From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by mx.groups.io with SMTP id smtpd.web10.8947.1631091703379841250
 for <devel@edk2.groups.io>;
 Wed, 08 Sep 2021 02:01:43 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GZCZcsqN;
 spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: kraxel@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1631091702;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=TxJZ7SiKFH5NYltpnZlh3RSx2o0cm7FW3mWkTwVHhgU=;
	b=GZCZcsqNdb/08+sPsuqUqitIB41CI1XF1aQ4+q8Pj/lX3D2R2TycL1lKgKQ0HyhOKaqRwr
	3/Xd+57hGNEejf4c53HtlXVy5hHbC/OSKUu4VjpWDpbhjjyZu6QquSusDRd3EnrzuRzrTB
	IOuZRuiNhzlUQtvM1BhzwxoRe7WIN4k=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-343-y_yPvHFjPPmsrGOH4weODA-1; Wed, 08 Sep 2021 05:01:41 -0400
X-MC-Unique: y_yPvHFjPPmsrGOH4weODA-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 447DA835DE0;
	Wed,  8 Sep 2021 09:01:39 +0000 (UTC)
Received: from sirius.home.kraxel.org (unknown [10.39.192.91])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id F0FEA5D9DC;
	Wed,  8 Sep 2021 09:01:38 +0000 (UTC)
Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id C67EB18007A4; Wed,  8 Sep 2021 11:01:19 +0200 (CEST)
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	=?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Andrew Fish <afish@apple.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Leif Lindholm <leif@nuviainc.com>,
	Julien Grall <julien@xen.org>,
	Anthony Perard <anthony.perard@citrix.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Stefan Berger <stefanb@linux.ibm.com>,
	Jiewen Yao <Jiewen.yao@intel.com>
Subject: [PATCH v3 04/19] OvmfPkg/Microvm: no secure boot
Date: Wed,  8 Sep 2021 11:01:04 +0200
Message-Id: <20210908090119.2378189-5-kraxel@redhat.com>
In-Reply-To: <20210908090119.2378189-1-kraxel@redhat.com>
References: <20210908090119.2378189-1-kraxel@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Without SMM secure boot isn't actually secure, so drop it too.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3599
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
---
 OvmfPkg/Microvm/MicrovmX64.dsc | 15 ---------------
 OvmfPkg/Microvm/MicrovmX64.fdf |  4 ----
 2 files changed, 19 deletions(-)

diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index b8260e032b84..aba74190d7cd 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -203,14 +203,7 @@ [LibraryClasses]
 !endif
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
-!if $(SECURE_BOOT_ENABLE) == TRUE
-  PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
-  AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
-  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
-  SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
-!else
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
-!endif
   VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
@@ -712,9 +705,6 @@ [Components]
 
   MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
     <LibraryClasses>
-!if $(SECURE_BOOT_ENABLE) == TRUE
-      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
-!endif
 !if $(TPM_ENABLE) == TRUE
       NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
       NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
@@ -918,11 +908,6 @@ [Components]
       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
   }
 
-!if $(SECURE_BOOT_ENABLE) == TRUE
-  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-!endif
-
   OvmfPkg/PlatformDxe/Platform.inf
   OvmfPkg/AmdSevDxe/AmdSevDxe.inf
   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
index de34abd51b75..ec2911ae538f 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
@@ -250,10 +250,6 @@ [FV.DXEFV]
 INF  OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf
 !endif
 
-!if $(SECURE_BOOT_ENABLE) == TRUE
-  INF  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!endif
-
 INF  MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
 INF  MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
 INF  MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
-- 
2.31.1