public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH edk2-platforms] Platform/DeveloperBox: actually enable secure boot checking
@ 2019-04-10 18:06 Ard Biesheuvel
  2019-04-11 19:29 ` Leif Lindholm
  0 siblings, 1 reply; 3+ messages in thread
From: Ard Biesheuvel @ 2019-04-10 18:06 UTC (permalink / raw)
  To: devel; +Cc: leif.lindholm, Ard Biesheuvel

The current secure boot enabled DeveloperBox build contains all the
pieces to maintain the authenticated variable store, but doesn't
actually bother to check the signature on anything it boots. Fix that.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 Platform/Socionext/DeveloperBox/DeveloperBox.dsc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
index 39077ab5ee79..4ddb0d427f13 100644
--- a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
+++ b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc
@@ -245,7 +245,12 @@
   }
   MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
   MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
-  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+    <LibraryClasses>
+!if $(SECURE_BOOT_ENABLE) == TRUE
+      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+!endif
+  }
   ArmPkg/Drivers/TimerDxe/TimerDxe.inf
   ArmPkg/Drivers/GenericWatchdogDxe/GenericWatchdogDxe.inf
   MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-04-11 21:10 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-10 18:06 [PATCH edk2-platforms] Platform/DeveloperBox: actually enable secure boot checking Ard Biesheuvel
2019-04-11 19:29 ` Leif Lindholm
2019-04-11 21:10   ` Ard Biesheuvel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox