mirror of https://github.com/acidanthera/audk.git
OvmfPkg: Enable secure-boot support when SECURE_BOOT_ENABLE==TRUE
Adjust PCD settings, library mappings and driver usage to enable secure-boot when -D SECURE_BOOT_ENABLE=TRUE is used on the build command line. Signed-off-by: lgrosenb Reviewed-by: jljusten Reviewed-by: mdkinney git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13093 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
bdf93df856
commit
8cee3de7e9
|
@ -107,6 +107,17 @@
|
|||
LocalApicLib|UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.inf
|
||||
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
|
||||
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common]
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.SEC]
|
||||
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
|
||||
ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
|
||||
|
@ -169,6 +180,9 @@
|
|||
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
|
||||
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
|
||||
DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.UEFI_DRIVER]
|
||||
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
|
||||
|
@ -222,7 +236,11 @@
|
|||
gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x10000
|
||||
!else
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x400
|
||||
!endif
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize|0x8000
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xc000
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0xc000
|
||||
|
@ -239,6 +257,13 @@
|
|||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F
|
||||
!endif
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05
|
||||
!endif
|
||||
|
||||
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
|
||||
!endif
|
||||
|
@ -309,7 +334,18 @@
|
|||
}
|
||||
|
||||
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
|
||||
<LibraryClasses>
|
||||
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
}
|
||||
!else
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
!endif
|
||||
|
||||
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf
|
||||
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
|
@ -451,3 +487,10 @@
|
|||
}
|
||||
!endif
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {
|
||||
<LibraryClasses>
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
}
|
||||
!endif
|
||||
|
|
|
@ -167,7 +167,11 @@ INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
|
|||
INF OvmfPkg/BlockMmioToBlockIoDxe/BlockIo.inf
|
||||
INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
|
||||
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!else
|
||||
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!endif
|
||||
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
|
|
|
@ -108,6 +108,17 @@
|
|||
LocalApicLib|UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.inf
|
||||
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
|
||||
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common]
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.SEC]
|
||||
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
|
||||
ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
|
||||
|
@ -170,6 +181,9 @@
|
|||
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
|
||||
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
|
||||
DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.UEFI_DRIVER]
|
||||
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
|
||||
|
@ -223,7 +237,11 @@
|
|||
gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x10000
|
||||
!else
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x400
|
||||
!endif
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize|0x8000
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xc000
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0xc000
|
||||
|
@ -240,6 +258,13 @@
|
|||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F
|
||||
!endif
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05
|
||||
!endif
|
||||
|
||||
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
|
||||
!endif
|
||||
|
@ -311,7 +336,18 @@
|
|||
}
|
||||
|
||||
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
|
||||
<LibraryClasses>
|
||||
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
}
|
||||
!else
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
!endif
|
||||
|
||||
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf
|
||||
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
|
@ -453,3 +489,10 @@
|
|||
}
|
||||
!endif
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {
|
||||
<LibraryClasses>
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
}
|
||||
!endif
|
||||
|
|
|
@ -167,7 +167,13 @@ INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
|
|||
INF OvmfPkg/BlockMmioToBlockIoDxe/BlockIo.inf
|
||||
INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
|
||||
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!else
|
||||
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!endif
|
||||
|
||||
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
|
|
|
@ -108,6 +108,17 @@
|
|||
LocalApicLib|UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.inf
|
||||
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
|
||||
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common]
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.SEC]
|
||||
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
|
||||
ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
|
||||
|
@ -170,6 +181,9 @@
|
|||
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
|
||||
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
|
||||
DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
!endif
|
||||
|
||||
[LibraryClasses.common.UEFI_DRIVER]
|
||||
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
|
||||
|
@ -223,7 +237,11 @@
|
|||
gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x10000
|
||||
!else
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x400
|
||||
!endif
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize|0x8000
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xc000
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0xc000
|
||||
|
@ -240,6 +258,13 @@
|
|||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F
|
||||
!endif
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05
|
||||
!endif
|
||||
|
||||
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
|
||||
!endif
|
||||
|
@ -310,7 +335,18 @@
|
|||
}
|
||||
|
||||
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
|
||||
<LibraryClasses>
|
||||
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
}
|
||||
!else
|
||||
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
!endif
|
||||
|
||||
MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf
|
||||
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
|
@ -452,3 +488,10 @@
|
|||
}
|
||||
!endif
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {
|
||||
<LibraryClasses>
|
||||
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
||||
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
}
|
||||
!endif
|
||||
|
|
|
@ -167,7 +167,13 @@ INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
|
|||
INF OvmfPkg/BlockMmioToBlockIoDxe/BlockIo.inf
|
||||
INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
|
||||
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!else
|
||||
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
!endif
|
||||
|
||||
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
|
|
Loading…
Reference in New Issue