From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3E86021D046AB for ; Wed, 20 Sep 2017 10:25:04 -0700 (PDT) Received: by mail-wm0-x22e.google.com with SMTP id 13so9222322wmq.2 for ; Wed, 20 Sep 2017 10:28:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8Klr0NHp9aoK3ME5zcaC+M1Bc0bOjoxhww4xMkDzfT0=; b=eESfZuz1l1bqNJC3MUfKb5y4CFR/DkG7NeEc6H3ZWPxjZzH1UM9D3TzXulA2v5zPob cEuNZB00qA/eWvCsmafBRshnWoqwTB/KJznwrtDGjpDe3JbX8qK5N5qQMe6Cq2Q/plrQ djCU/Xp6zvzAzN0oWJmAyunMJhOHJu4ZGzPbo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8Klr0NHp9aoK3ME5zcaC+M1Bc0bOjoxhww4xMkDzfT0=; b=n/DAcl9ynIa6961q5Q6Ab2Ks/Exao4ovte0PHVmqvsBQzgz9SekHAFv0qHGtPwBZOr i+Y2g8CEDvfBw8pRgWRldvlxpW6bMM+zH+eTXDUjJcnNeaNCfoP1JAbCzlGYDP4fo/eB cIKoZNhQVXPHibCP9PMX9q8I5LQigWK5gD4F/xGMX7MFTuKSxPOHHBT+NaHjFK9pB/Hk OVhAGH99Zx5f5hhnSMh+h4R2kH7v90ff6YydiX2O0vt7KtAQb0vEscWGlHayclSVbdmk W26B1UmrhDCnJW9tp2NohZQ3Sw9scZKdjprNts48wvYyPM+M5Bun4nt4dEhXrWlkF5o6 XAzg== X-Gm-Message-State: AHPjjUiEapogw4F4qU/huGRl0jYnBt5Ler1csXQbBfSYtAsMIFmEWC4H hf3NKX0hQEqOTsNs5NGzq4CeKwf+Agg= X-Google-Smtp-Source: AOwi7QAl+1UNUFtq7d6CiHiHQ0GiPc5OWWGsHnn38LGpuqf4vSBNXaiaw1smHvmlIsBSHaDOox7Idw== X-Received: by 10.28.65.213 with SMTP id o204mr4760892wma.139.1505928488510; Wed, 20 Sep 2017 10:28:08 -0700 (PDT) Received: from vanye.hemma.eciton.net (cpc92316-cmbg19-2-0-cust118.5-4.cable.virginm.net. [82.12.0.119]) by smtp.gmail.com with ESMTPSA id j65sm1920429wmj.3.2017.09.20.10.28.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Sep 2017 10:28:07 -0700 (PDT) From: Leif Lindholm To: edk2-devel@lists.01.org Cc: Andrew Fish , Michael D Kinney , Ard Biesheuvel , Laszlo Ersek , Jordan Justen Date: Wed, 20 Sep 2017 18:27:55 +0100 Message-Id: <20170920172755.22767-7-leif.lindholm@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170920172755.22767-1-leif.lindholm@linaro.org> References: <20170920172755.22767-1-leif.lindholm@linaro.org> Subject: [RFC 6/6] OvmfPkg: use ConfigPkg for common security items X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 17:25:04 -0000 Remove boilerplate from the Ovmf platforms by including ConfigPkg/Security/Security.{dsc|fdf}.inc. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Leif Lindholm --- OvmfPkg/OvmfPkgIa32.dsc | 25 ++++--------------------- OvmfPkg/OvmfPkgIa32.fdf | 4 +--- OvmfPkg/OvmfPkgIa32X64.dsc | 23 +++-------------------- OvmfPkg/OvmfPkgIa32X64.fdf | 4 +--- OvmfPkg/OvmfPkgX64.dsc | 25 ++++--------------------- OvmfPkg/OvmfPkgX64.fdf | 4 +--- 6 files changed, 14 insertions(+), 71 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 99175155a2..c450733d7c 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -36,8 +36,8 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE DEFINE CONFIG_TLS_ENABLE = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE # @@ -60,6 +60,7 @@ !endif !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG @@ -164,13 +165,8 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -460,7 +456,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000 !endif -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 !endif @@ -585,15 +581,6 @@ MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif - MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -759,10 +746,6 @@ } !endif -!if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif - OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 68438afc13..dfe4e78568 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -230,9 +230,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf INF OvmfPkg/XenBusDxe/XenBusDxe.inf INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif +!include ConfigPkg/Security/Security.fdf.inc INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 0e4c86d5bc..106de22bdc 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -36,8 +36,8 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE DEFINE CONFIG_TLS_ENABLE = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE # @@ -60,6 +60,7 @@ !endif !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG @@ -171,11 +172,6 @@ !if $(SECURE_BOOT_ENABLE) == TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -466,7 +462,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000 !endif -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 !endif @@ -594,15 +590,6 @@ MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif - MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -768,10 +755,6 @@ } !endif -!if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif - OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index ec91c0b74a..51846f3e1b 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -231,9 +231,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf INF OvmfPkg/XenBusDxe/XenBusDxe.inf INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif +!include ConfigPkg/Security/Security.fdf.inc INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 8a600f8051..0564936d2b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -36,8 +36,8 @@ # DEFINE CONFIG_HTTP_BOOT_ENABLE = FALSE DEFINE CONFIG_NETWORK_IP6_ENABLE = FALSE + DEFINE CONFIG_SECURE_BOOT_ENABLE = FALSE DEFINE CONFIG_TLS_ENABLE = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE # @@ -60,6 +60,7 @@ !endif !include ConfigPkg/Network/Network.dsc.inc +!include ConfigPkg/Security/Security.dsc.inc [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG @@ -169,13 +170,8 @@ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -!else - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -465,7 +461,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000 !endif -!if $(SECURE_BOOT_ENABLE) == TRUE +!if $(CONFIG_SECURE_BOOT_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 !endif @@ -592,15 +588,6 @@ MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif - MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf @@ -766,10 +753,6 @@ } !endif -!if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif - OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index be22048f66..97b93bfba4 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -231,9 +231,7 @@ INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf INF OvmfPkg/XenBusDxe/XenBusDxe.inf INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf -!if $(SECURE_BOOT_ENABLE) == TRUE - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -!endif +!include ConfigPkg/Security/Security.fdf.inc INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf -- 2.11.0