From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <leif.lindholm@linaro.org>
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com
 [IPv6:2a00:1450:400c:c09::235])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id B74C121D046D7
 for <edk2-devel@lists.01.org>; Wed, 20 Sep 2017 10:25:00 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id 13so9221954wmq.2
 for <edk2-devel@lists.01.org>; Wed, 20 Sep 2017 10:28:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=pHlRgljo0XFT0yYBiAfxtNO7DSnFb9kzc9ts7TYZ0PQ=;
 b=L4GHvZZCKR8KTCzxgoNHeFIFtvVd6+fH/bzm3p3zYmh95FE22/g/Nfic1m80fCEk93
 V1Sdx33g9NPRxBHXF6RwHys2zotXSUDbpevrRRdoeHEQLbthErg/y89fs+vkXp2DRX9y
 +M1FgSmKf0SdeeLhsOqYV2+/dHuHiuDQ7Ka7c=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=pHlRgljo0XFT0yYBiAfxtNO7DSnFb9kzc9ts7TYZ0PQ=;
 b=ZRFOM8EpU/YVbUwaurC7AyxyLT/gzNDZj/97Emr9NM49bHJK6shaTQvmiYza4M8JR/
 a7J5nbDlcF+tiDx5cT4NVZ86VmHAMPmd4SklS+CR0C9etZ+4rKk9EE/UHwkUHgPw/LwG
 2emq64OLwh2B+QoWdV9HJ1pg2duWT0gT2EmfaGc0OaqfHhAaYNPwtEpCUlAGlivNQNHM
 dKA6ysqEydNbdJZQW5+F8c7cbaM7dFUscFgQTLGSGNHrCTUSzIogHCSSLqpWtlewoH1o
 Rdho5u62cNpSVVRdRZNamw/TdpS2JndMUiDMnekbYAGd6oaTuwEPSbEnlKRRki/byaqN
 0u0w==
X-Gm-Message-State: AHPjjUh5K6RZ+wnSKPOeQ+IBcDlaCvraASG5WCZnVzRo+dEqZh1Y83u0
 gAfuq4iASzWt85wubsL6z7P1ZMQwVeQ=
X-Google-Smtp-Source: AOwi7QAnPzw64v4Jr2Z/caXQUtvZGBlrgIX5P8ZhqKgBOAjFerpognXDSPKqZaFDcEKv23TX106SrA==
X-Received: by 10.28.12.65 with SMTP id 62mr5056967wmm.129.1505928485047;
 Wed, 20 Sep 2017 10:28:05 -0700 (PDT)
Received: from vanye.hemma.eciton.net
 (cpc92316-cmbg19-2-0-cust118.5-4.cable.virginm.net. [82.12.0.119])
 by smtp.gmail.com with ESMTPSA id j65sm1920429wmj.3.2017.09.20.10.28.03
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 20 Sep 2017 10:28:03 -0700 (PDT)
From: Leif Lindholm <leif.lindholm@linaro.org>
To: edk2-devel@lists.01.org
Cc: Andrew Fish <afish@apple.com>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Laszlo Ersek <lersek@redhat.com>, Jordan Justen <jordan.l.justen@intel.com>
Date: Wed, 20 Sep 2017 18:27:53 +0100
Message-Id: <20170920172755.22767-5-leif.lindholm@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170920172755.22767-1-leif.lindholm@linaro.org>
References: <20170920172755.22767-1-leif.lindholm@linaro.org>
Subject: [RFC 4/6] ConfigPkg: add common Security settings
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2017 17:25:01 -0000

Collate universal Secure Boot and crypto settings under Security/.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
 ConfigPkg/Security/Security.dsc.inc | 67 +++++++++++++++++++++++++++++++++++++
 ConfigPkg/Security/Security.fdf.inc | 17 ++++++++++
 2 files changed, 84 insertions(+)
 create mode 100644 ConfigPkg/Security/Security.dsc.inc
 create mode 100644 ConfigPkg/Security/Security.fdf.inc

diff --git a/ConfigPkg/Security/Security.dsc.inc b/ConfigPkg/Security/Security.dsc.inc
new file mode 100644
index 0000000000..88100c992d
--- /dev/null
+++ b/ConfigPkg/Security/Security.dsc.inc
@@ -0,0 +1,67 @@
+## @file
+#
+# Copyright (c) 2017, Linaro ltd. All rights reserved.<BR>
+#
+#  This program and the accompanying materials are licensed and made available
+#  under the terms and conditions of the BSD License which accompanies this
+#  distribution. The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+
+################################################################################
+#
+# Library Class section
+#
+################################################################################
+[LibraryClasses.common]
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
+  AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+#
+!else
+#
+  AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+!endif
+
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+!endif
+
+
+################################################################################
+#
+# Pcd Section
+#
+################################################################################
+[PcdsFeatureFlag]
+
+
+################################################################################
+#
+# Components Section
+#
+################################################################################
+[Components]
+!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE
+  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+    <LibraryClasses>
+      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+  }
+  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!else
+  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+!endif
diff --git a/ConfigPkg/Security/Security.fdf.inc b/ConfigPkg/Security/Security.fdf.inc
new file mode 100644
index 0000000000..2a75446c9b
--- /dev/null
+++ b/ConfigPkg/Security/Security.fdf.inc
@@ -0,0 +1,17 @@
+## @file
+#
+# Copyright (c) 2017, Linaro ltd. All rights reserved.<BR>
+#
+#  This program and the accompanying materials are licensed and made available
+#  under the terms and conditions of the BSD License which accompanies this
+#  distribution. The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+!if $(CONFIGURE_SECURE_BOOT_ENABLE) == TRUE
+  INF  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
-- 
2.11.0