From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web11.10305.1675430896672288621
 for <devel@edk2.groups.io>;
 Fri, 03 Feb 2023 05:28:16 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=CaTQm4NB;
 spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1675430895;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=fBihDFjnTVTjearU9b2JD9EUCNf2JTaIirxJoysfJrc=;
	b=CaTQm4NBbevNckoLo4IzLkHSXxW/9xGVe6QZyW4ddAFFYYiHVwnbNp5YkuusRlDxPsl1oG
	T+fCo6ko/0KICRmt8Sc8WTkJZ1R89Q0V+99xPkOIR0buxm6YF4X5tbVvFBnHY3r0l0j0BF
	bztLBLWN70CSY8I8f61m1MeN1uYXM7A=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-466-Na_kCmn8NmehC8231bStDA-1; Fri, 03 Feb 2023 08:28:12 -0500
X-MC-Unique: Na_kCmn8NmehC8231bStDA-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8A2C72A5956F;
	Fri,  3 Feb 2023 13:28:11 +0000 (UTC)
Received: from sirius.home.kraxel.org (unknown [10.39.192.85])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2634D53AA;
	Fri,  3 Feb 2023 13:28:11 +0000 (UTC)
Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id 18E421801A92; Fri,  3 Feb 2023 14:28:06 +0100 (CET)
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Michael Roth <michael.roth@amd.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Pawel Polawski <ppolawsk@redhat.com>,
	Oliver Steffen <osteffen@redhat.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Xiaoyu Lu <xiaoyu1.lu@intel.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Guomin Jiang <guomin.jiang@intel.com>,
	James Bottomley <jejb@linux.ibm.com>
Subject: [PATCH 04/11] OvmfPkg: Add Crypto driver support, add more OvmfCrypto*.inc files.
Date: Fri,  3 Feb 2023 14:27:59 +0100
Message-Id: <20230203132806.2275708-5-kraxel@redhat.com>
In-Reply-To: <20230203132806.2275708-1-kraxel@redhat.com>
References: <20230203132806.2275708-1-kraxel@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true

This patch adds optional CryptoDriver support to OvmfCryptoLibs.dsc.inc.
This can be enabled by setting USE_CRYPTO_DRIVER to TRUE.

Using the crypto driver needs changes in more places (configure
CryptoDriver, add the driver to flash images etc.), so this patch
adds more include files for that.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .../Include/Dsc/OvmfCryptoComponents.dsc.inc  | 41 +++++++++++++++++++
 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc |  5 +++
 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc    | 18 ++++++++
 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc  | 12 ++++++
 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc     |  9 ++++
 5 files changed, 85 insertions(+)
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc
 create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
 create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc

diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc
new file mode 100644
index 000000000000..e34444dde470
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponents.dsc.inc
@@ -0,0 +1,41 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+  CryptoPkg/Driver/CryptoPei.inf {
+    <LibraryClasses>
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+      TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+    <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
+  }
+
+  CryptoPkg/Driver/CryptoSmm.inf {
+    <LibraryClasses>
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+      TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+    <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+  }
+
+  CryptoPkg/Driver/CryptoDxe.inf {
+    <LibraryClasses>
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+      TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+      TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+      OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+    <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+  }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
new file mode 100644
index 000000000000..362146e04de8
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
@@ -0,0 +1,5 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+  DEFINE USE_CRYPTO_DRIVER = FALSE
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
index a9028352a45e..dc5440ca30c5 100644
--- a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
@@ -13,6 +13,22 @@ [LibraryClasses.common.SEC]
   TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
 
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+  TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+
+[LibraryClasses.common.PEIM]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+  TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+  TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+
+!else
+
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
 !if $(NETWORK_TLS_ENABLE) == TRUE
@@ -37,3 +53,5 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
new file mode 100644
index 000000000000..ad425a7acfaf
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
@@ -0,0 +1,12 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+INF CryptoPkg/Driver/CryptoDxe.inf
+!if $(SMM_REQUIRE) == TRUE
+INF CryptoPkg/Driver/CryptoSmm.inf
+!endif
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
new file mode 100644
index 000000000000..7c357d748acb
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
@@ -0,0 +1,9 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+INF CryptoPkg/Driver/CryptoPei.inf
+
+!endif
-- 
2.39.1