From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) by mx.groups.io with SMTP id smtpd.web12.525.1659581563101717923 for ; Wed, 03 Aug 2022 19:52:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@google.com header.s=20210112 header.b=bsM4mRrg; spf=pass (domain: flex--yuanyu.bounces.google.com, ip: 209.85.210.201, mailfrom: 3ettrygykbawkgmzkgsaasxq.oaypqhqxqpwo.sdagbe.ua@flex--yuanyu.bounces.google.com) Received: by mail-pf1-f201.google.com with SMTP id 185-20020a6218c2000000b0052d4852d3f6so4527106pfy.5 for ; Wed, 03 Aug 2022 19:52:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=ueTHYJiYvxhNhGBc8OTQDjc84a/aNVCij/8y3//1+Jw=; b=bsM4mRrgeu656TKEB1n+T9r3wHWCiNoXHsoaeCBFaYhy2mEJE69IxKOpguOiE+GTlD usyFZKcaobJSP0aBVgf327ueTuTDNEbRxloYiK1r4CyQ9jDSjjDErMrA9cgKAf6m8vEv fNoN7IZIqwPtmGzmza1b2cqEvH21sZMpzxMdb5y3tFvRvrR7UwBxI6QEDUMDF+MaG0+s CsV8iXlsasjrK8gcwAgQLZ/SBYZrXMtxViGsysdUM74ATIQY2yp0xG4fXJ7KlGGTBbB6 1T0nfn6DozOOHn4yaJ19phdVZtr+b+bad5fm2R7gAafeIGjWyEqdWsTkla/YTEip4PIf dq9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=ueTHYJiYvxhNhGBc8OTQDjc84a/aNVCij/8y3//1+Jw=; b=Qv73vHZXaMNoEvYUB31wps+Xv21H/7sNUXIzycWiHdviVt7PLPqnUvLSL3mXN6coUN cWj+NAO3xtxMuopw3spX4TVx3jsiggwRSXkgTW3U7E7vn5Gl/tj/IWxNkphTQFnltXA/ nu/oRyG+4TERgApftGk+l5d5V0WfQbM+TXQaigPk9Vyi/4EUb3ztnWIiHqhlqGdeibrz OsCAg0/4K6MT1yXx6BQq+dr+WdOxAqU9znvmKAK0bQci8kE71/ULRXyicHJI3T6jEtY7 oKudFXg+MwZtFcg1ZL+GfkcNz9mDK7SK4qocK5GWnwclpaEPh5BDje9ih7wkJ/8Mgv3V VUvQ== X-Gm-Message-State: ACgBeo1G/+NE8sHgOJjIvss14qXETFAVoQu4g0HJ16KvjWrmQiQGe+Vr dZ3Y75RfbbW3a5qnIufShggw/nGM+U3VbFlIq8ZPMwTx4h/7SWDTapDLOzSMPgwyLQMChhrSSj6 JWcIDrIYFsdkmWjHWSv0ftYWGRrRf6r0oznuk5BLumnjdZMcDpxvTODclX/M= X-Google-Smtp-Source: AA6agR4ogCFwsNv40jCpu7QYDHOylxuhP+Y/60ga0t92vMD8XLEC9TD1otfeLEX/QPjCQ8p9zJn/tUt7n3c= X-Received: from yuanyu.kir.corp.google.com ([2620:15c:29:204:5484:86bb:f3b4:5636]) (user=yuanyu job=sendgmr) by 2002:a17:90a:249:b0:1e0:a8a3:3c6c with SMTP id t9-20020a17090a024900b001e0a8a33c6cmr554128pje.0.1659581561736; Wed, 03 Aug 2022 19:52:41 -0700 (PDT) Date: Wed, 3 Aug 2022 19:52:37 -0700 Message-Id: <20220804025239.918263-1-yuanyu@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.37.1.559.g78731f0fdb-goog Subject: [PATCH v1 0/2] Add support to disable VirtIo net at runtime From: "Yuan Yu" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jordan Justen , Laszlo Ersek , Anthony Perard , Julien Grall Content-Type: text/plain; charset="UTF-8" Currently networking can only be enabled/disabled at compile time. This patch series will add support to disable VirtIo net at runtime even if the functionality is built into binary at compile time. This will enable VMM to reduce attack surface without recompilation. The changes can be seen at: https://github.com/yyu/edk2/tree/network_cfg_lib_v1 Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Laszlo Ersek Cc: Anthony Perard Cc: Julien Grall Yuan Yu (2): OvmfPkg: Introduce NetworkCfgLib OvmfPkg: Use PcdNetworkSupport to enable/disable VirtIo net OvmfPkg/OvmfPkg.dec | 3 ++ OvmfPkg/OvmfPkgX64.dsc | 7 ++++- OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.inf | 29 ++++++++++++++++++ OvmfPkg/VirtioNetDxe/VirtioNet.inf | 3 ++ OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.c | 32 ++++++++++++++++++++ OvmfPkg/VirtioNetDxe/EntryPoint.c | 10 ++++++ 6 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.inf create mode 100644 OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.c -- 2.37.1.559.g78731f0fdb-goog