diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index 81511e3556..0f1e970fbb 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -31,6 +31,11 @@ # DEFINE SECURE_BOOT_ENABLE = FALSE + # + # Shell can be useful for debugging but should not be enabled for production + # + DEFINE BUILD_SHELL = TRUE + # # Device drivers # @@ -204,7 +209,9 @@ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf +!if $(BUILD_SHELL) == TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf +!endif ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf @@ -720,12 +727,13 @@ MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf -!if $(TOOL_CHAIN_TAG) != "XCODE5" +!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf { gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE } !endif +!if $(BUILD_SHELL) == TRUE ShellPkg/Application/Shell/Shell.inf { ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf @@ -744,6 +752,7 @@ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 } +!endif !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf index a57bbcee89..73dffc1043 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -97,10 +97,14 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCp 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize -0x100000|0xC00000 +0x100000|0x700000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize FV = DXEFV +0x800000|0x500000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeNonCcFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeNonCcFvSize +FV = NCCFV + ########################################################################################## # Set the SEV-ES specific work area PCDs # @@ -183,7 +187,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf INF UefiCpuPkg/CpuDxe/CpuDxe.inf @@ -201,6 +204,86 @@ INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf + +!if $(SECURE_BOOT_ENABLE) == TRUE + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf +!endif + +INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf +INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf +INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf +INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf +INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf +INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf +INF MdeModulePkg/Application/UiApp/UiApp.inf +INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf +INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf +INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf +INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf +INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf +INF OvmfPkg/SataControllerDxe/SataControllerDxe.inf +INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf +INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +INF MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf +INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf +INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf +INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + +INF OvmfPkg/SioBusDxe/SioBusDxe.inf +INF MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf + +INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf +INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf + +INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf +INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf + +INF FatPkg/EnhancedFatDxe/Fat.inf +INF OvmfPkg/TdxDxe/TdxDxe.inf + +INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf + +# +# Variable driver stack (non-SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf + +# +# EFI_CC_MEASUREMENT_PROTOCOL +# +INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf + +################################################################################ + +[FV.NCCFV] +FvForceRebase = FALSE +FvNameGuid = AE047C6D-BCE9-426C-AE03-A68E3B8A0488 +BlockSize = 0x10000 +FvAlignment = 16 +ERASE_POLARITY = 1 +MEMORY_MAPPED = TRUE +STICKY_WRITE = TRUE +LOCK_CAP = TRUE +LOCK_STATUS = TRUE +WRITE_DISABLED_CAP = TRUE +WRITE_ENABLED_CAP = TRUE +WRITE_STATUS = TRUE +WRITE_LOCK_CAP = TRUE +WRITE_LOCK_STATUS = TRUE +READ_DISABLED_CAP = TRUE +READ_ENABLED_CAP = TRUE +READ_STATUS = TRUE +READ_LOCK_CAP = TRUE +READ_LOCK_STATUS = TRUE + +# +# DXE Phase modules +# +INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf INF OvmfPkg/VirtioRngDxe/VirtioRng.inf !if $(PVSCSI_ENABLE) == TRUE @@ -212,64 +295,28 @@ INF OvmfPkg/MptScsiDxe/MptScsiDxe.inf !if $(LSI_SCSI_ENABLE) == TRUE INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf !endif - -!if $(SECURE_BOOT_ENABLE) == TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif - -INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf -INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf -INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf -INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf -INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf -INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf -INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -INF MdeModulePkg/Application/UiApp/UiApp.inf -INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf -INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf -INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf -INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf -INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf -INF OvmfPkg/SataControllerDxe/SataControllerDxe.inf -INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf -INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf -INF MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf -INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf -INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf -INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf - -INF OvmfPkg/SioBusDxe/SioBusDxe.inf -INF MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf - -INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf -INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf - -INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf -INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf - -INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf -!if $(TOOL_CHAIN_TAG) != "XCODE5" +!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5" INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif +!if $(BUILD_SHELL) == TRUE INF ShellPkg/Application/Shell/Shell.inf +!endif INF MdeModulePkg/Logo/LogoDxe.inf -INF OvmfPkg/TdxDxe/TdxDxe.inf - # # Usb Support # @@ -285,20 +332,6 @@ INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf -INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf - -# -# Variable driver stack (non-SMM) -# -INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf -INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf -INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf -INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - -# -# EFI_CC_MEASUREMENT_PROTOCOL -# -INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf ################################################################################ @@ -329,6 +362,7 @@ FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { # compression operation in order to achieve better overall compression. # SECTION FV_IMAGE = DXEFV + SECTION FV_IMAGE = NCCFV } }