mirror of https://github.com/acidanthera/audk.git
OvmfPkg: replace SECURE_BOOT_FEATURE_ENABLED with PcdSecureBootSupported
Drop the '-D SECURE_BOOT_FEATURE_ENABLED' compile time option, use a new FeaturePcd instead. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
parent
a818a873e5
commit
92da8a154f
|
@ -93,15 +93,6 @@
|
||||||
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
|
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
|
||||||
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
|
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
|
||||||
|
|
||||||
#
|
|
||||||
# SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
#
|
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
||||||
MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
!endif
|
|
||||||
|
|
||||||
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
||||||
|
|
||||||
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
||||||
|
@ -477,6 +468,7 @@
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
|
||||||
!endif
|
!endif
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported|TRUE
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
||||||
!endif
|
!endif
|
||||||
|
|
||||||
|
|
|
@ -90,15 +90,6 @@
|
||||||
INTEL:*_*_*_CC_FLAGS = /D TDX_PEI_LESS_BOOT
|
INTEL:*_*_*_CC_FLAGS = /D TDX_PEI_LESS_BOOT
|
||||||
GCC:*_*_*_CC_FLAGS = -D TDX_PEI_LESS_BOOT
|
GCC:*_*_*_CC_FLAGS = -D TDX_PEI_LESS_BOOT
|
||||||
|
|
||||||
#
|
|
||||||
# SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
#
|
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
||||||
MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
!endif
|
|
||||||
|
|
||||||
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
||||||
GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
|
GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
|
||||||
XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
|
XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
|
||||||
|
@ -387,6 +378,7 @@
|
||||||
gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE
|
gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE
|
||||||
!endif
|
!endif
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported|TRUE
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
||||||
!endif
|
!endif
|
||||||
|
|
||||||
|
|
|
@ -28,14 +28,12 @@ ConnectNvVarsToFileSystem (
|
||||||
IN EFI_HANDLE FsHandle
|
IN EFI_HANDLE FsHandle
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
#ifdef SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
|
|
||||||
return EFI_UNSUPPORTED;
|
|
||||||
|
|
||||||
#else
|
|
||||||
|
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
|
|
||||||
|
if (FeaturePcdGet (PcdSecureBootSupported)) {
|
||||||
|
return EFI_UNSUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// We might fail to load the variable, since the file system initially
|
// We might fail to load the variable, since the file system initially
|
||||||
// will not have the NvVars file.
|
// will not have the NvVars file.
|
||||||
|
@ -52,7 +50,6 @@ ConnectNvVarsToFileSystem (
|
||||||
}
|
}
|
||||||
|
|
||||||
return Status;
|
return Status;
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -47,6 +47,8 @@
|
||||||
[Protocols]
|
[Protocols]
|
||||||
gEfiSimpleFileSystemProtocolGuid ## CONSUMES
|
gEfiSimpleFileSystemProtocolGuid ## CONSUMES
|
||||||
|
|
||||||
|
[Pcd]
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
|
||||||
|
|
||||||
[Guids]
|
[Guids]
|
||||||
gEfiFileInfoGuid
|
gEfiFileInfoGuid
|
||||||
|
|
|
@ -91,15 +91,6 @@
|
||||||
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
|
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
|
||||||
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
|
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
|
||||||
|
|
||||||
#
|
|
||||||
# SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
#
|
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
||||||
MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
!endif
|
|
||||||
|
|
||||||
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
||||||
|
|
||||||
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
||||||
|
@ -473,6 +464,7 @@
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported|TRUE
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
||||||
!endif
|
!endif
|
||||||
|
|
||||||
|
|
|
@ -488,6 +488,9 @@
|
||||||
# used by OVMF, the varstore pflash chip, LockBox etc).
|
# used by OVMF, the varstore pflash chip, LockBox etc).
|
||||||
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|FALSE|BOOLEAN|0x1e
|
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|FALSE|BOOLEAN|0x1e
|
||||||
|
|
||||||
|
## This feature flag indicates the firmware build supports secure boot.
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported|FALSE|BOOLEAN|0x6d
|
||||||
|
|
||||||
## Informs modules (including pre-DXE-phase modules) whether the platform
|
## Informs modules (including pre-DXE-phase modules) whether the platform
|
||||||
# firmware contains a CSM (Compatibility Support Module).
|
# firmware contains a CSM (Compatibility Support Module).
|
||||||
#
|
#
|
||||||
|
|
|
@ -96,15 +96,6 @@
|
||||||
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
|
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
|
||||||
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
|
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
|
||||||
|
|
||||||
#
|
|
||||||
# SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
#
|
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
||||||
MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
!endif
|
|
||||||
|
|
||||||
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
||||||
|
|
||||||
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
||||||
|
@ -486,6 +477,7 @@
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
|
||||||
!endif
|
!endif
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported|TRUE
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
||||||
!endif
|
!endif
|
||||||
|
|
||||||
|
|
|
@ -100,15 +100,6 @@
|
||||||
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
|
INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
|
||||||
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
|
GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
|
||||||
|
|
||||||
#
|
|
||||||
# SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
#
|
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
||||||
MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
!endif
|
|
||||||
|
|
||||||
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
||||||
|
|
||||||
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
||||||
|
@ -492,6 +483,7 @@
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
|
||||||
!endif
|
!endif
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported|TRUE
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
||||||
!endif
|
!endif
|
||||||
|
|
||||||
|
|
|
@ -114,15 +114,6 @@
|
||||||
INTEL:*_*_*_CC_FLAGS = /D TDX_GUEST_SUPPORTED
|
INTEL:*_*_*_CC_FLAGS = /D TDX_GUEST_SUPPORTED
|
||||||
GCC:*_*_*_CC_FLAGS = -D TDX_GUEST_SUPPORTED
|
GCC:*_*_*_CC_FLAGS = -D TDX_GUEST_SUPPORTED
|
||||||
|
|
||||||
#
|
|
||||||
# SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
#
|
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
||||||
MSFT:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
INTEL:*_*_*_CC_FLAGS = /D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
|
|
||||||
!endif
|
|
||||||
|
|
||||||
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
!include NetworkPkg/NetworkBuildOptions.dsc.inc
|
||||||
|
|
||||||
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
|
||||||
|
@ -513,6 +504,7 @@
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
|
||||||
!endif
|
!endif
|
||||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported|TRUE
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
gEfiMdeModulePkgTokenSpaceGuid.PcdRequireSelfSignedPk|TRUE
|
||||||
!endif
|
!endif
|
||||||
|
|
||||||
|
|
|
@ -222,9 +222,10 @@ ReserveEmuVariableNvStore (
|
||||||
VariableStore = (EFI_PHYSICAL_ADDRESS)(UINTN)PlatformReserveEmuVariableNvStore ();
|
VariableStore = (EFI_PHYSICAL_ADDRESS)(UINTN)PlatformReserveEmuVariableNvStore ();
|
||||||
PcdStatus = PcdSet64S (PcdEmuVariableNvStoreReserved, VariableStore);
|
PcdStatus = PcdSet64S (PcdEmuVariableNvStoreReserved, VariableStore);
|
||||||
|
|
||||||
#ifdef SECURE_BOOT_FEATURE_ENABLED
|
if (FeaturePcdGet (PcdSecureBootSupported)) {
|
||||||
|
// restore emulated VarStore from pristine ROM copy
|
||||||
PlatformInitEmuVariableNvStore ((VOID *)(UINTN)VariableStore);
|
PlatformInitEmuVariableNvStore ((VOID *)(UINTN)VariableStore);
|
||||||
#endif
|
}
|
||||||
|
|
||||||
ASSERT_RETURN_ERROR (PcdStatus);
|
ASSERT_RETURN_ERROR (PcdStatus);
|
||||||
}
|
}
|
||||||
|
|
|
@ -94,6 +94,7 @@
|
||||||
gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase
|
gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase
|
||||||
gUefiOvmfPkgTokenSpaceGuid.PcdXenPvhStartOfDayStructPtr
|
gUefiOvmfPkgTokenSpaceGuid.PcdXenPvhStartOfDayStructPtr
|
||||||
gUefiOvmfPkgTokenSpaceGuid.PcdXenPvhStartOfDayStructPtrSize
|
gUefiOvmfPkgTokenSpaceGuid.PcdXenPvhStartOfDayStructPtrSize
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
|
||||||
gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress
|
gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress
|
||||||
gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
|
gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
|
||||||
|
|
Loading…
Reference in New Issue