-certificates and
> crypto-policies packages).
>
> [*]: https://github.com/tianocore/edk2/blob/master/OvmfPkg/README
>
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
[Qemu-ppc] [PATCH v2 15/18] hw/nvram/fw_cfg: Add fw_cfg_add_file_from_host(), Philippe Mathieu-Daudé, 2019/03/07
[Qemu-ppc] [PATCH v2 14/18] hw/nvram/fw_cfg: Add HMP 'info fw_cfg' command, Philippe Mathieu-Daudé, 2019/03/07
[Qemu-ppc] [PATCH v2 16/18] hw/firmware: Add Edk2Crypto and edk2_add_host_crypto_policy(), Philippe Mathieu-Daudé, 2019/03/07
- Re: [Qemu-ppc] [PATCH v2 16/18] hw/firmware: Add Edk2Crypto and edk2_add_host_crypto_policy(),
Eric Blake <=
[Qemu-ppc] [PATCH v2 17/18] hw/i386: Use edk2_add_host_crypto_policy(), Philippe Mathieu-Daudé, 2019/03/07
[Qemu-ppc] [PATCH v2 18/18] hw/arm/virt: Use edk2_add_host_crypto_policy(), Philippe Mathieu-Daudé, 2019/03/07
Re: [Qemu-ppc] [PATCH v2 00/18] fw_cfg: reduce memleaks, add QMP/HMP info + edk2_add_host_crypto_policy, Laszlo Ersek, 2019/03/08