On 03/12/19 23:56, Philippe Mathieu-Daudé wrote: > Hi, > > This series consists of: > - add fw_cfg_add_file_from_host() > - add edk2_add_host_crypto_policy() and the Edk2Crypto object > > The Edk2Crypto object is used to hold configuration values specific > to EDK2. > > The edk2_add_host_crypto_policy() function loads crypto policies > from the host, and register them as fw_cfg named file items. > > So far only the 'https' policy is supported. > > A usercase example is the 'HTTPS Boof' feature of OVMF [*]. > > Usage example: > > $ qemu-system-x86_64 \ > --object edk2_crypto,id=https,\ > ciphers=/etc/crypto-policies/back-ends/openssl.config,\ > cacerts=/etc/pki/ca-trust/extracted/edk2/cacerts.bin > > (On Fedora these files are provided by the ca-certificates and > crypto-policies packages). > > [*]: https://github.com/tianocore/edk2/blob/master/OvmfPkg/README > > Since v3: > - Addressed Markus' comments (do not care about heap) > Since v2: > - Split of > Since v1: > - Addressed Michael and Laszlo comments. > > Please review,
sorry about seeing this just now. My email load has been extreme, and the only way I can deal with it is a *strict* FIFO approach. It gives me unparalleled throughput [*] and acceptable latency, but it does cause me to respond to out-of-date emails on occasion. [*] "unparalleled" not by other people, but by other workflows I could choose Nevertheless I think my comments under v3 apply just the same here. Thanks Laszlo
