On 3/7/19 7:32 PM, Philippe Mathieu-Daudé wrote: > The Edk2Crypto object is used to hold configuration values specific > to EDK2. > > The edk2_add_host_crypto_policy() function loads crypto policies > from the host, and register them as fw_cfg named file items. > So far only the 'https' policy is supported. > > An usercase example is the 'HTTPS Boof' feature of OVMF [*].
s/An/A/ since "user" is a pronounced or hard 'u' (English is funny, but the rule of thumb is you add the consonant only before a soft u, and not a pronounced one; as in "give an umbrella to a unicorn") > > Usage example: > > $ qemu-system-x86_64 \ > -object edk2_crypto,id=https,\ Might as well use --object (both spellings work for qemu, but since --object is the only spelling for qemu-img/qemu-nbd, being consistent between the lot is useful). > ciphers=/etc/crypto-policies/back-ends/openssl.config,\ > cacerts=/etc/pki/ca-trust/extracted/edk2/cacerts.bin (I really should follow through on my threat to teach QemuOpts to ignore whitespace after ','; but for this commit message, it's obvious the indentation has to be stripped for the command line to be valid) > > (On Fedora these files are provided by the ca-certificates and > crypto-policies packages). > > [*]: https://github.com/tianocore/edk2/blob/master/OvmfPkg/README > > Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> > --- -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
