tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE 

The OpensslLibCrypto library instance (which does not contain libssl
functions) is sufficient for the Secure Boot feature.

Ease security analysis by excluding libssl functionality from the
OpensslLib instance we use with TLS_ENABLE=FALSE.

Cc: Gary Lin <glin@suse.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gary Lin <glin@suse.com>
This commit is contained in:
Laszlo Ersek 2017-02-23 21:46:06 +01:00
parent 622627f80f
commit df453e1b7c
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
OvmfPkg/OvmfPkgIa32.dsc
View File

@ -143,7 +143,11 @@
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
!if $(TLS_ENABLE) == TRUE
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
!else
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
!endif
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf

4
OvmfPkg/OvmfPkgIa32X64.dsc
View File

@ -148,7 +148,11 @@
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
!if $(TLS_ENABLE) == TRUE
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
!else
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
!endif
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf

4
OvmfPkg/OvmfPkgX64.dsc
View File

@ -148,7 +148,11 @@
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
!if $(TLS_ENABLE) == TRUE
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
!else
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
!endif
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf