Philippe Mathieu-Daudé <[email protected]> writes: > Hi, > > This series consists of: > - add fw_cfg_add_file_from_host() > - add edk2_add_host_crypto_policy() and the Edk2Crypto object > > The Edk2Crypto object is used to hold configuration values specific > to EDK2. > > The edk2_add_host_crypto_policy() function loads crypto policies > from the host, and register them as fw_cfg named file items. > > So far only the 'https' policy is supported. > > A usercase example is the 'HTTPS Boof' feature of OVMF [*]. > > Usage example: > > $ qemu-system-x86_64 \ > --object edk2_crypto,id=https,\ > ciphers=/etc/crypto-policies/back-ends/openssl.config,\ > cacerts=/etc/pki/ca-trust/extracted/edk2/cacerts.bin > > (On Fedora these files are provided by the ca-certificates and > crypto-policies packages). > > [*]: https://github.com/tianocore/edk2/blob/master/OvmfPkg/README > > Since v3: > - Addressed Markus' comments (do not care about heap) > Since v2: > - Split of > Since v1: > - Addressed Michael and Laszlo comments. > > Please review,
I can't pass judgement on the feature's utility, but the code looks sane to me. Reviewed-by: Markus Armbruster <[email protected]>
