tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-30 00:54:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

ArmVirtPkg/ArmVirtXen: don't set Pcd*ImageVerificationPolicy

Browse Source 
According to the

  PCDs not used by modules or in conditional directives

sections of all the build reports for

  {AARCH64,ARM} x {Xen} x {DEBUG,NOOPT,RELEASE} x {feat-1}

(6 builds in total), PcdOptionRomImageVerificationPolicy,
PcdFixedMediaImageVerificationPolicy, and
PcdRemovableMediaImageVerificationPolicy are not used in any of those
builds.

Restrict the settings to the ArmVirtQemu and ArmVirtQemuKernel platforms
(preserving the -D SECURE_BOOT_ENABLE restriction in the process).

("feat-1" stands for "-D HTTP_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D
SECURE_BOOT_ENABLE -D TTY_TERMINAL", while "feat-0" stands for "".)

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
This commit is contained in:
Laszlo Ersek 2019-02-06 10:08:53 +01:00
parent c0b612b3a4
commit da06a2a2fa
3 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ArmVirtPkg/ArmVirt.dsc.inc
View File

@ -347,13 +347,6 @@
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0
!if $(SECURE_BOOT_ENABLE) == TRUE
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04
!endif
# #
# Enable strict image permissions for all images. (This applies # Enable strict image permissions for all images. (This applies
# only to images that were built with >= 4 KB section alignment.) # only to images that were built with >= 4 KB section alignment.)

7
ArmVirtPkg/ArmVirtQemu.dsc
View File

@ -148,6 +148,13 @@
# #
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
!if $(SECURE_BOOT_ENABLE) == TRUE
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04
!endif
[PcdsFixedAtBuild.AARCH64] [PcdsFixedAtBuild.AARCH64]
# Clearing BIT0 in this PCD prevents installing a 32-bit SMBIOS entry point, # Clearing BIT0 in this PCD prevents installing a 32-bit SMBIOS entry point,
# if the entry point version is >= 3.0. AARCH64 OSes cannot assume the # if the entry point version is >= 3.0. AARCH64 OSes cannot assume the

7
ArmVirtPkg/ArmVirtQemuKernel.dsc
View File

@ -142,6 +142,13 @@
# #
gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16
!if $(SECURE_BOOT_ENABLE) == TRUE
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04
!endif
[PcdsPatchableInModule.common] [PcdsPatchableInModule.common]
# #
# This will be overridden in the code # This will be overridden in the code