* [PATCH] EmulatorPkg: Enable support for Secure Boot @ 2020-09-03 18:16 Wadhawan, Divneil R 2020-09-16 1:49 ` 回复: [edk2-devel] " gaoliming 0 siblings, 1 reply; 5+ messages in thread From: Wadhawan, Divneil R @ 2020-09-03 18:16 UTC (permalink / raw) To: devel@edk2.groups.io Cc: Ni, Ray, Andrew Fish (afish@apple.com), Justen, Jordan L, Kinney, Michael D, Wadhawan, Divneil R SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot. The following gets enabled with this patch: o Secure Boot Menu in "Device Manager" for enrolling keys o Storage space for Authenticated Variables o Authenticated execution of 3rd party images Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com> --- EmulatorPkg/EmulatorPkg.dsc | 40 +++++++++++++++++++++++++++++++++++-- EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++---- 2 files changed, 55 insertions(+), 6 deletions(-) diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc index 86a6271735..6591c3e824 100644 --- a/EmulatorPkg/EmulatorPkg.dsc +++ b/EmulatorPkg/EmulatorPkg.dsc @@ -32,6 +32,7 @@ DEFINE NETWORK_TLS_ENABLE = FALSE DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE DEFINE NETWORK_ISCSI_ENABLE = FALSE + DEFINE SECURE_BOOT_ENABLE = FALSE [SkuIds] 0|DEFAULT @@ -106,12 +107,20 @@ LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf + !if $(SECURE_BOOT_ENABLE) == TRUE + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + !else + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf + !endif + [LibraryClasses.common.SEC] PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -162,7 +171,20 @@ TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf -[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_APPLICATION] +[LibraryClasses.common.DXE_DRIVER] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf + EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf + PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/DxeEmuPeCoffExtraActionLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf + TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf + !if $(SECURE_BOOT_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + !endif + +[LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf @@ -171,6 +193,9 @@ PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/DxeEmuPeCoffExtraActionLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf + !if $(SECURE_BOOT_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + !endif [PcdsFeatureFlag] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE @@ -190,6 +215,10 @@ gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVERY.fd" + !if $(SECURE_BOOT_ENABLE) == TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE + !endif gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" @@ -315,6 +344,13 @@ EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf EmulatorPkg/TimerDxe/Timer.inf + !if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + <LibraryClasses> + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf + } + !endif MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { <LibraryClasses> diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf index 295f6f1db8..4bf592e778 100644 --- a/EmulatorPkg/EmulatorPkg.fdf +++ b/EmulatorPkg/EmulatorPkg.fdf @@ -46,10 +46,16 @@ DATA = { # Blockmap[1]: End 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ## This is the VARIABLE_STORE_HEADER - #Signature: gEfiVariableGuid = - # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }} - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, + !if $(SECURE_BOOT_ENABLE) == FALSE + #Signature: gEfiVariableGuid = + # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }} + 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, + 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, + !else + # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, + !endif #Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8 # This can speed up the Variable Dispatch a bit. 0xB8, 0xBF, 0x00, 0x00, @@ -186,6 +192,13 @@ INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf +# +# Secure Boot Key Enroll +# +!if $(SECURE_BOOT_ENABLE) == TRUE +INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf +!endif + # # Network stack drivers # -- 2.24.1.windows.2 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* 回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot 2020-09-03 18:16 [PATCH] EmulatorPkg: Enable support for Secure Boot Wadhawan, Divneil R @ 2020-09-16 1:49 ` gaoliming 2020-09-16 8:45 ` Ni, Ray 0 siblings, 1 reply; 5+ messages in thread From: gaoliming @ 2020-09-16 1:49 UTC (permalink / raw) To: devel, divneil.r.wadhawan Cc: 'Ni, Ray', 'Andrew Fish', 'Justen, Jordan L', 'Kinney, Michael D' I think SECURE_BOOT_ENABLE flag is fine. It controls more security related features. And, this flag is also used in OVMF DSC. So, this change is good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Ray, Andrew: have you any other comment? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+65013+4905953+8761045@groups.io > <bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan, > Divneil R > 发送时间: 2020年9月4日 2:17 > 收件人: devel@edk2.groups.io > 抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com) > <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, > Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R > <divneil.r.wadhawan@intel.com> > 主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot > > SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot. > The following gets enabled with this patch: > o Secure Boot Menu in "Device Manager" for enrolling keys > o Storage space for Authenticated Variables > o Authenticated execution of 3rd party images > > Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com> > --- > EmulatorPkg/EmulatorPkg.dsc | 40 > +++++++++++++++++++++++++++++++++++-- > EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++---- > 2 files changed, 55 insertions(+), 6 deletions(-) > > diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc > index 86a6271735..6591c3e824 100644 > --- a/EmulatorPkg/EmulatorPkg.dsc > +++ b/EmulatorPkg/EmulatorPkg.dsc > @@ -32,6 +32,7 @@ > DEFINE NETWORK_TLS_ENABLE = FALSE > DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE > DEFINE NETWORK_ISCSI_ENABLE = FALSE > + DEFINE SECURE_BOOT_ENABLE = FALSE > > [SkuIds] > 0|DEFAULT > @@ -106,12 +107,20 @@ > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu > ll/CpuExceptionHandlerLibNull.inf > > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm > MeasurementLibNull.inf > - > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi > bNull.inf > VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf > ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf > FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > + > PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur > eLibNull.inf > + > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > + !else > + > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi > bNull.inf > + !endif > + > [LibraryClasses.common.SEC] > > PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf > @@ -162,7 +171,20 @@ > TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf > EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > -[LibraryClasses.common.DXE_RUNTIME_DRIVER, > LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, > LibraryClasses.common.UEFI_APPLICATION] > +[LibraryClasses.common.DXE_DRIVER] > + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > + > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > yAllocationLib.inf > + > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > eportStatusCodeLib.inf > + EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > + > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe > EmuPeCoffExtraActionLib.inf > + > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > eportStatusCodeLib.inf > + TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > + !if $(SECURE_BOOT_ENABLE) == TRUE > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > + !endif > + > +[LibraryClasses.common.DXE_RUNTIME_DRIVER, > LibraryClasses.common.UEFI_DRIVER, > LibraryClasses.common.UEFI_APPLICATION] > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > yAllocationLib.inf > @@ -171,6 +193,9 @@ > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe > EmuPeCoffExtraActionLib.inf > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > eportStatusCodeLib.inf > TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > + !if $(SECURE_BOOT_ENABLE) == TRUE > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > + !endif > > [PcdsFeatureFlag] > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE > @@ -190,6 +215,10 @@ > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE > RY.fd" > + !if $(SECURE_BOOT_ENABLE) == TRUE > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 > + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE > + !endif > > gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" > > @@ -315,6 +344,13 @@ > EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf > EmulatorPkg/TimerDxe/Timer.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > + > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > xe.inf > + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > + <LibraryClasses> > + > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i > nf > + } > + !endif > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > { > <LibraryClasses> > diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf > index 295f6f1db8..4bf592e778 100644 > --- a/EmulatorPkg/EmulatorPkg.fdf > +++ b/EmulatorPkg/EmulatorPkg.fdf > @@ -46,10 +46,16 @@ DATA = { > # Blockmap[1]: End > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > ## This is the VARIABLE_STORE_HEADER > - #Signature: gEfiVariableGuid = > - # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, > 0xfe, 0x7d }} > - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > + !if $(SECURE_BOOT_ENABLE) == FALSE > + #Signature: gEfiVariableGuid = > + # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, > 0xfe, 0x7d }} > + 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > + 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > + !else > + # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, > 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } > + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, > + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, > + !endif > #Size: 0xc000 > (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 > (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8 > # This can speed up the Variable Dispatch a bit. > 0xB8, 0xBF, 0x00, 0x00, > @@ -186,6 +192,13 @@ INF RuleOverride = UI > MdeModulePkg/Application/UiApp/UiApp.inf > INF > MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i > nf > INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf > > +# > +# Secure Boot Key Enroll > +# > +!if $(SECURE_BOOT_ENABLE) == TRUE > +INF > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > xe.inf > +!endif > + > # > # Network stack drivers > # > -- > 2.24.1.windows.2 > > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot 2020-09-16 1:49 ` 回复: [edk2-devel] " gaoliming @ 2020-09-16 8:45 ` Ni, Ray 2020-09-16 15:50 ` Wadhawan, Divneil R 0 siblings, 1 reply; 5+ messages in thread From: Ni, Ray @ 2020-09-16 8:45 UTC (permalink / raw) To: gaoliming, devel@edk2.groups.io, Wadhawan, Divneil R Cc: 'Andrew Fish', Justen, Jordan L, Kinney, Michael D 1. I prefer to not duplicate the HobLib/PcdLib/.../TimerLib in DSC for runtime drivers just because they need to link a different CryptLib. 2. Why the DSC requires UEFI_DRIVER and UEFI_APPLICATION modules use RuntimeCryptLib? It should cause build failures because RuntimeCryptLib only can support DXE_RUNTIME_DRIVER. 3. SecurityStubDxe is already in DSC file. Why did you add another one? Thanks, Ray > -----Original Message----- > From: gaoliming <gaoliming@byosoft.com.cn> > Sent: Wednesday, September 16, 2020 9:49 AM > To: devel@edk2.groups.io; Wadhawan, Divneil R > <divneil.r.wadhawan@intel.com> > Cc: Ni, Ray <ray.ni@intel.com>; 'Andrew Fish' <afish@apple.com>; Justen, > Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com> > Subject: 回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure > Boot > > I think SECURE_BOOT_ENABLE flag is fine. It controls more security related > features. And, this flag is also used in OVMF DSC. > > So, this change is good to me. Reviewed-by: Liming Gao > <gaoliming@byosoft.com.cn> > > Ray, Andrew: have you any other comment? > > Thanks > Liming > > -----邮件原件----- > > 发件人: bounce+27952+65013+4905953+8761045@groups.io > > <bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan, > > Divneil R > > 发送时间: 2020年9月4日 2:17 > > 收件人: devel@edk2.groups.io > > 抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com) > > <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, > > Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R > > <divneil.r.wadhawan@intel.com> > > 主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot > > > > SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot. > > The following gets enabled with this patch: > > o Secure Boot Menu in "Device Manager" for enrolling keys > > o Storage space for Authenticated Variables > > o Authenticated execution of 3rd party images > > > > Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com> > > --- > > EmulatorPkg/EmulatorPkg.dsc | 40 > > +++++++++++++++++++++++++++++++++++-- > > EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++---- > > 2 files changed, 55 insertions(+), 6 deletions(-) > > > > diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc > > index 86a6271735..6591c3e824 100644 > > --- a/EmulatorPkg/EmulatorPkg.dsc > > +++ b/EmulatorPkg/EmulatorPkg.dsc > > @@ -32,6 +32,7 @@ > > DEFINE NETWORK_TLS_ENABLE = FALSE > > DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE > > DEFINE NETWORK_ISCSI_ENABLE = FALSE > > + DEFINE SECURE_BOOT_ENABLE = FALSE > > > > [SkuIds] > > 0|DEFAULT > > @@ -106,12 +107,20 @@ > > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > > > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu > > ll/CpuExceptionHandlerLibNull.inf > > > > > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm > > MeasurementLibNull.inf > > - > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi > > bNull.inf > > VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf > > ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf > > FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf > > > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > + > > PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur > > eLibNull.inf > > + > > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > > + !else > > + > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi > > bNull.inf > > + !endif > > + > > [LibraryClasses.common.SEC] > > > > PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf > > @@ -162,7 +171,20 @@ > > TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf > > EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > > > -[LibraryClasses.common.DXE_RUNTIME_DRIVER, > > LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, > > LibraryClasses.common.UEFI_APPLICATION] > > +[LibraryClasses.common.DXE_DRIVER] > > + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > + > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > > yAllocationLib.inf > > + > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > + EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > + > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe > > EmuPeCoffExtraActionLib.inf > > + > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > + TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > + !endif > > + > > +[LibraryClasses.common.DXE_RUNTIME_DRIVER, > > LibraryClasses.common.UEFI_DRIVER, > > LibraryClasses.common.UEFI_APPLICATION] > > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > > yAllocationLib.inf > > @@ -171,6 +193,9 @@ > > > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe > > EmuPeCoffExtraActionLib.inf > > > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > + !endif > > > > [PcdsFeatureFlag] > > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE > > @@ -190,6 +215,10 @@ > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 > > > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE > > RY.fd" > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 > > + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE > > + !endif > > > > gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" > > > > @@ -315,6 +344,13 @@ > > EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf > > EmulatorPkg/TimerDxe/Timer.inf > > > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > > xe.inf > > + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > > + <LibraryClasses> > > + > > > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i > > nf > > + } > > + !endif > > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > > { > > <LibraryClasses> > > diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf > > index 295f6f1db8..4bf592e778 100644 > > --- a/EmulatorPkg/EmulatorPkg.fdf > > +++ b/EmulatorPkg/EmulatorPkg.fdf > > @@ -46,10 +46,16 @@ DATA = { > > # Blockmap[1]: End > > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > > ## This is the VARIABLE_STORE_HEADER > > - #Signature: gEfiVariableGuid = > > - # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, > > 0xfe, 0x7d }} > > - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > > - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > > + !if $(SECURE_BOOT_ENABLE) == FALSE > > + #Signature: gEfiVariableGuid = > > + # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, > 0x7f, > > 0xfe, 0x7d }} > > + 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > > + 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > > + !else > > + # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, > > 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } > > + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, > > + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, > > + !endif > > #Size: 0xc000 > > (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 > > (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8 > > # This can speed up the Variable Dispatch a bit. > > 0xB8, 0xBF, 0x00, 0x00, > > @@ -186,6 +192,13 @@ INF RuleOverride = UI > > MdeModulePkg/Application/UiApp/UiApp.inf > > INF > > > MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i > > nf > > INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf > > > > +# > > +# Secure Boot Key Enroll > > +# > > +!if $(SECURE_BOOT_ENABLE) == TRUE > > +INF > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD > > xe.inf > > +!endif > > + > > # > > # Network stack drivers > > # > > -- > > 2.24.1.windows.2 > > > > > > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot 2020-09-16 8:45 ` Ni, Ray @ 2020-09-16 15:50 ` Wadhawan, Divneil R 2020-09-16 17:55 ` update edk2-platforms Vlv2TbltDevicePkg Kilian Kegel 0 siblings, 1 reply; 5+ messages in thread From: Wadhawan, Divneil R @ 2020-09-16 15:50 UTC (permalink / raw) To: Ni, Ray, gaoliming, devel@edk2.groups.io Cc: 'Andrew Fish', Justen, Jordan L, Kinney, Michael D, Wadhawan, Divneil R Hi Ray, I have fixed the review comments. I will push a v2 of the patch. Regards, Divneil -----Original Message----- From: Ni, Ray <ray.ni@intel.com> Sent: Wednesday, September 16, 2020 2:16 PM To: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io; Wadhawan, Divneil R <divneil.r.wadhawan@intel.com> Cc: 'Andrew Fish' <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com> Subject: RE: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot 1. I prefer to not duplicate the HobLib/PcdLib/.../TimerLib in DSC for runtime drivers just because they need to link a different CryptLib. 2. Why the DSC requires UEFI_DRIVER and UEFI_APPLICATION modules use RuntimeCryptLib? It should cause build failures because RuntimeCryptLib only can support DXE_RUNTIME_DRIVER. 3. SecurityStubDxe is already in DSC file. Why did you add another one? Thanks, Ray > -----Original Message----- > From: gaoliming <gaoliming@byosoft.com.cn> > Sent: Wednesday, September 16, 2020 9:49 AM > To: devel@edk2.groups.io; Wadhawan, Divneil R > <divneil.r.wadhawan@intel.com> > Cc: Ni, Ray <ray.ni@intel.com>; 'Andrew Fish' <afish@apple.com>; > Justen, Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com> > Subject: 回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for > Secure Boot > > I think SECURE_BOOT_ENABLE flag is fine. It controls more security > related features. And, this flag is also used in OVMF DSC. > > So, this change is good to me. Reviewed-by: Liming Gao > <gaoliming@byosoft.com.cn> > > Ray, Andrew: have you any other comment? > > Thanks > Liming > > -----邮件原件----- > > 发件人: bounce+27952+65013+4905953+8761045@groups.io > > <bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan, Divneil > > R > > 发送时间: 2020年9月4日 2:17 > > 收件人: devel@edk2.groups.io > > 抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com) > > <afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; > > Kinney, Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R > > <divneil.r.wadhawan@intel.com> > > 主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot > > > > SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot. > > The following gets enabled with this patch: > > o Secure Boot Menu in "Device Manager" for enrolling keys o Storage > > space for Authenticated Variables o Authenticated execution of 3rd > > party images > > > > Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com> > > --- > > EmulatorPkg/EmulatorPkg.dsc | 40 > > +++++++++++++++++++++++++++++++++++-- > > EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++---- > > 2 files changed, 55 insertions(+), 6 deletions(-) > > > > diff --git a/EmulatorPkg/EmulatorPkg.dsc > > b/EmulatorPkg/EmulatorPkg.dsc index 86a6271735..6591c3e824 100644 > > --- a/EmulatorPkg/EmulatorPkg.dsc > > +++ b/EmulatorPkg/EmulatorPkg.dsc > > @@ -32,6 +32,7 @@ > > DEFINE NETWORK_TLS_ENABLE = FALSE > > DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE > > DEFINE NETWORK_ISCSI_ENABLE = FALSE > > + DEFINE SECURE_BOOT_ENABLE = FALSE > > > > [SkuIds] > > 0|DEFAULT > > @@ -106,12 +107,20 @@ > > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > > > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu > > ll/CpuExceptionHandlerLibNull.inf > > > > > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm > > MeasurementLibNull.inf > > - > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariabl > > AuthVariableLib|eLi > > bNull.inf > > VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf > > ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf > > > > FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf > > > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > + > > PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/Platform > > PlatformSecureLib|Secur > > eLibNull.inf > > + > > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib. > > AuthVariableLib|inf > > + !else > > + > > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariabl > > AuthVariableLib|eLi > > bNull.inf > > + !endif > > + > > [LibraryClasses.common.SEC] > > > > PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesL > > PeiServicesLib|ib.inf > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf > > @@ -162,7 +171,20 @@ > > TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf > > EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > > > -[LibraryClasses.common.DXE_RUNTIME_DRIVER, > > LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER, > > LibraryClasses.common.UEFI_APPLICATION] > > +[LibraryClasses.common.DXE_DRIVER] > > + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > + > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > > yAllocationLib.inf > > + > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > + EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf > > + > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/ > > PeCoffExtraActionLib|Dxe > > EmuPeCoffExtraActionLib.inf > > + > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > + TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > + !endif > > + > > +[LibraryClasses.common.DXE_RUNTIME_DRIVER, > > LibraryClasses.common.UEFI_DRIVER, > > LibraryClasses.common.UEFI_APPLICATION] > > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > > > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor > > yAllocationLib.inf > > @@ -171,6 +193,9 @@ > > > > PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/ > > PeCoffExtraActionLib|Dxe > > EmuPeCoffExtraActionLib.inf > > > > ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR > > eportStatusCodeLib.inf > > TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > + !endif > > > > [PcdsFeatureFlag] > > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE > > @@ -190,6 +215,10 @@ > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000 > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000 > > > > gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE > > RY.fd" > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 > > + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE > > + !endif > > > > gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64" > > > > @@ -315,6 +344,13 @@ > > EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf > > EmulatorPkg/TimerDxe/Timer.inf > > > > + !if $(SECURE_BOOT_ENABLE) == TRUE > > + > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf > > igD > > xe.inf > > + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > > + <LibraryClasses> > > + > > > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL > NULL|ib.i > > nf > > + } > > + !endif > > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > > { > > <LibraryClasses> > > diff --git a/EmulatorPkg/EmulatorPkg.fdf > > b/EmulatorPkg/EmulatorPkg.fdf index 295f6f1db8..4bf592e778 100644 > > --- a/EmulatorPkg/EmulatorPkg.fdf > > +++ b/EmulatorPkg/EmulatorPkg.fdf > > @@ -46,10 +46,16 @@ DATA = { > > # Blockmap[1]: End > > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > > ## This is the VARIABLE_STORE_HEADER > > - #Signature: gEfiVariableGuid = > > - # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, > > 0x7f, 0xfe, 0x7d }} > > - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > > - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > > + !if $(SECURE_BOOT_ENABLE) == FALSE > > + #Signature: gEfiVariableGuid = > > + # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, > > + 0x70, > 0x7f, > > 0xfe, 0x7d }} > > + 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > > + 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, !else > > + # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, > > + 0x947b, > > 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } > > + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, > > + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, !endif > > #Size: 0xc000 > > (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - > > 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8 > > # This can speed up the Variable Dispatch a bit. > > 0xB8, 0xBF, 0x00, 0x00, > > @@ -186,6 +192,13 @@ INF RuleOverride = UI > > MdeModulePkg/Application/UiApp/UiApp.inf > > INF > > > MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i > > nf > > INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf > > > > +# > > +# Secure Boot Key Enroll > > +# > > +!if $(SECURE_BOOT_ENABLE) == TRUE > > +INF > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf > > igD > > xe.inf > > +!endif > > + > > # > > # Network stack drivers > > # > > -- > > 2.24.1.windows.2 > > > > > > ^ permalink raw reply [flat|nested] 5+ messages in thread
* update edk2-platforms Vlv2TbltDevicePkg 2020-09-16 15:50 ` Wadhawan, Divneil R @ 2020-09-16 17:55 ` Kilian Kegel 0 siblings, 0 replies; 5+ messages in thread From: Kilian Kegel @ 2020-09-16 17:55 UTC (permalink / raw) To: devel@edk2.groups.io; +Cc: Kinney, Michael D [-- Attachment #1: Type: text/plain, Size: 3776 bytes --] Hi Mike, recently I have updated my CdePkg project from https://github.com/tianocore/edk2-staging.git. It seems that the ValleyView Package (MinnowBoard) in edk2-platforms<https://github.com/tianocore/edk2-platforms>/Platform<https://github.com/tianocore/edk2-platforms/tree/master/Platform>/Intel<https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel>/Vlv2TbltDevicePkg needs an update to support latest FmpDevicePkg from edk2-stable202008. diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc index 3bd9f150b3..1bf943cf0e 100644 --- a/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc +++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpBlueSampleDevice.dsc @@ -52,4 +52,7 @@ # Device specific library that processes a capsule and updates the FW storage device # FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLibSample/FmpDeviceLib.inf + FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf + FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf + FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf } diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc index 61bdd36a96..0e6c10e23f 100644 --- a/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc +++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpGreenSampleDevice.dsc @@ -52,4 +52,7 @@ # Device specific library that processes a capsule and updates the FW storage device # FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLibSample/FmpDeviceLib.inf + FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf + FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf + FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf } diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc index 304519b294..eea73c0f06 100644 --- a/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc +++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpMinnowMaxSystem.dsc @@ -56,4 +56,7 @@ # Device specific library that processes a capsule and updates the FW storage device # FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLib/FmpDeviceLib.inf + FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf + FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf + FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf } diff --git a/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc b/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc index 59851f2b41..d37974f9d4 100644 --- a/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc +++ b/Platform/Intel/Vlv2TbltDevicePkg/FmpRedSampleDevice.dsc @@ -52,4 +52,7 @@ # Device specific library that processes a capsule and updates the FW storage device # FmpDeviceLib|Vlv2TbltDevicePkg/Feature/Capsule/Library/FmpDeviceLibSample/FmpDeviceLib.inf + FmpDependencyLib|FmpDevicePkg\Library\FmpDependencyLib\FmpDependencyLib.inf + FmpDependencyCheckLib|FmpDevicePkg\Library\FmpDependencyCheckLibNull\FmpDependencyCheckLibNull.inf + FmpDependencyDeviceLib|FmpDevicePkg\Library\FmpDependencyDeviceLibNull\FmpDependencyDeviceLibNull.inf } Best Reagrds, Kilian [-- Attachment #2: Type: text/html, Size: 8335 bytes --] ^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-09-16 17:55 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-09-03 18:16 [PATCH] EmulatorPkg: Enable support for Secure Boot Wadhawan, Divneil R 2020-09-16 1:49 ` 回复: [edk2-devel] " gaoliming 2020-09-16 8:45 ` Ni, Ray 2020-09-16 15:50 ` Wadhawan, Divneil R 2020-09-16 17:55 ` update edk2-platforms Vlv2TbltDevicePkg Kilian Kegel
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox