mirror of https://github.com/acidanthera/audk.git
ArmVirtualizationPkg: Enable secure boot for ArmVirtualizationQemu
This adds all the required modules and library dependencies so that the ArmVirtualizationQemu platform can be built with support for UEFI Secure Boot. This support consists of the OpenSSL crypto library (whose source needs to be downloaded separately), the authenticated variable store, and authentication of executables before launching them. Contributed-under: TianoCore Contribution Agreement 1.0 Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Olivier Martin <olivier.martin@arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17356 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Ard Biesheuvel
oliviermartin
parent
6cf1269d95
commit
80f882abd9
|
|
@ -113,6 +113,19 @@
|
|||
|
||||
XenIoMmioLib|OvmfPkg/Library/XenIoMmioLib/XenIoMmioLib.inf
|
||||
|
||||
#
|
||||
# Secure Boot dependencies
|
||||
#
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
|
||||
# re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
|
||||
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.SEC]
|
||||
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
|
||||
ArmPlatformSecExtraActionLib|ArmPlatformPkg/Library/DebugSecExtraActionLib/DebugSecExtraActionLib.inf
|
||||
|
|
@ -198,6 +211,10 @@
|
|||
ReportStatusCodeLib|IntelFrameworkModulePkg/Library/DxeReportStatusCodeLibFramework/DxeReportStatusCodeLib.inf
|
||||
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.ARM]
|
||||
#
|
||||
# It is not possible to prevent the ARM compiler for generic intrinsic functions.
|
||||
|
|
@ -324,6 +341,13 @@
|
|||
#
|
||||
gArmTokenSpaceGuid.PcdArmUncachedMemoryMask|0x0000000000000000
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04
|
||||
!endif
|
||||
|
||||
[Components.common]
|
||||
#
|
||||
# Networking stack
|
||||
|
|
|
|||
|
|
@ -28,6 +28,12 @@
|
|||
SKUID_IDENTIFIER = DEFAULT
|
||||
FLASH_DEFINITION = ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualizationQemu.fdf
|
||||
|
||||
#
|
||||
# Defines for default states. These can be changed on the command line.
|
||||
# -D FLAG=VALUE
|
||||
#
|
||||
DEFINE SECURE_BOOT_ENABLE = FALSE
|
||||
|
||||
!include ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualization.dsc.inc
|
||||
|
||||
[LibraryClasses.AARCH64]
|
||||
|
|
@ -48,6 +54,7 @@
|
|||
ArmPlatformSysConfigLib|ArmPlatformPkg/Library/ArmPlatformSysConfigLibNull/ArmPlatformSysConfigLibNull.inf
|
||||
|
||||
TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
|
||||
NorFlashPlatformLib|ArmPlatformPkg/ArmVirtualizationPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
|
||||
|
||||
!ifdef INTEL_BDS
|
||||
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
|
||||
|
|
@ -233,7 +240,15 @@
|
|||
ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
|
||||
ArmPkg/Drivers/CpuPei/CpuPei.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf {
|
||||
<LibraryClasses>
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
|
||||
}
|
||||
!else
|
||||
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
|
||||
!endif
|
||||
|
||||
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
|
||||
|
|
@ -253,9 +268,22 @@
|
|||
#
|
||||
ArmPkg/Drivers/CpuDxe/CpuDxe.inf
|
||||
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
|
||||
<LibraryClasses>
|
||||
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
||||
}
|
||||
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {
|
||||
<LibraryClasses>
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
}
|
||||
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||
!else
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!endif
|
||||
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
|
||||
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
|
||||
|
|
@ -272,10 +300,11 @@
|
|||
|
||||
ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
|
||||
ArmPkg/Drivers/TimerDxe/TimerDxe.inf
|
||||
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf {
|
||||
<LibraryClasses>
|
||||
NorFlashPlatformLib|ArmPlatformPkg/ArmVirtualizationPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
|
||||
}
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf
|
||||
!else
|
||||
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
|
||||
!endif
|
||||
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -116,7 +116,12 @@ READ_LOCK_STATUS = TRUE
|
|||
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||
!else
|
||||
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!endif
|
||||
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
|
||||
INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
|
||||
|
|
@ -134,7 +139,11 @@ READ_LOCK_STATUS = TRUE
|
|||
|
||||
INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
|
||||
INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf
|
||||
!else
|
||||
INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
|
||||
!endif
|
||||
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
|
||||
#
|
||||
|
|
@ -255,7 +264,11 @@ READ_LOCK_STATUS = TRUE
|
|||
INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
|
||||
INF ArmPkg/Drivers/CpuPei/CpuPei.inf
|
||||
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
INF SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
|
||||
!else
|
||||
INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
|
||||
!endif
|
||||
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
|
||||
|
||||
FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
|
||||
|
|
|
|||
Loading…
Reference in New Issue