* [PATCH v2 01/10] CryptoPkg: move Driver PCD configs to include files
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 02/10] CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
` (9 subsequent siblings)
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Makes it easier to reuse the predefined config sets in other places.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
.../Include/Dsc/CryptoServicePcd.all.dsc.inc | 29 +++++++
.../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 35 +++++++++
.../Dsc/CryptoServicePcd.min_pei.dsc.inc | 20 +++++
CryptoPkg/CryptoPkg.dsc | 78 +------------------
4 files changed, 87 insertions(+), 75 deletions(-)
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
new file mode 100644
index 000000000000..1c3ffa461ca5
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
@@ -0,0 +1,29 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
new file mode 100644
index 000000000000..aaf35e4c6061
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
@@ -0,0 +1,35 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
new file mode 100644
index 000000000000..023c6f1d1d04
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
@@ -0,0 +1,20 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 4676193e8953..6a5fbd807a17 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -193,32 +193,7 @@ [PcdsFixedAtBuild]
#
!if $(CRYPTO_SERVICES) IN "ALL TARGET_UINT_TESTS"
[PcdsFixedAtBuild]
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.RsaPss.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
!endif
#
@@ -227,23 +202,7 @@ [PcdsFixedAtBuild]
#
!if $(CRYPTO_SERVICES) == MIN_PEI
[PcdsFixedAtBuild]
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
!endif
#
@@ -252,38 +211,7 @@ [PcdsFixedAtBuild]
#
!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
[PcdsFixedAtBuild]
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
!endif
###################################################################################################
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [PATCH v2 02/10] CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 01/10] CryptoPkg: move Driver PCD configs to include files Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 03/10] CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
` (8 subsequent siblings)
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Contains only hash functions needed for measurements.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++++++++
1 file changed, 8 insertions(+)
create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
new file mode 100644
index 000000000000..0d5402be9a1a
--- /dev/null
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
@@ -0,0 +1,8 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [PATCH v2 03/10] CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 01/10] CryptoPkg: move Driver PCD configs to include files Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 02/10] CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 04/10] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
` (7 subsequent siblings)
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Enable Sha384 + Sha512 + Sm3.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
index aaf35e4c6061..9209b4c526a7 100644
--- a/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+++ b/CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
@@ -18,7 +18,9 @@
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [PATCH v2 04/10] OvmfPkg: add OvmfCrypto*.inc
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (2 preceding siblings ...)
2023-02-09 10:26 ` [PATCH v2 03/10] CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 05/10] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
` (6 subsequent siblings)
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Create include files for crypto support, so the configuration can be
shared for all OVMF build variants. Also add support for using the
Crypto Driver.
The Crypto Driver is enabled by default and can be disabled by setting
USE_CRYPTO_DRIVER to FALSE. The config option is intended to be
temporary and will probably stay for one or two releases as fallback,
then be removed.
The configuration follows mostly the recommendations given in
CryptoPkg/Readme.md, with some minor exceptions like only compiling
TLS support in case NETWORK_TLS_ENABLE is TRUE.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
.../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++++
.../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++++
.../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 ++++++
OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 5 ++
OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 57 +++++++++++++++++++
OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 ++++
OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 9 +++
7 files changed, 143 insertions(+)
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
new file mode 100644
index 000000000000..46518cdd33a7
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
@@ -0,0 +1,23 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+ <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
new file mode 100644
index 000000000000..3cfe541315ca
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
@@ -0,0 +1,19 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+ CryptoPkg/Driver/CryptoPei.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ <PcdsFixedAtBuild>
+#!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
new file mode 100644
index 000000000000..ca64ea8e5b26
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
@@ -0,0 +1,18 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE && $(SMM_REQUIRE) == TRUE
+
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ <PcdsFixedAtBuild>
+!include CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
+ }
+
+!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
new file mode 100644
index 000000000000..42934c3d3855
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
@@ -0,0 +1,5 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+ DEFINE USE_CRYPTO_DRIVER = TRUE
diff --git a/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
new file mode 100644
index 000000000000..4f979274a61e
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
@@ -0,0 +1,57 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# mostly following CryptoPkg/Readme.md recommendations
+##
+
+[LibraryClasses]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+[LibraryClasses.common.SEC]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+[LibraryClasses.common.PEIM]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+ TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+
+!else
+
+[LibraryClasses.common]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(NETWORK_TLS_ENABLE) == TRUE
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
+
+[LibraryClasses.common.PEIM]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
new file mode 100644
index 000000000000..ad425a7acfaf
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
@@ -0,0 +1,12 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+INF CryptoPkg/Driver/CryptoDxe.inf
+!if $(SMM_REQUIRE) == TRUE
+INF CryptoPkg/Driver/CryptoSmm.inf
+!endif
+
+!endif
diff --git a/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
new file mode 100644
index 000000000000..7c357d748acb
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
@@ -0,0 +1,9 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+!if $(USE_CRYPTO_DRIVER) == TRUE
+
+INF CryptoPkg/Driver/CryptoPei.inf
+
+!endif
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [PATCH v2 05/10] OvmfPkg: OvmfPkgX64: use crypto includes
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (3 preceding siblings ...)
2023-02-09 10:26 ` [PATCH v2 04/10] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 06/10] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
` (5 subsequent siblings)
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfPkgX64.dsc | 22 +++++++++-------------
OvmfPkg/OvmfPkgX64.fdf | 6 ++++++
2 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e3c64456dfef..fc5305350b2a 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -35,6 +35,7 @@ [Defines]
DEFINE CC_MEASUREMENT_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
@@ -232,12 +233,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -260,10 +255,6 @@ [LibraryClasses]
#
!include NetworkPkg/NetworkLibs.dsc.inc
-!if $(NETWORK_TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
!endif
@@ -274,9 +265,9 @@ [LibraryClasses]
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
@@ -385,7 +376,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -473,7 +463,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
!if $(SOURCE_DEBUG_ENABLE) == TRUE
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
!endif
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
@@ -974,6 +963,13 @@ [Components]
OvmfPkg/VirtioNetDxe/VirtioNet.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 16666ba24440..541e0df85e1d 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -189,6 +189,7 @@ [FV.PEIFV]
INF FILE_GUID = $(UP_CPU_PEI_GUID) UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
################################################################################
@@ -414,6 +415,11 @@ [FV.DXEFV]
#
!include OvmfPkg/OvmfTpmDxe.fdf.inc
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.FVMAIN_COMPACT]
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [PATCH v2 06/10] OvmfPkg: OvmfPkgIa32X64: use crypto includes
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (4 preceding siblings ...)
2023-02-09 10:26 ` [PATCH v2 05/10] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 07/10] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
` (4 subsequent siblings)
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++++++++-------------
OvmfPkg/OvmfPkgIa32X64.fdf | 6 ++++++
2 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 6b539814bdb0..c04f03287d87 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -34,6 +34,7 @@ [Defines]
DEFINE SOURCE_DEBUG_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
@@ -215,12 +216,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -243,10 +238,6 @@ [LibraryClasses]
#
!include NetworkPkg/NetworkLibs.dsc.inc
-!if $(NETWORK_TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
!endif
@@ -257,9 +248,9 @@ [LibraryClasses]
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -364,7 +355,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -452,7 +442,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
!if $(SOURCE_DEBUG_ENABLE) == TRUE
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
!endif
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
@@ -739,6 +728,7 @@ [Components.IA32]
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
[Components.X64]
#
@@ -901,6 +891,12 @@ [Components.X64]
OvmfPkg/VirtioNetDxe/VirtioNet.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 4c5bd0dbc3b0..cf287303cb2c 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -173,6 +173,7 @@ [FV.PEIFV]
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
################################################################################
@@ -380,6 +381,11 @@ [FV.DXEFV]
#
!include OvmfPkg/OvmfTpmDxe.fdf.inc
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.FVMAIN_COMPACT]
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [PATCH v2 07/10] OvmfPkg: OvmfPkgIa32: use crypto includes
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (5 preceding siblings ...)
2023-02-09 10:26 ` [PATCH v2 06/10] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 08/10] OvmfPkg: Microvm: " Gerd Hoffmann
` (3 subsequent siblings)
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 22 +++++++++-------------
OvmfPkg/OvmfPkgIa32.fdf | 6 ++++++
2 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 22dc29330d2d..8ca29e9747c1 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -35,6 +35,7 @@ [Defines]
DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
@@ -211,12 +212,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -239,10 +234,6 @@ [LibraryClasses]
#
!include NetworkPkg/NetworkLibs.dsc.inc
-!if $(NETWORK_TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
!if $(BUILD_SHELL) == TRUE
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
!endif
@@ -253,9 +244,9 @@ [LibraryClasses]
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -359,7 +350,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -447,7 +437,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
!if $(SOURCE_DEBUG_ENABLE) == TRUE
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
!endif
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf
@@ -888,6 +877,13 @@ [Components]
OvmfPkg/VirtioNetDxe/VirtioNet.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 5451bfb84525..552730485123 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -173,6 +173,7 @@ [FV.PEIFV]
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
!include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
################################################################################
@@ -373,6 +374,11 @@ [FV.DXEFV]
#
!include OvmfPkg/OvmfTpmDxe.fdf.inc
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
!endif
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [PATCH v2 08/10] OvmfPkg: Microvm: use crypto includes
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (6 preceding siblings ...)
2023-02-09 10:26 ` [PATCH v2 07/10] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 09/10] OvmfPkg: IntelTdx: " Gerd Hoffmann
` (2 subsequent siblings)
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++++++++++-------------
OvmfPkg/Microvm/MicrovmX64.fdf | 7 +++++++
2 files changed, 18 insertions(+), 13 deletions(-)
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 0d65d21e651c..35b2dcb2b833 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -33,6 +33,8 @@ [Defines]
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
+
#
# Network definition
#
@@ -206,12 +208,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-!if $(NETWORK_TLS_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-!else
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-!endif
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -234,10 +230,6 @@ [LibraryClasses]
#
!include NetworkPkg/NetworkLibs.dsc.inc
-!if $(NETWORK_TLS_ENABLE) == TRUE
- TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-!endif
-
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
@@ -247,8 +239,9 @@ [LibraryClasses]
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
+
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
SerialPortLib|MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf
PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf
@@ -356,7 +349,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
# PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
# PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
# PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf
@@ -441,7 +433,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
!if $(SOURCE_DEBUG_ENABLE) == TRUE
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
!endif
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf
@@ -829,6 +820,13 @@ [Components]
OvmfPkg/VirtioNetDxe/VirtioNet.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
index b83fd1e6e4fe..92d4b446b7fe 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
@@ -149,6 +149,8 @@ [FV.PEIFV]
INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
+
################################################################################
[FV.DXEFV]
@@ -302,6 +304,11 @@ [FV.DXEFV]
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.FVMAIN_COMPACT]
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [PATCH v2 09/10] OvmfPkg: IntelTdx: use crypto includes
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (7 preceding siblings ...)
2023-02-09 10:26 ` [PATCH v2 08/10] OvmfPkg: Microvm: " Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 10/10] OvmfPkg: AmdSev: " Gerd Hoffmann
2023-02-09 16:46 ` [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Ard Biesheuvel
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 +++++++++------
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 +++++
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 95b9594ddce0..6b028361e163 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -36,6 +36,8 @@ [Defines]
#
DEFINE BUILD_SHELL = TRUE
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
+
#
# Device drivers
#
@@ -191,8 +193,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -220,8 +220,9 @@ [LibraryClasses]
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
+
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
@@ -280,7 +281,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -355,7 +355,6 @@ [LibraryClasses.common.DXE_SMM_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
[LibraryClasses.common.SMM_CORE]
@@ -552,7 +551,6 @@ [Components]
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
}
#
@@ -718,6 +716,11 @@ [Components]
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index 73dffc104301..e1b07449b7a9 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -257,6 +257,11 @@ [FV.DXEFV]
#
INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.NCCFV]
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [PATCH v2 10/10] OvmfPkg: AmdSev: use crypto includes
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (8 preceding siblings ...)
2023-02-09 10:26 ` [PATCH v2 09/10] OvmfPkg: IntelTdx: " Gerd Hoffmann
@ 2023-02-09 10:26 ` Gerd Hoffmann
2023-02-09 16:46 ` [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Ard Biesheuvel
10 siblings, 0 replies; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-09 10:26 UTC (permalink / raw)
To: devel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Gerd Hoffmann, Ard Biesheuvel
Use the new crypto support include files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++++++++----
OvmfPkg/AmdSev/AmdSevX64.fdf | 6 ++++++
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 1cebd6b4bcc2..0bb34b8b258b 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -34,6 +34,7 @@ [Defines]
DEFINE SOURCE_DEBUG_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
#
# Shell can be useful for debugging but should not be enabled for production
@@ -182,8 +183,6 @@ [LibraryClasses]
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
@@ -201,9 +200,9 @@ [LibraryClasses]
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
[LibraryClasses.common]
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
@@ -310,7 +309,6 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -708,6 +706,12 @@ [Components]
OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Crypto Support
+ #
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
+
#
# Usb Support
#
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 5fb3b5d27632..84842a601262 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -163,6 +163,7 @@ [FV.PEIFV]
INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf
!include OvmfPkg/OvmfTpmPei.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
################################################################################
@@ -318,6 +319,11 @@ [FV.DXEFV]
#
!include OvmfPkg/OvmfTpmDxe.fdf.inc
+#
+# Crypto support
+#
+!include OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
+
################################################################################
[FV.FVMAIN_COMPACT]
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
` (9 preceding siblings ...)
2023-02-09 10:26 ` [PATCH v2 10/10] OvmfPkg: AmdSev: " Gerd Hoffmann
@ 2023-02-09 16:46 ` Ard Biesheuvel
2023-02-10 8:41 ` Gerd Hoffmann
10 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2023-02-09 16:46 UTC (permalink / raw)
To: Gerd Hoffmann
Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel
On Thu, 9 Feb 2023 at 11:27, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> Known problem: the NOOPT builds fail due to PEI becoming too big.
>
> What is the reason for doing these NOOPT builds?
They are very useful for doing single step debugging with GDB. On ARM,
I use the NOOPT builds fairly regularly.
> I'm not sure what
> value they provide. But the lack of LTO bloats the binaries with dead
> code, which is a constant source of trouble ...
>
> v2 changes:
> - turn on crypto driver support by default.
> - left the config option in for now as fallback option.
> When all goes as planned remove it one or two releases
> later.
> - fix various build problems.
>
> Gerd Hoffmann (10):
> CryptoPkg: move Driver PCD configs to include files
> CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc
> CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc
> OvmfPkg: add OvmfCrypto*.inc
> OvmfPkg: OvmfPkgX64: use crypto includes
> OvmfPkg: OvmfPkgIa32X64: use crypto includes
> OvmfPkg: OvmfPkgIa32: use crypto includes
> OvmfPkg: Microvm: use crypto includes
> OvmfPkg: IntelTdx: use crypto includes
> OvmfPkg: AmdSev: use crypto includes
>
This looks fine to me but I'll give other folks some time to chime in.
Thanks,
> .../Include/Dsc/CryptoServicePcd.all.dsc.inc | 29 +++++++
> .../Dsc/CryptoServicePcd.hash_only.dsc.inc | 8 ++
> .../Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc | 37 +++++++++
> .../Dsc/CryptoServicePcd.min_pei.dsc.inc | 20 +++++
> .../Dsc/OvmfCryptoComponentsDxe.dsc.inc | 23 ++++++
> .../Dsc/OvmfCryptoComponentsPei.dsc.inc | 19 +++++
> .../Dsc/OvmfCryptoComponentsSmm.dsc.inc | 18 +++++
> OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc | 5 ++
> OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc | 57 ++++++++++++++
> CryptoPkg/CryptoPkg.dsc | 78 +------------------
> OvmfPkg/AmdSev/AmdSevX64.dsc | 12 ++-
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 15 ++--
> OvmfPkg/Microvm/MicrovmX64.dsc | 24 +++---
> OvmfPkg/OvmfPkgIa32.dsc | 22 +++---
> OvmfPkg/OvmfPkgIa32X64.dsc | 22 +++---
> OvmfPkg/OvmfPkgX64.dsc | 22 +++---
> OvmfPkg/AmdSev/AmdSevX64.fdf | 6 ++
> OvmfPkg/IntelTdx/IntelTdxX64.fdf | 5 ++
> OvmfPkg/Microvm/MicrovmX64.fdf | 7 ++
> OvmfPkg/OvmfPkgIa32.fdf | 6 ++
> OvmfPkg/OvmfPkgIa32X64.fdf | 6 ++
> OvmfPkg/OvmfPkgX64.fdf | 6 ++
> OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc | 12 +++
> OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc | 9 +++
> 24 files changed, 331 insertions(+), 137 deletions(-)
> create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.all.dsc.inc
> create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.hash_only.dsc.inc
> create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_dxe_smm.dsc.inc
> create mode 100644 CryptoPkg/Include/Dsc/CryptoServicePcd.min_pei.dsc.inc
> create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsDxe.dsc.inc
> create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsPei.dsc.inc
> create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoComponentsSmm.dsc.inc
> create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoDefines.dsc.inc
> create mode 100644 OvmfPkg/Include/Dsc/OvmfCryptoLibs.dsc.inc
> create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoDxeSmm.fdf.inc
> create mode 100644 OvmfPkg/Include/Fdf/OvmfCryptoPei.fdf.inc
>
> --
> 2.39.1
>
^ permalink raw reply [flat|nested] 17+ messages in thread* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
2023-02-09 16:46 ` [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Ard Biesheuvel
@ 2023-02-10 8:41 ` Gerd Hoffmann
2023-02-10 13:42 ` Ard Biesheuvel
0 siblings, 1 reply; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-10 8:41 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel
On Thu, Feb 09, 2023 at 05:46:15PM +0100, Ard Biesheuvel wrote:
> On Thu, 9 Feb 2023 at 11:27, Gerd Hoffmann <kraxel@redhat.com> wrote:
> >
> > Known problem: the NOOPT builds fail due to PEI becoming too big.
> >
> > What is the reason for doing these NOOPT builds?
>
> They are very useful for doing single step debugging with GDB. On ARM,
> I use the NOOPT builds fairly regularly.
Can LTO be enabled for the NOOPT build? Or depends that on
optimizations being turned on?
take care,
Gerd
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
2023-02-10 8:41 ` Gerd Hoffmann
@ 2023-02-10 13:42 ` Ard Biesheuvel
2023-02-10 13:46 ` Ard Biesheuvel
0 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2023-02-10 13:42 UTC (permalink / raw)
To: Gerd Hoffmann
Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel
On Fri, 10 Feb 2023 at 09:42, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Thu, Feb 09, 2023 at 05:46:15PM +0100, Ard Biesheuvel wrote:
> > On Thu, 9 Feb 2023 at 11:27, Gerd Hoffmann <kraxel@redhat.com> wrote:
> > >
> > > Known problem: the NOOPT builds fail due to PEI becoming too big.
> > >
> > > What is the reason for doing these NOOPT builds?
> >
> > They are very useful for doing single step debugging with GDB. On ARM,
> > I use the NOOPT builds fairly regularly.
>
> Can LTO be enabled for the NOOPT build? Or depends that on
> optimizations being turned on?
>
With the hunk below applied:
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
2023-02-10 13:42 ` Ard Biesheuvel
@ 2023-02-10 13:46 ` Ard Biesheuvel
2023-02-13 11:39 ` Gerd Hoffmann
0 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2023-02-10 13:46 UTC (permalink / raw)
To: Gerd Hoffmann
Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel
On Fri, 10 Feb 2023 at 14:42, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Fri, 10 Feb 2023 at 09:42, Gerd Hoffmann <kraxel@redhat.com> wrote:
> >
> > On Thu, Feb 09, 2023 at 05:46:15PM +0100, Ard Biesheuvel wrote:
> > > On Thu, 9 Feb 2023 at 11:27, Gerd Hoffmann <kraxel@redhat.com> wrote:
> > > >
> > > > Known problem: the NOOPT builds fail due to PEI becoming too big.
> > > >
> > > > What is the reason for doing these NOOPT builds?
> > >
> > > They are very useful for doing single step debugging with GDB. On ARM,
> > > I use the NOOPT builds fairly regularly.
> >
> > Can LTO be enabled for the NOOPT build? Or depends that on
> > optimizations being turned on?
> >
>
With the hunk below applied:
FV Space Information
SECFV [63%Full] 212992 (0x34000) total, 135824 (0x21290) used, 77168
(0x12d70) free
PEIFV [59%Full] 917504 (0xe0000) total, 544744 (0x84fe8) used, 372760
(0x5b018) free
DXEFV [53%Full] 13631488 (0xd00000) total, 7300712 (0x6f6668) used,
6330776 (0x609998) free
FVMAIN_COMPACT [40%Full] 3440640 (0x348000) total, 1383832 (0x151d98)
used, 2056808 (0x1f6268) free
Without:
FV Space Information
SECFV [49%Full] 212992 (0x34000) total, 105936 (0x19dd0) used, 107056
(0x1a230) free
PEIFV [62%Full] 917504 (0xe0000) total, 575656 (0x8c8a8) used, 341848
(0x53758) free
DXEFV [56%Full] 13631488 (0xd00000) total, 7652840 (0x74c5e8) used,
5978648 (0x5b3a18) free
FVMAIN_COMPACT [40%Full] 3440640 (0x348000) total, 1376272 (0x150010)
used, 2064368 (0x1f7ff0) free
(without any -D options turned on)
diff --git a/BaseTools/Conf/tools_def.template
b/BaseTools/Conf/tools_def.template
index f77e936c0453..48319fc2e9b4 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -2342,8 +2342,8 @@ RELEASE_GCC5_IA32_DLINK_FLAGS =
DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
RELEASE_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto
-DUSING_LTO -Wno-unused-but-set-variable -Wno-unused-const-variable
RELEASE_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os
- NOOPT_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -O0
- NOOPT_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -O0
+ NOOPT_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -O0 -flto -DUSING_LTO
+ NOOPT_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -O0 -flto
##################
# GCC5 ARM definitions
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
2023-02-10 13:46 ` Ard Biesheuvel
@ 2023-02-13 11:39 ` Gerd Hoffmann
2023-02-13 11:45 ` [edk2-devel] " Ard Biesheuvel
0 siblings, 1 reply; 17+ messages in thread
From: Gerd Hoffmann @ 2023-02-13 11:39 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: devel, Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao,
Xiaoyu Lu, Jordan Justen, Min Xu, Jian J Wang, Michael Roth,
Oliver Steffen, James Bottomley, Erdem Aktas, Ard Biesheuvel
On Fri, Feb 10, 2023 at 02:46:34PM +0100, Ard Biesheuvel wrote:
> On Fri, 10 Feb 2023 at 14:42, Ard Biesheuvel <ardb@kernel.org> wrote:
> >
> > > Can LTO be enabled for the NOOPT build? Or depends that on
> > > optimizations being turned on?
Turns out: kind of. The crypto driver effectively does
if (fixed.pcd.bit)
call libcrypt / libopenssl
else
throw error
With optimizations turned off altogether gcc will not notice it can
evaluate the PCD config bits at compile time, which in turn leads to
everything being compiled in no matter whenever the features are
enabled or not ...
take care,
Gerd
>From e0a080ead544813445f731eef137747ff805a5cd Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 13 Feb 2023 10:21:50 +0100
Subject: [PATCH 1/1] CryptoPkg/Driver: enable moderate optimizations for NOOPT
builds
With optimizations turned off altogether gcc will not evaluate the
(constant) configuration PCDs at compile time (see CALL_BASECRYPTLIB
macro). Which renders LTO ineffective and leads to huge amounts of
dead code being included in the crypto driver builds.
Turn on optimizations for GCC, lowest level (-O1), to fix this.
FIXME: visual studio needs that too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
CryptoPkg/Driver/CryptoDxe.inf | 3 +++
CryptoPkg/Driver/CryptoPei.inf | 3 +++
CryptoPkg/Driver/CryptoSmm.inf | 3 +++
3 files changed, 9 insertions(+)
diff --git a/CryptoPkg/Driver/CryptoDxe.inf b/CryptoPkg/Driver/CryptoDxe.inf
index 0d08f3a190c8..44921c1fdaa8 100644
--- a/CryptoPkg/Driver/CryptoDxe.inf
+++ b/CryptoPkg/Driver/CryptoDxe.inf
@@ -47,3 +47,6 @@ [Pcd]
[Depex]
TRUE
+
+[BuildOptions]
+ GCC:NOOPT_*_*_CC_FLAGS = -O1
diff --git a/CryptoPkg/Driver/CryptoPei.inf b/CryptoPkg/Driver/CryptoPei.inf
index dfa1ab58b16f..45704f5f9e42 100644
--- a/CryptoPkg/Driver/CryptoPei.inf
+++ b/CryptoPkg/Driver/CryptoPei.inf
@@ -49,3 +49,6 @@ [Pcd]
[Depex]
TRUE
+
+[BuildOptions]
+ GCC:NOOPT_*_*_CC_FLAGS = -O1
diff --git a/CryptoPkg/Driver/CryptoSmm.inf b/CryptoPkg/Driver/CryptoSmm.inf
index 9fe8718823d2..906cf06006f4 100644
--- a/CryptoPkg/Driver/CryptoSmm.inf
+++ b/CryptoPkg/Driver/CryptoSmm.inf
@@ -47,3 +47,6 @@ [Pcd]
[Depex]
TRUE
+
+[BuildOptions]
+ GCC:NOOPT_*_*_CC_FLAGS = -O1
--
2.39.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [edk2-devel] [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
2023-02-13 11:39 ` Gerd Hoffmann
@ 2023-02-13 11:45 ` Ard Biesheuvel
0 siblings, 0 replies; 17+ messages in thread
From: Ard Biesheuvel @ 2023-02-13 11:45 UTC (permalink / raw)
To: devel, kraxel
Cc: Pawel Polawski, Guomin Jiang, Tom Lendacky, Jiewen Yao, Xiaoyu Lu,
Jordan Justen, Min Xu, Jian J Wang, Michael Roth, Oliver Steffen,
James Bottomley, Erdem Aktas, Ard Biesheuvel
On Mon, 13 Feb 2023 at 12:39, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Fri, Feb 10, 2023 at 02:46:34PM +0100, Ard Biesheuvel wrote:
> > On Fri, 10 Feb 2023 at 14:42, Ard Biesheuvel <ardb@kernel.org> wrote:
> > >
> > > > Can LTO be enabled for the NOOPT build? Or depends that on
> > > > optimizations being turned on?
>
> Turns out: kind of. The crypto driver effectively does
>
> if (fixed.pcd.bit)
> call libcrypt / libopenssl
> else
> throw error
>
> With optimizations turned off altogether gcc will not notice it can
> evaluate the PCD config bits at compile time, which in turn leads to
> everything being compiled in no matter whenever the features are
> enabled or not ...
>
> take care,
> Gerd
>
> From e0a080ead544813445f731eef137747ff805a5cd Mon Sep 17 00:00:00 2001
> From: Gerd Hoffmann <kraxel@redhat.com>
> Date: Mon, 13 Feb 2023 10:21:50 +0100
> Subject: [PATCH 1/1] CryptoPkg/Driver: enable moderate optimizations for NOOPT
> builds
>
> With optimizations turned off altogether gcc will not evaluate the
> (constant) configuration PCDs at compile time (see CALL_BASECRYPTLIB
> macro). Which renders LTO ineffective and leads to huge amounts of
> dead code being included in the crypto driver builds.
>
> Turn on optimizations for GCC, lowest level (-O1), to fix this.
>
> FIXME: visual studio needs that too.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
> CryptoPkg/Driver/CryptoDxe.inf | 3 +++
> CryptoPkg/Driver/CryptoPei.inf | 3 +++
> CryptoPkg/Driver/CryptoSmm.inf | 3 +++
> 3 files changed, 9 insertions(+)
>
> diff --git a/CryptoPkg/Driver/CryptoDxe.inf b/CryptoPkg/Driver/CryptoDxe.inf
> index 0d08f3a190c8..44921c1fdaa8 100644
> --- a/CryptoPkg/Driver/CryptoDxe.inf
> +++ b/CryptoPkg/Driver/CryptoDxe.inf
> @@ -47,3 +47,6 @@ [Pcd]
>
> [Depex]
> TRUE
> +
> +[BuildOptions]
> + GCC:NOOPT_*_*_CC_FLAGS = -O1
Could we use -Og instead?
> diff --git a/CryptoPkg/Driver/CryptoPei.inf b/CryptoPkg/Driver/CryptoPei.inf
> index dfa1ab58b16f..45704f5f9e42 100644
> --- a/CryptoPkg/Driver/CryptoPei.inf
> +++ b/CryptoPkg/Driver/CryptoPei.inf
> @@ -49,3 +49,6 @@ [Pcd]
>
> [Depex]
> TRUE
> +
> +[BuildOptions]
> + GCC:NOOPT_*_*_CC_FLAGS = -O1
> diff --git a/CryptoPkg/Driver/CryptoSmm.inf b/CryptoPkg/Driver/CryptoSmm.inf
> index 9fe8718823d2..906cf06006f4 100644
> --- a/CryptoPkg/Driver/CryptoSmm.inf
> +++ b/CryptoPkg/Driver/CryptoSmm.inf
> @@ -47,3 +47,6 @@ [Pcd]
>
> [Depex]
> TRUE
> +
> +[BuildOptions]
> + GCC:NOOPT_*_*_CC_FLAGS = -O1
> --
> 2.39.1
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread